Consuming ISE APIs with Ansible : Get ISE Endpoint Details

In this post I will breakdown an Ansible playbook. The playbook consumes ISE APIs to provide endpoint details from the ISE database, specifically the endpoint group name/association.

---
- name: ISE
  hosts: localhost
  connection: local
  gather_facts: false
  vars:
    ise_user: xxxx
    ise_pass: xxxx

  tasks:
  - name: Get Existing MAC Endpoint ID string
    uri:
      url: https://xxxx:9060/ers/config/endpoint?filter=mac.EQ.{{ mac_addr }}
      user: "{{ ise_user }}"
      password: "{{ ise_pass }}"
      headers:
        Accept: application/json
        content-type: application/json
        ers-media-type: identity.endpoint.1.2
      status_code: 200
      method: GET
      validate_certs: no
    register: endpoint_id

  - name: Print ISE Endpoint ID
    debug: 
     msg: "{{ endpoint_id }}"
   
  - name: Get ISE ID String
    set_fact:
     id: "{{ endpoint_id | json_query(jmesquery) }}"
    vars:
      jmesquery: '*.SearchResult.resources[*].id'

  - name: Extract ID from Nested List
    set_fact:
     id: "{{ id[0][0] }}"

  - name: Get Endpoint Details
    uri:
      url: https://xxxx:9060/ers/config/endpoint/{{ id }}
      user: "{{ ise_user }}"
      password: "{{ ise_pass }}"
      headers:
        Accept: application/json
        content-type: application/json
        ers-media-type: identity.endpoint.1.2
      status_code: 200
      method: GET
      validate_certs: no
    register: endpoint_details

  - name: Print ISE Endpoint Details
    debug: 
     msg: "{{ endpoint_details }}"

  - name: Get ISE Group ID String
    set_fact:
     id_details: "{{ endpoint_details | json_query(jmesquery) }}"
    vars:
      jmesquery: '*.ERSEndPoint.groupId'

  - name: Extract Group ID from Nested List
    set_fact:
     group_id: "{{ id_details[0] }}"

  - name: Print ISE Endpoint Group ID
    debug: 
     msg: "{{ group_id }}"

  - name: Get Endpoint Group Assignment
    uri:
      url: https://xx.xx.xx.xx:9060/ers/config/endpointgroup/{{ group_id }}
      user: "{{ ise_user }}"
      password: "{{ ise_pass }}"
      headers:
        Accept: application/json
        content-type: application/json
        ers-media-type: identity.endpointgroup.1.1
      status_code: 200
      method: GET
      validate_certs: no
    register: endpoint_group

  - name: Print returned ISE json data
    debug:
     msg: "{{ endpoint_group.json }}"

  - name: Get ISE Group Name from ISE json data
    set_fact:
     group_name: "{{ endpoint_group | json_query(jmesquery) }}"
    vars:
      jmesquery: '*.EndPointGroup.name'

  - name: Extract Group Name from Nested List
    set_fact:
     group_id: "{{ group_name[0] }}"

  - name: Print returned ISE group name
    debug:
     msg: 'The Endpoint belongs to the following group in ISE: "{{ group_id }}"'

Looking at the playbook shared above OR via the github link below, here is a breakdown of what the playbook does in order to consume ISE APIs to get an Endpoint group name/association:

  1. Get existing MAC endpoint ID string from ISE db

  2. Print returned data from ISE

  3. Extract endpoint id string using json_query & store as variable

  4. Extract the id string from nested list & store as variable

  5. Get endpoint details from ISE using endpoint id string

  6. Print returned data from ISE

  7. Extract endpoint group id string using json_query & store as variable

  8. Extract the group id string from nested list & store as variable

  9. Print returned group name to screen

Playbook is shared here on github: Github

To see more check out posts in the Automation tab & take a peek at the tags! Cheers!

0 comments

Recent Posts

See All

REST vs. RPC APIs

In the post I want to breakdown REST API & RPC API and provide a brief comparison. Let's start with REST. Restful APIs leverage HTTP/S to define the operations on the resources. An example would cont

HTTP Methods & Status Codes Tidbit

In this tidbit I want to touch on different types of HTTP Methods & the types of HTTP status codes you may encounter when consuming APIs in regard to automation. HTTP Methods: GET = get user info PATC

Enabling ISE 3.0 ERS APIs

I want to walkthrough enabling the External RESTful Services (ERS) APIs in Cisco ISE 3.0 so that we can consume ISE APIs in later posts to do a variety of things to include endpoint creation/manipulat