pxapi package
PXAPI module
- class pxapi.PXAPI(px_node, client_name, client_cert_file=None, client_key_file=None, root_ca_file=False, password=None)
Bases:
object- SERVICE_ANC = 'com.cisco.ise.config.anc'
- SERVICE_CONTEXTIN = 'com.cisco.endpoint.asset'
- SERVICE_ENDPOINT = 'com.cisco.endpoint.asset'
- SERVICE_MDM = 'com.cisco.ise.mdm'
- SERVICE_PROFILER = 'com.cisco.ise.config.profiler'
- SERVICE_PUBSUB = 'com.cisco.ise.pubsub'
- SERVICE_RADIUS = 'com.cisco.ise.radius'
- SERVICE_SESSION = 'com.cisco.ise.session'
- SERVICE_SXP = 'com.cisco.ise.sxp'
- SERVICE_SYSTEM = 'com.cisco.ise.system'
- SERVICE_TRUSTSEC = 'com.cisco.ise.trustsec'
- SERVICE_TRUSTSECCFG = 'com.cisco.ise.config.trustsec'
- account_activate(wait=False)
Activate pxGrid Account in ISE
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/pxGrid-Consumer#accountactivate
- Parameters:
wait – if set to True, the API call will retry every 60 seconds until the account is approved in ISE
- Returns:
dict containing account status
- account_create()
Creates a username for password based access
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/pxGrid-Consumer#accountcreate
- Returns:
dict with new account information
- anc_apply_endpoint_by_ip_address(policy, ip)
Apply ANC Policy by IP Address. Requires that the endpoint is connected to the network.
- Parameters:
policyName – name of ANC Policy
ip – IP Address of endpoint
- anc_apply_endpoint_by_mac_address(policy, mac)
Apply ANC Policy by MAC Address. Endpoint does not need to be online.
- Parameters:
policy – name of ANC Policy
mac – MAC Address of endpoint
- anc_apply_endpoint_policy(policy, mac, nas_ip)
Apply ANC Policy by MAC Address and NAS-IP-Address. Endpoint does not need to be connected to the network.
- Parameters:
policy – name of ANC Policy
mac – MAC Address of endpoint
nas_ip – device IP Address
- anc_clear_endpoint_by_mac_address(mac)
Clear ANC Policy from endpoint by MAC Address
- Parameters:
mac – MAC Address of endpoint
- anc_clear_endpoint_policy(mac, nas_ip)
Clear ANC Policy from endpoint by MAC Address and NAS-IP-Address
- Parameters:
mac – MAC Address of endpoint
nas_ip – device IP Address
- anc_create_policy(name, actions)
Create ANC Policy
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/ANC-configuration#post-restbaseurlcreatepolicy
- Parameters:
name – name of ANC Policy
actions – Action that ISE will perform and ANC policy is assigned. Valid options: QUARANTINE, SHUT_DOWN or PORT_BOUNCE
- Returns:
dict containing policy information
- anc_delete_policy_by_name(name)
Delete ANC Policy
- Parameters:
name – name of ANC Policy
- anc_get_endpoint_by_mac_address(mac)
Retrieve ANC Policy assignment by MAC Address
- Parameters:
mac – MAC Address of the endpoint
- Returns:
dict of ANC Policy assigned to MAC Address
- anc_get_endpoint_by_nas_ip_address(mac, nas_ip)
Retrieves endpoint to ANC Policy assignments based on MAC Address and NAS-IP-Address
- Parameters:
mac – endpoint MAC Address
nas_ip – device IP Address
- Returns:
dict with ANC Policy assigned to a MAC Address and NAS-IP-Address
- anc_get_endpoint_policies()
Retrieves endpoint to ANC Policy assignments based on MAC Address and NAS-IP-Address
- Returns:
dict with ANC Policy assigned to a MAC Address and NAS-IP-Address
- anc_get_endpoints()
Retrive all endpoints assigned to ANC Policies
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/ANC-configuration#post-restbaseurlgetendpoints
- Returns:
dict of ANC Policy assignments
- anc_get_operation_status(operation_id)
Get status of an ongoing ANC operation
- Parameters:
operation_id – Operation ID to look up
- Returns:
dict containing operation status
- anc_get_policies()
Retrieve all ANC Policies
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/ANC-configuration#post-restbaseurlgetpolicies
- Returns:
dict of all ANC policies
- anc_get_policy_by_name(name)
Retrieve ANC Policy by name
- Parameters:
name – name of ANC Policy
- Returns:
dict containing policy information
- context_in(asset_data)
Sent data via Context-In
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/Endpoint-Asset
- Parameters:
asset_data – dict containing data as documented here: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/Endpoint-Asset
- get_access_secret(peer_node_name)
Retrieve Access Secret to communicate to a pxGrid node
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/pxGrid-Consumer#accesssecret
- Parameters:
peer_node_name – Name of the remote node
- Returns:
node secret
- get_session_by_ip_address(ip)
Retrieve active session by IP Address
- Parameters:
ip – endpoint IP Address
- Returns:
dict containing all sessions for the IP Address
- get_session_by_mac_address(mac)
Retrieve active session by MAC Address
- Parameters:
mac – endpoint MAC Address
- Returns:
dict containing all sessions for the MAC Address
- get_sessions()
Retrieve all active sessions
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/Session-Directory#post-restbaseurlgetsessions
- Returns:
dict containing all sessions
- get_user_group_by_username(username)
Retries group assignment for a specific user
- Parameters:
username – username of the user
- Returns:
dict of all groups that the user belongs to
- get_user_groups()
Retrieve all user to group assignments
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/Session-Directory#post-restbaseurlgetusergroups
- Returns:
dict of all user groups
- mdm_get_endpoint_by_mac_address(mac)
Retrieve MDM status of an endpoint based on MAC Address
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/MDM#post-restbaseurlgetendpointbymacaddress
- Parameters:
mac – MAC Address of endpoint
- Returns:
dict with MDM attributes of the specified MAC Address
- mdm_get_endpoints()
Retrieve all MDM endpoints and their MDM attributes
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/MDM#post-restbaseurlgetendpoints
- Returns:
dict with all endpoints with MDM attributes
- mdm_get_endpoints_by_os_type(os_type)
Retrive MDM endpoints by OS type
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/MDM#post-restbaseurlgetendpointsbyostype
- Parameters:
os_type – valid options are ANDROID, IOS or WINDOWS
- Returns:
dict with MDM endpoinst for the specified OS
- mdm_get_endpoints_by_type(mdm_type)
Retrive MDM endpoints by type
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/MDM#post-restbaseurlgetendpointsbytype
- Parameters:
mdm_type – Valid options are NON_COMPLIANT, REGISTERED or DISCONNECTED
- Returns:
dict with MDM endpoints for the specified type
- profiler_get_profiles()
Retrive all profiles
- Returns:
dict with all profiling policies
- radius_get_failures(start_time=None)
Retrieve RADIUS failure statistics
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/Radius-Failure#post-restbaseurlgetfailures
- Parameters:
start_time – (optional) specify a longer time range. By default, last 1 hour of statistics is retrieved.
- Returns:
dict of RADIUS failures
- radius_get_failures_by_id(id)
Retrieve RADIUS failures by ID
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/Radius-Failure#post-restbaseurlgetfailurebyid
- Parameters:
id – RADIUS code to retrieve
- Returns:
dict of RADIUS failures for the specified ID
- service_lookup(service)
Looks up pxGrid service information
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/pxGrid-Consumer#servicelookup
- Parameters:
service – name of pxGrid service
- Returns:
dict containing service information
- service_register(service, properties)
Register pxGrid service
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/pxGrid-Provider#serviceregister
- Parameters:
service – name of new service
properties – Service properties
- sxp_get_bindings()
Retrieve all SXP bindings Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/TrustSec-SXP#post-restbaseurlgetbindings
- Returns:
dict of all SXP bindings
- system_get_healths(node_name=None, start_time=None)
Retrieve system health statistics
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/System-Health#post-restbaseurlgethealths
- Parameters:
node_name – (ptional) filter by a specific ISE node
start_time – (optional) specify a longer time range. By default, last 1 hour of statistics is retrieved.
- Returns:
dict of health statistics
- system_get_performances(node_name=None, start_time=None)
Retrieve system performance statistics
Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/System-Health#post-restbaseurlgetperformances
- Parameters:
node_name – (ptional) filter by a specific ISE node
start_time – (optional) specify a longer time range. By default, last 1 hour of statistics is retrieved.
- Returns:
dict of performance statistics
- topic_subscribe(service, topic, callback)
Subscribe to topic
- Parameters:
service – name of pxGrid service
topic – name of topic to subscribe to
on_message – callback function that is called every time a websocket message is received
- trustsec_get_egress_matrices()
Retrieve all Trustsec egress matrices Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/TrustSec-configuration#post-restbaseurlgetegressmatrices
- Returns:
dict of all egress matrices
- trustsec_get_egress_policies()
Retrive all Trustsec egress policies Reference: https://github.com/cisco-pxgrid/pxgrid-rest-ws/wiki/TrustSec-configuration#post-restbaseurlgetegresspolicies
- Returns:
dict of all egress policies
- trustsec_get_security_group_acls(id=None)
Retrieve Trustsec ACLs
- Parameters:
id – (optional) filter by ID
- Returns:
dict of SG ACLs
- trustsec_get_security_groups(id=None)
Retrieve Trustsec SGTs
- Parameters:
id – (optional) filter by ID
- Returns:
dict of security groups
- trustsec_get_virtual_network(id=None, start_index=None, record_count=None, start_timestamp=None, end_timestamp=None)
Get Virtual Networks
- Parameters:
id – (optional) filter by ID
start_index – (optional) first index of the VN to be retrieved
record_count – (optional) limit how many records are returned
start_timestamp – (optional) retrieve VNs that were delete between start_timestamp and end_timestamp
end_timestamp – (optional) retrieve VNs that were delete between start_timestamp and end_timestamp
- Returns:
dict of Virtual Networks
StompFrame module
- class pxapi.StompFrame(command, headers, data='')
Bases:
object- get_frame()
Returns a binary string containing the raw STOMP frame
- Returns:
binary string containing raw STOMP frame
- static parse_packet(packet)
Parses a binary string containing raw STOMP frame and returns StompFrame object
- Parameters:
packet – binary string containing raw STOMP packet
- Returns:
StompFrame class