File Coverage

blib/lib/Net/Cisco/ISE/NetworkDevice.pm
Criterion Covered Total %
statement 20 121 16.5
branch 0 18 0.0
condition 0 98 0.0
subroutine 6 8 75.0
pod 2 2 100.0
total 28 247 11.3


line stmt bran cond sub pod time code
1             package Net::Cisco::ISE::NetworkDevice;
2 1     1   6 use strict;
  1         2  
  1         26  
3 1     1   6 use Moose;
  1         2  
  1         5  
4 1     1   5784 use Data::Dumper;
  1         2  
  1         47  
5              
6              
7             BEGIN {
8 1     1   5 use Exporter ();
  1         2  
  1         23  
9 1     1   5 use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS %actions);
  1         2  
  1         90  
10 1     1   3 $VERSION = '0.05';
11 1         14 @ISA = qw(Exporter);
12 1         3 @EXPORT = qw();
13 1         2 @EXPORT_OK = qw();
14 1         1100 %EXPORT_TAGS = ();
15             };
16              
17             %actions = ( "query" => "/ers/config/networkdevice/",
18             "create" => "/ers/config/networkdevice/",
19             "update" => "/ers/config/networkdevice/",
20             "getById" => "/ers/config/networkdevice/",
21             );
22              
23             # MOOSE!
24              
25             has 'id' => (
26             is => 'rw',
27             isa => 'Str',
28             );
29              
30             has 'name' => (
31             is => 'rw',
32             isa => 'Str',
33             );
34             has 'description' => (
35             is => 'rw',
36             isa => 'Str',
37             );
38              
39             has 'authenticationSettings' => (
40             is => 'rw',
41             isa => 'Any',
42             );
43              
44             has 'coaPort' => (
45             is => 'rw',
46             isa => 'Str',
47             default => '1700',
48             );
49              
50             has 'profileName' => (
51             is => 'rw',
52             isa => 'Str',
53             );
54              
55             has 'NetworkDeviceIPList' => (
56             is => 'rw',
57             isa => 'Any',
58             );
59              
60             has 'NetworkDeviceGroupList' => (
61             is => 'rw',
62             isa => 'Any',
63             );
64              
65             has 'modelName' => (
66             is => 'rw',
67             isa => 'Str',
68             );
69              
70             has 'ProfileName' => (
71             is => 'rw',
72             isa => 'Str',
73             );
74              
75             has 'softwareVersion' => (
76             is => 'rw',
77             isa => 'Str',
78             );
79              
80             has 'snmpsettings' => (
81             is => 'rw',
82             isa => 'Any',
83             );
84              
85             has 'tacacsSettings' => (
86             is => 'rw',
87             isa => 'Any',
88             );
89              
90             has 'trustsecsettings' => (
91             is => 'rw',
92             isa => 'Any',
93             );
94              
95             # No Moose
96              
97             sub toXML
98 0     0 1   { my $self = shift;
99 0           my $result = "";
100 0   0       my $id = $self->id || "";
101 0   0       my $name = $self->name || "";
102 0   0       my $description = $self->description || "";
103 0 0         if ($self->authenticationSettings)
104 0   0       { my $enablekeywrap = $self->authenticationSettings->{"enablekeywrap"} || "";
105 0   0       my $keyencryptionkey = $self->authenticationSettings->{"keyencryptionkey"} || "";
106 0   0       my $keyinputformat = $self->authenticationSettings->{"keyInputFormat"} || "";
107 0   0       my $messageauthenticatorcodekey = $self->authenticationSettings->{"messageAuthenticatorCodeKey"} || "";
108 0   0       my $networkprotocol = $self->authenticationSettings->{"networkProtocol"} || "";
109 0   0       my $radiussharedsecret = $self->authenticationSettings->{"radiusSharedSecret"} || "";
110 0           $result .= <<XML;
111             <authenticationSettings>
112             <enableKeyWrap>$enablekeywrap</enableKeyWrap>
113             <keyEncryptionKey>$keyencryptionkey</keyEncryptionKey>
114             <keyInputFormat>$keyinputformat</keyInputFormat>
115             <messageAuthenticatorCodeKey>$messageauthenticatorcodekey</messageAuthenticatorCodeKey>
116             <networkProtocol>$networkprotocol</networkProtocol>
117             <radiusSharedSecret>$radiussharedsecret</radiusSharedSecret>
118             </authenticationSettings>
119             XML
120              
121             }
122 0   0       my $coaport = $self->coaPort || "";
123 0           $result .= "<coaPort>$coaport</coaPort>\n";
124 0 0         if ($self->NetworkDeviceIPList)
125 0           { $result .= "<NetworkDeviceIPList>\n";
126 0           my @networkdeviceiplist = @{ $self->NetworkDeviceIPList->{"NetworkDeviceIP"} };
  0            
127 0           for my $networkdeviceiplist (@networkdeviceiplist)
128 0   0       { my $ipaddress = $networkdeviceiplist->{"ipaddress"} || "";
129 0   0       my $mask = $networkdeviceiplist->{"mask"} || "";
130 0           $result .= <<XML;
131             <NetworkDeviceIP>
132             <ipaddress>$ipaddress</ipaddress>
133             <mask>$mask</mask>
134             </NetworkDeviceIP>
135             XML
136             }
137 0           $result .= "</NetworkDeviceIPList>\n";
138             }
139            
140 0 0         if ($self->NetworkDeviceGroupList)
141 0           { $result .= "<NetworkDeviceGroupList>\n";
142 0           my @networkdevicegrouplist = @{ $self->NetworkDeviceGroupList->{"NetworkDeviceGroup"} };
  0            
143 0           for my $networkdevicegroup (@networkdevicegrouplist)
144 0   0       { my $name = $networkdevicegroup || "";
145 0           $result .= qq(<NetworkDeviceGroup>$name</NetworkDeviceGroup>\n);
146             }
147 0           $result .= "</NetworkDeviceGroupList>\n";
148             }
149 0   0       my $profilename = $self->profileName || "";
150 0           $result .= "<profileName>$profilename</profileName>";
151 0 0         if ($self->snmpsettings)
152 0           { $result .= "<snmpsettings>\n";
153 0   0       my $linktrapquery = $self->snmpsettings->{"linkTrapQuery"} || "";
154 0   0       my $mactrapquery = $self->snmpsettings->{"macTrapQuery"} || "";
155 0   0       my $originatingpolicyservicesnode = $self->snmpsettings->{"originatingPolicyServicesNode"} || "";
156 0   0       my $pollinginterval = $self->snmpsettings->{"pollingInterval"} || "";
157 0   0       my $rocommunity = $self->snmpsettings->{"roCommunity"} || "";
158 0   0       my $version = $self->snmpsettings->{"version"} || "";
159 0   0       my $authpassword = $self->snmpsettings->{"authPassword"} || "";
160 0   0       my $privacyprotocol = $self->snmpsettings->{"privacyProtocol"} || "";
161 0   0       my $securitylevel = $self->snmpsettings->{"securityLevel"} || "";
162 0   0       my $authprotocol = $self->snmpsettings->{"authProtocol"} || "";
163 0   0       my $username = $self->snmpsettings->{"userName"} || "";
164 0   0       my $privacypassword = $self->snmpsettings->{"privacyPassword"} || "";
165 0           $result .= <<XML;
166             <snmpsettings>
167             <linkTrapQuery>$linktrapquery</linkTrapQuery>
168             <macTrapQuery>$mactrapquery</macTrapQuery>
169             <originatingPolicyServicesNode>$originatingpolicyservicesnode</originatingPolicyServicesNode>
170             <pollingInterval>$pollinginterval</pollingInterval>
171             <roCommunity>$rocommunity</roCommunity>
172             <version>$version</version>
173             <authPassword>$authpassword</authPassword>
174             <privacyProtocl>$privacyprotocol</privacyProtocol>
175             <securityLevel>$securitylevel</securityLevel>
176             <authProtocol>$authprotocol</authProtocol>
177             <userName>$username</userName>
178             <privacyPassword>$privacypassword</privacyPassword>
179             </snmpsettings>
180             XML
181             }
182              
183 0 0         if ($self->tacacsSettings)
184 0   0       { my $connectmodeoptions = $self->tacacsSettings->{"connectModeOptions"} || "";
185 0   0       my $sharedsecret = $self->tacacsSettings->{"sharedSecret"} || "";
186 0           $result .= <<XML;
187             <tacacsSettings>
188             <connectModeOptions>$connectmodeoptions</connectModeOptions>
189             <sharedSecret>$sharedsecret</sharedSecret>
190             </tacacsSettings>
191             XML
192              
193             }
194              
195 0 0         if ($self->trustsecsettings)
196 0           { $result .= qq(<trustsecsettings>);
197 0 0         if ($self->trustsecsettings->{"deviceAuthenticationSettings"})
198 0   0       { my $sgadeviceid = $self->trustsecsettings->{"deviceAuthenticationSettings"}{"sgaDeviceId"} || "";
199 0   0       my $sgadevicepassword = $self->trustsecsettings->{"deviceAuthenticationSettings"}{"sgaDevicePassword"} || "";
200 0           $result .= qq(<deviceAuthenticationSettings>\n);
201 0           $result .= qq(<sgaDeviceId>$sgadeviceid</sgaDeviceId>\n);
202 0           $result .= qq(<sgaDevicePassword>$sgadevicepassword</sgaDevicePassword>\n);
203 0           $result .= qq(</deviceAuthenticationSettings>\n);
204             }
205 0 0         if ($self->trustsecsettings->{"sgaNotificationAndUpdates"})
206 0   0       { my $sendconfigurationtodeviceusing = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"sendConfigurationToDeviceUsing"} || "";
207 0   0       my $downloadpeerauthorizationpolicyeveryxseconds = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"downlaodPeerAuthorizationPolicyEveryXSeconds"} || "";
208 0   0       $downloadpeerauthorizationpolicyeveryxseconds ||= $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"downloadPeerAuthorizationPolicyEveryXSeconds"} || "";
      0        
209 0   0       my $downloadsgaccllistseveryxseconds = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"downloadSGACLListsEveryXSeconds"} || "";
210 0   0       my $downloadenvironmentdataeveryxseconds = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"downlaodEnvironmentDataEveryXSeconds"} || "";
211 0   0       $downloadenvironmentdataeveryxseconds ||= $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"downloadEnvironmentDataEveryXSeconds"} || "";
      0        
212 0   0       my $reauthenticationeveryxseconds = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"reAuthenticationEveryXSeconds"} || "";
213 0   0       my $sendconfigurationtodevice = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"sendConfigurationToDevice"} || "";
214 0   0       my $othersgadevicestotrustthisdevice = $self->trustsecsettings->{"sgaNotificationAndUpdates"}{"otherSGADevicesToTrustThisDevice"} || "";
215              
216 0           $result .= qq(<sgaNotificationAndUpdates>\n);
217 0           $result .= qq(<sendConfigurationToDeviceUsing>$sendconfigurationtodeviceusing</sendConfigurationToDeviceUsing>\n);
218 0           $result .= qq(<downlaodPeerAuthorizationPolicyEveryXSeconds>$downloadpeerauthorizationpolicyeveryxseconds</downlaodPeerAuthorizationPolicyEveryXSeconds>\n);
219 0           $result .= qq(<downlaodEnvironmentDataEveryXSeconds>$downloadenvironmentdataeveryxseconds</downlaodEnvironmentDataEveryXSeconds>\n);
220 0           $result .= qq(<reAuthenticationEveryXSeconds>$reauthenticationeveryxseconds</reAuthenticationEveryXSeconds>\n);
221 0           $result .= qq(<sendConfigurationToDevice>$sendconfigurationtodevice</sendConfigurationToDevice>\n);
222 0           $result .= qq(<otherSGADevicesToTrustThisDevice>$othersgadevicestotrustthisdevice</otherSGADevicesToTrustThisDevice>\n);
223 0           $result .= qq(<downloadSGACLListsEveryXSeconds>$downloadsgaccllistseveryxseconds</downloadSGACLListsEveryXSeconds>\n);
224 0           $result .= qq(</sgaNotificationAndUpdates>\n);
225             }
226 0 0         if ($self->trustsecsettings->{"deviceConfigurationDeployment"})
227 0   0       { my $includewhendeployingsgtupdates = $self->trustsecsettings->{"deviceConfigurationDeployment"}{"includeWhenDeployingSGTUpdates"} || "";
228 0   0       my $execmodeusername = $self->trustsecsettings->{"deviceConfigurationDeployment"}{"execModeUsername"} || "";
229 0   0       my $enablemodepassword = $self->trustsecsettings->{"deviceConfigurationDeployment"}{"enableModePassword"} || "";
230 0   0       my $execmodepassword = $self->trustsecsettings->{"deviceConfigurationDeployment"}{"execModePassword"} || "";
231              
232 0           $result .= qq(<deviceConfigurationDeployment>\n);
233 0           $result .= qq(<includeWhenDeployingSGTUpdates></includeWhenDeployingSGTUpdates>\n);
234 0           $result .= qq(<execModeUsername>$execmodeusername</execModeUsername>\n);
235 0           $result .= qq(<enableModePassword>$enablemodepassword</enableModePassword>\n);
236 0           $result .= qq(<execModePassword>$execmodepassword</execModePassword>\n);
237 0           $result .= qq(</deviceConfigurationDeployment>\n);
238             }
239              
240 0           $result .= qq(</trustsecsettings>\n);
241             }
242             # Not documented by Cisco ISE API:
243             # SNMP Settings: authPassword
244             # SNMP Settings: privacyProtocol
245             # SNMP Settings: securityLevel
246             # SNMP Settings: authProtocol
247             # SNMP Settings: userName
248             # SNMP Settings: privacyPassword
249             # TACACS Settings: previousSharedSecretExpiry - Probably not implemented for write operations
250             # TACACS Settings: previousSharedSecret - Probably not implemented for write operations
251              
252 0           return $result;
253             }
254              
255             sub header
256 0     0 1   { my $self = shift;
257 0           my $data = shift;
258 0           my $record = shift;
259 0   0       my $name = $record->name || "Device Name";
260 0   0       my $id = $record->id || "";
261 0   0       my $description = $record->description || "Random Description";
262              
263 0           return qq{<?xml version="1.0" encoding="UTF-8" standalone="yes"?><ns4:networkdevice description="$description" name="$name" id="$id" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="network.ers.ise.cisco.com">$data</ns4:networkdevice>};
264              
265             }
266              
267             =pod
268              
269             =head1 NAME
270              
271             Net::Cisco::ISE::Device - Access Cisco ISE functionality through REST API - Device fields
272              
273             =head1 SYNOPSIS
274              
275             use Net::Cisco::ISE;
276             use Net::Cisco::ISE::Device;
277            
278             my $ise = Net::Cisco::ISE->new(hostname => '10.0.0.1', username => 'acsadmin', password => 'testPassword');
279            
280             my %devices = $ise->devices;
281             # Retrieve all devices from ISE
282             # Returns hash with device name / Net::Cisco::ISE::Device pairs
283              
284             print $ise->devices->{"MAIN_Router"}->toXML;
285             # Dump in XML format (used by ISE for API calls)
286            
287             my $device = $ise->devices("name","MAIN_Router");
288             # Faster call to request specific device information by name
289              
290             my $device = $ise->devices("id","250");
291             # Faster call to request specific device information by ID (assigned by ISE, present in Net::Cisco::ISE::Device)
292              
293             $device->id(0); # Required for new device!
294             my $id = $ise->create($device);
295             # Create new device based on Net::Cisco::ISE::Device instance
296             # Return value is ID generated by ISE
297             print "Record ID is $id" if $id;
298             print $Net::Cisco::ISE::ERROR unless $id;
299             # $Net::Cisco::ISE::ERROR contains details about failure
300              
301             my $id = $ise->update($device);
302             # Update existing device based on Net::Cisco::ISE::Device instance
303             # Return value is ID generated by ISE
304             print "Record ID is $id" if $id;
305             print $Net::Cisco::ISE::ERROR unless $id;
306             # $Net::Cisco::ISE::ERROR contains details about failure
307              
308             $ise->delete($device);
309             # Delete existing device based on Net::Cisco::ISE::Device instance
310              
311             =head1 DESCRIPTION
312              
313             The Net::Cisco::ISE::Device class holds all the device relevant information from Cisco ISE 5.x
314              
315             =head1 USAGE
316              
317             All calls are typically handled through an instance of the L<Net::Cisco::ISE> class. L<Net::Cisco::ISE::Device> acts as a container for device group related information.
318              
319             =over 3
320              
321             =item new
322              
323             Class constructor. Returns object of Net::Cisco::ISE::Device on succes. The following fields can be set / retrieved:
324              
325             =over 5
326              
327             =item description
328              
329             =item id
330              
331             =item name
332              
333             =item tacacsConnection
334              
335             =item groupInfo
336              
337             =item legacyTACACS
338              
339             =item tacacs_SharedSecret
340              
341             =item singleConnect
342              
343             =item radius_SharedSecret
344              
345             =item subnets
346              
347             =item ips
348              
349             =item location
350              
351             =item deviceType
352              
353             =item displayedInHex
354              
355             =item keyWrap
356              
357             =item portCOA
358              
359             =back
360              
361             Formatting rules may be in place & enforced by Cisco ISE.
362              
363             =over 3
364              
365             =item description
366              
367             The device description.
368              
369             =item id
370              
371             The device ID. Cisco ISE generates a unique ID for each Host record. This field cannot be updated within ISE but is used for reference. Set to 0 when creating a new record or when duplicating an existing host.
372              
373             =item name
374              
375             The device name, typically something like the sysName or hostname.
376              
377             =item tacacsConnection
378              
379             Boolean value (0 / 1) to indicate if TACACS+ is used on this device.
380              
381             =item groupInfo
382              
383             Read-only value that contains C<deviceType>, C<location> and other device type information. Only C<deviceType>, C<location> are retrievable by the respective methods.
384              
385             =item legacyTACACS
386              
387             Boolean value (0 / 1) that indicates support for legacy versions of TACACS+.
388              
389             =item tacacs_SharedSecret
390              
391             The shared key for TACACS+. When retrieving this information, the key is masked as **********.
392              
393             =item singleConnect
394              
395             The TACACS+ singleConnect setting.
396              
397             =item radius_SharedSecret
398              
399             The shared key for RADIUS. When retrieving this information, the key is masked as **********.
400              
401             =item subnets
402              
403             Array reference that contains hash entries of all IP information for the device entry, separated as C<netMask> and C<ipAddress> keys.
404              
405             =item ips
406              
407             Cleaned up instance of C<subnet>.
408              
409             =item location
410              
411             The device location field, as defined in C<groupInfo>.
412              
413             =item deviceType
414              
415             The specific device Type field.
416              
417             =item displayedInHex
418              
419             Boolean value (0 / 1). Used for RADIUS configuration.
420              
421             =item keyWrap
422              
423             Boolean value (0 / 1). Used for RADIUS configuration.
424              
425             =item portCOA
426              
427             TCP port for specific RADIUS purposes.
428              
429             =item toXML
430              
431             Dump the record in ISE accept XML formatting (without header).
432              
433             =item header
434              
435             Generate the correct XML header. Takes output of C<toXML> as argument.
436              
437             =back
438              
439             =over 3
440              
441             =item description
442              
443             The device group account description, typically used for full device group name.
444              
445             =item groupType
446              
447             This points to the type of Device Group, typically Location or Device Type but can be customized. See also L<Net::Cisco::ISE::Device> C<deviceType>.
448              
449             =back
450              
451             =back
452              
453             =head1 BUGS
454              
455              
456              
457             =head1 SUPPORT
458              
459              
460              
461             =head1 AUTHOR
462              
463             Hendrik Van Belleghem
464             CPAN ID: BEATNIK
465             hendrik.vanbelleghem@gmail.com
466              
467             =head1 COPYRIGHT
468              
469             This program is free software licensed under the...
470              
471             The General Public License (GPL)
472             Version 2, June 1991
473              
474             The full text of the license can be found in the
475             LICENSE file included with this module.
476              
477              
478             =head1 SEE ALSO
479              
480             perl(1).
481              
482             =cut
483              
484             #################### main pod documentation end ###################
485             __PACKAGE__->meta->make_immutable();
486              
487             1;
488             # The preceding line will help the module return a true value
489