pyise-ers icon indicating copy to clipboard operation
pyise-ers copied to clipboard

Published 20 hours ago verified publisher icon falkowich

looking for some suggestion to implement some ISE commands

Open Aditya23456 opened this issue 1 year ago • 2 comments

Hi,

Thanks for the library, I was going over documentation and found a naive way to do things. I want to improve the performance of what I want to accomplish so wondering if any of you can suggest something. Thank you very much:

  1. I am looking for an API call to add Mac addresses(could be 100s/1000s too)to certain identity group. I get a duplicate error, so looks like ISE throws an error if the endpoint/mac address is already present in a different identity group. Seems like in such cases I need to reassign them to the appropriate identity group instead of using the add_endpoint function. Is there any function for it or should I delete the endpoint and then add? Ideally, to have this process efficient, I am looking for an endpoint to get all the Mac addresses with their affiliated identity group so that I can make an update as needed by calling an update function. Also, seems I should do it one Mac address after another, Is there any other good way of doing it?

I see we could update the metadata affiliated i.e identity group for endpoint by using PUT request, example: https://ciscoisesdk.readthedocs.io/en/latest/_modules/ciscoisesdk/api/v3_1_0/endpoint.html#Endpoint.update_endpoint_by_id and it works,

  1. I am looking at bulk endpoint for the above action and seems it's suggested to be done outside the library. Any reason why, it can be just a new argument with bulk=True to existing endpoints? By doing it outside, All I need to do is have a derived class and have a few new methods right?

Aditya23456 avatar Jun 08 '23 19:06 Aditya23456

Hi,

Thanks for the comment, both the points you are making are in "this should be fixed" :tm: queue :)

  1. For the moment I use the "try, add, except, remove, add" workaround. Not really efficient but works for my needs for the moment. But this is something that really should be implemented imho.

  2. Same as 1, for the moment both of these are not done beq of the old time conundrum :)

@work I have moved to a "pure" Cyber security role, but still help out the network team with some stuff, like the pyise-ers.

All the suggestions you write are good, and it would be great if implemented in pyise-ers. All the help with code and PR's is really appreciated.

I'll add this to "enhancements" on the 0.3 or 0.4 releases depending on help and time :)

-- Kind Regards Falk

falkowich avatar Jun 10 '23 12:06 falkowich

  1. Is "planned in " #188

falkowich avatar Jun 10 '23 12:06 falkowich