cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1480
Views
20
Helpful
16
Replies
Highlighted

How to execute BULK DELETE operation using Cisco ISE API?

Hi

 

I am trying to implement a bulk delete of Endpoints via Cisco ISE API (v2.4). I have to admit, it's a challenging task because API documentation is really poor when it comes to Bulk operations. In particular, all examples provided relate to BULK CREATE

 

I tried to re-use the same XML templates, but only gone as far as this:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:endpointBulkRequest operationType="delete" resourceMediaType="vnd.com.cisco.ise.identity.endpoint.1.0+xml" xmlns:ns6="sxp.ers.ise.cisco.com" xmlns:ns5="trustsec.ers.ise.cisco.com" xmlns:ns8="network.ers.ise.cisco.com" xmlns:ns7="anc.ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
<ns4:resourcesList>
<ns4:endpoint id="9e2edb00-6903-11e9-9573-46a7fd05b425">
<mac></mac>
<mdmAttributes></mdmAttributes>
<portalUser></portalUser>
<profileId></profileId>
<staticGroupAssignment>false</staticGroupAssignment>
<staticProfileAssignment>false</staticProfileAssignment>
</ns4:endpoint>
<ns4:endpoint id="63e2e5e0-6908-11e9-9573-46a7fd05b425">
<mac></mac>
<mdmAttributes></mdmAttributes>
<portalUser></portalUser>
<profileId></profileId>
<staticGroupAssignment>false</staticGroupAssignment>
<staticProfileAssignment>false</staticProfileAssignment>
</ns4:endpoint>
</ns4:resourcesList>
</ns4:endpointBulkRequest

However, when I try this snippet in the Postman, I get the following error:

 

{
"ERSResponse": {
"operation": "PUT-executeBulk-endpoint",
"messages": [
{
"title": "invalid bulk request - resources list is not allowed for delete operation",
"type": "ERROR",
"code": "Application resource validation exception"
}
],
"link": {
"rel": "related",
"href": "https://lab-ise-2x-1.w1.lab:9060/ers/config/endpoint/bulk/submit",
"type": "application/xml"
}
}
}

When I've read API docs, I found this confusing text:

 

Two types of bulk request available: 1) operation that requires the resource XML itself like creating or updating a resource. 2) Operation that requires the only resource id like delete, register endpoint, email guestuser etc... The bulk request supports 500 resources of the first type or 5000 of the second per a single request. Bulk Operation in ISE 1.3 release is supported for Endpoint and GuestUser. Please Check The API Documentation section for more details about each specific request.

 

What does it mean? Doea it mean I have to create a BULK request somehow separately and then execute it with SINGLE resource ID of that request? Or does it mean I have to provide a list of resource IDs only for the request to be successful? My understanding of BULK operations is that I have to provide a list of resource IDs and operation type.

 

How do I do this via XML? What is the template for DELETE operation?

 

Thanks

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

See Solved: Re: How to BULK DeleteById GuestUsers o... - Cisco Community

Try sending the following as the body of the the PUT request to https://<isePPAN>:9060/config/endpoint/bulk with the usual HTTP headers.

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<ns4:endpointBulkRequest operationType="Delete" resourceMediaType="vnd.com.cisco.ise.identity.endpoint.1.0+xml" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
      <idList>
        <id>c7c05220-a682-11e9-92cd-024294667a96</id>
        <id>c7c50d10-a682-11e9-92cd-024294667a96</id>
      </idList>
</ns4:endpointBulkRequest>

View solution in original post

16 REPLIES 16
Highlighted
Cisco Employee

See Solved: Re: How to BULK DeleteById GuestUsers o... - Cisco Community

Try sending the following as the body of the the PUT request to https://<isePPAN>:9060/config/endpoint/bulk with the usual HTTP headers.

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<ns4:endpointBulkRequest operationType="Delete" resourceMediaType="vnd.com.cisco.ise.identity.endpoint.1.0+xml" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
      <idList>
        <id>c7c05220-a682-11e9-92cd-024294667a96</id>
        <id>c7c50d10-a682-11e9-92cd-024294667a96</id>
      </idList>
</ns4:endpointBulkRequest>

View solution in original post

Highlighted

Awesome! It worked!

 

Thanks a lot. Why can't this be added to official ERS manual? I wasn't able to find anything apart from BULK CREATE

 

Think I've just noticed a bug. According to ERS docs, when BULK request is successfully accepted, it return 202 Accepted response, with Location header set to URL to check status of this BULK request

I've got 202, but Location was set to https://lab-ise-2x-1.w1.lab:9060/ers/config/endpoint/bulk/submit/1563059868842

 

/bulk/submit/<id>

 

If I use this URL I get 404 not found. Apparently, /submit/ is not required. If I remove it and leave it like

https://lab-ise-2x-1.w1.lab:9060/ers/config/endpoint/bulk/1563059868842

Then it returns 200 with result

 

Anyway, thanks for your help!

Highlighted

It might be specific to the release and patch level of your ISE. In my test against a standalone running ISE 2.4 FCS, the Location header in the response is simply https://<ise>:9060/ers/config/endpoint/bulk/<bulkID> but has no /submit in it.

Highlighted

Possibly just a bug, but I tried few times and every times Location returns invalid URL. It's not a big deal, as I extract Bulk Operation Id using regexp and then build correct URL for status request.

Highlighted

Please edit and separate appropriate
Highlighted

Highlighted


Think I've just noticed a bug. According to ERS docs, when BULK request is successfully accepted, it return 202 Accepted response, with Location header set to URL to check status of this BULK request

I've got 202, but Location was set to https://lab-ise-2x-1.w1.lab:9060/ers/config/endpoint/bulk/submit/1563059868842

 

/bulk/submit/<id>

 

If I use this URL I get 404 not found. Apparently, /submit/ is not required. If I remove it and leave it like

https://lab-ise-2x-1.w1.lab:9060/ers/config/endpoint/bulk/1563059868842

Then it returns 200 with result


CSCvq53373 opened to track this issue and it might take a day or two before you able to see it.

I am able to recreate it when the bulk requests made to /ers/config/endpoint/bulk/submit (with /submit at the end). My earlier tests were all made to /ers/config/endpoint/bulk (without /submit at the end). Thanks for reporting it.

Highlighted

@hslaino problems. The only reason I used that URL is because API documentation specifically says to use /submit at the end.

Regards

Highlighted

Hello,

 

can you give an example of the python code?

 

I try this:

payload = {
"GuestUserBulkRequest": {
"operationType": "delete",
"resourceMediaType": "vnd.com.cisco.ise.identity.guestuser.2.0+xml",
"idList": [{
"id": "37ca5620-597e-11ea-a01a-c684e6795d45"}]}}
url = f'https://{host}:9060/ers/config/guestuser/bulk/submit'
response = requests.get(url, auth=auth, data=json.dumps(payload), headers=headers, verify=False)

 

And got error:

{'ERSResponse': {'link': {'href': 'https://x.x.x.x:9060/ers/config/guestuser/bulk/submit',
'rel': 'related',
'type': 'application/xml'},
'messages': [{'code': 'Resource not found exception',
'title': "Illegal bulkid 'submit'",
'type': 'ERROR'}],
'operation': 'GET-getBulkStatus-guestuser'}}
Highlighted

Hi. AFAIK Bulk operations do not support JSON. You have to compile and send XML payload for bulk operations. At least, this is what I do (use XML) and it works fine.

Highlighted

Timofii,

 

according to API DOCs, bulk request support JSON (strange, but for some reason the section 'resourceList' is not specified):

api.png

 

I also tried with XML (test.xml):

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<ns4:guestUserBulkRequest operationType="delete" resourceMediaType="vnd.com.cisco.ise.identity.guestuser.2.0+xml" xmlns:ns6="sxp.ers.ise.cisco.com" xmlns:ns5="trustsec.ers.ise.cisco.com" xmlns:ns8="network.ers.ise.cisco.com" xmlns:ns7="anc.ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
    <idList>
        <id>37ca5620-597e-11ea-a01a-c684e6795d45</id>
    </idList>
</ns4:guestUserBulkRequest>

Python:

xml = open('test.xml')
    xml2 = xml.read()
    xml3 = ET.fromstring(xml2)
    payload = ET.tostring(xml3, encoding='utf-8', method='xml')
     url = f'https://{host}:9060/ers/config/guestuser/bulk/submit'
    response = requests.get(url, auth=auth, data=payload, headers=headers, verify=False)

But the same error..

Highlighted

I am not using xml module. Here's my code, which works fine

 

def bulk_delete(self, uuid_list):
'''
Send bulk request to delete multiple endpoints at once
Max IDs in one request is 5000 (Cisco ISE limitation)

:param uuid_list: List of strings (Cisco ISE Resource IDs)
:type uuid_list: List
'''

#: XML BODY Template
xml_tpl_body = """
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<ns4:endpointBulkRequest operationType="delete" resourceMediaType="vnd.com.cisco.ise.identity.endpoint.1.0+xml" xmlns:ns6="sxp.ers.ise.cisco.com" xmlns:ns5="trustsec.ers.ise.cisco.com" xmlns:ns8="network.ers.ise.cisco.com" xmlns:ns7="anc.ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
<idList>{uuid_list}</idList>
</ns4:endpointBulkRequest>
"""

#: XML Item Template
xml_tpl_item = "<id>{item}</id>"

#: Compile XML Templates
xml_list = [xml_tpl_item.format(item=uuid) for uuid in uuid_list]
xml_body = xml_tpl_body.format(uuid_list="".join(xml_list)).strip()

#: Send API Request
response = self._request(
'PUT',
self.calls['bulk'],
content_type='application/xml',
data=xml_body
)

#: Return False if API Request has failed
if not response:
return False

#: Extract and Return Bulk Operation ID
op_id = re.search(
"/([0-9]+)$",
response.headers['Location']
)

return op_id.group(1)

I hope it will help you

Highlighted

I've just noticed that you're using GET and not PUT. That's probably why it's not working.

Highlighted

Thanks,

 

yes, I didn’t notice that GETis used instead of PUT. 

And also I removed the quotes <"> from <id>. And now my script also worked!

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns4:guestUserBulkRequest operationType="delete" resourceMediaType="vnd.com.cisco.ise.identity.guestuser.2.0+xml" xmlns:ns6="sxp.ers.ise.cisco.com" xmlns:ns5="trustsec.ers.ise.cisco.com" xmlns:ns8="network.ers.ise.cisco.com" xmlns:ns7="anc.ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns4="identity.ers.ise.cisco.com">
    <idList>
        <id>84195042-2a16-11ea-abe2-da3b65da2c0a</id>
    </idList>
</ns4:guestUserBulkRequest>
headers = {
        'content-type': 'application/xml',
        'accept': 'application/json' }

    xml = open('test.xml')
    xml2 = xml.read()
    xml3 = ET.fromstring(xml2)
    payload = ET.tostring(xml3, encoding='utf-8', method='xml')

    url = f'https://{host}:9060/ers/config/guestuser/bulk/submit'
    response = requests.put(url, auth=auth, data=payload, headers=headers, verify=False)
    print(response.content)