I don't know if anyone does C++ REST coding but I had to put a self-contained DOS executable together put a MAC address into a static endpoint identity group. I used libcurl and JSON to do the ERS calls to ISE. Not going to show all the C++ code but wanted to show the libcurl calls.
First I define the base URL for the rest calls:
curl_url_base = "https://" + rest_user + ":" + rest_password + "@" + ise_admin + ":9060/ers/config/";
So the base URL could end up looking like:
https://rest_admin:TempPass@1.1.1.1:9060/ers/config/
Next Init Curl and setup the headers and options. I turn off SSL verification and set the timeout to 10 seconds.
curl = curl_easy_init();
curl_headers = curl_slist_append(curl_headers, "Content-type: application/json");
curl_headers = curl_slist_append(curl_headers, "Accept: application/json");
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, curl_headers);
curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10);
In order to save the HTTP response you need to setup a call back function. You can find examples in the libcurl documentation. I am putting all the data into a string called httpData.
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, callback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &httpData);
Now with the CURL headers and options set it is time to check to see if the MAC address exists in the ISE endpoint datbase:
curl_url = curl_url_base + "endpoint?filter=mac.EQ." + my_mac_address;
curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());
curl_result = curl_easy_perform(curl);
Once I get the HTTP result back back from ISE it will be in JSON format and have a format similar to this:
{
"SearchResult" : {
"total" : 1,
"resources" : [ {
"id" : "dc2227f0-6293-11e7-889a-024261069971",
"name" : "11:22:33:44:55:66",
"link" : {
"rel" : "self",
"href" : "https://10.89.80.34:9060/ers/config/endpoint/dc2227f0-6293-11e7-889a-024261069971",
"type" : "application/xml"
}
} ]
}
}
I parse the JSON looking for the "id:" line. If it exists I copy the MAC ID into a string of not I know the MAC address doesn't exist.
Next I need to make a call to get the Endpoint Group ID from ISE.
httpData.clear();
curl_url = curl_url_base + "endpointgroup?filter=name.EQ." + identity_group;
curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());
curl_result = curl_easy_perform(curl);
The JSON return will look something like this:
{
"SearchResult" : {
"total" : 1,
"resources" : [ {
"id" : "cabb7fc0-5d4d-11e7-b01c-024226b23b4f",
"name" : "Test",
"description" : "",
"link" : {
"rel" : "self",
"href" : "https://10.89.80.34:9060/ers/config/endpointgroup/cabb7fc0-5d4d-11e7-b01c-024226b23b4f",
"type" : "application/xml"
}
} ]
}
}
Now I have the MAC ID and Group ID. If the MAC exists I need to perform a PUT call to ISE with JSON to update the MAC address. The JSON is in this format:
{
"ERSEndPoint" : {
"groupId" : "cabb7fc0-5d4d-11e7-b01c-024226b23b4f",
"mac" : "11:22:33:44:55:66",
"staticGroupAssignment" : true
}
}
I put this data into a string and issue the PUT to ISE.
httpData.clear();
sendData = "{\n\"ERSEndPoint\" : {";
sendData = sendData + "\"groupId\" : \"" + group_id_value + "\",";
sendData = sendData + "\"mac\" : \"" + my_mac_address + "\",";
sendData = sendData + "\"staticGroupAssignment\" : true\n}\n}";
curl_url = curl_url_base + "endpoint/" + mac_id_value;
curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "PUT");
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sendData.c_str());
curl_result = curl_easy_perform(curl);
If things works work you get a 200 code back with JSON that looks similar to this:
{
"UpdatedFieldsList" : {
"updatedField" : [ {
"field" : "groupId",
"oldValue" : "aa000c30-8bff-11e6-996c-525400b48521",
"newValue" : "cabb7fc0-5d4d-11e7-b01c-024226b23b4f"
} ]
}
}
If the MAC address doesn't exist in ISE you issue a POST with the same JSON format as the PUT:
sendData = "{\n\"ERSEndPoint\" : {";
sendData = sendData + "\"groupId\" : \"" + group_id_value + "\",";
sendData = sendData + "\"mac\" : \"" + my_mac_address + "\",";
sendData = sendData + "\"staticGroupAssignment\" : true\n}\n}";
curl_url = curl_url_base + "endpoint";
curl_easy_setopt(curl, CURLOPT_URL, curl_url.c_str());
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sendData.c_str());
curl_result = curl_easy_perform(curl);
If the MAC address add is successful the HTML code returned is 201.