NAME
Net::Cisco::ACS - Access Cisco ACS functionality through REST API
SYNOPSIS
use Net::Cisco::ACS;
my $acs = Net::Cisco::ACS->new(hostname => '10.0.0.1', username => 'acsadmin', password => 'testPassword');
# Options:
# hostname - IP or hostname of Cisco ACS 5.x server
# username - Username of Administrator user
# password - Password of user
# ssl - SSL enabled (1 - default) or disabled (0)
my %users = $acs->users;
# Retrieve all users from ACS
# Returns hash with username / Net::Cisco::ACS::User pairs
print $acs->users->{"acsadmin"}->toXML;
# Dump in XML format (used by ACS for API calls)
my $user = $acs->users("name","acsadmin");
# Faster call to request specific user information by name
my $user = $acs->users("id","150");
# Faster call to request specific user information by ID (assigned by ACS, present in Net::Cisco::ACS::User)
my %identitygroups = $acs->identitygroups;
# Retrieve all identitygroups from ACS
# Returns hash with name / Net::Cisco::ACS::IdentityGroup pairs
print $acs->identitygroups->{"All Groups"}->toXML;
# Dump in XML format (used by ACS for API calls)
my $identitygroup = $acs->identitygroups("name","All Groups");
# Faster call to request specific identity group information by name
my $identitygroup = $acs->identitygroups("id","150");
# Faster call to request specific identity group information by ID (assigned by ACS, present in Net::Cisco::ACS::IdentityGroup)
my %devices = $acs->devices;
# Retrieve all devices from ACS
# Returns hash with device name / Net::Cisco::ACS::Device pairs
print $acs->devices->{"MAIN_Router"}->toXML;
# Dump in XML format (used by ACS for API calls)
my $device = $acs->devices("name","MAIN_Router");
# Faster call to request specific device information by name
my $device = $acs->devices("id","250");
# Faster call to request specific device information by ID (assigned by ACS, present in Net::Cisco::ACS::Device)
my %devicegroups = $acs->devicegroups;
# Retrieve all device groups from ACS
# Returns hash with device name / Net::Cisco::ACS::DeviceGroup pairs
print $acs->devicegroups->{"All Locations"}->toXML;
# Dump in XML format (used by ACS for API calls)
my $device = $acs->devicegroups("name","All Locations");
# Faster call to request specific device group information by name
my $devicegroup = $acs->devicegroups("id","250");
# Faster call to request specific device group information by ID (assigned by ACS, present in Net::Cisco::ACS::DeviceGroup)
my %hosts = $acs->hosts;
# Retrieve all hosts from ACS
# Returns hash with host name / Net::Cisco::ACS::Host pairs
print $acs->hosts->{"1234"}->toXML;
# Dump in XML format (used by ACS for API calls)
my $host = $acs->hosts("name","1234");
# Faster call to request specific host information by name
my $host = $acs->hosts("id","250");
# Faster call to request specific hosts information by ID (assigned by ACS, present in Net::Cisco::ACS::Host)
$user->id(0); # Required for new user!
my $id = $acs->create($user);
# Create new user based on Net::Cisco::ACS::User instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
$identitygroup->id(0); # Required for new record!
my $id = $acs->create($identitygroup);
# Create new identity group based on Net::Cisco::ACS::IdentityGroup instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
$device->id(0); # Required for new device!
my $id = $acs->create($device);
# Create new device based on Net::Cisco::ACS::Device instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
$devicegroup->id(0); # Required for new device group!
my $id = $acs->create($devicegroup);
# Create new device group based on Net::Cisco::ACS::DeviceGroup instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
$host->id(0); # Required for new host!
my $id = $acs->create($host);
# Create new host based on Net::Cisco::ACS::Host instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
my $id = $acs->update($user);
# Update existing user based on Net::Cisco::ACS::User instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
my $id = $acs->update($identitygroup);
# Update existing identitygroup based on Net::Cisco::ACS::IdentityGroup instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
my $id = $acs->update($device);
# Update existing device based on Net::Cisco::ACS::Device instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
my $id = $acs->update($devicegroup);
# Update existing device based on Net::Cisco::ACS::DeviceGroup instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
my $id = $acs->update($host);
# Update existing device based on Net::Cisco::ACS::Host instance
# Return value is ID generated by ACS
print "Record ID is $id" if $id;
print $Net::Cisco::ACS::ERROR unless $id;
# $Net::Cisco::ACS::ERROR contains details about failure
$acs->delete($user);
# Delete existing user based on Net::Cisco::ACS::User instance
$acs->delete($identitygroup);
# Delete existing identity group based on Net::Cisco::ACS::IdentityGroup instance
$acs->delete($device);
# Delete existing device based on Net::Cisco::ACS::Device instance
$acs->delete($devicegroup);
# Delete existing device based on Net::Cisco::ACS::DeviceGroup instance
$acs->delete($host);
# Delete existing host based on Net::Cisco::ACS::Host instance
$acs->version
# Return version information for the connected server *HASHREF*
$acs->serviceLocation
# Return ACS instance that serves as primary and the ACS instance that provide Monitoring and Troubleshooting Viewer. *HASHREF*
$acs->errorMessage
# Return all ACS message codes and message texts that are used on the REST Interface. *HASHREF*
DESCRIPTION
Net::Cisco::ACS is an implementation of the Cisco Secure Access Control System (ACS) REST API. Cisco ACS is a application / appliance that can be used for network access policy control. In short, it allows configuration of access policies for specific users onto specific devices and applications (either using RADIUS or TACACS+ authentication). Net::Cisco::ACS currently supports Device, Device Group, Host, User, Identity Group and generic information.
USAGE
All calls are handled through an instance of the Net::Cisco::ACS class.
use Net::Cisco::ACS;
my $acs = Net::Cisco::ACS->new(hostname => '10.0.0.1', username => 'acsadmin', password => 'testPassword');
- new
-
Class constructor. Returns object of Net::Cisco::ACS on succes. Required fields are:
- hostname
- username
Optional fields are
- ssl
- ssl_options
- hostname
-
IP or hostname of Cisco ACS 5.x server. This is a required value in the constructor but can be redefined afterwards.
- username
-
Username of Administrator user. This is a required value in the constructor but can be redefined afterwards.
- password
-
Password of user. This is a required value in the constructor but can be redefined afterwards.
- ssl
-
SSL enabled (1 - default) or disabled (0).
- ssl_options
-
Value is passed directly to LWP::UserAGent as ssl_opt. Default value (hash-ref) is
{ 'SSL_verify_mode' => SSL_VERIFY_NONE, 'verify_hostname' => '0' }
From the class instance, call the different methods for retrieving values.
- users
-
Returns hash or single instance, depending on context.
my %users = $acs->users(); # Slow my $user = $acs->users()->{"acsadmin"}; print $user->name;
The returned hash contains instances of Net::Cisco::ACS::User, using name (typically the username) as the hash key. Using a call to
users
with no arguments will retrieve all users and can take quite a few seconds (depending on the size of your database). When you know the username or ID, use the users call with arguments as listed below.my $user = $acs->users("name","acsadmin"); # Faster # or my $user = $acs->users("id","123"); # Faster print $user->name; The ID is typically generated by Cisco ACS when the entry is created. It can be retrieved by calling the C<id> method on the object. print $user->id;
- identitygroups
-
Returns hash or single instance, depending on context.
my %identitygroups = $acs->identitygroups(); # Slow my $identitygroup = $acs->identitygroups()->{"All Groups"}; print $identitgroup->name;
The returned hash contains instances of Net::Cisco::ACS::IdentityGroup, using name (typically the username) as the hash key. Using a call to
identitygroup
with no arguments will retrieve all identitygroups and can take quite a few seconds (depending on the size of your database). When you know the group name or ID, use the identitygroups call with arguments as listed below.my $identitygroup = $acs->identitygroups("name","All Groups"); # Faster # or my $identitygroup = $acs->identitygroups("id","123"); # Faster print $identitygroup->name; The ID is typically generated by Cisco ACS when the entry is created. It can be retrieved by calling the C<id> method on the object. print $identitygroup->id;
- devices
-
Returns hash or single instance, depending on context.
my %devices = $acs->devices(); # Slow my $device = $acs->devices()->{"Main_Router"}; print $device->name;
The returned hash contains instances of Net::Cisco::ACS::Device, using name (typically the sysname) as the hash key. Using a call to
device
with no arguments will retrieve all devices and can take quite a few seconds (depending on the size of your database). When you know the hostname or ID, use the devices call with arguments as listed below.my $device = $acs->device("name","Main_Router"); # Faster # or my $device = $acs->device("id","123"); # Faster print $device->name; The ID is typically generated by Cisco ACS when the entry is created. It can be retrieved by calling the C<id> method on the object. print $device->id;
- devicegroups
-
Returns hash or single instance, depending on context.
my %devicegroups = $acs->devicegroups(); # Slow my $devicegroup = $acs->devicegroups()->{"All Locations:Main Site"}; print $devicegroup->name;
The returned hash contains instances of Net::Cisco::ACS::DeviceGroup, using name (typically the device group name) as the hash key. Using a call to
devicegroups
with no arguments will retrieve all device groups and can take quite a few seconds (depending on the size of your database). When you know the device group or ID, use the devicegroups call with arguments as listed below.my $devicegroup = $acs->devicegroups("name","All Locations::Main Site"); # Faster # or my $devicegroup = $acs->devicegroups("id","123"); # Faster print $devicegroup->name;
The ID is typically generated by Cisco ACS when the entry is created. It can be retrieved by calling the
id
method on the object.print $devicegroup->id;
- hosts
-
Returns hash or single instance, depending on context.
my %hosts = $acs->hosts(); # Slow my $host = $acs->hosts()->{"12345"}; print $host->name;
The returned hash contains instances of Net::Cisco::ACS::Host, using name as the hash key. Using a call to
hosts
with no arguments will retrieve all hosts and can take quite a few seconds (depending on the size of your database). When you know the name or ID, use the hosts call with arguments as listed below.my $host = $acs->host("name","12345"); # Faster # or my $host = $acs->device("id","123"); # Faster print $host->name; The ID is typically generated by Cisco ACS when the entry is created. It can be retrieved by calling the C<id> method on the object. print $host->id;
- version
-
This method returns version specific information about the Cisco ACS instance you're connected to. Values are returned in a hash reference.
use Data::Dumper; # ... print Dumper $acs->version;
- servicelocation
-
This method returns information about the ACS instance that serves as primary and the ACS instance that provide Monitoring and Troubleshooting Viewer. Values are returned in a hash reference.
use Data::Dumper; # ... print Dumper $acs->servicelocation;
- errormessage
-
This method returns all ACS message codes and message texts that are used on the REST Interface. Values are returned in a hash reference. See also
$Net::Cisco::ACS::ERROR
.use Data::Dumper; # ... print Dumper $acs->errormessage;
- create
-
This method created a new entry in Cisco ACS, depending on the argument passed. Record type is detected automatically. For all record types, the ID value must be set to 0.
my $user = $acs->users("name","acsadmin"); $user->id(0); # Required for new user! $user->name("altadmin"); # Required field $user->password("TopSecret"); # Password policies will be enforced! $user->description("Alternate Admin"); my $id = $acs->create($user); # Create new user based on Net::Cisco::ACS::User instance # Return value is ID generated by ACS print "Record ID is $id" if $id; print $Net::Cisco::ACS::ERROR unless $id; # $Net::Cisco::ACS::ERROR contains details about failure my $device = $acs->devices("name","Main_Router"); $device->name("AltRouter"); # Required field $device->description("Standby Router"); $device->ips([{netMask => "32", ipAddress=>"10.0.0.2"}]); # Change IP address! Overlap check is enforced! $device->id(0); # Required for new device! my $id = $acs->create($device); # Create new device based on Net::Cisco::ACS::Device instance # Return value is ID generated by ACS print "Record ID is $id" if $id; print $Net::Cisco::ACS::ERROR unless $id; # $Net::Cisco::ACS::ERROR contains details about failure
- update
-
This method updates an existing entry in Cisco ACS, depending on the argument passed. Record type is detected automatically.
my $user = $acs->users("name","acsadmin"); $user->password("TopSecret"); # Change password. Password policies will be enforced! my $id = $acs->update($user); # Update user based on Net::Cisco::ACS::User instance # Return value is ID generated by ACS print "Record ID is $id" if $id; print $Net::Cisco::ACS::ERROR unless $id; # $Net::Cisco::ACS::ERROR contains details about failure my $device = $acs->devices("name","Main_Router"); $user->description("To be ceased"); # Change description $device->ips([{netMask => "32", ipAddress=>"10.0.0.2"}]); # or Change IP address. Overlap check is enforced! my $id = $acs->update($device); # Create new device based on Net::Cisco::ACS::Device instance # Return value is ID generated by ACS print "Record ID is $id" if $id; print $Net::Cisco::ACS::ERROR unless $id; # $Net::Cisco::ACS::ERROR contains details about failure
- delete
-
This method deletes an existing entry in Cisco ACS, depending on the argument passed. Record type is detected automatically.
my $user = $acs->users("name","acsadmin"); $acs->delete($user); my $device = $acs->users("name","Main_Router"); $acs->delete($device);
- $ERROR
-
This variable will contain detailed error information, based on the REST API answer. This value is reset during every call to
users
,devices
anddevicegroups
.
REQUIREMENTS
For this library to work, you need an instance with Cisco ACS (obviously) or a simulator like Net::Cisco::ACS::Mock.
To enable the Cisco ACS REST API, you will need to run the command below from the Cisco ACS console:
acs config-web-interface rest enable
You will also need an administrator-role account, typically NOT associated with a device-access account. Configure the account through the GUI.
System Administration > Administrators > Accounts
You will need more than generic privileges (SuperAdmin is ideal, suspected that UserAdmin and NetworkDeviceAdmin are sufficient).
You will also need
BUGS
None so far
SUPPORT
None so far :)
AUTHOR
Hendrik Van Belleghem
CPAN ID: BEATNIK
hendrik.vanbelleghem@gmail.com
COPYRIGHT
This program is free software licensed under the...
The General Public License (GPL)
Version 2, June 1991
The full text of the license can be found in the LICENSE file included with this module.
COMPATIBILITY
Certain API calls are not support from Cisco ACS 5.0 onwards. The current supported versions of Cisco ACS (by Cisco) are 5.6, 5.7 and 5.8 (Active).
SEE ALSO
See Net::Cisco::ACS::User for more information on User management.
See Net::Cisco::ACS::IdentityGroup for more information on User Group management.
See Net::Cisco::ACS::Device for more information on Device management.
See Net::Cisco::ACS::DeviceGroup for more information on Device Group management.
See Net::Cisco::ACS::Host for more information on Host management.
See the Cisco ACS product page for more information.
Net::Cisco::ACS relies on Moose.
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 743:
Unknown directive: =password