'create-internal-user.py' Source Code

#!/usr/bin/env python

###########################################################################
#                                                                         #
# This script demonstrates how to use the ISE ERS internal users          #
# API  by executing a Python script.                                      #
#                                                                         #
# SECURITY WARNING - DO NOT USE THIS SCRIPT IN PRODUCTION!                #
# The script allows connections to SSL sites without trusting             #
# the server certificates.                                                #
# For production, it is required to add certificate check.                #
#                                                                         #
# Usage: create-internal-user.py <ISE host> <ERS user> <ERS password>     #
#  <username> <first name> <last name> <password> <email> <expiry date>   #
###########################################################################

import http.client
import base64
import ssl
import sys

# parameters
name = sys.argv[4]  # "chris"
first = sys.argv[5]  # "Chris"
last = sys.argv[6]  # "Colombus"
passwd = sys.argv[7]  # "Password1"
email = sys.argv[8]  # "chris@cisco.com"
expiry_date = sys.argv[9]  # "2017-01-29"

# host and authentication credentials
host = sys.argv[1] # "10.20.30.40"
user = sys.argv[2] # "ersad"
password = sys.argv[3] # "Password1"


conn = http.client.HTTPSConnection("{}:9060".format(host), context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

creds = str.encode(':'.join((user, password)))
encodedAuth = bytes.decode(base64.b64encode(creds))

req_body_json = """  {{
    "InternalUser" : {{
        "name" : "{}",
        "enabled" : true,
        "email" : "{}",
        "password" : "{}",
        "firstName" : "{}",
        "lastName" : "{}",
        "changePassword" : true,
        "expiryDateEnabled" : true,
        "expiryDate" : "{}",
        "enablePassword" : "{}",
        "customAttributes" : {{
        }},
        "passwordIDStore" : "Internal Users"
    }}
}}
""".format(name,email,passwd,first,last,expiry_date,passwd)

headers = {
    'accept': "application/json",
    'content-type': "application/json",
    'authorization': " ".join(("Basic",encodedAuth)),
    'cache-control': "no-cache",
    }

conn.request("POST", "/ers/config/internaluser/", headers=headers, body=req_body_json)

res = conn.getresponse()
data = res.read()

print("Status: {}".format(res.status))
print("Header:\n{}".format(res.headers))
print("Body:\n{}".format(data.decode("utf-8")))

Execution

python create-internal-user.py 10.20.30.40 ersad Password1 chris1 Chris Colombus Password1 chris@cisco.com 2017-01-30

Status: 201 (Created)
Header:
Set-Cookie: JSESSIONIDSSO=56D49E483D6BB0A81C8AB8E43E5BA302; Path=/; Secure; HttpOnly
Set-Cookie: APPSESSIONID=6999F8178666C010A2FFC189C362D325; Path=/ers; Secure; HttpOnly
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://10.20.30.40:9060/ers/config/internaluser/93d33451-12d3-474e-970d-71c5dccd469e
Date: Thu, 01 Dec 2016 17:34:07 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 0
Server: