Retrieving an ANC Policy By Name
The pxGrid client retreives the ANC policy by name. The associated action is also retreived. In this example,the pxGrid client retreives the ANC_QUARANTINE_EXAMPLE policy. For more information on the ANC Configuration topic, please see: ANC Configuration
Code Step-Through
We step-through that is spefic to pxGrid 2.0 operation.
The public class ANCGetPolicyByName calls and obtains the string name for the requested ANC policy.
The private static get method calls SampleConfigObject and string name. The Sample config object contains the pxGrid connection parameters such as the ISE pxGrid name hostname, identity filename keystore (.jks) filename and the truststore keystore (.jks)filename and we receive the new pxGrid control object. The pxGrid control configuration contains the pxGrid client account, service lookup, and access secret obtained from the ISE pxGrid node
Under //pxGrid ServiceLookup for session service, a service lookup is performed for the ISE node publishing the com.cisco.ise.config.anc service. If there were more the (1) ISE node in the pxGrid, randomization would be performed to find the availble node. This of this is as load balancing to evenly distribute the load.
Under //User first service, we get WebSockets URL from "restBaseUrl" + "/getPolicyByName"
Under //pxGrid AccessSecret for the node, we obtain the secret from the ISE pxGrid node and make and receive the Policy by name request
SampleHelper.postObjectAndPrint obtains the ISE pxGrid node, access secret, WebSocket URL, and trust information from the Client Manager.
Main parses the SampleObject Parameters
Under //Account Activate we obtain the pxGridcontrol and wait 60 seconds for the pxGrid client account to be activated, the pxGrid controller version is received, we get and recieve the requested ANC policy by get(config)
JAVA Sample Code
package com.cisco.pxgrid.samples.ise;
import java.time.OffsetDateTime;
import org.apache.commons.cli.ParseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.cisco.pxgrid.samples.ise.model.AccountState;
import com.cisco.pxgrid.samples.ise.model.Service;
/**
* Demonstrates how to retrieve ANC policy by policy name
*/
public class ANCGetPolcyByName {
private static Logger logger = LoggerFactory.getLogger(ANCGetPolcyByName.class);
private static class ByNameRequest {
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}
private static void get(SampleConfiguration config, String name ) throws Exception {
PxgridControl https = new PxgridControl(config);
// pxGrid ServiceLookup for session service
Service[] services = https.serviceLookup("com.cisco.ise.config.anc");
if (services == null || services.length == 0) {
logger.warn("Service unavailable");
return;
}
// Use first service
Service service = services[0];
String url = service.getProperties().get("restBaseUrl") + "/getPolicyByName";
logger.info("url={}", url);
// pxGrid AccesssSecret for the node
String secret = https.getAccessSecret(service.getNodeName());
ByNameRequest request = new ByNameRequest();
request.setName(name);
SampleHelper.postObjectAndPrint(url, config.getNodeName(), secret, config.getSSLContext().getSocketFactory(), request);
}
public static void main(String [] args) throws Exception {
// Parse arguments
SampleConfiguration config = new SampleConfiguration();
try {
config.parse(args);
} catch (ParseException e) {
config.printHelp("ANCGetPolicyByName");
System.exit(1);
}
// AccountActivate
PxgridControl control = new PxgridControl(config);
while (control.accountActivate() != AccountState.ENABLED)
Thread.sleep(60000);
logger.info("pxGrid controller version={}", control.getControllerVersion());
String name = SampleHelper.prompt("Get policy name: ");
get(config, name);
}
}
Output
------ config ------
hostname = ise24fc3.lab10.com
nodename = mac05
password = (not specified)
description = (not specified)
keystorefilename = /Applications/master_rest_samples/sw1.jks
keystorepassword = Cisco123
truststorefilename = /Applications/master_rest_samples/sw1root.jks
truststorepassword = Cisco123
--------------------
23:32:34.218 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate request={}
23:32:34.417 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccountActivate response={"accountState":"ENABLED","version":"2.0.0.13"}
23:32:34.417 [main] INFO com.cisco.pxgrid.samples.ise.ANCGetPolcyByName - pxGrid controller version=2.0.0.13
Get policy name:
ANC_QUARANTINE_EXAMPLE
23:32:49.351 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup request={"name":"com.cisco.ise.config.anc"}
23:32:49.372 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - ServiceLookup response={"services":[{"name":"com.cisco.ise.config.anc","nodeName":"ise-admin-ise24fc3","properties":{"wsPubsubService":"com.cisco.ise.pubsub","restBaseUrl":"https://ise24fc3.lab10.com:8910/pxgrid/ise/config/anc","statusTopic":"/topic/com.cisco.ise.config.anc.status"}}]}
23:32:49.372 [main] INFO com.cisco.pxgrid.samples.ise.ANCGetPolcyByName - url=https://ise24fc3.lab10.com:8910/pxgrid/ise/config/anc/getPolicyByName
23:32:49.380 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret request={"peerNodeName":"ise-admin-ise24fc3"}
23:32:49.396 [main] INFO com.cisco.pxgrid.samples.ise.PxgridControl - AccessSecret response={"secret":"RhntxITOSQNNCh9y"}
23:32:49.449 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - postData={"name":"ANC_QUARANTINE_EXAMPLE"}
23:32:49.470 [main] INFO com.cisco.pxgrid.samples.ise.SampleHelper - Response status=200
Content: {"name":"ANC_QUARANTINE_EXAMPLE","actions":["QUARANTINE"]}