Is your feature request related to a problem? Please describe.
For things like patch installs/rollbacks, the nodes have to restart. I am new to all of this, but I could not find a way to really check to retry the connection without setting a sleep timer and then just waiting and hoping it was back up by the time the sleep was up.

Describe the solution you'd like
A way to check if you can connect or not. Function that would retry the connection until it succeeds or function that returns a bool or something that says it is possible to connect.

Describe alternatives you've considered
I have tried to use a try/except block around creating a connection and then sleeping and trying again, but it sends a lot of exceptions that I could not figure out how to catch. They happen deeper down either in urllib3 or requests or the actual ciscoisesdk files. Again, I am not super good at all of this, so I may be doing it wrong.

Prerequisites

• [yes ] Have you tested the operation in the API directly?
• [ yes] Do you have the latest SDK version?

Describe the bug
When using the get_endpoints_generator the last page produces an error on line 444 of utils.get_next_page()
Exception has occurred: TypeError
can only concatenate list (not "int") to list
Starting line 437 of utils.py:

        if not found:
            if isinstance(result, list):
                if len(result) == 0:
                    yield response
                else:
                    _params = dict(params)
                    if 'page' in params and 'size' in params:
                        _params['page'] = (params['page'] or 1) + 1

values from debugger output:

params['page']
['4']
(params['page'] or 1) + 1
Traceback (most recent call last):
  File "<string>", line 1, in <module>
TypeError: can only concatenate list (not "int") to list

Expected behavior
The final results page should be yielded by the generator. The results variable in the get_next_page() function already has the results. The logic error in utils.get_next_page(). When the get_next_page() function does not find the nextPage attribue on line 424 it should return the current page. However, when it drops into the if block on line 437, it gets to line 444 and hits the TypeError. I'm not sure how that line could ever work because in my debugging, that value, params['page'], is always a list of strings with one entry. I can get it to work for my purposes by changing line 439 from:

if len(result) == 0:

to:

if len(result) >0:

But because I'm not sure what the rest of that function is trying to accomplish (lines 441 and following), I'm afraid that might not be the right way to fix this.

Environment (please complete the following information):

• ISE version and patch: 3.0.0.458 patch 4
• Python version: 3.8.2
• SDK version: 1.3.1
• OS version: Ubuntu 20.04.1

Additional context

Describe the bug
When I call "list_installed_hotpatches", I only get the most recently installed hotpatch.

Expected behavior
I would expect it to return all of the installed hotpatches. I have tried on a few of my ISE nodes and it always returns a list with only 1 hotpatch even if I know there are more.

Screenshots

Environment (please complete the following information):

• ISE version and patch: 3.1.0 Patch 7
• Python version: 3.10.5
• SDK version: 2.0.9
• OS version: MacOS 13.4.1 (Ventura)

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version?
• Review the compatibility matrix before opening an issue.

Describe the bug

In the API documentation for the Repository class (https://ciscoisesdk.readthedocs.io/en/latest/api/api.html#ciscoisesdk.api.v3_1_0.repository.Repository), the repository name parameter does not match the actual implementation.

For example the get_repository method expects the parameter name according to the documentation.
When using the name parameter, the following exception is raised:

TypeError: Repository.get_repository() missing 1 required positional argument: 'repository_name'

Expected behavior

Not fully clear.

Option 1: Change API implementation according to the documentation (name) parameter.
However, this will potentially break any existing programs relying on the SDK. So maybe option 2 is
the better approach.

Option 2: Change the documentation and replace name with repository_name in the corresponding methods

Environment (please complete the following information):

• ISE version and patch: 3.2 Patch 4 (not relevant in this case)
• Python version: 3.11.6
• SDK version: ciscoisesdk==2.0.12

Is your feature request related to a problem? Please describe.
For regression testing using pyATS (or other testing tools), it might be useful to get the HTTP status code in successful API requests (e.g. 201 when creating a resource like an endpoint). In case of an error (ApiError exception) the fail status code is already implemented in the status_code property.

Describe the solution you'd like
Add the following properties to the RestResponse class:

• status_code

The field status might not be needed, because I doubt the ISE will add any message in the body for success requests.

Prerequisites

• [Yes ] Have you tested the operation in the API directly?
• [ Yes] Do you have the latest SDK version?
• Review the compatibility matrix before opening an issue.

Describe the bug
I am using the SDK ciscoisesdk. I want to only update network_device_group_list and description all other values should be untouched.
api_.network_device.update_by_id( id="16b867c0-ad7b-11ed-b060-7e0613ef335b", description="API TEST", name=DevName, network_device_group_list=["Device Type#All Device Types#Switches","IPSEC#Is IPSEC Device#No","Location#All Locations"], network_device_iplist=[{"ipaddress":"10.0.0.1", "mask": 32}] )
I am updating a network device from default to "Device Type#All Device Types#Switches" and it's updating it. But it removed all other settings as TACACS Authentication Setting, SNMP Settings and Advanced TrustSec Settings.

Expected behavior
It should only update the values that I have added in the call as shown above description, network_device_group_list should be changed/updated.
Screenshots

Environment (please complete the following information):

• ISE version and patch: 3.1.0.518
• Python version: Python 3.6.12
• SDK version: ciscoisesdk 2.0.8
• OS version:

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version?
• Review the compatibility matrix before opening an issue.

Describe the bug

When trying to install the latest ciscoisesdk and dnacentersdk in my environment, I am getting the following error. Can the dependencies for the request-toolbelt be updated/relaxed?

#18 109.9 The conflict is caused by:
#18 109.9     dnacentersdk 2.6.6 depends on requests-toolbelt<2.0.0 and >=1.0.0
#18 109.9     ciscoisesdk 2.0.10 depends on requests-toolbelt<0.11.0 and >=0.10.1

Expected behavior

Screenshots
Please provide an screenshot of the successful API call with cuRL, Postman, etc.

Environment (please complete the following information):

• ISE version and patch:
• Python version: 3.9
• SDK version:
• OS version:

Additional context
Add any other context about the problem here.

returned value RestResponse.response is a string instead of MyDict. Any idea?

Is your feature request related to a problem? Please describe.
API missing for Egress Matrix Policy Push

Describe the solution you'd like
API support for /ers/config/op/trustsec/egresspolicypush

Describe alternatives you've considered

Additional context

I've noticed that some parameters that are objects do not have documentation on what those objects can/should contain.

For instance:

https://ciscoisesdk.readthedocs.io/en/latest/api/api.html?#ciscoisesdk.api.v3_0_0.authorization_profile.AuthorizationProfile.create_authorization_profile

The vlan parameter can contain nameID and tagID, and it is documented in the ISE API:

https://developer.cisco.com/docs/identity-services-engine/v1/#!authorizationprofile

There are a few other examples of this that I'm finding and I will open an issue for the ones that I come across.

Thanks!

I have a need to use both dnacentersdk and ciscoisesdk in the same project. Unfortunately including both projects fails due to dependency resolution on the requests-toolbelt package.

  SolverProblemError

  Because no versions of ciscoisesdk match >2.0.8,<3.0.0
   and ciscoisesdk (2.0.8) depends on requests-toolbelt (>=0.9.1,<0.10.0), ciscoisesdk (>=2.0.8,<3.0.0) requires requests-toolbelt (>=0.9.1,<0.10.0).
  And because dnacentersdk (2.5.6) depends on requests-toolbelt (>=0.10.1,<0.11.0)
   and no versions of dnacentersdk match >2.5.6,<3.0.0, ciscoisesdk (>=2.0.8,<3.0.0) is incompatible with dnacentersdk (>=2.5.6,<3.0.0).
  So, because corp-security depends on both dnacentersdk (^2.5.6) and ciscoisesdk (^2.0.8), version solving failed.

PR incoming with a change from 0.9.1 to 0.10.1.

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version?
• Review the compatibility matrix before opening an issue.

Describe the bug
When trying to export the system cert I get this error but looking at the docs there is no requirement for hostname and I'm unable to add a hostname.

search_result = api.certificates.export_system_certificate(export='CERTIFICATE_WITH_PRIVATE_KEY', id='9d6xxxxd-6xx3-4xx1-xxx2-1eaxxxxx732f', password='TestCiscoIseAPI')

==================================================
Traceback (most recent call last):

                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ciscoisesdk/api/v3_1_patch_1/certificates.py", line 1292, in export_system_certificate
_api_response = self._session.post(endpoint_full_url, params=_params,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ciscoisesdk/restsession.py", line 640, in post
return self.download('POST', url, erc, 0, params=params,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ciscoisesdk/restsession.py", line 422, in download
with self.request(method, url, erc, 0, **kwargs) as resp:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ciscoisesdk/restsession.py", line 523, in request
check_response_code(response, erc,
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/ciscoisesdk/misc.py", line 62, in check_response_code
raise ApiError(response, **kwargs)
ciscoisesdk.exceptions.ApiError: [400] - HostName should not be null
{
"status" : "Fail",
"message" : "HostName should not be null"

Environment (please complete the following information):

• ISE version and patch: 3.1 Patch 7
• Python version: 3.10
• SDK version: Latest
• OS version: Mac OS

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
If I query ISE ERS API object (for example endpoint), the resulting list is limited to 20 items by default as described in the ISE API documentation. This can be increased to some value using the size parameter in the corresponding get call.
However, based on the ISE documentation, the "maximum resources per page cannot be more than 100 resources". So I assume the size parameter must not exceed 100 as well.

Example:

  epQuery = self.iseApi.endpoint.get_endpoints(
      filter=f'groupId.EQ.greatDevices',
      size=100
  )

If more than 100 return items are in the list, the next result page must be loaded manually.
So a query where the number of items is not sure in the first place must be include some type of looping to get all results.
Example:

        try:
            epQueryResult = None
            paging = True
            currentPage = 1
            while paging:
                epQuery = self.iseApi.endpoint.get_endpoints(
                    filter=f'groupId.EQ.greatDevices',
                    page=currentPage)
                
                # Extend result dictionary
                if epQueryResult:
                    # Case1: Result dictionary is already populated (page > 1)
                    epQueryResult["SearchResult"]["resources"].extend(
                        epQuery.response["SearchResult"]["resources"]
                    )
                else:
                    # Case2: Result dictionary is empty (page 1)
                    epQueryResult = epQuery.response

                # Checking if there is a nextPage reference
                if epQuery.response.SearchResult.nextPage:
                    currentPage += 1
                else:
                    paging = False

Describe the solution you'd like
Automatic paging for query results returning a list (response["SearchResult"]["resources"]).

Describe alternatives you've considered
See code example above

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version?

Describe the bug
Missing Option to add the parent Identity Group, like this only top level Endpoint identity groups can be created.

Expected behavior
Should have the option to add parent by name or by ID.

Screenshots

Whereas resource definition in the SDK provides this option

Environment (please complete the following information):

• ISE version and patch: 3.2
• Python version: 3.11
• SDK version: 3.1 p1
• OS version: osx

Hello,

I was trying to use Ansible ISE module which is built on top of this SDK and I ran into an issue with the network device endpoint. From what I observed it looks like the endpoint is incorrect. I don't see Cisco ISE API allowing it.

ISE version used: 2.4 in the lab - also tested on 2.7 and 3.0 on Cisco dCloud.

Error from Ansible:

failed: [192.168.10.10] (item=swtest01) => { "ansible_loop_var": "item", "item": "al-wtc-sr01", "msg": "An error occured when executing operation. The error was: [405] Method Not Allowed - The requested Method is not supported for that resource!\n{\n \"ERSResponse\" : {\n \"operation\" : \"GET-get by name-networkdevice\",\n \"messages\" : [ {\n \"title\" : \"The requested Method is not supported for that resource!\",\n \"type\" : \"ERROR\",\n \"code\" : \"Unsupported method exception\"\n } ],\n \"link\" : {\n \"rel\" : \"related\",\n \"href\" : \"https://192.168.10.10:9060/ers/config/networkdevice/name/swtest01\",\n \"type\" : \"application/xml\"\n }\n }\n}" }

Error from direct API request:
{ "ERSResponse": { "operation": "GET-get by name-networkdevice", "messages": [ { "title": "The requested Method is not supported for that resource!", "type": "ERROR", "code": "Unsupported method exception" } ], "link": { "rel": "related", "href": "https://192.168.10.10:9060/ers/config/networkdevice/name/swtest01", "type": "application/xml" } } }

Reference:
https://developer.cisco.com/docs/identity-services-engine/3.0/#!network-device/resource-definition

I was only able to search devices by name using the filter: https://192.168.10.10:9060/ers/config/networkdevice?filter=name.Contains.swtest01

Hence why I think the endpoint should be updated to "/ers/config/networkdevice?filter=name.Contains.{name}"

I've noticed that some parameters that are objects do not have documentation on what those objects can/should contain.

For instance:

https://ciscoisesdk.readthedocs.io/en/latest/api/api.html?#ciscoisesdk.api.v3_0_0.authorization_profile.AuthorizationProfile.create_authorization_profile

The webRedirection object can contain a few attributes that are documented in the ISE API:

https://developer.cisco.com/docs/identity-services-engine/v1/#!authorizationprofile

There are a few other examples of this that I'm finding and I will open an issue for the ones that I come across.

Thanks!

I need to add NetworkDevice with RADIUS protocol enabled and some settings around. How can I do that? Are there more examples that allow understanding of how to configure specific things?

Using DevNET Sandbox for ISE 3.0.1.
Cannot delete device group by id or create a new one.
Network Device creation/deletion works fine.

network device group - deletion:

>>> api = IdentityServicesEngineAPI(base_url="https://10.10.20.77", username="admin", password="C1sco12345", version="3.0.0", uses_api_gateway=True, verify=False)

>>> api.network_device_group.get_all().response.SearchResult.resources
[{'id': '70c79c30-8bff-11e6-996c-525400b48521', 'name': 'Device Type#All Device Types', 'description': 'All Device Types', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevicegroup/70c79c30-8bff-11e6-996c-52
5400b48521', 'type': 'application/json'}}, {'id': '4be41100-1fa7-11ec-af69-221f491f26b1', 'name': 'Device Type#All Device Types#Router', 'description': 'Router desc', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/n
etworkdevicegroup/4be41100-1fa7-11ec-af69-221f491f26b1', 'type': 'application/json'}}, {'id': '70d4bb90-8bff-11e6-996c-525400b48521', 'name': 'IPSEC#Is IPSEC Device', 'description': 'Is this a RADIUS over IPSEC Device', 'link': {'re
l': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevicegroup/70d4bb90-8bff-11e6-996c-525400b48521', 'type': 'application/json'}}, {'id': '70f40360-8bff-11e6-996c-525400b48521', 'name': 'IPSEC#Is IPSEC Device#No', 'descript
ion': 'Device is not IPSEC Type', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevicegroup/70f40360-8bff-11e6-996c-525400b48521', 'type': 'application/json'}}, {'id': '70e07b60-8bff-11e6-996c-525400b48521',
 'name': 'IPSEC#Is IPSEC Device#Yes', 'description': 'Device is IPSEC Type', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevicegroup/70e07b60-8bff-11e6-996c-525400b48521', 'type': 'application/json'}}, {'i
d': '70836740-8bff-11e6-996c-525400b48521', 'name': 'Location#All Locations', 'description': 'All Locations', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevicegroup/70836740-8bff-11e6-996c-525400b48521',
'type': 'application/json'}}, {'id': '7b6bf1b0-1f96-11ec-af69-221f491f26b1', 'name': 'Roles#Roles', 'description': 'Network device roles', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevicegroup/7b6bf1b0-1
f96-11ec-af69-221f491f26b1', 'type': 'application/json'}}, {'id': '5b724e20-1fa7-11ec-af69-221f491f26b1', 'name': 'Roles#Roles#Switch', 'description': '', 'link': {'rel': 'self', 'href': 'https://10.10.20.77/ers/config/networkdevice
group/5b724e20-1fa7-11ec-af69-221f491f26b1', 'type': 'application/json'}}]

>>> api.network_device_group.delete_by_id("4be41100-1fa7-11ec-af69-221f491f26b1")
Traceback (most recent call last):
< ... >
    raise ApiError(response)
ciscoisesdk.exceptions.ApiError: [500] - Failed to delete Network Device Group.
{
  "ERSResponse" : {
    "operation" : "DELETE-delete-networkdevicegroup",
    "messages" : [ {
      "title" : "Failed to delete Network Device Group. ",
      "type" : "ERROR",
      "code" : "CRUD operation exception"
    } ],
    "link" : {
      "rel" : "related",
      "href" : "https://10.10.20.77/ers/config/networkdevicegroup/4be41100-1fa7-11ec-af69-221f491f26b1",
      "type" : "application/xml"
    }
  }
}
>>>

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version?

Describe the bug
node_deployment.get_nodes() returns html login page as rest response instead of node details
whereas other APIs are working properly

(Pdb) result = self.api.node_deployment.get_node_details('cts-auto-v4-ise1').response
(Pdb) result [:100]
'<!doctype html>\n<!--**************************************************-->\n<!-- Copyright (c) 2020 Ci'

(Pdb) result = self.api.node_deployment.get_nodes().response
(Pdb) result [:100]
'<!doctype html>\n<!--**************************************************-->\n<!-- Copyright (c) 2020 Ci'


(Pdb) self.api.network_device.get_all().response
{'SearchResult': {'total': 1, 'resources': [{'id': '14199ca0-30da-11ed-9c2f-164d3c298156', 'name': 'temp_device', 'description': '', 'link': {'rel': 'self', 'href': 'https://10.76.119.182/ers/config/networkdevice/14199ca0-30da-11ed-9c2f-164d3c298156', 'type': 'application/json'}}]}}
(Pdb) 

Expected behavior
get_nodes should return node details

{
    "SearchResult": {
        "total": 3,
        "resources": [
            {
                "id": "1dc8a010-2a6e-11ed-a7df-0050568a6359",
                "name": "cts-auto-v4-ise1",
                "link": {
                    "rel": "self",
                    "href": "https://10.76.119.182/ers/config/node/1dc8a010-2a6e-11ed-a7df-0050568a6359",
                    "type": "application/json"
                }
            },
            {
                "id": "fb751a70-2ae0-11ed-a950-164d3c298156",
                "name": "cts-auto-v4-ise2",
                "link": {
                    "rel": "self",
                    "href": "https://10.76.119.182/ers/config/node/fb751a70-2ae0-11ed-a950-164d3c298156",
                    "type": "application/json"
                }
            },
            {
                "id": "2a208180-2e78-11ed-91a9-164d3c298156",
                "name": "cts-auto-v4-ise3",
                "link": {
                    "rel": "self",
                    "href": "https://10.76.119.182/ers/config/node/2a208180-2e78-11ed-91a9-164d3c298156",
                    "type": "application/json"
                }
            }
        ]
    }
}

Screenshots
Working in Postman:

Environment (please complete the following information):

• ISE version and patch: ISE 3.1
• Python version: Python 3.8.2
• SDK version: 2.0.4
• OS version:

Additional context
Add any other context about the problem here.

Prerequisites

• [No] Have you tested the operation in the API directly?
• [Yes ] Do you have the latest SDK version?
• [Yes ] Review the compatibility matrix before opening an issue.

Describe the bug
After adding package to venv in PyCharm (python 3.12) & running trough code below. Traceback shoot with bottom line of "ModuleNotFoundError: No module named 'imp'"

from ciscoisesdk import IdentityServicesEngineAPI
from ciscoisesdk.exceptions import ApiError
api = IdentityServicesEngineAPI(username='admin',
password='Cisco123',
uses_api_gateway=True,
base_url='https://10.200.200.50',
version='3.2_beta',
verify=False,
debug=False,
uses_csrf_token=False)
Expected behavior
silent code execution

Screenshots
curl -X 'GET'
'https://10.200.200.50:443/api/v1/patch'
-H 'accept: application/json'

{
"iseVersion": "3.2.0.542",
"patchVersion": [
{
"patchNumber": 2,
"installDate": "Thu Jul 06 18:46:47 2023"
}
]
}

Environment (please complete the following information):

• ISE version and patch: 3.2.0.542 patch 2
• Python version: 3.12
• SDK version: 2.1.2
• OS version: Win10 ent 10.0.19044

Additional context
Add any other context about the problem here.

Hi,

I was wondering if there's any specific reason to pin the requests version to ">=2.27.1, <=2.28"?

Since version 2.0.10 we've been using requests version "2.31.0" without any issues.

Here's the link to the vulnerability report.

while using the sdk through the ansible module with the option verify=false the following message is shown:

would be great to have an additional option or include it in verify=false to disable those warnings.
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings

urllib3.disable_warnings()

Prerequisites

• [x ] Have you tested the operation in the API directly?
• [x ] Do you have the latest SDK version?

Describe the bug
NetworkDeviceGroup.create uses wrong params in ISE 3.2. It uses othername but the API expects ndgtype (see screenshot below). This was probably changed/updated at some point.

https://ciscoisesdk.readthedocs.io/en/latest/_modules/ciscoisesdk/api/v3_1_0/network_device_group.html#NetworkDeviceGroup.create

Expected behavior
Update SDK to use correct name as seen in screeshot below. New: ndgtype, old: othername

Screenshots

Environment (please complete the following information):

• ISE version and patch: 3.2
• Python version: 3.10.7
• SDK version: 2.0.8
• OS version: OSX

Hi,

I'm new to ISE 3.0 so the API gateway is a new concept.
When creating the ISE object i'm specifying uses_api_gateway=True. However when I try and do something like this api.endpoint.get_all_endpoints() I'm just getting back HTML in the response. However something like this, api.misc.get_mnt_version() from the MNT API is working as expected.

On my API Gateway Settings page, there is only the option to enable the MNT API. In the config guide I also see...

In Cisco ISE Release 3.0, only the MnT (Monitoring) API is routed through the API Gateway.

Based on my understanding then, I need to set uses_api_gateway to False and specify the following parameters:

IDENTITY_SERVICES_ENGINE_ERS_BASE_URL
IDENTITY_SERVICES_ENGINE_MNT_BASE_URL
IDENTITY_SERVICES_ENGINE_UI_BASE_URL (maybe?)

I'm assuming that the ERS API will be supported in a later ISE version?

Hello,

When I am trying to use the following script to get_sessions_by_mac, I am getting AttributeError: 'str' object has no attribute 'get'

lab.misc.get_sessions_by_mac('00:50:56:8F:78:4F').response

Traceback (most recent call last):
  File "test.py", line 20, in <module>
    bwi.misc.get_sessions_by_mac('00:50:56:8F:78:4F').response
  File "/home/ubuntu/ciscoisesdk/ciscoisesdk/api/v3_0_0/misc.py", line 408, in get_sessions_by_mac
    _api_response = self._session.get(endpoint_full_url, params=_params)
  File "/home/ubuntu/ciscoisesdk/ciscoisesdk/restsession.py", line 426, in get
    response = self.request('GET', url, erc, 0, params=params, **kwargs)
  File "/home/ubuntu/ciscoisesdk/ciscoisesdk/restsession.py", line 350, in request
    check_response_code(response, erc)
  File "/home/ubuntu/ciscoisesdk/ciscoisesdk/utils.py", line 217, in check_response_code
    raise ApiError(response)
  File "/home/ubuntu/ciscoisesdk/ciscoisesdk/exceptions.py", line 151, in __init__
    if self.details else None
AttributeError: 'str' object has no attribute 'get'

When I do this API call manually I get back an HTTP 500 error

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<mnt-rest-result>
    <http-code>500</http-code>
    <cpm-code>34110</cpm-code>
    <description>Server has encountered error while processing the REST request</description>
    <module-name>MnT</module-name>
    <internal-error-info>Error in generating XML output. Error message = Session data is not available for AA:BB:CC:DD:EE:FF.</internal-error-info>
    <requested-operation>Get By Type</requested-operation>
    <resource-id>N/A</resource-id>
    <resource-name>N/A</resource-name>
    <resource-type>RESTSDStatus</resource-type>
    <status>SERVER_ERROR</status>
</mnt-rest-result>

I believe this might be the problem as when I use a MAC address which has a session, I get a response as expected

Prerequisites

• Have you tested the operation in the API directly? Yes
• Do you have the latest SDK version? Yes

Describe the bug
API Endoint contains character it should not (>)
e_url = ('/admin/API/mnt/CoA/Disconnect>/... instead of
e_url = ('/admin/API/mnt/CoA/Disconnect/...

Therefore you get HTTP 400, Request not processed - Bad input

Expected behavior
Correct API endpoint.

Screenshots
Please provide an screenshot of the successful API call with cuRL, Postman, etc.

Environment (please complete the following information):

• ISE version and patch: 3.1
• Python version: 3.9
• SDK version: tested 3.1, 3.1 patch 1
• OS version: OSX

Additional context
Would be nice if you could also name the variables correctly.

So e.g. disconnect_type instead of dis_con_nec_tty_pe, psn_name instead of psn_nam_e etc.

Thank you

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version? => ciscoisesdk==1.4.2

Describe the bug
When trying to delete an existing endpoint, the API throws an ciscoisesdk.exceptions.ApiError with the following message:

2022-02-21T14:47:03: %AETEST-ERROR: ciscoisesdk.exceptions.ApiError: [403] - CSRF nonce validation failed<!DOCTYPE html>
2022-02-21T14:47:03: %AETEST-ERROR: <html lang="en">
2022-02-21T14:47:03: %AETEST-ERROR:     <head>
2022-02-21T14:47:03: %AETEST-ERROR:         
2022-02-21T14:47:03: %AETEST-ERROR:     </head>
2022-02-21T14:47:03: %AETEST-ERROR:     <body>
2022-02-21T14:47:03: %AETEST-ERROR:         <div class="container">
2022-02-21T14:47:03: %AETEST-ERROR:             <h1>[ 403 ] </h1>
2022-02-21T14:47:03: %AETEST-ERROR:             <p></p>
2022-02-21T14:47:03: %AETEST-ERROR:         <p></p>
2022-02-21T14:47:03: %AETEST-ERROR:         </div>
2022-02-21T14:47:03: %AETEST-ERROR:     </body>
2022-02-21T14:47:03: %AETEST-ERROR: </html>

The code is quite simple (dummy data)

from ciscoisesdk import IdentityServicesEngineAPI
from ciscoisesdk.exceptions import ApiError
api = IdentityServicesEngineAPI(
            username=ers_rw_user,
            password=ers_rw_pw,
            uses_api_gateway=True,
            base_url="https://myise.example.org",
            version=3.1.1,
            verify=False)

delEp = api.endpoint.delete_endpoint_by_id(id = "5103b400-931b-11ec-ab1b-ae32d00e1b2c")

When CSRF checking is disabled in the ISE settings, the delete operation works as expected

Expected behavior
It should be possible to delete an endpoint by id with enable CSRF validation

Environment (please complete the following information):

• ISE version and patch: 3.1.0.518 Patch 1
• Python version: 3.6.8
• SDK version: 1.4.2
• OS version: CentOS Stream 8 (x86_64)

Is your feature request related to a problem? Please describe.
When sharing an instance of the IdentityServicesEngineAPI in various classes, the used parameters in the constructor __init__ might not be accessible in other classes or methods (e.g. when passing the instance as a method parameter). Especially when catching exceptions some of the instance parameters might be helpful for meaningful error messages (e.g. on a 401 error add the username in the exception message)

Describe the solution you'd like
It would be helpful to have all properties (ok - we might discuss about the password) used in the constructor as getter (and possibly setter) properties.

Prerequisites

• [yes] Have you tested the operation in the API directly?
• [yes] Do you have the latest SDK version?
• [did] Review the compatibility matrix before opening an issue.

Describe the bug

ciscoisesdk 2.1.2 requires requests<=2.28,>=2.27.1, but you have requests 2.31.0 which is incompatible.

So I downgrade. But...

AND

responses 0.25.0 requires requests<3.0,>=2.30.0, but you have requests 2.28.0 which is incompatible.

Expected behavior
the SDK should install with pip.

Screenshots
See above.

Environment (please complete the following information):

• ISE version and patch: doesn't matter
• Python version: 3.10.13
• SDK version:

Name: ciscoisesdk
Version: 2.1.2
{...}

• OS version: MacOS 14.3.1

Additional context

The sdk needs to update to a later version of requests.

Prerequisites

• [ x] Have you tested the operation in the API directly?
• [ x] Do you have the latest SDK version?

Describe the bug
A clear and concise description of what the bug is.
Impossible to configure conditions for Network access network conditions
https://github.com/CiscoISE/ciscoisesdk/blob/main/ciscoisesdk/api/v3_1_1/network_access_network_conditions.py

Expected behavior
A clear and concise description of what you expected to happen.
SDK is expecting a parameter named "conditions" with a list of conditions. API is expecting a list of conditions for each condition type
in attributes ipAddrList, deviceList,deviceGroupList
These 3 parameters are not handled by the SDK

Screenshots
Please provide an screenshot of the successful API call with cuRL, Postman, etc.

Environment (please complete the following information):

• ISE version and patch: 3.1 patch 3
• Python version: 3.10
• SDK version: 2.0.4
• OS version: docker

Additional context
Add any other context about the problem here.

Prerequisites

• [ x] Have you tested the operation in the API directly?
• [x ] Do you have the latest SDK version?
• [x ] Review the compatibility matrix before opening an issue.

Describe the bug
Function "create_network_device_group" return en error:
[400] - Validation Error - Mandatory fields missing: [ndgtype]
even if ndgtype parametr is provided:

response = api.network_device_group.create_network_device_group(ndgtype="Device Type", name=f"'Location#All Locations#{loc}", description=dsc)
What I am doing wrong?

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots

Environment (please complete the following information):

• ISE version and patch: 3.2.0.542
• Python version: 3.10
• SDK version: 2.2.1
• OS version: Ubuntu 22.04.4 LTS

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.

ISE should follow Python's Easier to Ask Forgiveness (EAFP) model of coding, by providing easier access to reasons that things fail. Currently, ISE throws a very generic ApiError when something goes wrong, and the reason for the error is hidden in text. So if one wants to follow EAFP, one is forced to do things like code something like this:

try:
   api.endpoint.create_endpoint(mac=device_mac_address)
except ApiError as e:
   try: # because you can't be sure that e has been properly populated
      recheck=re.compile(".*already exists\.")
      if re.match(e.details['ERSResponse']['messages'][0]['title']):
         ok, endpoint doesn't exist
      elif:
         go through a lengthy list of possibilities
   except:
      we ate it because we didn't try to parse through the entire set of ApiError objects

That's a bit much.

Describe the solution you'd like

ESPECIALLY for CRUD sorts of errors, you should at least handle the basics in simple exceptions like:

• DeviceAlreadyExists (on create)
• NoSuchDevice (retrieval, update, delete)
• PermissionDenied (a generic auth/authz fail)
• TimeOut (my api object might be good, but the connection to ISE broke)

You can, if you want, subclass these from ApiError if you want to provide more readable detail

Describe alternatives you've considered

There are no easy workarounds, but one can at least take a guess on create_endpoint (for example) by first trying get_endpoint_by_name (or some such) and hoping that e.status_code is giving you something sane.

I've noticed that some parameters that are objects or lists do not have documentation on what those objects can/should contain.

For instance:

https://ciscoisesdk.readthedocs.io/en/latest/api/api.html?#ciscoisesdk.api.v3_0_0.authorization_profile.AuthorizationProfile.create_authorization_profile

The advanced_attributes parameter is a list that can contain a number of fields that are is documented in the ISE API:

https://developer.cisco.com/docs/identity-services-engine/v1/#!authorizationprofile

There are a few other examples of this that I'm finding and I will open an issue for the ones that I come across.

Thanks!

Prerequisites

• [N/A ] Have you tested the operation in the API directly?
• [yes ] Do you have the latest SDK version?
• [N/A ] Review the compatibility matrix before opening an issue.

Describe the bug
The following dependencies are necessary but not documented in order to build the sdk:

sphinx, sphinx_rtd_theme, readthedocs-sphinx-search, xmltodict, fastjsonschema, requests_toolbelt

Environment (please complete the following information):

• ISE version and patch: n/a
• Python version: 3.10
• SDK version: latest
• OS version: MacOS 14.3

Prerequisites

• Have you tested the operation in the API directly?
• Do you have the latest SDK version?
• Review the compatibility matrix before opening an issue.

Describe the bug

Just created my new ISE testing development container with the new ciscoisesdk 2.1.0 version.
When running my scripts, the following exception is raised:

ModuleNotFoundError: No module named 'ciscoisesdk.api.v3_2_beta.nbar_app'

This even happens from the Python CLI:

ise-testing@1654ae340d2b:~$ python3
Python 3.11.6 (main, Nov  1 2023, 13:45:43) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 
>>> from ciscoisesdk import IdentityServicesEngineAPI
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/opt/venv/lib/python3.11/site-packages/ciscoisesdk/__init__.py", line 31, in <module>
    from .api import IdentityServicesEngineAPI
  File "/opt/venv/lib/python3.11/site-packages/ciscoisesdk/api/__init__.py", line 1487, in <module>
    from .v3_2_beta.nbar_app import (
ModuleNotFoundError: No module named 'ciscoisesdk.api.v3_2_beta.nbar_app'
>>> 

Expected behavior

Working import

Environment (please complete the following information):

• ISE version and patch: 3.2 Patch 4 (but irrelevant here)
• Python version: 3.11.6
• SDK version: ciscoisesdk==2.1.0
• OS version: Debian 12.2 (container image python:3.11-slim-bookworm)