From 667f4dea8b1a74c4cb468d82e3d8975857e23323 Mon Sep 17 00:00:00 2001 From: Colin Gagnaire Date: Mon, 7 Jan 2019 17:23:51 +0100 Subject: [PATCH] add cisco ise plugin (#1312) * add cisco ise plugin * fix cisco ise * fix cisco ise --- apps/cisco/ise/restapi/custom/xmlapi.pm | 250 ++++++++++++++++++++++++ apps/cisco/ise/restapi/mode/session.pm | 128 ++++++++++++ apps/cisco/ise/restapi/plugin.pm | 48 +++++ 3 files changed, 426 insertions(+) create mode 100644 apps/cisco/ise/restapi/custom/xmlapi.pm create mode 100644 apps/cisco/ise/restapi/mode/session.pm create mode 100644 apps/cisco/ise/restapi/plugin.pm diff --git a/apps/cisco/ise/restapi/custom/xmlapi.pm b/apps/cisco/ise/restapi/custom/xmlapi.pm new file mode 100644 index 000000000..1db7b0d46 --- /dev/null +++ b/apps/cisco/ise/restapi/custom/xmlapi.pm @@ -0,0 +1,250 @@ +# +# Copyright 2018 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package apps::cisco::ise::restapi::custom::xmlapi; + +use strict; +use warnings; +use centreon::plugins::http; +use XML::Simple; + +sub new { + my ($class, %options) = @_; + my $self = {}; + bless $self, $class; + + if (!defined($options{output})) { + print "Class Custom: Need to specify 'output' argument.\n"; + exit 3; + } + if (!defined($options{options})) { + $options{output}->add_option_msg(short_msg => "Class Custom: Need to specify 'options' argument."); + $options{output}->option_exit(); + } + + if (!defined($options{noptions})) { + $options{options}->add_options(arguments => + { + "hostname:s" => { name => 'hostname' }, + "url-path:s" => { name => 'url_path' }, + "port:s" => { name => 'port' }, + "proto:s" => { name => 'proto' }, + "username:s" => { name => 'username' }, + "password:s" => { name => 'password' }, + "proxyurl:s" => { name => 'proxyurl' }, + "timeout:s" => { name => 'timeout' }, + "ssl-opt:s@" => { name => 'ssl_opt' }, + }); + } + $options{options}->add_help(package => __PACKAGE__, sections => 'XMLAPI OPTIONS', once => 1); + + $self->{output} = $options{output}; + $self->{mode} = $options{mode}; + $self->{http} = centreon::plugins::http->new(output => $self->{output}); + + return $self; +} + +sub set_options { + my ($self, %options) = @_; + + $self->{option_results} = $options{option_results}; +} + +sub set_defaults { + my ($self, %options) = @_; + + foreach (keys %{$options{default}}) { + if ($_ eq $self->{mode}) { + for (my $i = 0; $i < scalar(@{$options{default}->{$_}}); $i++) { + foreach my $opt (keys %{$options{default}->{$_}[$i]}) { + if (!defined($self->{option_results}->{$opt}[$i])) { + $self->{option_results}->{$opt}[$i] = $options{default}->{$_}[$i]->{$opt}; + } + } + } + } + } +} + +sub check_options { + my ($self, %options) = @_; + + $self->{hostname} = (defined($self->{option_results}->{hostname})) ? $self->{option_results}->{hostname} : undef; + $self->{port} = (defined($self->{option_results}->{port})) ? $self->{option_results}->{port} : 443; + $self->{proto} = (defined($self->{option_results}->{proto})) ? $self->{option_results}->{proto} : 'https'; + $self->{username} = (defined($self->{option_results}->{username})) ? $self->{option_results}->{username} : undef; + $self->{password} = (defined($self->{option_results}->{password})) ? $self->{option_results}->{password} : undef; + $self->{url_path} = (defined($self->{option_results}->{url_path})) ? $self->{option_results}->{url_path} : '/admin/API/mnt'; + $self->{timeout} = (defined($self->{option_results}->{timeout})) ? $self->{option_results}->{timeout} : 10; + $self->{proxyurl} = (defined($self->{option_results}->{proxyurl})) ? $self->{option_results}->{proxyurl} : undef; + $self->{ssl_opt} = (defined($self->{option_results}->{ssl_opt})) ? $self->{option_results}->{ssl_opt} : undef; + + if (!defined($self->{option_results}->{username}) || $self->{option_results}->{username} eq '') { + $self->{output}->add_option_msg(short_msg => "Need to specify --username option."); + $self->{output}->option_exit(); + } + if (!defined($self->{option_results}->{password}) || $self->{option_results}->{password} eq '') { + $self->{output}->add_option_msg(short_msg => "Need to specify --password option."); + $self->{output}->option_exit(); + } + + return 0; +} + +sub build_options_for_httplib { + my ($self, %options) = @_; + + $self->{option_results}->{hostname} = $self->{hostname}; + $self->{option_results}->{timeout} = $self->{timeout}; + $self->{option_results}->{port} = $self->{port}; + $self->{option_results}->{proto} = $self->{proto}; + $self->{option_results}->{username} = $self->{username}; + $self->{option_results}->{password} = $self->{password}; + $self->{option_results}->{credentials} = 1; + $self->{option_results}->{basic} = 1; + $self->{option_results}->{proxyurl} = $self->{proxyurl}; + $self->{option_results}->{warning_status} = ''; + $self->{option_results}->{critical_status} = ''; +} + +sub settings { + my ($self, %options) = @_; + + $self->build_options_for_httplib(); + + $self->{http}->set_options(%{$self->{option_results}}); +} + +sub get_connection_info { + my ($self, %options) = @_; + + return $self->{hostname} . ":" . $self->{port}; +} + +sub get_hostname { + my ($self, %options) = @_; + + return $self->{hostname}; +} + +sub get_port { + my ($self, %options) = @_; + + return $self->{port}; +} + +sub get_endpoint { + my ($self, %options) = @_; + + $self->settings; + + my $content = $self->{http}->request(url_path => $self->{url_path} . $options{category}); + my $response = $self->{http}->get_response(); + + if ($response->code() != 200) { + my $xml_result; + eval { + $xml_result = XMLin($content); + }; + if ($@) { + $self->{output}->output_add(long_msg => $content, debug => 1); + $self->{output}->add_option_msg(short_msg => "Cannot decode xml response: $@"); + $self->{output}->option_exit(); + } + if (defined($xml_result)) { + $self->{output}->output_add(long_msg => $content, debug => 1); + $self->{output}->add_option_msg(short_msg => "Api return errors: " . join(', ', keys %{$xml_result})); + $self->{output}->option_exit(); + } + } + + my $xml_result; + eval { + $xml_result = XMLin($content, ForceArray => [], KeyAttr => []); + }; + if ($@) { + $self->{output}->output_add(long_msg => $content, debug => 1); + $self->{output}->add_option_msg(short_msg => "Cannot decode xml response: $@"); + $self->{output}->option_exit(); + } + + return $xml_result; +} + +1; + +__END__ + +=head1 NAME + +Cisco ISE XML API + +=head1 SYNOPSIS + +Cisco ISE XML API + +=head1 XMLAPI OPTIONS + +=over 8 + +=item B<--hostname> + +API hostname. + +=item B<--url-path> + +API url path (Default: '/admin/API/mnt') + +=item B<--port> + +API port (Default: 443) + +=item B<--proto> + +Specify https if needed (Default: 'https') + +=item B<--username> + +Set API username + +=item B<--password> + +Set API password + +=item B<--proxyurl> + +Proxy URL if any + +=item B<--timeout> + +Set HTTP timeout + +=item B<--ssl-opt> + +Set SSL options if needed (--ssl-opt="SSL_version => TLSv1" --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE"). + +=back + +=head1 DESCRIPTION + +B. + +=cut diff --git a/apps/cisco/ise/restapi/mode/session.pm b/apps/cisco/ise/restapi/mode/session.pm new file mode 100644 index 000000000..2c83b1f09 --- /dev/null +++ b/apps/cisco/ise/restapi/mode/session.pm @@ -0,0 +1,128 @@ +# +# Copyright 2018 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package apps::cisco::ise::restapi::mode::session; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0, skipped_code => { -10 => 1 } }, + ]; + + $self->{maps_counters}->{global} = [ + { label => 'active-sessions', set => { + key_values => [ { name => 'active' } ], + output_template => 'Active sessions: %d', + perfdatas => [ + { label => 'active_sessions', value => 'active_absolute', template => '%d', + min => 0 }, + ], + } + }, + { label => 'postured-endpoints', set => { + key_values => [ { name => 'postured' } ], + output_template => 'Postured endpoints: %d', + perfdatas => [ + { label => 'postured_endpoints', value => 'postured_absolute', template => '%d', + min => 0 }, + ], + } + }, + { label => 'profiler-service-sessions', set => { + key_values => [ { name => 'profiler' } ], + output_template => 'Profiler service sessions: %d', + perfdatas => [ + { label => 'profiler_service_sessions', value => 'profiler_absolute', template => '%d', + min => 0 }, + ], + } + }, + ]; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + + $self->{version} = '1.0'; + $options{options}->add_options(arguments => + { + "filter-counters:s" => { name => 'filter_counters' }, + }); + + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::check_options(%options); +} + +sub manage_selection { + my ($self, %options) = @_; + + my $active = $options{custom}->get_endpoint(category => '/Session/ActiveCount'); + my $posture = $options{custom}->get_endpoint(category => '/Session/PostureCount'); + my $profiler = $options{custom}->get_endpoint(category => '/Session/ProfilerCount'); + + $self->{global} = ''; + + $self->{global} = { + active => $active->{count}, + postured => $posture->{count}, + profiler => $profiler->{count}, + }; +} + +1; + +__END__ + +=head1 MODE + +Check sessions counters. + +=over 8 + +=item B<--filter-counters> + +Only display some counters (regexp can be used). +(Example: --filter-counters='active') + +=item B<--warning-*> + +Threshold warning. +Can be: 'active-sessions', 'postured-endpoints', 'profiler-service-sessions'. + +=item B<--critical-*> + +Threshold critical. +Can be: 'active-sessions', 'postured-endpoints', 'profiler-service-sessions'. + +=back + +=cut diff --git a/apps/cisco/ise/restapi/plugin.pm b/apps/cisco/ise/restapi/plugin.pm new file mode 100644 index 000000000..247cae9eb --- /dev/null +++ b/apps/cisco/ise/restapi/plugin.pm @@ -0,0 +1,48 @@ +# +# Copyright 2018 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package apps::cisco::ise::restapi::plugin; + +use strict; +use warnings; +use base qw(centreon::plugins::script_custom); + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options); + bless $self, $class; + + $self->{version} = '1.0'; + %{$self->{modes}} = ( + 'session' => 'apps::cisco::ise::restapi::mode::session', + ); + $self->{custom_modes}{api} = 'apps::cisco::ise::restapi::custom::xmlapi'; + return $self; +} + +1; + +__END__ + +=head1 PLUGIN DESCRIPTION + +Check Cisco ISE (Identity Services Engine) API. + +=cut