Oxidized: Adding Support For Ivanti Secure Connect

Hey there! 👋 I've got a cool project idea for Oxidized, a tool I use daily, and I wanted to share it with you. I'm aiming to add support for Ivanti Secure Connect (ICS) devices. Let's dive into the details!

The Need for Ivanti Secure Connect Support in Oxidized

The Current Situation: No ICS Model

Right now, Oxidized doesn't have a model built specifically for ICS devices. This means that if you're like me and using ICS in your network, Oxidized can't automatically grab configurations from these devices. That's a bummer, right? We want Oxidized to be able to fetch and store the configurations of all our network devices seamlessly. The absence of an ICS model creates a gap in the coverage.

The API Challenge: POST Requests are Needed

Here's where it gets a bit tricky. The Ivanti API is a bit different from some others. It requires a POST request to get a temporary api_key. This api_key is essential before we can even think about retrieving configuration data. Now, the current input/http.rb module in Oxidized doesn't support POST requests. This means we can't properly get the api_key, and without it, we can't implement a working model.

The Goal: Make Oxidized Work with ICS

My primary goal is to make Oxidized fully compatible with ICS devices. This involves two key steps:

1. Creating an ICS Model: I plan to build a new model for ICS devices that will fetch configurations in a way that fits in with the existing patterns in Oxidized. I’ll make sure it's clean and easy to understand.
2. Adding POST Support to HTTP Transport: To handle the API's needs, I want to add POST support to the input/http.rb module. This is where all the HTTP communication happens. By adding POST functionality, we can grab that crucial api_key and enable the ICS model to work.

Addressing the Limitations

Without these updates, Oxidized can't fully support ICS devices. This means missing out on the benefits of automated configuration backups, change detection, and version control for these critical network components. This creates a manual process for ICS device configuration management, increasing the potential for errors and inefficiencies.

The Proposed Solution: Steps to Make it Happen

Step 1: Crafting a New ICS Model

I want to create a new model specifically for ICS devices. This model will be designed to work seamlessly with the rest of Oxidized. It will follow established patterns to make sure it's easy to maintain and understand. The model will handle the specifics of fetching the configuration data from ICS devices using the API.

Here’s what I plan to do:

• Understand the ICS API: Dive deep into the Ivanti API documentation to understand the exact endpoints, data formats, and authentication requirements needed to retrieve configuration data.
• Define the Data Retrieval Process: Determine the best way to get the configuration data. This includes identifying the specific API calls, the data format (e.g., JSON, XML), and any necessary data parsing steps.
• Implement the Model: Write the code for the ICS model in Ruby, making sure it integrates with Oxidized's existing structure. This will involve using the HTTP transport (with POST support, as described below) to make API calls and parse the results.
• Test and Refine: Thoroughly test the model with different ICS devices and configurations to make sure it works correctly and efficiently. Make any necessary adjustments based on the test results.

Step 2: Boosting HTTP Transport with POST Support

To make this all work, we need to add support for POST requests in the input/http.rb module. This is the part of Oxidized that handles HTTP communications. By adding POST support, we can send the necessary requests to the ICS API to get the api_key and then use it to fetch the configuration.

Here's the plan:

• Examine Existing HTTP Module: Take a close look at the existing input/http.rb module to understand how it currently handles HTTP requests (GET, etc.).
• Add POST Method: Implement the code to support POST requests. This will involve modifying the module to send POST requests with the correct headers, data, and handling of responses.
• Test the New Functionality: Test the POST functionality to make sure it sends requests correctly and handles responses properly. I will make sure it handles authentication and data correctly.

The Importance of Collaboration

These steps are essential to successfully integrating ICS support into Oxidized, improving the tool's usability and expanding its compatibility. Your feedback and guidance are invaluable as I move forward with this project.

Alternatives Considered: Exploring Other Options

I’ve considered different approaches, as well. Here's a brief look at some of the alternative ideas I explored.

Modifying HTTP Transport

While I am proposing to modify the existing input/http.rb module, I know that making changes to core components can be a challenge. That's why I'm reaching out beforehand to get feedback and guidance.

Using a Separate Tool or Script

One potential alternative is to use a separate script or tool to get the configuration data and then somehow feed that data into Oxidized. However, I believe that having direct support within Oxidized is the best approach. It allows for a more streamlined and integrated workflow.

Seeking Guidance and Feedback Before Proceeding

I would love any advice or feedback before I start working on this. I'm open to suggestions and willing to adjust my approach as needed. Your insights will be invaluable as I proceed with this project. I want to make sure I'm following best practices and contributing effectively to Oxidized. Any guidance or advice you can offer would be greatly appreciated!

Conclusion: Bringing Ivanti Secure Connect into the Oxidized Fold

In conclusion, adding support for Ivanti Secure Connect in Oxidized will significantly improve the tool's versatility and usefulness for anyone managing ICS devices. By creating a new ICS model and adding POST support to the HTTP transport, we can make Oxidized work seamlessly with these devices. I'm excited about this project and look forward to your feedback and guidance!

I'm ready to open a Pull Request (PR) and contribute to the Oxidized community. Thanks for the tool and the opportunity to contribute! 🙏

For more information on the Oxidized project, check out their GitHub repository: Oxidized on GitHub