Beispiel #1
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    try:
        xapi.op(cmd="<request><restart><system></system></restart></request>")
    except pan.xapi.PanXapiError, msg:
        if 'succeeded' in str(msg):
            module.exit_json(changed=True, msg=str(msg))

        raise
Beispiel #2
0
def main():
    argument_spec = dict(ip_address=dict(),
                         password=dict(no_log=True),
                         username=dict(default='admin'))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)

    if not HAS_LIB:
        module.fail_json(msg='pan-python required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    try:
        xapi.op(cmd="<request><restart><system></system></restart></request>")
    except Exception:
        x = sys.exc_info()[1]
        if 'succeeded' in str(x):
            module.exit_json(changed=True, msg=str(msg))
        else:
            module.fail_json(msg=x)
            raise

    module.exit_json(changed=True, msg="okey dokey")
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin')
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    try:
        xapi.op(cmd="<request><restart><system></system></restart></request>")
    except pan.xapi.PanXapiError, msg:
        if 'succeeded' in str(msg):
            module.exit_json(changed=True, msg=str(msg))

        raise
Beispiel #4
0
def load_cfgfile(xapi, module, ip_address, file_):
    # load configuration file
    cmd = "<load><config><from>%s</from></config></load>" % file_

    xapi.op(cmd=cmd)

    return True
Beispiel #5
0
def test_panorama() -> None:
    """
    test PAN-OS device auth from environment variables
    :return: None
    """
    xapi = panos_login()
    xapi.op(cmd='show system info', cmd_xml=True)
    print(xapi.xml_result())
def load_cfgfile(xapi, module, ip_address, file_):
    # load configuration file
    cmd = '<load><config><from>%s</from></config></load>' %\
          file_

    xapi.op(cmd=cmd)

    return True
Beispiel #7
0
def test_panorama():
    xapi = panorama_login()

    if xapi is None:
        print('Could not test Panorama')
        return None

    xapi.op(cmd='show system info', cmd_xml=True)
    print(xapi.xml_result())
def get_palo_software_version(xapi):
    action = 'op'
    cmd = "<show><system><info></info></system></show>"
    xapi.op(cmd=cmd)
    print_status(xapi, action)
    xmlres = get_response(xapi)
    xml_sysinfo_palo = xmlres.replace('\n','')
    print("sysinfo: ", xml_sysinfo_palo)
    palo_version = paloxml_to_list(xml_sysinfo_palo,'sw-version')[0]
    return palo_version
def get_serial(xapi, module):
    xapi.op(cmd="show system info", cmd_xml=True)
    r = xapi.element_root
    serial = r.find('.//serial')
    if serial is None:
        module.fail_json(msg="No <serial> tag in show system info")

    serial = serial.text

    return serial
Beispiel #10
0
def get_palo_software_version(xapi):
    action = 'op'
    cmd = "<show><system><info></info></system></show>"
    xapi.op(cmd=cmd)
    print_status(xapi, action)
    xmlres = get_response(xapi)
    xml_sysinfo_palo = xmlres.replace('\n', '')
    print("sysinfo: ", xml_sysinfo_palo)
    palo_version = paloxml_to_list(xml_sysinfo_palo, 'sw-version')[0]
    return palo_version
Beispiel #11
0
def get_serial(xapi, module):
    xapi.op(cmd="show system info", cmd_xml=True)
    r = xapi.element_root
    serial = r.find('.//serial')
    if serial is None:
        module.fail_json(msg="No <serial> tag in show system info")

    serial = serial.text

    return serial
def admin_set(xapi, module, admin_username, admin_password, role):
    if admin_password is not None:
        xapi.op(cmd='request password-hash password "%s"' % admin_password,
                cmd_xml=True)
        r = xapi.element_root
        phash = r.find(".//phash").text
    if role is not None:
        rbval = "yes"
        if role != "superuser" and role != "superreader":
            rbval = ""

    ea = admin_exists(xapi, admin_username)
    if ea is not None:
        # user exists
        changed = False

        if role is not None:
            rb = ea.find(".//role-based")
            if rb is not None:
                if rb[0].tag != role:
                    changed = True
                    xpath = _ADMIN_XPATH % admin_username
                    xpath += "/permissions/role-based/%s" % rb[0].tag
                    xapi.delete(xpath=xpath)

                    xpath = _ADMIN_XPATH % admin_username
                    xpath += "/permissions/role-based"
                    xapi.set(xpath=xpath,
                             element="<%s>%s</%s>" % (role, rbval, role))

        if admin_password is not None:
            xapi.edit(
                xpath=_ADMIN_XPATH % admin_username + "/phash",
                element="<phash>%s</phash>" % phash,
            )
            changed = True

        return changed

    # setup the non encrypted part of the monitor
    exml = []

    exml.append("<phash>%s</phash>" % phash)
    exml.append("<permissions><role-based><%s>%s</%s>"
                "</role-based></permissions>" % (role, rbval, role))

    exml = "".join(exml)
    # module.fail_json(msg=exml)

    xapi.set(xpath=_ADMIN_XPATH % admin_username, element=exml)

    return True
def apply_api_key(xapi, module, api_key):
    try:
        xapi.op(
            cmd=
            '<request><license><api-key><set><key>%s</key></set></api-key></license></request>'
            % api_key)
    except pan.xapi.PanXapiError as msg:
        if hasattr(xapi, 'xml_document'):
            if "API key is same as old" in xapi.xml_document:
                return True
        raise

    return True
def replace_sn(xapi, module,old_sn,new_sn):
    try:
        xapi.op(cmd='<replace><device><old>%s</old><new>%s</new></device></replace>' % (old_sn, new_sn))
    except pan.xapi.PanXapiError as msg:
        if hasattr(xapi, 'xml_document'):
            if 'Successfully' in xapi.xml_document:
                return True
        else:
            module.fail_json(msg="Unknown error!")

        raise

    return True
Beispiel #15
0
def download_url_region(xapi, module, region, job_timeout):
    pan_db_region = None
    for r in PAN_DB_REGIONS:
        if region.lower() == r.lower():
            pan_db_region = r
            break
    if pan_db_region is None:
        module.fail_json(msg="Invalid PAN-DB region %s" % region)

    xapi.op(cmd="<request><url-filtering><download>"
            "<paloaltonetworks><region>%s</region></paloaltonetworks>"
            "</download></url-filtering></request>" % pan_db_region)

    return True
def fetch_authcode(xapi, module):
    try:
        xapi.op(cmd='request license fetch', cmd_xml=True)
    except pan.xapi.PanXapiError:
        if hasattr(xapi, 'xml_document'):
            if 'Successfully' in xapi.xml_document:
                return

        if 'Invalid Auth Code' in xapi.xml_document:
            module.fail_json(msg="Invalid Auth Code")

        raise

    return
Beispiel #17
0
def perform_backup() -> str:
    """
    Saves a named backup on the PAN-OS device. The format for the backup is 'panhandler-20190424000000.xml'
    :return:  xml results from the op command sequence
    """
    xapi = panos_login()
    d = datetime.datetime.today()
    tstamp = d.strftime('%Y%m%d%H%M%S')
    cmd = f'<save><config><to>panhandler-{tstamp}.xml</to></config></save>'
    try:
        xapi.op(cmd=cmd)
        return xapi.xml_result()
    except pan.xapi.PanXapiError as pxe:
        raise TargetConnectionException(f'Could not perform backup: {pxe}')
Beispiel #18
0
def admin_set(xapi, module, admin_username, admin_password, role):
    if admin_password is not None:
        xapi.op(cmd='request password-hash password "%s"' % admin_password,
                cmd_xml=True)
        r = xapi.element_root
        phash = r.find('.//phash').text
    if role is not None:
        rbval = "yes"
        if role != "superuser" and role != 'superreader':
            rbval = ""

    ea = admin_exists(xapi, admin_username)
    if ea is not None:
        # user exists
        changed = False

        if role is not None:
            rb = ea.find('.//role-based')
            if rb is not None:
                if rb[0].tag != role:
                    changed = True
                    xpath = _ADMIN_XPATH % admin_username
                    xpath += '/permissions/role-based/%s' % rb[0].tag
                    xapi.delete(xpath=xpath)

                    xpath = _ADMIN_XPATH % admin_username
                    xpath += '/permissions/role-based'
                    xapi.set(xpath=xpath,
                             element='<%s>%s</%s>' % (role, rbval, role))

        if admin_password is not None:
            xapi.edit(xpath=_ADMIN_XPATH % admin_username+'/phash',
                      element='<phash>%s</phash>' % phash)
            changed = True

        return changed

    # setup the non encrypted part of the monitor
    exml = []

    exml.append('<phash>%s</phash>' % phash)
    exml.append('<permissions><role-based><%s>%s</%s>'
                '</role-based></permissions>' % (role, rbval, role))

    exml = ''.join(exml)
    # module.fail_json(msg=exml)

    xapi.set(xpath=_ADMIN_XPATH % admin_username, element=exml)

    return True
Beispiel #19
0
def fetch_authcode(xapi, module):
    try:
        xapi.op(cmd='request license fetch', cmd_xml=True)
    except pan.xapi.PanXapiError:
        if hasattr(xapi, 'xml_document'):
            if 'Successfully' in xapi.xml_document:
                return

        if 'Invalid Auth Code' in xapi.xml_document:
            module.fail_json(msg="Invalid Auth Code")

        raise

    return
def download_url_region(xapi, module, region, job_timeout):
    pan_db_region = None
    for r in PAN_DB_REGIONS:
        if region.lower() == r.lower():
            pan_db_region = r
            break
    if pan_db_region is None:
        module.fail_json(msg="Invalid PAN-DB region %s" % region)

    xapi.op(cmd="<request><url-filtering><download>"
                "<paloaltonetworks><region>%s</region></paloaltonetworks>"
                "</download></url-filtering></request>" %
                pan_db_region)

    return True
def apply_authcode(xapi, module, auth_code):
    try:
        xapi.op(cmd='<request><license><fetch><auth-code>%s</auth-code></fetch></license></request>' % auth_code)
    except pan.xapi.PanXapiError:
        module.exit_json(changed=True, msg=xapi.xml_document)
        if hasattr(xapi, 'xml_document'):
            if 'Successfully' in xapi.xml_document:
                return

        if 'Invalid Auth Code' in xapi.xml_document:
            module.fail_json(msg="Invalid Auth Code")

        raise

    return
def deactivate_license(xapi, module):
    try:
        xapi.op(
            cmd=
            '<request><license><deactivate><VM-Capacity><mode>auto</mode></VM-Capacity></deactivate></license></request>'
        )
    except pan.xapi.PanXapiError as msg:
        if hasattr(xapi, 'xml_document'):
            if 'Successfully' in xapi.xml_document:
                return
        else:
            module.fail_json(msg="Unknown error!")

        raise

    return
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        timeout=dict(default=0, type='int'),
        interval=dict(default=0, type='int')
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']
    timeout = module.params['timeout']
    interval = module.params['interval']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password,
        timeout=60
    )

    checkpnt = time.time()+timeout
    while True:
        try:
            xapi.op(cmd="show jobs all", cmd_xml=True)
        except:
            pass
        else:
            jobs = xapi.element_root.findall('.//job')
            if check_jobs(jobs, module):
                module.exit_json(changed=True, msg="okey dokey")

        if time.time() > checkpnt:
            break

        time.sleep(interval)

    module.fail_json(msg="Timeout")
Beispiel #24
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        timeout=dict(default=0, type='int'),
        interval=dict(default=0, type='int')
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    timeout = module.params['timeout']
    interval = module.params['interval']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password,
        timeout=60
    )

    checkpnt = time.time() + timeout
    while True:
        try:
            xapi.op(cmd="show jobs all", cmd_xml=True)
        except Exception:
            pass
        else:
            jobs = xapi.element_root.findall('.//job')
            if check_jobs(jobs, module):
                module.exit_json(changed=True, msg="okey dokey")

        if time.time() > checkpnt:
            break

        time.sleep(interval)

    module.fail_json(msg="Timeout")
Beispiel #25
0
def apply_authcode(xapi, module, auth_code):
    try:
        xapi.op(cmd='request license fetch auth-code "%s"' % auth_code,
                cmd_xml=True)
    except pan.xapi.PanXapiError:
        if hasattr(xapi, 'xml_document'):
            if 'Successfully' in xapi.xml_document:
                return

        if 'Invalid Auth Code' in xapi.xml_document:
            module.fail_json(msg="Invalid Auth Code")

        # Duplicate capacity license fails gracefully as it could be expected
        if 'Failed to install licenses. Cannot apply a provisioning license feature to an already provisioned device' in xapi.xml_document:
            return

        # Other exception
        raise

    return
Beispiel #26
0
def check_job(xapi, jobnum, timeout=240):
    now = time.time()
    while time.time() < now + timeout:
        xapi.op(cmd='<show><jobs><id>%s</id></jobs></show>' % jobnum)
        print('result = {}'.format(xapi.xml_result()))
        status = xapi.element_root.find('.//status')
        if status is None:
            raise JobException("Invalid job %s: no status information %s" %
                               (jobnum, xapi.xml_document))
        if status.text == 'FIN':
            result = xapi.element_root.find('.//job/result')
            if result is None:
                raise JobException("Invalid FIN job %s: no result %s" %
                                   (jobnum, xapi.xml_document))
            if result.text != 'OK':
                raise JobException("Job %s failed: %s" %
                                   (jobnum, xapi.xml_document))
            return None

    raise JobException("Timeout in job %s" % jobnum)
Beispiel #27
0
def find_latest_plugin(xapi, plugin):

    xapi.op(cmd="<request><plugins>" "<check></check>" "</plugins></request>")

    xapi.op(cmd="<show><plugins><packages></packages></plugins></show>")

    entries = xapi.element_root.findall('.//plugins/entry')
    plugins = []
    for e in entries:
        n = e.find('name').text
        if not n or plugin not in n:
            continue
        print('found matching entry: {}'.format(n))
        plugins.append(e.find('version').text, )
    if len(plugins) == 0:
        module.fail_json(msg="no valid plugins after check")

    plugins = sorted(plugins, key=lambda x: x, reverse=True)
    print('plugins is: {}'.format(plugins))
    return plugins[0]
def main():
    parser = argparse.ArgumentParser(
        description=
        """Export current threat content from firewall or Panorama.""")

    parser.add_argument("-k",
                        "--api_key",
                        help="API key to use for connection.")

    required = parser.add_argument_group()
    required.add_argument("hostname", help="Hostname of firewall or Panorama")
    required.add_argument("output_file", help="Output file for report")

    args = parser.parse_args()

    output = None

    try:
        if args.api_key:
            xapi = pan.xapi.PanXapi(hostname=args.hostname,
                                    api_key=args.api_key)
        else:
            username = input("Username: "******"Password: "******"<show><predefined><xpath>/predefined/threats/vulnerability</xpath></predefined></show>"
        )

        output = xapi.xml_result()

    except pan.xapi.PanXapiError as e:
        print("XML-API Error: {0}".format(e))
        sys.exit(1)

    vulns = parse_xml(output)
    excel_output(args.output_file, vulns)
Beispiel #29
0
 def _set_command(self, command, cmd_xml, hostname, tag, pattern):
     result = False
     xapi = pan.xapi.PanXapi(**self._get_pan_credentials(hostname))
     print(
         'Running command on {hostname} with user {username} and password {password}...'
         .format(hostname=hostname,
                 username=self.username,
                 password=self.password[:1]))
     try:
         xapi.op(cmd=command, cmd_xml=cmd_xml)
     except pan.xapi.PanXapiError as e:
         print("{error}".format(error=e))
         return False
     if xapi.status == 'success':
         soup = BeautifulSoup(xapi.xml_result(), 'html.parser')
         for line in soup.find_all(tag):
             result = line.get_text()
             print(result)
             if pattern:
                 result = self._parso(pattern, result)
     return result
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         timeout=dict(default=0, type='int'),
                         interval=dict(default=0, type='int'))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']
    timeout = module.params['timeout']
    interval = module.params['interval']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password,
                            timeout=60)

    checkpnt = time.time() + timeout
    while True:
        try:
            xapi.op(cmd="show jobs all", cmd_xml=True)
        except:
            pass
        else:
            jobs = xapi.element_root.findall('.//job')
            if check_jobs(jobs, module):
                module.exit_json(changed=True, msg="okey dokey")

        if time.time() > checkpnt:
            break

        time.sleep(interval)

    module.fail_json(msg="Timeout")
Beispiel #31
0
def install_software(xapi, module, version, file_, job_timeout):
    # check something updates
    if version is not None:
        cmd = '<request><system><software>' +\
              '<install><version>%s</version></install>' +\
              '</software></system></request>' % version
        something = version
    else:
        cmd = '<request><system><software>' +\
              '<install><file>%s</file></install>' +\
              '</software></system></request>' % file_
        something = file_

    xapi.op(cmd=cmd)
    job = xapi.element_root.find('.//job')
    if job is None:
        module.fail_json(msg="no job from install software image %s" %
                         something)
    job = job.text
    check_job(xapi, job, timeout=job_timeout)

    return True
def check_job(xapi, jobnum, timeout=240):
    now = time.time()
    while time.time() < now+timeout:
        xapi.op(cmd='<show><jobs><id>%s</id></jobs></show>' % jobnum)
        status = xapi.element_root.find('.//status')
        if status is None:
            raise JobException("Invalid job %s: no status information %s" %
                               (jobnum, xapi.xml_document))
        if status.text == 'FIN':
            result = xapi.element_root.find('.//job/result')
            if result is None:
                raise JobException("Invalid FIN job %s: no result %s" %
                                   (jobnum, xapi.xml_document))
            if result.text != 'OK':
                raise JobException("Job %s failed: %s" %
                                   (jobnum, xapi.xml_document))
            nextjob = xapi.element_root.find('.//nextjob')
            if nextjob is not None:
                return nextjob.text
            return None

    raise JobException("Timeout in job %s" % jobnum)
def install_software(xapi, module, version, file_, job_timeout):
    # check something updates
    if version is not None:
        cmd = '<request><system><software>' +\
              '<install><version>%s</version></install>' +\
              '</software></system></request>' % version
        something = version
    else:
        cmd = '<request><system><software>' +\
              '<install><file>%s</file></install>' +\
              '</software></system></request>' % file_
        something = file_

    xapi.op(cmd=cmd)
    job = xapi.element_root.find('.//job')
    if job is None:
        module.fail_json(msg="no job from install software image %s" %
                         something)
    job = job.text
    check_job(xapi, job, timeout=job_timeout)

    return True
Beispiel #34
0
def get_vm_auth_key_from_panorama() -> str:
    """
    Queries a Panorama instance to generate a new VM Auth key
    :return: string results from panorama (still needs parsed to pull out raw auth key)
    """
    xapi = panos_login()

    if xapi is None:
        print('Could not login into PAN-OS target')
        raise TargetConnectionException

    try:
        xapi.op(cmd='<request><bootstrap><vm-auth-key><generate>'
                    '<lifetime>24</lifetime></generate></vm-auth-key></bootstrap></request>')
        # FIXME - check status code here and do the right thing
        print(xapi.status_code)
        print(xapi.status_detail)
        return xapi.xml_result()
    except pan.xapi.PanXapiError as pxe:
        print('Could not get vm-auth-key!')
        print(pxe)
        raise TargetConnectionException
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None),
                         username=dict(default='admin'),
                         swap=dict(default='no'))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']
    swap = module.params['swap']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    try:
        if swap == 'yes':
            print('swapping')
            xapi.op(
                cmd=
                "<set><system><setting><mgmt-interface-swap><enable><yes></yes></enable></mgmt-interface-swap></setting></system></set>"
            )
        else:
            print('NOT swapping')
            xapi.op(
                cmd=
                "<set><system><setting><mgmt-interface-swap><enable><no></no></enable></mgmt-interface-swap></setting></system></set>"
            )
    except pan.xapi.PanXapiError, msg:
        if 'succeeded' in str(msg):
            module.exit_json(changed=True, msg=str(msg))

        raise
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None),
        username=dict(default='admin'),
        swap=dict(default='no')
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']
    swap = module.params['swap']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    try:
        if swap == 'yes':
            print('swapping')
            xapi.op(cmd="<set><system><setting><mgmt-interface-swap><enable><yes></yes></enable></mgmt-interface-swap></setting></system></set>")
        else:
            print('NOT swapping')
            xapi.op(cmd="<set><system><setting><mgmt-interface-swap><enable><no></no></enable></mgmt-interface-swap></setting></system></set>")
    except pan.xapi.PanXapiError, msg:
        if 'succeeded' in str(msg):
            module.exit_json(changed=True, msg=str(msg))

        raise
def upgrade_something(xapi, module, something, job_timeout):
    # check something updates
    xapi.op(cmd="<request><%(something)s><upgrade>"
                "<check></check>"
                "</upgrade></%(something)s></request>" %
                dict(something=something))

    entries = xapi.element_root.findall('.//content-updates/entry')
    cus = []
    for e in entries:
        cus.append(
            (
                e.find('version').text,
                e.find('current').text,
                e.find('downloaded').text
            )
        )
    if len(cus) == 0:
        module.fail_json(msg="no content-updates after check")
    cus = sorted(cus, key=lambda x: x[0], reverse=True)

    latestcus = cus[0]
    if latestcus[1] == 'yes':
        # latest already current
        return False

    if not latestcus[2] == 'yes':
        # let's download it
        xapi.op(cmd="<request><%(something)s><upgrade>"
                    "<download><latest></latest></download>"
                    "</upgrade></%(something)s></request>" %
                    dict(something=something))
        job = xapi.element_root.find('.//job')
        if job is None:
            module.fail_json(msg="no job from download latest %s request" %
                             something)
        job = job.text
        check_job(xapi, job, job_timeout)

    xapi.op(cmd="<request><%(something)s><upgrade>"
                "<install><version>latest</version></install>"
                "</upgrade></%(something)s></request>" %
                dict(something=something))
    job = xapi.element_root.find('.//job')
    if job is None:
        module.fail_json(msg="no hob from install latest %s request" %
                         something)
    job = job.text
    jobresult = check_job(xapi, job, job_timeout)
    if jobresult is None:
        module.fail_json(msg="no nextjob from install latest %s job" %
                         something)
    check_job(xapi, jobresult, job_timeout)

    return True
def download_install_plugin(xapi, module, plugin, job_timeout):
    # check if the plugin is already installed
    xapi.op(cmd="<show><plugins><installed></installed></plugins></show>")
    #print("Installed plugins: {}".format(xapi.xml_document))

    entries = xapi.element_root.findall('.//list/entry')
    for e in entries:
        ver = e.find('version').text
        #print('Found version: {}'.format(ver))
        if ver == plugin:
                # plugin already installed!
                return False

    # check updates
    xapi.op(cmd="<request><plugins>"
                "<check></check>"
                "</plugins></request>")

    result = xapi.element_root.find('.//result')
    #print('Result check is: {}'.format(result.text))
    if result is None or result.text is None or result.text != "List of plugin packages has been updated":
        module.fail_json(msg="Unable to check for plugins: %s".format(xapi.xml_document))

    xapi.op(cmd="<request><plugins>"
                "<download><file>%(plugin)s</file></download>"
                "</plugins></request>" %
                dict(plugin=plugin))
    job = xapi.element_root.find('.//job')
    if job is None:
        module.fail_json(msg="no job from download latest request")
    job = job.text
    check_job(xapi, job, job_timeout)

    xapi.op(cmd="<request><plugins>"
                "<install>%(plugin)s</install>"
                "</plugins></request>" %
                dict(plugin=plugin))

    result = xapi.element_root.find('.//result')
    #print('Result is: {}'.format(result.text))
    if result is None or result.text is None or "has been installed successfully" not in result.text:
        module.fail_json(msg="Unable to install plugin: %s".format(xapi.xml_document))

    return True
    ]
elif (mode == "panorama"):
    dodebug("Modo de configuracion " + mode)
    dodebug("OK , doki\n" + "key=" + key + "fw=" + host + "\nmode=" + mode)

    try:
        xapi = pan.xapi.PanXapi(tag='pa-200', api_key=key, hostname=host)
    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg)
        sys.exit(1)
    # estamos en modo "Panorama, asi que primero tenemos que buscar que FW hay
    cmd = "<show><devices><connected></connected></devices></show>"
    xpath = "/"

    try:
        connected = xapi.op(cmd=cmd, vsys=None, cmd_xml=False)
    except pan.xapi.PanXapiError as msg:
        print('edit:', msg)
        sys.exit(1)

    dodebug("OK se ejecuta el comando:" + cmd)
    #dodebug("result:\n"+xapi.xml_result())
    pp = pprint.PrettyPrinter(indent=4)
    dict = xmltodict.parse(xapi.xml_result())
    #pp.pprint(dict)
    dodebug("**** priting ddict['devices']['entry']")
    node = dict['devices']['entry']
    #pp.pprint(node)
    hosts = []
    for device in (node):
        serial = device['serial']
Beispiel #40
0
            ip.text = nodeIP
            description = ET.SubElement(entryAddress, "description")
            description.text = nodeID
            grpEntryStaticMember = ET.SubElement(grpEntryStatic, "member")
            grpEntryStaticMember.text = nodeID

    data = ET.tostring(root)
    print(data)

    try:
        xapi = pan.xapi.PanXapi(api_username=os.environ['username'],
                                api_password=os.environ['password'],
                                hostname=os.environ['ipAddr'])
        print("Successfully Connected!")

        xapi.op(cmd='show system info', cmd_xml=True)
        print(xapi.xml_result())

        #set the config using the above xpath
        xapi.set(xpath, element=data)
        print(xapi.xml_result())

        #commit the config. Make sure to add the xml command.
        xapi.commit('<commit/>')
        print(xapi.xml_result())

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

elif cmd == "stop":
Beispiel #41
0
def main():
    set_encoding()
    options = parse_opts()

    try:
        xapi = pan.xapi.PanXapi(debug=options['debug'],
                                timeout=options['timeout'],
                                tag=options['tag'],
                                use_http=options['use_http'],
                                use_get=options['use_get'],
                                api_username=options['api_username'],
                                api_password=options['api_password'],
                                api_key=options['api_key'],
                                hostname=options['hostname'],
                                port=options['port'],
                                serial=options['serial'],
                                cafile=options['cafile'],
                                capath=options['capath'])

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

    if options['debug'] > 2:
        print('xapi.__str__()===>\n', xapi, '\n<===',
              sep='', file=sys.stderr)

    try:
        if options['ad_hoc'] is not None:
            action = 'ad_hoc'
            xapi.ad_hoc(qs=options['ad_hoc'],
                        xpath=options['xpath'],
                        modify_qs=options['modify'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['keygen']:
            action = 'keygen'
            xapi.keygen()
            print_status(xapi, action)
            print_response(xapi, options)
            print('API key:  "%s"' % xapi.api_key)

        if options['show']:
            action = 'show'
            xapi.show(xpath=options['xpath'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['get']:
            action = 'get'
            xapi.get(xpath=options['xpath'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['delete']:
            action = 'delete'
            xapi.delete(xpath=options['xpath'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['edit']:
            action = 'edit'
            xapi.edit(xpath=options['xpath'],
                      element=options['element'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['set']:
            action = 'set'
            xapi.set(xpath=options['xpath'],
                     element=options['element'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['dynamic-update']:
            action = 'dynamic-update'
            kwargs = {
                'cmd': options['cmd'],
                }
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.user_id(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if options['move'] is not None:
            action = 'move'
            xapi.move(xpath=options['xpath'],
                      where=options['move'],
                      dst=options['dst'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['rename']:
            action = 'rename'
            xapi.rename(xpath=options['xpath'],
                        newname=options['dst'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['clone']:
            action = 'clone'
            xapi.clone(xpath=options['xpath'],
                       xpath_from=options['src'],
                       newname=options['dst'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['override']:
            action = 'override'
            xapi.override(xpath=options['xpath'],
                          element=options['element'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['export'] is not None:
            action = 'export'
            xapi.export(category=options['export'],
                        from_name=options['src'])
            print_status(xapi, action)
            print_response(xapi, options)
            if options['pcap_listing']:
                pcap_listing(xapi, options)
            save_pcap(xapi, options)

        if options['log'] is not None:
            action = 'log'
            xapi.log(log_type=options['log'],
                     nlogs=options['nlogs'],
                     skip=options['skip'],
                     filter=options['filter'],
                     interval=options['interval'],
                     timeout=options['job_timeout'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['op'] is not None:
            action = 'op'
            kwargs = {
                'cmd': options['op'],
                'cmd_xml': options['cmd_xml'],
                }
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.op(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if (options['commit'] or options['commit_all']):
            if options['cmd']:
                cmd = options['cmd']
                if options['cmd_xml']:
                    cmd = xapi.cmd_xml(cmd)
            else:
                c = pan.commit.PanCommit(debug=options['debug'],
                                         validate=options['validate'],
                                         force=options['force'],
                                         commit_all=options['commit_all'],
                                         merge_with_candidate=
                                         options['merge'])

                for part in options['partial']:
                    if part == 'device-and-network-excluded':
                        c.device_and_network_excluded()
                    elif part == 'policy-and-objects-excluded':
                        c.policy_and_objects_excluded()
                    elif part == 'shared-object-excluded':
                        c.shared_object_excluded()
                    elif part == 'no-vsys':
                        c.no_vsys()
                    elif part == 'vsys':
                        c.vsys(options['vsys'])

                if options['serial'] is not None:
                    c.device(options['serial'])
                if options['group'] is not None:
                    c.device_group(options['group'])
                if options['commit_all'] and options['vsys']:
                    c.vsys(options['vsys'][0])

                cmd = c.cmd()

            kwargs = {
                'cmd': cmd,
                'sync': options['sync'],
                'interval': options['interval'],
                'timeout': options['job_timeout'],
                }
            if options['commit_all']:
                kwargs['action'] = 'all'

            action = 'commit'
            xapi.commit(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

    except pan.xapi.PanXapiError as msg:
        print_status(xapi, action, msg)
        print_response(xapi, options)
        sys.exit(1)

    sys.exit(0)
Beispiel #42
0
def main():
    try:
        signal.signal(signal.SIGPIPE, signal.SIG_DFL)
    except AttributeError:
        # Windows
        pass

    set_encoding()
    options = parse_opts()

    if options['debug']:
        logger = logging.getLogger()
        if options['debug'] == 3:
            logger.setLevel(pan.xapi.DEBUG3)
        elif options['debug'] == 2:
            logger.setLevel(pan.xapi.DEBUG2)
        elif options['debug'] == 1:
            logger.setLevel(pan.xapi.DEBUG1)


#        log_format = '%(levelname)s %(name)s %(message)s'
        log_format = '%(message)s'
        handler = logging.StreamHandler()
        formatter = logging.Formatter(log_format)
        handler.setFormatter(formatter)
        logger.addHandler(handler)

    if options['cafile'] or options['capath']:
        ssl_context = create_ssl_context(options['cafile'], options['capath'])
    else:
        ssl_context = None

    try:
        xapi = pan.xapi.PanXapi(timeout=options['timeout'],
                                tag=options['tag'],
                                use_http=options['use_http'],
                                use_get=options['use_get'],
                                api_username=options['api_username'],
                                api_password=options['api_password'],
                                api_key=options['api_key'],
                                hostname=options['hostname'],
                                port=options['port'],
                                serial=options['serial'],
                                ssl_context=ssl_context)

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

    if options['debug'] > 2:
        print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr)

    extra_qs_used = False

    try:
        if options['keygen']:
            action = 'keygen'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.keygen(extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)
            if (options['api_username'] and options['api_password']
                    and options['hostname'] and options['tag']):
                # .panrc
                d = datetime.now()
                print('# %s generated: %s' % (os.path.basename(
                    sys.argv[0]), d.strftime('%Y/%m/%d %H:%M:%S')))
                print('hostname%%%s=%s' %
                      (options['tag'], options['hostname']))
                print('api_key%%%s=%s' % (options['tag'], xapi.api_key))
            else:
                print('API key:  "%s"' % xapi.api_key)

        if options['show']:
            action = 'show'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['get']:
            action = 'get'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['delete']:
            action = 'delete'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['edit']:
            action = 'edit'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.edit(xpath=options['xpath'],
                      element=options['element'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['set']:
            action = 'set'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.set(xpath=options['xpath'],
                     element=options['element'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['dynamic-update']:
            action = 'dynamic-update'
            kwargs = {
                'cmd': options['cmd'],
            }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.user_id(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if options['move'] is not None:
            action = 'move'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.move(xpath=options['xpath'],
                      where=options['move'],
                      dst=options['dst'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['rename']:
            action = 'rename'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.rename(xpath=options['xpath'],
                        newname=options['dst'],
                        extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['clone']:
            action = 'clone'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.clone(xpath=options['xpath'],
                       xpath_from=options['src'],
                       newname=options['dst'],
                       extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['override']:
            action = 'override'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.override(xpath=options['xpath'],
                          element=options['element'],
                          extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['export'] is not None:
            action = 'export'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            if options['pcapid'] is not None:
                xapi.export(category=options['export'],
                            pcapid=options['pcapid'],
                            search_time=options['stime'],
                            serialno=options['serial'],
                            extra_qs=options['ad_hoc'])
            else:
                xapi.export(category=options['export'],
                            from_name=options['src'],
                            extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)
            if options['pcap_listing']:
                pcap_listing(xapi, options['export'])
            save_attachment(xapi, options)

        if options['log'] is not None:
            action = 'log'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.log(log_type=options['log'],
                     nlogs=options['nlogs'],
                     skip=options['skip'],
                     filter=options['filter'],
                     interval=options['interval'],
                     timeout=options['job_timeout'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['op'] is not None:
            action = 'op'
            kwargs = {
                'cmd': options['op'],
                'cmd_xml': options['cmd_xml'],
            }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.op(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if (options['commit'] or options['commit_all']):
            if options['cmd']:
                cmd = options['cmd']
                if options['cmd_xml']:
                    cmd = xapi.cmd_xml(cmd)
            else:
                c = pan.commit.PanCommit(validate=options['validate'],
                                         force=options['force'],
                                         commit_all=options['commit_all'],
                                         merge_with_candidate=options['merge'])

                for part in options['partial']:
                    if part == 'device-and-network-excluded':
                        c.device_and_network_excluded()
                    elif part == 'policy-and-objects-excluded':
                        c.policy_and_objects_excluded()
                    elif part == 'shared-object-excluded':
                        c.shared_object_excluded()
                    elif part == 'no-vsys':
                        c.no_vsys()
                    elif part == 'vsys':
                        c.vsys(options['vsys'])

                if options['serial'] is not None:
                    c.device(options['serial'])
                if options['group'] is not None:
                    c.device_group(options['group'])
                if options['commit_all'] and options['vsys']:
                    c.vsys(options['vsys'][0])

                cmd = c.cmd()

            kwargs = {
                'cmd': cmd,
                'sync': options['sync'],
                'interval': options['interval'],
                'timeout': options['job_timeout'],
            }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if options['commit_all']:
                kwargs['action'] = 'all'

            action = 'commit'
            xapi.commit(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if not extra_qs_used and options['ad_hoc'] is not None:
            action = 'ad_hoc'
            xapi.ad_hoc(qs=options['ad_hoc'],
                        xpath=options['xpath'],
                        modify_qs=options['modify'])
            print_status(xapi, action)
            print_response(xapi, options)

    except pan.xapi.PanXapiError as msg:
        print_status(xapi, action, str(msg))
        print_response(xapi, options)
        sys.exit(1)

    sys.exit(0)
Beispiel #43
0
def main():
    try:
        signal.signal(signal.SIGPIPE, signal.SIG_DFL)
    except AttributeError:
        # Windows
        pass

    set_encoding()
    options = parse_opts()

    if options['debug']:
        logger = logging.getLogger()
        if options['debug'] == 3:
            logger.setLevel(pan.xapi.DEBUG3)
        elif options['debug'] == 2:
            logger.setLevel(pan.xapi.DEBUG2)
        elif options['debug'] == 1:
            logger.setLevel(pan.xapi.DEBUG1)

#        log_format = '%(levelname)s %(name)s %(message)s'
        log_format = '%(message)s'
        handler = logging.StreamHandler()
        formatter = logging.Formatter(log_format)
        handler.setFormatter(formatter)
        logger.addHandler(handler)

    if options['cafile'] or options['capath']:
        ssl_context = create_ssl_context(options['cafile'],
                                         options['capath'])
    else:
        ssl_context = None

    try:
        xapi = pan.xapi.PanXapi(timeout=options['timeout'],
                                tag=options['tag'],
                                use_http=options['use_http'],
                                use_get=options['use_get'],
                                api_username=options['api_username'],
                                api_password=options['api_password'],
                                api_key=options['api_key'],
                                hostname=options['hostname'],
                                port=options['port'],
                                serial=options['serial'],
                                ssl_context=ssl_context)

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

    if options['debug'] > 2:
        print('xapi.__str__()===>\n', xapi, '\n<===',
              sep='', file=sys.stderr)

    extra_qs_used = False

    try:
        if options['keygen']:
            action = 'keygen'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.keygen(extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)
            print('API key:  "%s"' % xapi.api_key)

        if options['show']:
            action = 'show'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.show(xpath=options['xpath'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['get']:
            action = 'get'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.get(xpath=options['xpath'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['delete']:
            action = 'delete'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.delete(xpath=options['xpath'],
                        extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['edit']:
            action = 'edit'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.edit(xpath=options['xpath'],
                      element=options['element'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['set']:
            action = 'set'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.set(xpath=options['xpath'],
                     element=options['element'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['dynamic-update']:
            action = 'dynamic-update'
            kwargs = {
                'cmd': options['cmd'],
                }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.user_id(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if options['move'] is not None:
            action = 'move'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.move(xpath=options['xpath'],
                      where=options['move'],
                      dst=options['dst'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['rename']:
            action = 'rename'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.rename(xpath=options['xpath'],
                        newname=options['dst'],
                        extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['clone']:
            action = 'clone'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.clone(xpath=options['xpath'],
                       xpath_from=options['src'],
                       newname=options['dst'],
                       extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['override']:
            action = 'override'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.override(xpath=options['xpath'],
                          element=options['element'],
                          extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['export'] is not None:
            action = 'export'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            if options['pcapid'] is not None:
                xapi.export(category=options['export'],
                            pcapid=options['pcapid'],
                            search_time=options['stime'],
                            serialno=options['serial'],
                            extra_qs=options['ad_hoc'])
            else:
                xapi.export(category=options['export'],
                            from_name=options['src'],
                            extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)
            if options['pcap_listing']:
                pcap_listing(xapi, options['export'])
            save_attachment(xapi, options)

        if options['log'] is not None:
            action = 'log'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.log(log_type=options['log'],
                     nlogs=options['nlogs'],
                     skip=options['skip'],
                     filter=options['filter'],
                     interval=options['interval'],
                     timeout=options['job_timeout'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['op'] is not None:
            action = 'op'
            kwargs = {
                'cmd': options['op'],
                'cmd_xml': options['cmd_xml'],
                }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.op(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if (options['commit'] or options['commit_all']):
            if options['cmd']:
                cmd = options['cmd']
                if options['cmd_xml']:
                    cmd = xapi.cmd_xml(cmd)
            else:
                c = pan.commit.PanCommit(validate=options['validate'],
                                         force=options['force'],
                                         commit_all=options['commit_all'],
                                         merge_with_candidate=
                                         options['merge'])

                for part in options['partial']:
                    if part == 'device-and-network-excluded':
                        c.device_and_network_excluded()
                    elif part == 'policy-and-objects-excluded':
                        c.policy_and_objects_excluded()
                    elif part == 'shared-object-excluded':
                        c.shared_object_excluded()
                    elif part == 'no-vsys':
                        c.no_vsys()
                    elif part == 'vsys':
                        c.vsys(options['vsys'])

                if options['serial'] is not None:
                    c.device(options['serial'])
                if options['group'] is not None:
                    c.device_group(options['group'])
                if options['commit_all'] and options['vsys']:
                    c.vsys(options['vsys'][0])

                cmd = c.cmd()

            kwargs = {
                'cmd': cmd,
                'sync': options['sync'],
                'interval': options['interval'],
                'timeout': options['job_timeout'],
                }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if options['commit_all']:
                kwargs['action'] = 'all'

            action = 'commit'
            xapi.commit(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if not extra_qs_used and options['ad_hoc'] is not None:
            action = 'ad_hoc'
            xapi.ad_hoc(qs=options['ad_hoc'],
                        xpath=options['xpath'],
                        modify_qs=options['modify'])
            print_status(xapi, action)
            print_response(xapi, options)

    except pan.xapi.PanXapiError as msg:
        print_status(xapi, action, msg)
        print_response(xapi, options)
        sys.exit(1)

    sys.exit(0)