def export_text(module, xapi, category, filename):
xapi.export(category=category)
f = None
try:
f = open(filename, 'w')
except IOError as msg:
module.fail_json(msg=msg)
else:
if category == 'configuration':
f.write(xapi.xml_root())
elif category in HTML_EXPORTS:
f.write(xapi.text_document)
f.close()
def export_binary(module, xapi, category, filename):
f = None
xapi.export(category=category)
try:
f = open(filename, "wb")
except IOError as msg:
module.fail_json(msg=msg)
else:
content = xapi.export_result["content"]
if content is not None:
f.write(content)
f.close()
def export_async(module, xapi, category, filename, interval=60, timeout=600):
# Submit job, get resulting job id
xapi.export(category=category)
job_result = ET.fromstring(xapi.xml_root())
job_id = None
if job_result.find('.//job') is not None:
job_id = job_result.find('.//job').text
end_time = time.time() + timeout
while True:
# Check job progress
xapi.export(category=category,
extra_qs={
'action': 'status',
'job-id': job_id
})
poll_result = ET.fromstring(xapi.xml_root())
status = poll_result.find('.//status')
if status.text == "FIN":
break
if time.time() > end_time:
module.fail_json(msg='Timeout')
time.sleep(interval)
# Get completed job
xapi.export(category=category,
extra_qs={
'action': 'get',
'job-id': job_id
})
export_binary(module, xapi, filename)
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.xapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.xapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.xapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
if options['cafile'] or options['capath']:
ssl_context = create_ssl_context(options['cafile'], options['capath'])
else:
ssl_context = None
try:
xapi = pan.xapi.PanXapi(timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
ssl_context=ssl_context)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr)
extra_qs_used = False
try:
if options['keygen']:
action = 'keygen'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.keygen(extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if (options['api_username'] and options['api_password']
and options['hostname'] and options['tag']):
# .panrc
d = datetime.now()
print('# %s generated: %s' % (os.path.basename(
sys.argv[0]), d.strftime('%Y/%m/%d %H:%M:%S')))
print('hostname%%%s=%s' %
(options['tag'], options['hostname']))
print('api_key%%%s=%s' % (options['tag'], xapi.api_key))
else:
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.edit(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.set(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.rename(xpath=options['xpath'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.override(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
if options['ad_hoc'] is not None:
extra_qs_used = True
if options['pcapid'] is not None:
xapi.export(category=options['export'],
pcapid=options['pcapid'],
search_time=options['stime'],
serialno=options['serial'],
extra_qs=options['ad_hoc'])
else:
xapi.export(category=options['export'],
from_name=options['src'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options['export'])
save_attachment(xapi, options)
if options['log'] is not None:
action = 'log'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if not extra_qs_used and options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, str(msg))
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.xapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.xapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.xapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
if options['cafile'] or options['capath']:
ssl_context = create_ssl_context(options['cafile'],
options['capath'])
else:
ssl_context = None
try:
xapi = pan.xapi.PanXapi(timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
ssl_context=ssl_context)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===',
sep='', file=sys.stderr)
extra_qs_used = False
try:
if options['keygen']:
action = 'keygen'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.keygen(extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.show(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.get(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.delete(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.edit(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.set(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.rename(xpath=options['xpath'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.override(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
if options['ad_hoc'] is not None:
extra_qs_used = True
if options['pcapid'] is not None:
xapi.export(category=options['export'],
pcapid=options['pcapid'],
search_time=options['stime'],
serialno=options['serial'],
extra_qs=options['ad_hoc'])
else:
xapi.export(category=options['export'],
from_name=options['src'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options['export'])
save_attachment(xapi, options)
if options['log'] is not None:
action = 'log'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=
options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if not extra_qs_used and options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, msg)
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
def main():
helper = get_connection(
with_classic_provider_spec=True,
argument_spec=dict(
category=dict(
default='configuration',
choices=sorted(['configuration', 'certificate'] +
HTML_EXPORTS + FILE_EXPORTS + [
'application-pcap', 'filter-pcap',
'dlp-pcap', 'threat-pcap'
]),
),
filename=dict(type='str'),
certificate_name=dict(type='str'),
certificate_format=dict(type='str',
choices=['pem', 'pkcs10', 'pkcs12']),
certificate_include_keys=dict(type='bool', default=False),
certificate_passphrase=dict(type='str', no_log=True),
application_pcap_name=dict(type='str'),
dlp_pcap_name=dict(type='str'),
dlp_password=dict(type='str', no_log=True),
filter_pcap_name=dict(type='str'),
threat_pcap_id=dict(type='str'),
threat_pcap_search_time=dict(type='str'),
threat_pcap_serial=dict(type='str'),
timeout=dict(type='int', default=600),
),
)
module = AnsibleModule(argument_spec=helper.argument_spec,
supports_check_mode=False,
required_one_of=helper.required_one_of,
required_together=[
['certificate_name', 'certificate_format'],
['dlp_pcap_name', 'dlp_password'],
])
if not HAS_LIB:
module.fail_json(
msg=
'pan-python, pandevice, and xmltodict are required for this module'
)
category = module.params['category']
filename = module.params['filename']
timeout = module.params['timeout']
parent = helper.get_pandevice_parent(module)
xapi = parent.xapi
if category in (['configuration'] + HTML_EXPORTS):
if filename is None:
module.fail_json(msg='filename is required for export')
export_text(module, xapi, category, filename)
elif category in FILE_EXPORTS:
if filename is None:
module.fail_json(msg='filename is required for export')
if category == 'stats-dump' and isinstance(parent, Panorama):
module.fail_json(msg='stats-dump is not supported on Panorama')
export_async(module, xapi, category, filename, timeout=timeout)
elif category == 'certificate':
if filename is None:
module.fail_json(msg='filename is required for export')
cert_name = module.params['certificate_name']
cert_format = module.params['certificate_format']
cert_include_keys = 'yes' if module.params[
'certificate_include_keys'] else 'no'
cert_passphrase = module.params['certificate_passphrase']
params = {
'certificate-name': cert_name,
'format': cert_format,
'include-key': cert_include_keys
}
if cert_include_keys == 'yes' and cert_passphrase is None:
module.exit_json(
msg=
'certificate_passphrase is required when certificate_include_keys is yes'
)
if cert_passphrase is not None:
params['passphrase'] = cert_passphrase
xapi.export(category='certificate', extra_qs=params)
export_binary(module, xapi, filename)
elif category == 'application-pcap':
# When exporting an application pcap, from_name can be:
# - nothing, which gets you a list of directories
# - a directory name, which gets you a list of pcaps in that directory
# - a filename, which gets you the pcap file
from_name = module.params['application_pcap_name']
xapi.export(category='application-pcap', from_name=from_name)
if from_name is None or '.pcap' not in from_name:
xml_result = xapi.xml_result()
obj_dict = xmltodict.parse(xml_result)
json_output = json.dumps(obj_dict)
module.exit_json(changed=False,
stdout=json_output,
stdout_xml=xml_result)
else:
if filename is None:
module.fail_json(msg='filename is required for export')
export_binary(module, xapi, filename)
elif category == 'filter-pcap':
# When exporting a filter pcap, from_name can be:
# - nothing, which gets you a list of files
# - a filename, which gets you the pcap file
from_name = module.params['filter_pcap_name']
xapi.export(category='filter-pcap', from_name=from_name)
if from_name is None:
xml_result = xapi.xml_result()
obj_dict = xmltodict.parse(xml_result)
json_output = json.dumps(obj_dict)
module.exit_json(changed=False,
stdout=json_output,
stdout_xml=xml_result)
else:
if filename is None:
module.fail_json(msg='filename is required for export')
export_binary(module, xapi, filename)
elif category == 'dlp-pcap':
from_name = module.params['dlp_pcap_name']
dlp_password = module.params['dlp_password']
xapi.export(category='dlp-pcap',
from_name=from_name,
extra_qs={'dlp-password': dlp_password})
# When exporting a dlp pcap, from_name can be:
# - nothing, which gets you a list of files
# - a filename, which gets you the pcap file
if from_name is None:
xml_result = xapi.xml_result()
obj_dict = xmltodict.parse(xml_result)
json_output = json.dumps(obj_dict)
module.exit_json(changed=False,
stdout=json_output,
stdout_xml=xml_result)
else:
if filename is None:
module.fail_json(msg='filename is required for export')
export_binary(module, xapi, filename)
elif category == 'threat-pcap':
if filename is None:
module.fail_json(msg='filename is required for export')
pcap_id = module.params['threat_pcap_id']
search_time = module.params['threat_pcap_search_time']
# pan-python says serial number is not required on certain PAN-OS releases (not required on 9.0 or 10.0)
serial = module.params['threat_pcap_serial']
if isinstance(parent, Panorama) and serial is None:
module.fail_json(
msg='threat_pcap_serial is required when connecting to Panorama'
)
xapi.export(category='threat-pcap',
pcapid=pcap_id,
search_time=search_time,
serialno=serial)
export_binary(module, xapi, filename)
module.exit_json(changed=False)
def main():
helper = get_connection(
with_classic_provider_spec=True,
argument_spec=dict(
category=dict(
default="configuration",
choices=sorted(["configuration", "certificate"] +
HTML_EXPORTS + FILE_EXPORTS + ["device-state"] +
[
"application-pcap", "filter-pcap",
"dlp-pcap", "threat-pcap"
]),
),
filename=dict(type="str"),
certificate_name=dict(type="str"),
certificate_format=dict(type="str",
choices=["pem", "pkcs10", "pkcs12"]),
certificate_include_keys=dict(type="bool", default=False),
certificate_passphrase=dict(type="str", no_log=True),
application_pcap_name=dict(type="str"),
dlp_pcap_name=dict(type="str"),
dlp_password=dict(type="str", no_log=True),
filter_pcap_name=dict(type="str"),
threat_pcap_id=dict(type="str"),
threat_pcap_search_time=dict(type="str"),
threat_pcap_serial=dict(type="str"),
timeout=dict(type="int", default=600),
),
)
module = AnsibleModule(
argument_spec=helper.argument_spec,
supports_check_mode=False,
required_one_of=helper.required_one_of,
required_together=[
["certificate_name", "certificate_format"],
["dlp_pcap_name", "dlp_password"],
],
)
if not HAS_LIB:
module.fail_json(
msg=
"pan-python, pandevice, and xmltodict are required for this module"
)
category = module.params["category"]
filename = module.params["filename"]
timeout = module.params["timeout"]
parent = helper.get_pandevice_parent(module)
xapi = parent.xapi
if category in (["configuration"] + HTML_EXPORTS):
if filename is None:
module.fail_json(msg="filename is required for export")
export_text(module, xapi, category, filename)
elif category in FILE_EXPORTS:
if filename is None:
module.fail_json(msg="filename is required for export")
if category == "stats-dump" and isinstance(parent, Panorama):
module.fail_json(msg="stats-dump is not supported on Panorama")
export_async(module, xapi, category, filename, timeout=timeout)
elif category == "device-state":
if filename is None:
module.fail_json(msg="filename is required for export")
export_binary(module, xapi, category, filename)
elif category == "certificate":
if filename is None:
module.fail_json(msg="filename is required for export")
cert_name = module.params["certificate_name"]
cert_format = module.params["certificate_format"]
cert_include_keys = "yes" if module.params[
"certificate_include_keys"] else "no"
cert_passphrase = module.params["certificate_passphrase"]
params = {
"certificate-name": cert_name,
"format": cert_format,
"include-key": cert_include_keys,
}
if cert_include_keys == "yes" and cert_passphrase is None:
module.exit_json(
msg=
"certificate_passphrase is required when certificate_include_keys is yes"
)
if cert_passphrase is not None:
params["passphrase"] = cert_passphrase
xapi.export(category="certificate", extra_qs=params)
export_binary(module, xapi, filename)
elif category == "application-pcap":
# When exporting an application pcap, from_name can be:
# - nothing, which gets you a list of directories
# - a directory name, which gets you a list of pcaps in that directory
# - a filename, which gets you the pcap file
from_name = module.params["application_pcap_name"]
xapi.export(category="application-pcap", from_name=from_name)
if from_name is None or ".pcap" not in from_name:
xml_result = xapi.xml_result()
obj_dict = xmltodict.parse(xml_result)
json_output = json.dumps(obj_dict)
module.exit_json(changed=False,
stdout=json_output,
stdout_xml=xml_result)
else:
if filename is None:
module.fail_json(msg="filename is required for export")
export_binary(module, xapi, filename)
elif category == "filter-pcap":
# When exporting a filter pcap, from_name can be:
# - nothing, which gets you a list of files
# - a filename, which gets you the pcap file
from_name = module.params["filter_pcap_name"]
xapi.export(category="filter-pcap", from_name=from_name)
if from_name is None:
xml_result = xapi.xml_result()
obj_dict = xmltodict.parse(xml_result)
json_output = json.dumps(obj_dict)
module.exit_json(changed=False,
stdout=json_output,
stdout_xml=xml_result)
else:
if filename is None:
module.fail_json(msg="filename is required for export")
export_binary(module, xapi, filename)
elif category == "dlp-pcap":
from_name = module.params["dlp_pcap_name"]
dlp_password = module.params["dlp_password"]
xapi.export(
category="dlp-pcap",
from_name=from_name,
extra_qs={"dlp-password": dlp_password},
)
# When exporting a dlp pcap, from_name can be:
# - nothing, which gets you a list of files
# - a filename, which gets you the pcap file
if from_name is None:
xml_result = xapi.xml_result()
obj_dict = xmltodict.parse(xml_result)
json_output = json.dumps(obj_dict)
module.exit_json(changed=False,
stdout=json_output,
stdout_xml=xml_result)
else:
if filename is None:
module.fail_json(msg="filename is required for export")
export_binary(module, xapi, filename)
elif category == "threat-pcap":
if filename is None:
module.fail_json(msg="filename is required for export")
pcap_id = module.params["threat_pcap_id"]
search_time = module.params["threat_pcap_search_time"]
# pan-python says serial number is not required on certain PAN-OS releases (not required on 9.0 or 10.0)
serial = module.params["threat_pcap_serial"]
if isinstance(parent, Panorama) and serial is None:
module.fail_json(
msg="threat_pcap_serial is required when connecting to Panorama"
)
xapi.export(
category="threat-pcap",
pcapid=pcap_id,
search_time=search_time,
serialno=serial,
)
export_binary(module, xapi, filename)
module.exit_json(changed=False)
def main():
set_encoding()
options = parse_opts()
try:
xapi = pan.xapi.PanXapi(debug=options['debug'],
timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
cafile=options['cafile'],
capath=options['capath'])
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===',
sep='', file=sys.stderr)
try:
if options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
if options['keygen']:
action = 'keygen'
xapi.keygen()
print_status(xapi, action)
print_response(xapi, options)
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
xapi.show(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
xapi.get(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
xapi.delete(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
xapi.edit(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
xapi.set(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
xapi.rename(xpath=options['xpath'],
newname=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
xapi.override(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
xapi.export(category=options['export'],
from_name=options['src'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options)
save_pcap(xapi, options)
if options['log'] is not None:
action = 'log'
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(debug=options['debug'],
validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=
options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, msg)
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
