def main(): argument_spec = dict(ip_address=dict(default=None), password=dict(default=None, no_log=True), username=dict(default='admin')) module = AnsibleModule(argument_spec=argument_spec) ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] xapi = pan.xapi.PanXapi(hostname=ip_address, api_username=username, api_password=password) try: xapi.op(cmd="<request><restart><system></system></restart></request>") except pan.xapi.PanXapiError, msg: if 'succeeded' in str(msg): module.exit_json(changed=True, msg=str(msg)) raise
def main(): argument_spec = dict(ip_address=dict(), password=dict(no_log=True), username=dict(default='admin')) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False) if not HAS_LIB: module.fail_json(msg='pan-python required for this module') ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] xapi = pan.xapi.PanXapi(hostname=ip_address, api_username=username, api_password=password) try: xapi.op(cmd="<request><restart><system></system></restart></request>") except Exception: x = sys.exc_info()[1] if 'succeeded' in str(x): module.exit_json(changed=True, msg=str(msg)) else: module.fail_json(msg=x) raise module.exit_json(changed=True, msg="okey dokey")
def main(): argument_spec = dict( ip_address=dict(default=None), password=dict(default=None, no_log=True), username=dict(default='admin') ) module = AnsibleModule(argument_spec=argument_spec) ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] xapi = pan.xapi.PanXapi( hostname=ip_address, api_username=username, api_password=password ) try: xapi.op(cmd="<request><restart><system></system></restart></request>") except pan.xapi.PanXapiError, msg: if 'succeeded' in str(msg): module.exit_json(changed=True, msg=str(msg)) raise
def load_cfgfile(xapi, module, ip_address, file_): # load configuration file cmd = "<load><config><from>%s</from></config></load>" % file_ xapi.op(cmd=cmd) return True
def test_panorama() -> None: """ test PAN-OS device auth from environment variables :return: None """ xapi = panos_login() xapi.op(cmd='show system info', cmd_xml=True) print(xapi.xml_result())
def load_cfgfile(xapi, module, ip_address, file_): # load configuration file cmd = '<load><config><from>%s</from></config></load>' %\ file_ xapi.op(cmd=cmd) return True
def test_panorama(): xapi = panorama_login() if xapi is None: print('Could not test Panorama') return None xapi.op(cmd='show system info', cmd_xml=True) print(xapi.xml_result())
def get_palo_software_version(xapi): action = 'op' cmd = "<show><system><info></info></system></show>" xapi.op(cmd=cmd) print_status(xapi, action) xmlres = get_response(xapi) xml_sysinfo_palo = xmlres.replace('\n','') print("sysinfo: ", xml_sysinfo_palo) palo_version = paloxml_to_list(xml_sysinfo_palo,'sw-version')[0] return palo_version
def get_serial(xapi, module): xapi.op(cmd="show system info", cmd_xml=True) r = xapi.element_root serial = r.find('.//serial') if serial is None: module.fail_json(msg="No <serial> tag in show system info") serial = serial.text return serial
def get_palo_software_version(xapi): action = 'op' cmd = "<show><system><info></info></system></show>" xapi.op(cmd=cmd) print_status(xapi, action) xmlres = get_response(xapi) xml_sysinfo_palo = xmlres.replace('\n', '') print("sysinfo: ", xml_sysinfo_palo) palo_version = paloxml_to_list(xml_sysinfo_palo, 'sw-version')[0] return palo_version
def admin_set(xapi, module, admin_username, admin_password, role): if admin_password is not None: xapi.op(cmd='request password-hash password "%s"' % admin_password, cmd_xml=True) r = xapi.element_root phash = r.find(".//phash").text if role is not None: rbval = "yes" if role != "superuser" and role != "superreader": rbval = "" ea = admin_exists(xapi, admin_username) if ea is not None: # user exists changed = False if role is not None: rb = ea.find(".//role-based") if rb is not None: if rb[0].tag != role: changed = True xpath = _ADMIN_XPATH % admin_username xpath += "/permissions/role-based/%s" % rb[0].tag xapi.delete(xpath=xpath) xpath = _ADMIN_XPATH % admin_username xpath += "/permissions/role-based" xapi.set(xpath=xpath, element="<%s>%s</%s>" % (role, rbval, role)) if admin_password is not None: xapi.edit( xpath=_ADMIN_XPATH % admin_username + "/phash", element="<phash>%s</phash>" % phash, ) changed = True return changed # setup the non encrypted part of the monitor exml = [] exml.append("<phash>%s</phash>" % phash) exml.append("<permissions><role-based><%s>%s</%s>" "</role-based></permissions>" % (role, rbval, role)) exml = "".join(exml) # module.fail_json(msg=exml) xapi.set(xpath=_ADMIN_XPATH % admin_username, element=exml) return True
def apply_api_key(xapi, module, api_key): try: xapi.op( cmd= '<request><license><api-key><set><key>%s</key></set></api-key></license></request>' % api_key) except pan.xapi.PanXapiError as msg: if hasattr(xapi, 'xml_document'): if "API key is same as old" in xapi.xml_document: return True raise return True
def replace_sn(xapi, module,old_sn,new_sn): try: xapi.op(cmd='<replace><device><old>%s</old><new>%s</new></device></replace>' % (old_sn, new_sn)) except pan.xapi.PanXapiError as msg: if hasattr(xapi, 'xml_document'): if 'Successfully' in xapi.xml_document: return True else: module.fail_json(msg="Unknown error!") raise return True
def download_url_region(xapi, module, region, job_timeout): pan_db_region = None for r in PAN_DB_REGIONS: if region.lower() == r.lower(): pan_db_region = r break if pan_db_region is None: module.fail_json(msg="Invalid PAN-DB region %s" % region) xapi.op(cmd="<request><url-filtering><download>" "<paloaltonetworks><region>%s</region></paloaltonetworks>" "</download></url-filtering></request>" % pan_db_region) return True
def fetch_authcode(xapi, module): try: xapi.op(cmd='request license fetch', cmd_xml=True) except pan.xapi.PanXapiError: if hasattr(xapi, 'xml_document'): if 'Successfully' in xapi.xml_document: return if 'Invalid Auth Code' in xapi.xml_document: module.fail_json(msg="Invalid Auth Code") raise return
def perform_backup() -> str: """ Saves a named backup on the PAN-OS device. The format for the backup is 'panhandler-20190424000000.xml' :return: xml results from the op command sequence """ xapi = panos_login() d = datetime.datetime.today() tstamp = d.strftime('%Y%m%d%H%M%S') cmd = f'<save><config><to>panhandler-{tstamp}.xml</to></config></save>' try: xapi.op(cmd=cmd) return xapi.xml_result() except pan.xapi.PanXapiError as pxe: raise TargetConnectionException(f'Could not perform backup: {pxe}')
def admin_set(xapi, module, admin_username, admin_password, role): if admin_password is not None: xapi.op(cmd='request password-hash password "%s"' % admin_password, cmd_xml=True) r = xapi.element_root phash = r.find('.//phash').text if role is not None: rbval = "yes" if role != "superuser" and role != 'superreader': rbval = "" ea = admin_exists(xapi, admin_username) if ea is not None: # user exists changed = False if role is not None: rb = ea.find('.//role-based') if rb is not None: if rb[0].tag != role: changed = True xpath = _ADMIN_XPATH % admin_username xpath += '/permissions/role-based/%s' % rb[0].tag xapi.delete(xpath=xpath) xpath = _ADMIN_XPATH % admin_username xpath += '/permissions/role-based' xapi.set(xpath=xpath, element='<%s>%s</%s>' % (role, rbval, role)) if admin_password is not None: xapi.edit(xpath=_ADMIN_XPATH % admin_username+'/phash', element='<phash>%s</phash>' % phash) changed = True return changed # setup the non encrypted part of the monitor exml = [] exml.append('<phash>%s</phash>' % phash) exml.append('<permissions><role-based><%s>%s</%s>' '</role-based></permissions>' % (role, rbval, role)) exml = ''.join(exml) # module.fail_json(msg=exml) xapi.set(xpath=_ADMIN_XPATH % admin_username, element=exml) return True
def apply_authcode(xapi, module, auth_code): try: xapi.op(cmd='<request><license><fetch><auth-code>%s</auth-code></fetch></license></request>' % auth_code) except pan.xapi.PanXapiError: module.exit_json(changed=True, msg=xapi.xml_document) if hasattr(xapi, 'xml_document'): if 'Successfully' in xapi.xml_document: return if 'Invalid Auth Code' in xapi.xml_document: module.fail_json(msg="Invalid Auth Code") raise return
def deactivate_license(xapi, module): try: xapi.op( cmd= '<request><license><deactivate><VM-Capacity><mode>auto</mode></VM-Capacity></deactivate></license></request>' ) except pan.xapi.PanXapiError as msg: if hasattr(xapi, 'xml_document'): if 'Successfully' in xapi.xml_document: return else: module.fail_json(msg="Unknown error!") raise return
def main(): argument_spec = dict( ip_address=dict(default=None), password=dict(default=None, no_log=True), username=dict(default='admin'), timeout=dict(default=0, type='int'), interval=dict(default=0, type='int') ) module = AnsibleModule(argument_spec=argument_spec) ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] timeout = module.params['timeout'] interval = module.params['interval'] xapi = pan.xapi.PanXapi( hostname=ip_address, api_username=username, api_password=password, timeout=60 ) checkpnt = time.time()+timeout while True: try: xapi.op(cmd="show jobs all", cmd_xml=True) except: pass else: jobs = xapi.element_root.findall('.//job') if check_jobs(jobs, module): module.exit_json(changed=True, msg="okey dokey") if time.time() > checkpnt: break time.sleep(interval) module.fail_json(msg="Timeout")
def main(): argument_spec = dict( ip_address=dict(required=True), password=dict(required=True, no_log=True), username=dict(default='admin'), timeout=dict(default=0, type='int'), interval=dict(default=0, type='int') ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False) if not HAS_LIB: module.fail_json(msg='pan-python is required for this module') ip_address = module.params["ip_address"] password = module.params["password"] username = module.params['username'] timeout = module.params['timeout'] interval = module.params['interval'] xapi = pan.xapi.PanXapi( hostname=ip_address, api_username=username, api_password=password, timeout=60 ) checkpnt = time.time() + timeout while True: try: xapi.op(cmd="show jobs all", cmd_xml=True) except Exception: pass else: jobs = xapi.element_root.findall('.//job') if check_jobs(jobs, module): module.exit_json(changed=True, msg="okey dokey") if time.time() > checkpnt: break time.sleep(interval) module.fail_json(msg="Timeout")
def apply_authcode(xapi, module, auth_code): try: xapi.op(cmd='request license fetch auth-code "%s"' % auth_code, cmd_xml=True) except pan.xapi.PanXapiError: if hasattr(xapi, 'xml_document'): if 'Successfully' in xapi.xml_document: return if 'Invalid Auth Code' in xapi.xml_document: module.fail_json(msg="Invalid Auth Code") # Duplicate capacity license fails gracefully as it could be expected if 'Failed to install licenses. Cannot apply a provisioning license feature to an already provisioned device' in xapi.xml_document: return # Other exception raise return
def check_job(xapi, jobnum, timeout=240): now = time.time() while time.time() < now + timeout: xapi.op(cmd='<show><jobs><id>%s</id></jobs></show>' % jobnum) print('result = {}'.format(xapi.xml_result())) status = xapi.element_root.find('.//status') if status is None: raise JobException("Invalid job %s: no status information %s" % (jobnum, xapi.xml_document)) if status.text == 'FIN': result = xapi.element_root.find('.//job/result') if result is None: raise JobException("Invalid FIN job %s: no result %s" % (jobnum, xapi.xml_document)) if result.text != 'OK': raise JobException("Job %s failed: %s" % (jobnum, xapi.xml_document)) return None raise JobException("Timeout in job %s" % jobnum)
def find_latest_plugin(xapi, plugin): xapi.op(cmd="<request><plugins>" "<check></check>" "</plugins></request>") xapi.op(cmd="<show><plugins><packages></packages></plugins></show>") entries = xapi.element_root.findall('.//plugins/entry') plugins = [] for e in entries: n = e.find('name').text if not n or plugin not in n: continue print('found matching entry: {}'.format(n)) plugins.append(e.find('version').text, ) if len(plugins) == 0: module.fail_json(msg="no valid plugins after check") plugins = sorted(plugins, key=lambda x: x, reverse=True) print('plugins is: {}'.format(plugins)) return plugins[0]
def main(): parser = argparse.ArgumentParser( description= """Export current threat content from firewall or Panorama.""") parser.add_argument("-k", "--api_key", help="API key to use for connection.") required = parser.add_argument_group() required.add_argument("hostname", help="Hostname of firewall or Panorama") required.add_argument("output_file", help="Output file for report") args = parser.parse_args() output = None try: if args.api_key: xapi = pan.xapi.PanXapi(hostname=args.hostname, api_key=args.api_key) else: username = input("Username: "******"Password: "******"<show><predefined><xpath>/predefined/threats/vulnerability</xpath></predefined></show>" ) output = xapi.xml_result() except pan.xapi.PanXapiError as e: print("XML-API Error: {0}".format(e)) sys.exit(1) vulns = parse_xml(output) excel_output(args.output_file, vulns)
def _set_command(self, command, cmd_xml, hostname, tag, pattern): result = False xapi = pan.xapi.PanXapi(**self._get_pan_credentials(hostname)) print( 'Running command on {hostname} with user {username} and password {password}...' .format(hostname=hostname, username=self.username, password=self.password[:1])) try: xapi.op(cmd=command, cmd_xml=cmd_xml) except pan.xapi.PanXapiError as e: print("{error}".format(error=e)) return False if xapi.status == 'success': soup = BeautifulSoup(xapi.xml_result(), 'html.parser') for line in soup.find_all(tag): result = line.get_text() print(result) if pattern: result = self._parso(pattern, result) return result
def main(): argument_spec = dict(ip_address=dict(default=None), password=dict(default=None, no_log=True), username=dict(default='admin'), timeout=dict(default=0, type='int'), interval=dict(default=0, type='int')) module = AnsibleModule(argument_spec=argument_spec) ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] timeout = module.params['timeout'] interval = module.params['interval'] xapi = pan.xapi.PanXapi(hostname=ip_address, api_username=username, api_password=password, timeout=60) checkpnt = time.time() + timeout while True: try: xapi.op(cmd="show jobs all", cmd_xml=True) except: pass else: jobs = xapi.element_root.findall('.//job') if check_jobs(jobs, module): module.exit_json(changed=True, msg="okey dokey") if time.time() > checkpnt: break time.sleep(interval) module.fail_json(msg="Timeout")
def install_software(xapi, module, version, file_, job_timeout): # check something updates if version is not None: cmd = '<request><system><software>' +\ '<install><version>%s</version></install>' +\ '</software></system></request>' % version something = version else: cmd = '<request><system><software>' +\ '<install><file>%s</file></install>' +\ '</software></system></request>' % file_ something = file_ xapi.op(cmd=cmd) job = xapi.element_root.find('.//job') if job is None: module.fail_json(msg="no job from install software image %s" % something) job = job.text check_job(xapi, job, timeout=job_timeout) return True
def check_job(xapi, jobnum, timeout=240): now = time.time() while time.time() < now+timeout: xapi.op(cmd='<show><jobs><id>%s</id></jobs></show>' % jobnum) status = xapi.element_root.find('.//status') if status is None: raise JobException("Invalid job %s: no status information %s" % (jobnum, xapi.xml_document)) if status.text == 'FIN': result = xapi.element_root.find('.//job/result') if result is None: raise JobException("Invalid FIN job %s: no result %s" % (jobnum, xapi.xml_document)) if result.text != 'OK': raise JobException("Job %s failed: %s" % (jobnum, xapi.xml_document)) nextjob = xapi.element_root.find('.//nextjob') if nextjob is not None: return nextjob.text return None raise JobException("Timeout in job %s" % jobnum)
def get_vm_auth_key_from_panorama() -> str: """ Queries a Panorama instance to generate a new VM Auth key :return: string results from panorama (still needs parsed to pull out raw auth key) """ xapi = panos_login() if xapi is None: print('Could not login into PAN-OS target') raise TargetConnectionException try: xapi.op(cmd='<request><bootstrap><vm-auth-key><generate>' '<lifetime>24</lifetime></generate></vm-auth-key></bootstrap></request>') # FIXME - check status code here and do the right thing print(xapi.status_code) print(xapi.status_detail) return xapi.xml_result() except pan.xapi.PanXapiError as pxe: print('Could not get vm-auth-key!') print(pxe) raise TargetConnectionException
def main(): argument_spec = dict(ip_address=dict(default=None), password=dict(default=None), username=dict(default='admin'), swap=dict(default='no')) module = AnsibleModule(argument_spec=argument_spec) ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] swap = module.params['swap'] xapi = pan.xapi.PanXapi(hostname=ip_address, api_username=username, api_password=password) try: if swap == 'yes': print('swapping') xapi.op( cmd= "<set><system><setting><mgmt-interface-swap><enable><yes></yes></enable></mgmt-interface-swap></setting></system></set>" ) else: print('NOT swapping') xapi.op( cmd= "<set><system><setting><mgmt-interface-swap><enable><no></no></enable></mgmt-interface-swap></setting></system></set>" ) except pan.xapi.PanXapiError, msg: if 'succeeded' in str(msg): module.exit_json(changed=True, msg=str(msg)) raise
def main(): argument_spec = dict( ip_address=dict(default=None), password=dict(default=None), username=dict(default='admin'), swap=dict(default='no') ) module = AnsibleModule(argument_spec=argument_spec) ip_address = module.params["ip_address"] if not ip_address: module.fail_json(msg="ip_address should be specified") password = module.params["password"] if not password: module.fail_json(msg="password is required") username = module.params['username'] swap = module.params['swap'] xapi = pan.xapi.PanXapi( hostname=ip_address, api_username=username, api_password=password ) try: if swap == 'yes': print('swapping') xapi.op(cmd="<set><system><setting><mgmt-interface-swap><enable><yes></yes></enable></mgmt-interface-swap></setting></system></set>") else: print('NOT swapping') xapi.op(cmd="<set><system><setting><mgmt-interface-swap><enable><no></no></enable></mgmt-interface-swap></setting></system></set>") except pan.xapi.PanXapiError, msg: if 'succeeded' in str(msg): module.exit_json(changed=True, msg=str(msg)) raise
def upgrade_something(xapi, module, something, job_timeout): # check something updates xapi.op(cmd="<request><%(something)s><upgrade>" "<check></check>" "</upgrade></%(something)s></request>" % dict(something=something)) entries = xapi.element_root.findall('.//content-updates/entry') cus = [] for e in entries: cus.append( ( e.find('version').text, e.find('current').text, e.find('downloaded').text ) ) if len(cus) == 0: module.fail_json(msg="no content-updates after check") cus = sorted(cus, key=lambda x: x[0], reverse=True) latestcus = cus[0] if latestcus[1] == 'yes': # latest already current return False if not latestcus[2] == 'yes': # let's download it xapi.op(cmd="<request><%(something)s><upgrade>" "<download><latest></latest></download>" "</upgrade></%(something)s></request>" % dict(something=something)) job = xapi.element_root.find('.//job') if job is None: module.fail_json(msg="no job from download latest %s request" % something) job = job.text check_job(xapi, job, job_timeout) xapi.op(cmd="<request><%(something)s><upgrade>" "<install><version>latest</version></install>" "</upgrade></%(something)s></request>" % dict(something=something)) job = xapi.element_root.find('.//job') if job is None: module.fail_json(msg="no hob from install latest %s request" % something) job = job.text jobresult = check_job(xapi, job, job_timeout) if jobresult is None: module.fail_json(msg="no nextjob from install latest %s job" % something) check_job(xapi, jobresult, job_timeout) return True
def download_install_plugin(xapi, module, plugin, job_timeout): # check if the plugin is already installed xapi.op(cmd="<show><plugins><installed></installed></plugins></show>") #print("Installed plugins: {}".format(xapi.xml_document)) entries = xapi.element_root.findall('.//list/entry') for e in entries: ver = e.find('version').text #print('Found version: {}'.format(ver)) if ver == plugin: # plugin already installed! return False # check updates xapi.op(cmd="<request><plugins>" "<check></check>" "</plugins></request>") result = xapi.element_root.find('.//result') #print('Result check is: {}'.format(result.text)) if result is None or result.text is None or result.text != "List of plugin packages has been updated": module.fail_json(msg="Unable to check for plugins: %s".format(xapi.xml_document)) xapi.op(cmd="<request><plugins>" "<download><file>%(plugin)s</file></download>" "</plugins></request>" % dict(plugin=plugin)) job = xapi.element_root.find('.//job') if job is None: module.fail_json(msg="no job from download latest request") job = job.text check_job(xapi, job, job_timeout) xapi.op(cmd="<request><plugins>" "<install>%(plugin)s</install>" "</plugins></request>" % dict(plugin=plugin)) result = xapi.element_root.find('.//result') #print('Result is: {}'.format(result.text)) if result is None or result.text is None or "has been installed successfully" not in result.text: module.fail_json(msg="Unable to install plugin: %s".format(xapi.xml_document)) return True
] elif (mode == "panorama"): dodebug("Modo de configuracion " + mode) dodebug("OK , doki\n" + "key=" + key + "fw=" + host + "\nmode=" + mode) try: xapi = pan.xapi.PanXapi(tag='pa-200', api_key=key, hostname=host) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg) sys.exit(1) # estamos en modo "Panorama, asi que primero tenemos que buscar que FW hay cmd = "<show><devices><connected></connected></devices></show>" xpath = "/" try: connected = xapi.op(cmd=cmd, vsys=None, cmd_xml=False) except pan.xapi.PanXapiError as msg: print('edit:', msg) sys.exit(1) dodebug("OK se ejecuta el comando:" + cmd) #dodebug("result:\n"+xapi.xml_result()) pp = pprint.PrettyPrinter(indent=4) dict = xmltodict.parse(xapi.xml_result()) #pp.pprint(dict) dodebug("**** priting ddict['devices']['entry']") node = dict['devices']['entry'] #pp.pprint(node) hosts = [] for device in (node): serial = device['serial']
ip.text = nodeIP description = ET.SubElement(entryAddress, "description") description.text = nodeID grpEntryStaticMember = ET.SubElement(grpEntryStatic, "member") grpEntryStaticMember.text = nodeID data = ET.tostring(root) print(data) try: xapi = pan.xapi.PanXapi(api_username=os.environ['username'], api_password=os.environ['password'], hostname=os.environ['ipAddr']) print("Successfully Connected!") xapi.op(cmd='show system info', cmd_xml=True) print(xapi.xml_result()) #set the config using the above xpath xapi.set(xpath, element=data) print(xapi.xml_result()) #commit the config. Make sure to add the xml command. xapi.commit('<commit/>') print(xapi.xml_result()) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) elif cmd == "stop":
def main(): set_encoding() options = parse_opts() try: xapi = pan.xapi.PanXapi(debug=options['debug'], timeout=options['timeout'], tag=options['tag'], use_http=options['use_http'], use_get=options['use_get'], api_username=options['api_username'], api_password=options['api_password'], api_key=options['api_key'], hostname=options['hostname'], port=options['port'], serial=options['serial'], cafile=options['cafile'], capath=options['capath']) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) if options['debug'] > 2: print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr) try: if options['ad_hoc'] is not None: action = 'ad_hoc' xapi.ad_hoc(qs=options['ad_hoc'], xpath=options['xpath'], modify_qs=options['modify']) print_status(xapi, action) print_response(xapi, options) if options['keygen']: action = 'keygen' xapi.keygen() print_status(xapi, action) print_response(xapi, options) print('API key: "%s"' % xapi.api_key) if options['show']: action = 'show' xapi.show(xpath=options['xpath']) print_status(xapi, action) print_response(xapi, options) if options['get']: action = 'get' xapi.get(xpath=options['xpath']) print_status(xapi, action) print_response(xapi, options) if options['delete']: action = 'delete' xapi.delete(xpath=options['xpath']) print_status(xapi, action) print_response(xapi, options) if options['edit']: action = 'edit' xapi.edit(xpath=options['xpath'], element=options['element']) print_status(xapi, action) print_response(xapi, options) if options['set']: action = 'set' xapi.set(xpath=options['xpath'], element=options['element']) print_status(xapi, action) print_response(xapi, options) if options['dynamic-update']: action = 'dynamic-update' kwargs = { 'cmd': options['cmd'], } if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.user_id(**kwargs) print_status(xapi, action) print_response(xapi, options) if options['move'] is not None: action = 'move' xapi.move(xpath=options['xpath'], where=options['move'], dst=options['dst']) print_status(xapi, action) print_response(xapi, options) if options['rename']: action = 'rename' xapi.rename(xpath=options['xpath'], newname=options['dst']) print_status(xapi, action) print_response(xapi, options) if options['clone']: action = 'clone' xapi.clone(xpath=options['xpath'], xpath_from=options['src'], newname=options['dst']) print_status(xapi, action) print_response(xapi, options) if options['override']: action = 'override' xapi.override(xpath=options['xpath'], element=options['element']) print_status(xapi, action) print_response(xapi, options) if options['export'] is not None: action = 'export' xapi.export(category=options['export'], from_name=options['src']) print_status(xapi, action) print_response(xapi, options) if options['pcap_listing']: pcap_listing(xapi, options) save_pcap(xapi, options) if options['log'] is not None: action = 'log' xapi.log(log_type=options['log'], nlogs=options['nlogs'], skip=options['skip'], filter=options['filter'], interval=options['interval'], timeout=options['job_timeout']) print_status(xapi, action) print_response(xapi, options) if options['op'] is not None: action = 'op' kwargs = { 'cmd': options['op'], 'cmd_xml': options['cmd_xml'], } if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.op(**kwargs) print_status(xapi, action) print_response(xapi, options) if (options['commit'] or options['commit_all']): if options['cmd']: cmd = options['cmd'] if options['cmd_xml']: cmd = xapi.cmd_xml(cmd) else: c = pan.commit.PanCommit(debug=options['debug'], validate=options['validate'], force=options['force'], commit_all=options['commit_all'], merge_with_candidate= options['merge']) for part in options['partial']: if part == 'device-and-network-excluded': c.device_and_network_excluded() elif part == 'policy-and-objects-excluded': c.policy_and_objects_excluded() elif part == 'shared-object-excluded': c.shared_object_excluded() elif part == 'no-vsys': c.no_vsys() elif part == 'vsys': c.vsys(options['vsys']) if options['serial'] is not None: c.device(options['serial']) if options['group'] is not None: c.device_group(options['group']) if options['commit_all'] and options['vsys']: c.vsys(options['vsys'][0]) cmd = c.cmd() kwargs = { 'cmd': cmd, 'sync': options['sync'], 'interval': options['interval'], 'timeout': options['job_timeout'], } if options['commit_all']: kwargs['action'] = 'all' action = 'commit' xapi.commit(**kwargs) print_status(xapi, action) print_response(xapi, options) except pan.xapi.PanXapiError as msg: print_status(xapi, action, msg) print_response(xapi, options) sys.exit(1) sys.exit(0)
def main(): try: signal.signal(signal.SIGPIPE, signal.SIG_DFL) except AttributeError: # Windows pass set_encoding() options = parse_opts() if options['debug']: logger = logging.getLogger() if options['debug'] == 3: logger.setLevel(pan.xapi.DEBUG3) elif options['debug'] == 2: logger.setLevel(pan.xapi.DEBUG2) elif options['debug'] == 1: logger.setLevel(pan.xapi.DEBUG1) # log_format = '%(levelname)s %(name)s %(message)s' log_format = '%(message)s' handler = logging.StreamHandler() formatter = logging.Formatter(log_format) handler.setFormatter(formatter) logger.addHandler(handler) if options['cafile'] or options['capath']: ssl_context = create_ssl_context(options['cafile'], options['capath']) else: ssl_context = None try: xapi = pan.xapi.PanXapi(timeout=options['timeout'], tag=options['tag'], use_http=options['use_http'], use_get=options['use_get'], api_username=options['api_username'], api_password=options['api_password'], api_key=options['api_key'], hostname=options['hostname'], port=options['port'], serial=options['serial'], ssl_context=ssl_context) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) if options['debug'] > 2: print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr) extra_qs_used = False try: if options['keygen']: action = 'keygen' if options['ad_hoc'] is not None: extra_qs_used = True xapi.keygen(extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if (options['api_username'] and options['api_password'] and options['hostname'] and options['tag']): # .panrc d = datetime.now() print('# %s generated: %s' % (os.path.basename( sys.argv[0]), d.strftime('%Y/%m/%d %H:%M:%S'))) print('hostname%%%s=%s' % (options['tag'], options['hostname'])) print('api_key%%%s=%s' % (options['tag'], xapi.api_key)) else: print('API key: "%s"' % xapi.api_key) if options['show']: action = 'show' if options['ad_hoc'] is not None: extra_qs_used = True xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['get']: action = 'get' if options['ad_hoc'] is not None: extra_qs_used = True xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['delete']: action = 'delete' if options['ad_hoc'] is not None: extra_qs_used = True xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['edit']: action = 'edit' if options['ad_hoc'] is not None: extra_qs_used = True xapi.edit(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['set']: action = 'set' if options['ad_hoc'] is not None: extra_qs_used = True xapi.set(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['dynamic-update']: action = 'dynamic-update' kwargs = { 'cmd': options['cmd'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.user_id(**kwargs) print_status(xapi, action) print_response(xapi, options) if options['move'] is not None: action = 'move' if options['ad_hoc'] is not None: extra_qs_used = True xapi.move(xpath=options['xpath'], where=options['move'], dst=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['rename']: action = 'rename' if options['ad_hoc'] is not None: extra_qs_used = True xapi.rename(xpath=options['xpath'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['clone']: action = 'clone' if options['ad_hoc'] is not None: extra_qs_used = True xapi.clone(xpath=options['xpath'], xpath_from=options['src'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['override']: action = 'override' if options['ad_hoc'] is not None: extra_qs_used = True xapi.override(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['export'] is not None: action = 'export' if options['ad_hoc'] is not None: extra_qs_used = True if options['pcapid'] is not None: xapi.export(category=options['export'], pcapid=options['pcapid'], search_time=options['stime'], serialno=options['serial'], extra_qs=options['ad_hoc']) else: xapi.export(category=options['export'], from_name=options['src'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['pcap_listing']: pcap_listing(xapi, options['export']) save_attachment(xapi, options) if options['log'] is not None: action = 'log' if options['ad_hoc'] is not None: extra_qs_used = True xapi.log(log_type=options['log'], nlogs=options['nlogs'], skip=options['skip'], filter=options['filter'], interval=options['interval'], timeout=options['job_timeout'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['op'] is not None: action = 'op' kwargs = { 'cmd': options['op'], 'cmd_xml': options['cmd_xml'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.op(**kwargs) print_status(xapi, action) print_response(xapi, options) if (options['commit'] or options['commit_all']): if options['cmd']: cmd = options['cmd'] if options['cmd_xml']: cmd = xapi.cmd_xml(cmd) else: c = pan.commit.PanCommit(validate=options['validate'], force=options['force'], commit_all=options['commit_all'], merge_with_candidate=options['merge']) for part in options['partial']: if part == 'device-and-network-excluded': c.device_and_network_excluded() elif part == 'policy-and-objects-excluded': c.policy_and_objects_excluded() elif part == 'shared-object-excluded': c.shared_object_excluded() elif part == 'no-vsys': c.no_vsys() elif part == 'vsys': c.vsys(options['vsys']) if options['serial'] is not None: c.device(options['serial']) if options['group'] is not None: c.device_group(options['group']) if options['commit_all'] and options['vsys']: c.vsys(options['vsys'][0]) cmd = c.cmd() kwargs = { 'cmd': cmd, 'sync': options['sync'], 'interval': options['interval'], 'timeout': options['job_timeout'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if options['commit_all']: kwargs['action'] = 'all' action = 'commit' xapi.commit(**kwargs) print_status(xapi, action) print_response(xapi, options) if not extra_qs_used and options['ad_hoc'] is not None: action = 'ad_hoc' xapi.ad_hoc(qs=options['ad_hoc'], xpath=options['xpath'], modify_qs=options['modify']) print_status(xapi, action) print_response(xapi, options) except pan.xapi.PanXapiError as msg: print_status(xapi, action, str(msg)) print_response(xapi, options) sys.exit(1) sys.exit(0)
def main(): try: signal.signal(signal.SIGPIPE, signal.SIG_DFL) except AttributeError: # Windows pass set_encoding() options = parse_opts() if options['debug']: logger = logging.getLogger() if options['debug'] == 3: logger.setLevel(pan.xapi.DEBUG3) elif options['debug'] == 2: logger.setLevel(pan.xapi.DEBUG2) elif options['debug'] == 1: logger.setLevel(pan.xapi.DEBUG1) # log_format = '%(levelname)s %(name)s %(message)s' log_format = '%(message)s' handler = logging.StreamHandler() formatter = logging.Formatter(log_format) handler.setFormatter(formatter) logger.addHandler(handler) if options['cafile'] or options['capath']: ssl_context = create_ssl_context(options['cafile'], options['capath']) else: ssl_context = None try: xapi = pan.xapi.PanXapi(timeout=options['timeout'], tag=options['tag'], use_http=options['use_http'], use_get=options['use_get'], api_username=options['api_username'], api_password=options['api_password'], api_key=options['api_key'], hostname=options['hostname'], port=options['port'], serial=options['serial'], ssl_context=ssl_context) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) if options['debug'] > 2: print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr) extra_qs_used = False try: if options['keygen']: action = 'keygen' if options['ad_hoc'] is not None: extra_qs_used = True xapi.keygen(extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) print('API key: "%s"' % xapi.api_key) if options['show']: action = 'show' if options['ad_hoc'] is not None: extra_qs_used = True xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['get']: action = 'get' if options['ad_hoc'] is not None: extra_qs_used = True xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['delete']: action = 'delete' if options['ad_hoc'] is not None: extra_qs_used = True xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['edit']: action = 'edit' if options['ad_hoc'] is not None: extra_qs_used = True xapi.edit(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['set']: action = 'set' if options['ad_hoc'] is not None: extra_qs_used = True xapi.set(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['dynamic-update']: action = 'dynamic-update' kwargs = { 'cmd': options['cmd'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.user_id(**kwargs) print_status(xapi, action) print_response(xapi, options) if options['move'] is not None: action = 'move' if options['ad_hoc'] is not None: extra_qs_used = True xapi.move(xpath=options['xpath'], where=options['move'], dst=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['rename']: action = 'rename' if options['ad_hoc'] is not None: extra_qs_used = True xapi.rename(xpath=options['xpath'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['clone']: action = 'clone' if options['ad_hoc'] is not None: extra_qs_used = True xapi.clone(xpath=options['xpath'], xpath_from=options['src'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['override']: action = 'override' if options['ad_hoc'] is not None: extra_qs_used = True xapi.override(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['export'] is not None: action = 'export' if options['ad_hoc'] is not None: extra_qs_used = True if options['pcapid'] is not None: xapi.export(category=options['export'], pcapid=options['pcapid'], search_time=options['stime'], serialno=options['serial'], extra_qs=options['ad_hoc']) else: xapi.export(category=options['export'], from_name=options['src'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['pcap_listing']: pcap_listing(xapi, options['export']) save_attachment(xapi, options) if options['log'] is not None: action = 'log' if options['ad_hoc'] is not None: extra_qs_used = True xapi.log(log_type=options['log'], nlogs=options['nlogs'], skip=options['skip'], filter=options['filter'], interval=options['interval'], timeout=options['job_timeout'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['op'] is not None: action = 'op' kwargs = { 'cmd': options['op'], 'cmd_xml': options['cmd_xml'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.op(**kwargs) print_status(xapi, action) print_response(xapi, options) if (options['commit'] or options['commit_all']): if options['cmd']: cmd = options['cmd'] if options['cmd_xml']: cmd = xapi.cmd_xml(cmd) else: c = pan.commit.PanCommit(validate=options['validate'], force=options['force'], commit_all=options['commit_all'], merge_with_candidate= options['merge']) for part in options['partial']: if part == 'device-and-network-excluded': c.device_and_network_excluded() elif part == 'policy-and-objects-excluded': c.policy_and_objects_excluded() elif part == 'shared-object-excluded': c.shared_object_excluded() elif part == 'no-vsys': c.no_vsys() elif part == 'vsys': c.vsys(options['vsys']) if options['serial'] is not None: c.device(options['serial']) if options['group'] is not None: c.device_group(options['group']) if options['commit_all'] and options['vsys']: c.vsys(options['vsys'][0]) cmd = c.cmd() kwargs = { 'cmd': cmd, 'sync': options['sync'], 'interval': options['interval'], 'timeout': options['job_timeout'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if options['commit_all']: kwargs['action'] = 'all' action = 'commit' xapi.commit(**kwargs) print_status(xapi, action) print_response(xapi, options) if not extra_qs_used and options['ad_hoc'] is not None: action = 'ad_hoc' xapi.ad_hoc(qs=options['ad_hoc'], xpath=options['xpath'], modify_qs=options['modify']) print_status(xapi, action) print_response(xapi, options) except pan.xapi.PanXapiError as msg: print_status(xapi, action, msg) print_response(xapi, options) sys.exit(1) sys.exit(0)