def create_object(**kwargs):
if kwargs['addressobject']:
newobject = objects.AddressObject(
name=kwargs['addressobject'],
value=kwargs['address'],
type=kwargs['address_type'],
description=kwargs['description'],
tag=kwargs['tag_name']
)
if newobject.type and newobject.value:
return newobject
else:
return False
elif kwargs['addressgroup']:
newobject = objects.AddressGroup(
name=kwargs['addressgroup'],
static_value=kwargs['static_value'],
dynamic_value=kwargs['dynamic_value'],
description=kwargs['description'],
tag=kwargs['tag_name']
)
if newobject.static_value or newobject.dynamic_value:
return newobject
else:
return False
elif kwargs['serviceobject']:
newobject = objects.ServiceObject(
name=kwargs['serviceobject'],
protocol=kwargs['protocol'],
source_port=kwargs['source_port'],
destination_port=kwargs['destination_port'],
tag=kwargs['tag_name']
)
if newobject.protocol and newobject.destination_port:
return newobject
else:
return False
elif kwargs['servicegroup']:
newobject = objects.ServiceGroup(
name=kwargs['servicegroup'],
value=kwargs['services'],
tag=kwargs['tag_name']
)
if newobject.value:
return newobject
else:
return False
elif kwargs['tag_name']:
newobject = objects.Tag(
name=kwargs['tag_name'],
color=kwargs['color'],
comments=kwargs['description']
)
if newobject.name:
return newobject
else:
return False
else:
return False
def setup_state_obj(self, dev, state):
state.obj = objects.AddressObject(
testlib.random_name(),
value=testlib.random_ip(),
type='ip-netmask',
description='This is a test',
)
dev.add(state.obj)
def create_dependencies(self, dev, state):
state.aos = [
objects.AddressObject(testlib.random_name(), testlib.random_ip())
for x in range(4)
]
for x in state.aos:
dev.add(x)
x.create()
def test_device_group_xpath_unchanged():
expected = "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='somegroup']/address/entry[@name='intnet']"
pano = panorama.Panorama('127.0.0.1')
dg = panorama.DeviceGroup('somegroup')
ao = objects.AddressObject('intnet', '192.168.0.0/16')
pano.add(dg)
dg.add(ao)
assert expected == ao.xpath()
def from_criteria(cls, criteria):
"""Create an instance from the provided criteria
"""
pandevice_object = objects.AddressObject()
pandevice_object.name = criteria['name']
pandevice_object.value = criteria['value']
pandevice_object.type = criteria['type']
return cls(pandevice_object)
def _parse_addresses(self):
"""retrieve all the pandevice.objects.AddressObjects's and parse them and store in the dg node"""
# create the "any" object
any_address_pandevice_obj = objects.AddressObject()
any_address_pandevice_obj.name = 'any'
any_address_pandevice_obj.type = 'any'
any_address_pandevice_obj.value = 'any'
any_address = PaloAltoAddress(any_address_pandevice_obj)
for dg_node in self.dg_hierarchy.get_all_nodes():
for a in dg_node.device_group.findall(objects.AddressObject):
dg_node.insert(PaloAltoAddress(a))
# add the "any" abject
dg_node.insert(any_address)
def pan_ips(pan_fw, azure_nic={"ipAddress": "", "tags": []}):
""" Returns a list of PAN Address objects """
logger.debug('IP address value: {}'.format(azure_nic['ipAddress']))
current_ips = pan_objs.AddressObject.refreshall(pan_fw, add=False)
for ip in current_ips:
pan_fw.add(ip) # Re-add existing
if azure_nic['ipAddress']:
az_ip = pan_objs.AddressObject(name='ip_' + azure_nic['ipAddress'],
value=azure_nic['ipAddress'],
tag=azure_nic['tags'])
# Adds or updates ip object in pan_fw
logger.debug('Adding az_ip')
pan_fw.add(az_ip)
az_ip.create()
az_ip.apply()
if not [ip for ip in current_ips if ip.value == azure_nic['ipAddress']]:
return current_ips + [az_ip]
return current_ips
def test_addressobject(self):
address_object = objects.AddressObject("mytest", "5.5.4.5/24",
description="new test")
self.d.add(address_object)
address_object.create()
def create_object(obj_name, obj_value, obj_desc):
# sanitize name
obj_name = re.sub(r'[^\w\.]', '_', obj_name)
fw.add(objects.AddressObject(obj_name, obj_value, None, obj_desc, tufin_tag)).create()
def main():
argument_spec = dict(
ip_address=dict(required=True),
username=dict(default='admin'),
password=dict(no_log=True),
api_key=dict(no_log=True),
name=dict(type='str', required=True),
value=dict(type='str'),
address_type=dict(default='ip-netmask', choices=['ip-netmask', 'ip-range', 'fqdn']),
description=dict(type='str'),
tag=dict(type='list'),
device_group=dict(type='str'),
vsys=dict(type='str', default='vsys1'),
state=dict(default='present', choices=['present', 'absent']),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python and pandevice are required for this module.')
ip_address = module.params['ip_address']
username = module.params['username']
password = module.params['password']
api_key = module.params['api_key']
name = module.params['name']
value = module.params['value']
address_type = module.params['address_type']
description = module.params['description']
tag = module.params['tag']
device_group = module.params['device_group']
vsys = module.params['vsys']
state = module.params['state']
commit = module.params['commit']
changed = False
try:
device = base.PanDevice.create_from_device(ip_address, username, password, api_key=api_key)
if isinstance(device, firewall.Firewall):
device.vsys = vsys
if device_group:
if device_group.lower() == 'shared':
device_group = None
else:
if not get_devicegroup(device, device_group):
module.fail_json(msg='Could not find {} device group.'.format(device_group))
if state == 'present':
if not value:
module.fail_json(msg='Must specify \'value\' if state is \'present\'.')
existing_obj = find_object(device, name, objects.AddressObject, device_group)
new_obj = objects.AddressObject(name, value, type=address_type, description=description, tag=tag)
if not existing_obj:
add_object(device, new_obj, device_group)
new_obj.create()
changed = True
elif not existing_obj.equal(new_obj):
existing_obj.value = value
existing_obj.type = address_type
existing_obj.description = description
existing_obj.tag = tag
existing_obj.apply()
changed = True
elif state == 'absent':
existing_obj = find_object(device, name, objects.AddressObject, device_group)
if existing_obj:
existing_obj.delete()
changed = True
if commit and changed:
perform_commit(module, device, device_group)
except PanDeviceError as e:
module.fail_json(msg=e.message)
module.exit_json(changed=changed)
# Variables coming from ITEMS system
var_host_name = "H_" + args.name
var_host_name_length = len(var_host_name)
# Set correct format of "var_host_ip" variable based on object type (IP or fqdn)
if args.type == 'ip-netmask':
var_host_ip = args.ip + "/32"
else:
var_host_ip = args.ip
# Check hostname length
if len(var_host_name) < 64:
if args.cmd == 'Add':
# This call allow to create the object and modify IP address or description if the host already exist
webserver = objects.AddressObject(var_host_name,
var_host_ip,
type=args.type,
description=args.desc,
tag=tuple(args.tag.split(',')))
# pano.find(panorama.DeviceGroup("DG_GDC_MGMT_Zone"))
pano.add(webserver)
webserver.create()
# embed()
pano.commit()
print(webserver)
elif args.cmd == 'Del':
# This call allow to delete the host
webserver = objects.AddressObject(var_host_name)
pano.add(webserver)
webserver.delete()
# embed()
