def create_profilepackage(rules, addresses): device_groups = ['test_dg'] devicegroup_objects = {'test_dg': collections.defaultdict(list)} devicegroup_objects['test_dg']['Addresses'] = addresses devicegroup_objects['test_dg']['all_active_child_firewalls'] = [ "fake_firewall" ] devicegroup_exclusive_objects = { 'test_dg': collections.defaultdict(list) } devicegroup_exclusive_objects["test_dg"]['SecurityPreRules'] = rules profilepackage = ProfilePackage( api_key='', pan_config=PanConfig('<_/>'), settings=ConfigurationSettings().get_config(), device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects=devicegroup_exclusive_objects, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(shared_addresses, shared_addressgroups, shared_securityprerules, shared_natprerules, dg_addresses, dg_securityprerules): device_groups = ["shared"] devicegroup_objects = { "shared": collections.defaultdict(list), "test_dg": collections.defaultdict(list) } devicegroup_objects['shared']['all_child_device_groups'] = [ "shared", "test_dg" ] devicegroup_objects["shared"]['Addresses'] = shared_addresses devicegroup_objects["shared"]['AddressGroups'] = shared_addressgroups devicegroup_objects["shared"][ 'SecurityPreRules'] = shared_securityprerules devicegroup_objects["shared"]['NATPreRules'] = shared_natprerules devicegroup_objects["test_dg"]['SecurityPreRules'] = dg_addresses devicegroup_objects["test_dg"]['NATPreRules'] = dg_securityprerules profilepackage = ProfilePackage( api_key='', pan_config=PanConfig('<_/>'), settings=ConfigurationSettings().get_config(), device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects={}, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(allowed_group_profile, pan_config): device_groups = ['test_dg'] rules = pan_config.get_devicegroup_policy('SecurityPreRules', 'test_dg') devicegroup_exclusive_objects = { 'test_dg': { 'SecurityPreRules': rules, 'SecurityPostRules': [] } } settings = ConfigurationSettings().get_config() settings['Allowed Group Profiles'] = allowed_group_profile profilepackage = ProfilePackage( api_key='', pan_config=PanConfig('<_/>'), settings=settings, device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects={}, devicegroup_exclusive_objects=devicegroup_exclusive_objects, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(pan_config): device_groups = ["shared"] settings = ConfigurationSettings().get_config() profilepackage = ProfilePackage(api_key='', pan_config=pan_config, settings=settings, device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects={}, devicegroup_exclusive_objects={}, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(pan_config, mandated_log_profile): device_groups = ['test_dg'] settings = ConfigurationSettings().get_config() settings['Mandated Logging Profile'] = mandated_log_profile profilepackage = ProfilePackage(api_key='', pan_config=pan_config, settings=settings, device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects={}, devicegroup_exclusive_objects={}, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(services): device_groups = ["shared"] devicegroup_objects = {"shared": {}} devicegroup_objects["shared"]['Services'] = services profilepackage = ProfilePackage( api_key='', pan_config=PanConfig('<_/>'), settings=ConfigurationSettings().get_config(), device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects=[], rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(addresses, ignored_dns_prefixes): device_groups = ["shared"] devicegroup_objects = {"shared": {}} devicegroup_objects["shared"]['Addresses'] = addresses settings = ConfigurationSettings().get_config() settings['Ignored DNS Prefixes'] = ",".join(ignored_dns_prefixes) profilepackage = ProfilePackage( api_key='', pan_config=PanConfig('<_/>'), settings=settings, device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects={}, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(pan_config): device_groups = ["shared"] devicegroup_objects = { "shared": collections.defaultdict(list), "test_dg": collections.defaultdict(list) } devicegroup_objects['shared']['all_child_device_groups'] = [ "shared", "test_dg" ] profilepackage = ProfilePackage( api_key='', pan_config=pan_config, settings=ConfigurationSettings().get_config(), device_group_hierarchy_children={}, device_group_hierarchy_parent={}, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects={}, rule_limit_enabled=False, no_api=False) return profilepackage
def create_profilepackage(shared_addresses, dg_addresses, shared_address_groups, dg_address_groups): device_groups = ["shared", "test_dg"] device_group_hierarchy_parent = {"test_dg": "shared"} devicegroup_objects = {"shared": {}, "test_dg": {}} devicegroup_objects["shared"]['Addresses'] = shared_addresses devicegroup_objects["test_dg"]['Addresses'] = dg_addresses devicegroup_objects["shared"]['AddressGroups'] = shared_address_groups devicegroup_objects["test_dg"]['AddressGroups'] = dg_address_groups profilepackage = ProfilePackage( api_key='', pan_config=PanConfig('<_/>'), settings=ConfigurationSettings().get_config(), device_group_hierarchy_children={}, device_group_hierarchy_parent=device_group_hierarchy_parent, device_groups_and_firewalls={}, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects={}, rule_limit_enabled=False, no_api=False) return profilepackage
def load_config_package(configuration_settings, api_key, device_group, limit, no_api, xml_file=None): if xml_file: # The list of firewalls are not available from the API, so # these variables will remain empty logger.debug(f"Loading configuration from XML file: {xml_file}") with open(xml_file, encoding='utf-8') as fh: xml_config = fh.read() pan_config = PanConfig(xml_config, True) device_groups_and_firewalls = collections.defaultdict(list) active_firewalls_per_devicegroup = collections.defaultdict(list) else: # Load the XML configuration and list of firewalls via API requests panorama = configuration_settings.get('panorama') xml_config = pan_api.export_configuration2(panorama, api_key) pan_config = PanConfig(xml_config) device_groups_and_firewalls = pan_api.get_device_groups_and_firewalls(panorama, api_key) active_firewalls = pan_api.get_active_firewalls(panorama, api_key) # Build the mapping of active FWs in each device group active_firewalls_per_devicegroup = collections.defaultdict(list) for dg, firewalls in device_groups_and_firewalls.items(): active_firewalls_per_devicegroup[dg] = [fw for fw in firewalls if fw in active_firewalls] device_group_hierarchy_children, device_group_hierarchy_parent = pan_config.get_device_groups_hierarchy() # Build a mapping of device groups to their 'child' device groups all_device_groups = pan_config.get_device_groups() + ['shared'] devicegroups_to_child_devicegroups = squash_all_devicegroups(all_device_groups, device_group_hierarchy_children) all_active_firewalls_per_devicegroup = collections.defaultdict(list) for dg, child_dgs in devicegroups_to_child_devicegroups.items(): all_active_firewalls_per_devicegroup[dg] = [] for child_dg in child_dgs: all_active_firewalls_per_devicegroup[dg] += active_firewalls_per_devicegroup[child_dg] # Create and fill in the devicegroup_objects, which represents all entries, per devicegroup devicegroup_objects = {} if device_group: device_groups = [device_group] else: device_groups = all_device_groups for device_group in all_device_groups: devicegroup_objects[device_group] = {} devicegroup_objects[device_group]['all_child_device_groups'] = devicegroups_to_child_devicegroups[device_group] devicegroup_objects[device_group]['all_active_child_firewalls'] = all_active_firewalls_per_devicegroup[ device_group] for policy_type in pan_config.SUPPORTED_POLICY_TYPES: devicegroup_objects[device_group][policy_type] = pan_config.get_devicegroup_policy(policy_type, device_group)[:limit] for object_type in pan_config.SUPPORTED_OBJECT_TYPES: devicegroup_objects[device_group][object_type] = pan_config.get_devicegroup_object(object_type, device_group) rule_limit_enabled = limit is not None # Build a listing of policy objects that are exclusive to each device group, which won't include policies inherited from the parent device groups devicegroup_exclusive_objects = {} for device_group in all_device_groups: devicegroup_exclusive_objects[device_group] = {} for policy_type in pan_config.SUPPORTED_POLICY_TYPES: if device_group not in device_group_hierarchy_parent: # No parent means no inherited policies devicegroup_exclusive_objects[device_group][policy_type] = devicegroup_objects[device_group][ policy_type] else: parent_dg = device_group_hierarchy_parent[device_group] parent_policy_uuids = set([entry.get('@uuid') for entry in devicegroup_objects[parent_dg][policy_type]]) exclusive_objects = [entry for entry in devicegroup_objects[device_group][policy_type] if entry.get('@uuid') not in parent_policy_uuids] devicegroup_exclusive_objects[device_group][policy_type] = exclusive_objects profilepackage = ProfilePackage( api_key=api_key, pan_config=pan_config, settings=configuration_settings, device_group_hierarchy_children=device_group_hierarchy_children, device_group_hierarchy_parent=device_group_hierarchy_parent, device_groups_and_firewalls=device_groups_and_firewalls, device_groups=device_groups, devicegroup_objects=devicegroup_objects, devicegroup_exclusive_objects=devicegroup_exclusive_objects, rule_limit_enabled=rule_limit_enabled, no_api=no_api ) return profilepackage