def main() -> None:
fw = Firewall("10.0.1.25", "admin", "Pal0Alt0!")
for index in range(1, 5):
addobj = fw.add(AddressObject(f"My-new-object-{index}", "1.1.1.1"))
addobj.create()
result = fw.op("show system info")
print(ET.tostring(result))
def firewall_import(import_fw, import_dict, import_username, import_password,
commit):
pushing_fw = Firewall(import_fw, import_username, import_password)
AddressObject.refreshall(
pushing_fw) #pulls down the address objects in the firewall
AddressGroup.refreshall(
pushing_fw, add=True) # pulls down the address groups in the firewall
for i in import_dict['addresses']:
addr = AddressObject(name=i['name'],
value=i['value'],
description=i['description'],
type=i['type'],
tag=i['tag'])
pushing_fw.add(addr)
start = datetime.datetime.now()
addr.create_similar()
for i in import_dict['groups']:
group = AddressGroup(i['name'], i['static_value'], i['dynamic_value'],
i['tag'])
pushing_fw.add(group)
start = datetime.datetime.now()
group.create_similar()
print(
f"Imported { len(import_dict['addresses']) } addresses and {len(import_dict['groups'])} groups to { import_fw }"
)
print(f"which took: {datetime.datetime.now() - start}")
if commit is True:
print(f"As requested, commiting to firewall {import_fw}")
pushing_fw.commit()
return import_dict
def _fw(*args):
fw = Firewall("127.0.0.1", "admin", "admin", "secret")
fw._version_info = (9999, 0, 0)
if len(args) == 0:
fw.xapi.get = mock.Mock(return_value=object_not_found())
else:
prefix = "<response><result>"
suffix = "</result></response>"
inner = "".join(x.element_str().decode("utf-8") for x in args)
fw.xapi.get = mock.Mock(
return_value=ET.fromstring(prefix + inner + suffix, ))
return fw
def main():
# Create a connection to a firewall and a rulebase to work inside
fw = Firewall(HOSTNAME, USERNAME, PASSWORD)
rulebase = fw.add(Rulebase())
# Fetch all the security rules from the firewall into a list
rules = SecurityRule.refreshall(rulebase, add=False)
print(f"Checking {len(rules)} rules...")
# Iterate over the list and collect names of rules that are
# missing the log forwarding profile
for rule in rules:
if rule.log_setting != LOG_PROFILE:
print(f"Found rule to configure: {rule.name}")
rulebase.add(SecurityRule(rule.name, log_setting=LOG_PROFILE))
# At this point, we've added SecurityRule objects to the Firewall
# for each rule that doesn't have the right log forwarding profile.
# The next step is to push all that configuration to the live device
# at once using the 'create_similar()' method.
# This takes the first SecurityRule to change and calls 'create_similar()'.
# When 'create_similar()' is called, all the SecurityRules are pushed
# to the firewall at once. The method is additive, so the existing security
# rules will not change, except for the 'log_setting' parameter which
# contains the log forwarding profile name.
if len(rulebase.children) == 0:
print("No changes needed")
return
rulebase.children[0].create_similar()
# Now, trigger a commit
# In this case, we'll wait for the commit to finish and trigger an exception
# if the commit finished with any errors.
print("Starting commit")
fw.commit(sync=True, exception=True)
print("Commit finished successfully")
def firewall_export(export_fw, group, export_username, export_password):
start = datetime.datetime.now()
export_dict = {
'groups': [],
'addresses': []
} #To save data from the recursive function(s)
pulling_fw = Firewall(export_fw, export_username,
export_password) # Create a firewall object
AddressObject.refreshall(
pulling_fw) #pulls down the address objects in the firewall
AddressGroup.refreshall(
pulling_fw, add=True) # pulls down the address groups in the firewall
top_level_group = pulling_fw.find(group)
#recursively search for all entries inside the requested group digging out any nested groups
recursive_group_search(group, pulling_fw, export_dict)
export_dict['groups'].append(top_level_group.about())
print(
f"Exported {len(export_dict['addresses'])} address objects and {len(export_dict['groups'])} from { export_fw }"
)
print(f"took: {datetime.datetime.now() - start}")
return export_dict
def get_pandevice_parent(self, module, timeout=0):
"""Builds the pandevice object tree, returning the parent object.
If pandevice is not installed, then module.fail_json() will be
invoked.
Arguments:
* module(AnsibleModule): the ansible module.
* timeout(int): Number of seconds to retry opening the connection to PAN-OS.
Returns:
* The parent pandevice object based on the spec given to
get_connection().
"""
# Sanity check.
if not HAS_PANDEVICE:
module.fail_json(msg='Missing required library "pandevice".')
pdv = tuple(int(x) for x in panos.__version__.split("."))
# Inform people that they should upgrade to pan-os-python instead of pandevice.
if pdv < (1, 0, 0):
lum = [
'Python library "pandevice" is now "pan-os-python" and is now 1.0!',
'Please "pip install pan-os-python" at your earliest convenience.',
]
module.deprecate(" ".join(lum),
version="3.0.0",
collection_name="paloaltonetworks.panos")
# Verify pandevice minimum version.
if self.min_pandevice_version is not None:
if pdv < self.min_pandevice_version:
module.fail_json(msg=_MIN_VERSION_ERROR.format(
"panos", panos.__version__,
_vstr(self.min_pandevice_version)))
pan_device_auth, serial_number = None, None
if module.params["provider"] and module.params["provider"][
"ip_address"]:
pan_device_auth = (
module.params["provider"]["ip_address"],
module.params["provider"]["username"],
module.params["provider"]["password"],
module.params["provider"]["api_key"],
module.params["provider"]["port"],
)
serial_number = module.params["provider"]["serial_number"]
elif module.params.get("ip_address", None) is not None:
pan_device_auth = (
module.params["ip_address"],
module.params["username"],
module.params["password"],
module.params["api_key"],
module.params["port"],
)
msg = 'Classic provider params are deprecated; use "provider" instead'
module.deprecate(msg,
version="3.0.0",
collection_name="paloaltonetworks.panos")
else:
module.fail_json(msg="Provider params are required.")
# Create the connection object.
if not isinstance(timeout, int):
raise ValueError("Timeout must be an int")
elif timeout < 0:
raise ValueError("Timeout must greater than or equal to 0")
end_time = time.time() + timeout
while True:
try:
self.device = PanDevice.create_from_device(*pan_device_auth)
except PanDeviceError as e:
if timeout == 0:
module.fail_json(msg="Failed connection: {0}".format(e))
elif time.time() >= end_time:
module.fail_json(msg="Connection timeout: {0}".format(e))
else:
break
# Verify PAN-OS minimum version.
if self.min_panos_version is not None:
if self.device._version_info < self.min_panos_version:
module.fail_json(msg=_MIN_VERSION_ERROR.format(
"PAN-OS",
_vstr(self.device._version_info),
_vstr(self.min_panos_version),
))
# Optional: Firewall via Panorama connectivity specified.
if hasattr(self.device, "refresh_devices") and serial_number:
fw = Firewall(serial=serial_number)
self.device.add(fw)
self.device = fw
parent = self.device
no_shared = 'Scope "shared" is not allowed'
not_found = '{0} "{1}" is not present.'
pano_mia_param = 'Param "{0}" is required for Panorama but not specified.'
ts_error = "Specify either the template or the template stack{0}."
if hasattr(self.device, "refresh_devices"):
# Panorama connection.
templated = False
# Error if Panorama is not supported.
if self.panorama_error is not None:
module.fail_json(msg=self.panorama_error)
# Spec: template stack.
tmpl_required = False
added_template = False
if self.template_stack is not None:
name = module.params[self.template_stack]
if name is not None:
templated = True
stacks = TemplateStack.refreshall(parent, name_only=True)
for ts in stacks:
if ts.name == name:
parent = ts
added_template = True
break
else:
module.fail_json(msg=not_found.format(
"Template stack",
name,
))
elif self.template is not None:
tmpl_required = True
elif not self.template_is_optional:
module.fail_json(
msg=pano_mia_param.format(self.template_stack))
# Spec: template.
if self.template is not None:
name = module.params[self.template]
if name is not None:
templated = True
if added_template:
module.fail_json(msg=ts_error.format(", not both"))
templates = Template.refreshall(parent, name_only=True)
for t in templates:
if t.name == name:
parent = t
break
else:
module.fail_json(msg=not_found.format(
"Template",
name,
))
elif self.template_is_optional:
pass
elif tmpl_required:
module.fail_json(msg=ts_error.format(""))
elif not added_template:
module.fail_json(msg=pano_mia_param.format(self.template))
# Spec: vsys_dg or device_group.
dg_name = self.vsys_dg or self.device_group
if dg_name is not None:
name = module.params[dg_name]
if name not in (None, "shared"):
groups = DeviceGroup.refreshall(parent, name_only=True)
for dg in groups:
if dg.name == name:
parent = dg
break
else:
module.fail_json(msg=not_found.format(
"Device group",
name,
))
# Spec: vsys importable.
vsys_name = self.vsys_importable or self.vsys or self.vsys_shared
if dg_name is None and templated and vsys_name is not None:
name = module.params[vsys_name]
if name not in (None, "shared"):
vo = Vsys(name)
parent.add(vo)
parent = vo
# Spec: rulebase.
if self.rulebase is not None:
if module.params[self.rulebase] in (None, "pre-rulebase"):
rb = PreRulebase()
parent.add(rb)
parent = rb
elif module.params[self.rulebase] == "rulebase":
rb = Rulebase()
parent.add(rb)
parent = rb
elif module.params[self.rulebase] == "post-rulebase":
rb = PostRulebase()
parent.add(rb)
parent = rb
else:
module.fail_json(msg=not_found.format(
"Rulebase", module.params[self.rulebase]))
else:
# Firewall connection.
# Error if firewalls are not supported.
if self.firewall_error is not None:
module.fail_json(msg=self.firewall_error)
# Spec: vsys or vsys_dg or vsys_importable.
vsys_name = (self.vsys_dg or self.vsys or self.vsys_importable
or self.vsys_shared)
if vsys_name is not None:
parent.vsys = module.params[vsys_name]
if parent.vsys == "shared" and self.error_on_firewall_shared:
module.fail_json(msg=no_shared)
# Spec: rulebase.
if self.rulebase is not None:
rb = Rulebase()
parent.add(rb)
parent = rb
# If the module has the commit option set, show a deprecation warning.
if module.params.get("commit"):
module.deprecate(
"Please use the commit modules instead of the commit option",
version="3.0.0",
collection_name="paloaltonetworks.panos",
)
# Done.
return parent
def _fw():
fw = Firewall("127.0.0.1", "admin", "admin", "secret")
fw._version_info = (9999, 0, 0)
return fw
from prtg.sensor.result import CustomSensorResult
from prtg.sensor.units import ValueUnit
import lxml.etree as ET
logging.basicConfig(
filename="Power_supply_sensor_debug.log",
filemode='a',
format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s',
datefmt='%Y:%M:%D:%H:%M:%S',
level=logging.INFO)
if __name__ == "__main__":
try:
data = json.loads(sys.argv[1])
username = data['linuxloginusername']
passwd = data['linuxloginpassword']
host = data['host']
fw = Firewall(host, api_username=username, api_password=passwd)
env_info = fw.op("show system environmentals", xml=True)
env_decode = env_info.decode("utf-8")
tree = ET.fromstring(str(env_decode))
ps_items = tree.xpath(".//power-supply/Slot1/entry/description")
ps_status_list = []
for ps_item in ps_items:
ps_status = []
ps_des = ''.join(ps_item.itertext())
ps_status.append(ps_des)
for sb_item in ps_item.itersiblings(preceding=True):
ps_status.append(sb_item.text)
ps_status_list.append(ps_status)
num_ps_found = len(ps_status_list)
csr = CustomSensorResult(