def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        file=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    file_ = module.params['file']
    if file_ is None:
        module.fail_json(msg="file is required")
    commit = module.params['commit']

    changed = load_cfgfile(xapi, module, ip_address, file_)
    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #2
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None),
                         username=dict(default='admin'),
                         dag_name=dict(default=None),
                         dag_filter=dict(default=None),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    dag_name = module.params['dag_name']
    if not dag_name:
        module.fail_json(msg="dag_name is required")
    dag_filter = module.params['dag_filter']
    if not dag_filter:
        module.fail_json(msg="dag_filter is required")
    commit = module.params['commit']

    changed = add_dag(xapi, dag_name, dag_filter)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #3
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        file=dict(),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    file_ = module.params['file']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    changed = load_cfgfile(xapi, module, ip_address, file_)
    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #4
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         password=dict(required=True, no_log=True),
                         username=dict(default='admin'),
                         file=dict(),
                         commit=dict(type='bool', default=False))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    file_ = module.params['file']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    changed = load_cfgfile(xapi, module, ip_address, file_)
    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #5
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         admin_username=dict(default='admin'),
                         admin_password=dict(default=None, no_log=True),
                         role=dict(default=None),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    admin_username = module.params['admin_username']
    if admin_username is None:
        module.fail_json(msg="admin_username is required")
    admin_password = module.params['admin_password']
    role = module.params['role']
    commit = module.params['commit']

    changed = admin_set(xapi, module, admin_username, admin_password, role)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #6
0
def main():
    argument_spec = dict(ip_address=dict(),
                         password=dict(no_log=True),
                         username=dict(default='admin'),
                         interval=dict(default=0.5),
                         timeout=dict(),
                         sync=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)

    if not HAS_LIB:
        module.fail_json(msg='pan-python required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    interval = module.params['interval']
    timeout = module.params['timeout']
    sync = module.params['sync']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    xapi.commit(cmd="<commit></commit>",
                sync=sync,
                interval=interval,
                timeout=timeout)

    module.exit_json(changed=True, msg="okey dokey")
Пример #7
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        portal_name=dict(required=True),
        config_name=dict(required=True),
        gateway_address=dict(required=True),
        type=dict(default="external", choices=['internal', 'external']),
        state=dict(default="present", choices=['absent', 'present']),
        manual=dict(type='bool', default=None),
        description=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    portal_name = module.params['portal_name']
    config_name = module.params['config_name']
    gateway_address = module.params['gateway_address']

    type_ = module.params['type']
    state = module.params['state']
    manual = module.params['manual']
    description = module.params['description']
    commit = module.params['commit']

    changed = False
    try:
        changed = check_gpp_gateway(
            xapi,
            module,
            portal_name,
            config_name,
            gateway_address,
            type_,
            state,
            manual,
            description
        )
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #8
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        vulnprofile_name=dict(required=True),
        description=dict(default=None),
        rule_tuples=dict(default=None),
        exception_ids=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    vulnprofile_name = module.params["vulnprofile_name"]
    if not vulnprofile_name:
        module.fail_json(msg="vulnprofile_name must be specified")

    description = module.params["description"]
    rule_tuples = module.params["rule_tuples"]
    rule_tuples = rule_tuples.replace('\'','"') #get rid of double-quotes
    rule_tuples = json.loads(rule_tuples)
    exception_ids = module.params["exception_ids"]

    if not rule_tuples and not exception_ids:
        module.fail_json(msg="You cannot have both exception and rules empty")

    commit = module.params['commit']

    try:
        changed = add_vulnerability_profile(xapi,
                                            vulnprofile_name=vulnprofile_name,
                                            description=description,
                                            rule_tuples=rule_tuples,
                                            exception_ids=exception_ids)

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
    except PanXapiError:
        import sys
        x = sys.exc_info()[1]
        module.fail_json(msg=x.message)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #9
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        port=dict(default=443),
        password=dict(no_log=True),
        username=dict(default="admin"),
        api_key=dict(no_log=True),
        admin_username=dict(default="admin"),
        admin_password=dict(no_log=True, required=True),
        role=dict(),
        commit=dict(type="bool", default=False),
    )
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=False,
        required_one_of=[["api_key", "password"]],
    )

    module.deprecate(
        "This module is deprecated; use panos_administrator",
        version="3.0.0",
        collection_name="paloaltonetworks.panos",
    )

    if not HAS_LIB:
        module.fail_json(msg="Missing required libraries.")

    ip_address = module.params["ip_address"]
    port = module.params["port"]
    password = module.params["password"]
    username = module.params["username"]
    api_key = module.params["api_key"]
    admin_username = module.params["admin_username"]
    admin_password = module.params["admin_password"]
    role = module.params["role"]
    commit = module.params["commit"]

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password,
        api_key=api_key,
        port=port,
    )

    changed = admin_set(xapi, module, admin_username, admin_password, role)

    if commit:
        module.deprecate(
            "Please use the commit modules instead of the commit option.",
            version="3.0.0",
            collection_name="paloaltonetworks.panos",
        )

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        if_name=dict(required=True),
        if_type=dict(default='dhcp'),  #dhcp or static
        if_address=dict(),
        vr_name=dict(default='default'),
        zone_name=dict(required=True),
        create_default_route=dict(type='bool', default=False),
        commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    if_name = module.params['if_name']
    if_type = module.params['if_type']
    if_address = module.params['if_address']
    vr_name = module.params['vr_name']
    zone_name = module.params['zone_name']
    create_default_route = module.params['create_default_route']
    commit = module.params['commit']

    ifexists = if_exists(xapi, if_name)

    if ifexists:
        module.exit_json(changed=False, msg="interface exists, not changed")

    try:
        changed = add_if(xapi, if_name, if_type, if_address, vr_name,
                         zone_name, create_default_route)
        if (not changed):
            module.exit_json(
                changed=False,
                msg="Invalid interface type (if_type), use static of dhcp")
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #11
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        admin_username=dict(default=None, required=True),
        public_key=dict(default=None),
        state=dict(choices=['present', 'absent'], required=True,
                   default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    panos_user = module.params['admin_username']
    public_key = module.params['public_key']
    state = module.params['state']
    commit = module.params['commit']

    changed = False

    pkey = get_publickey(xapi, panos_user)

    if state == 'absent':
        if pkey is not None:
            delete_publickey(xapi, panos_user)
            changed = True
    else:
        # state 'present'
        if pkey is None and public_key is None:
            module.fail_json(msg="state 'present' but no public_key to set")

        if pkey != public_key and public_key is not None:
            set_publickey(xapi, panos_user, pkey, public_key)
            changed = True

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        monitor_name=dict(default=None),
        vpc_id=dict(default=None),
        source=dict(default=None),
        access_key=dict(default=None),
        secret_access_key=dict(default=None, no_log=True),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    monitor_name = module.params['monitor_name']
    if not monitor_name:
        module.fail_json(msg="monitor_name is required")
    vpc_id = module.params['vpc_id']
    if not vpc_id:
        module.fail_json(msg="vpc_id is required")
    source = module.params['source']
    if not source:
        module.fail_json(msg="source is required")
    access_key = module.params['access_key']
    if not access_key:
        module.fail_json(msg="access_key is required")
    secret_access_key = module.params['secret_access_key']
    if not secret_access_key:
        module.fail_json(msg="secret_access_key is required")
    commit = module.params['commit']

    changed = add_awsmonitor(xapi, monitor_name, vpc_id,
                             source, access_key, secret_access_key)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         portal_name=dict(default=None),
                         config_name=dict(default=None),
                         gateway_address=dict(default=None),
                         type=dict(default="external",
                                   choices=['internal', 'external']),
                         state=dict(default="present",
                                    choices=['absent', 'present']),
                         manual=dict(type='bool', default=None),
                         description=dict(default=None),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    portal_name = module.params['portal_name']
    if portal_name is None:
        module.fail_json(msg='portal_name is required')
    config_name = module.params['config_name']
    if config_name is None:
        module.fail_json(msg='config_name is required')
    gateway_address = module.params['gateway_address']
    if gateway_address is None:
        module.fail_json(msg='gateway_address is required')
    type_ = module.params['type']
    state = module.params['state']
    manual = module.params['manual']
    description = module.params['description']
    commit = module.params['commit']

    changed = False
    changed = check_gpp_gateway(xapi, module, portal_name, config_name,
                                gateway_address, type_, state, manual,
                                description)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        vulnprofile_name=dict(default=None),
        description=dict(default=None),
        rule_tuples=dict(default=None),
        exception_ids=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    vulnprofile_name = module.params["vulnprofile_name"]
    if not vulnprofile_name:
        module.fail_json(msg="vulnprofile_name must be specified")

    description = module.params["description"]
    rule_tuples = module.params["rule_tuples"]
    exception_ids = module.params["exception_ids"]

    if not rule_tuples and not exception_ids:
        module.fail_json(msg="You cannot have both exception and rules empty")

    commit = module.params['commit']

    changed = False
    changed = add_vulnerability_profile(xapi,
                                        vulnprofile_name=vulnprofile_name,
                                        description=description,
                                        rule_tuples=rule_tuples,
                                        exception_ids=exception_ids)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #15
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        address_name=dict(required=True),
        address=dict(),
        description=dict(),
        tag=dict(),
        type=dict(default='ip-netmask', choices=['ip-netmask', 'ip-range', 'fqdn']),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)

    if not HAS_LIB:
        module.fail_json(msg='pan-python required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    address_name = module.params['address_name']
    address = module.params['address']
    commit = module.params['commit']

    description = module.params['description']
    tag = module.params['tag']
    type = module.params['type']

    changed = False
    try:
        changed = add_address(xapi, module,
                              address,
                              address_name,
                              description,
                              type,
                              tag)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #16
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         password=dict(required=True, no_log=True),
                         username=dict(default='admin'),
                         dns_server_primary=dict(),
                         dns_server_secondary=dict(),
                         panorama_primary=dict(),
                         panorama_secondary=dict(),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    dns_server_primary = module.params['dns_server_primary']
    dns_server_secondary = module.params['dns_server_secondary']
    panorama_primary = module.params['panorama_primary']
    panorama_secondary = module.params['panorama_secondary']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    changed = False
    try:
        if dns_server_primary is not None:
            changed |= set_dns_server(xapi, dns_server_primary, primary=True)
        if dns_server_secondary is not None:
            changed |= set_dns_server(xapi,
                                      dns_server_secondary,
                                      primary=False)
        if panorama_primary is not None:
            changed |= set_panorama_server(xapi,
                                           panorama_primary,
                                           primary=True)
        if panorama_secondary is not None:
            changed |= set_panorama_server(xapi,
                                           panorama_secondary,
                                           primary=False)

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #17
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         admin_username=dict(default=None, required=True),
                         public_key=dict(default=None),
                         state=dict(choices=['present', 'absent'],
                                    required=True,
                                    default=None),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    panos_user = module.params['admin_username']
    public_key = module.params['public_key']
    state = module.params['state']
    commit = module.params['commit']

    changed = False

    pkey = get_publickey(xapi, panos_user)

    if state == 'absent':
        if pkey is not None:
            delete_publickey(xapi, panos_user)
            changed = True
    else:
        # state 'present'
        if pkey is None and public_key is None:
            module.fail_json(msg="state 'present' but no public_key to set")

        if pkey != public_key and public_key is not None:
            set_publickey(xapi, panos_user, pkey, public_key)
            changed = True

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #18
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        pg_name=dict(required=True),
        data_filtering=dict(),
        file_blocking=dict(),
        spyware=dict(),
        url_filtering=dict(),
        virus=dict(),
        vulnerability=dict(),
        wildfire=dict(),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    pg_name = module.params['pg_name']
    data_filtering = module.params['data_filtering']
    file_blocking = module.params['file_blocking']
    spyware = module.params['spyware']
    url_filtering = module.params['url_filtering']
    virus = module.params['virus']
    vulnerability = module.params['vulnerability']
    wildfire = module.params['wildfire']
    commit = module.params['commit']

    try:
        changed = add_pg(xapi, pg_name, data_filtering, file_blocking,
                         spyware, url_filtering, virus, vulnerability, wildfire)

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #19
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        pg_name=dict(required=True),
        data_filtering=dict(),
        file_blocking=dict(),
        spyware=dict(),
        url_filtering=dict(),
        virus=dict(),
        vulnerability=dict(),
        wildfire=dict(),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    pg_name = module.params['pg_name']
    data_filtering = module.params['data_filtering']
    file_blocking = module.params['file_blocking']
    spyware = module.params['spyware']
    url_filtering = module.params['url_filtering']
    virus = module.params['virus']
    vulnerability = module.params['vulnerability']
    wildfire = module.params['wildfire']
    commit = module.params['commit']

    try:
        changed = add_pg(xapi, pg_name, data_filtering, file_blocking,
                         spyware, url_filtering, virus, vulnerability, wildfire)

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #20
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         port=dict(default=443),
                         password=dict(no_log=True),
                         username=dict(default='admin'),
                         api_key=dict(no_log=True),
                         admin_username=dict(default='admin'),
                         admin_password=dict(no_log=True, required=True),
                         role=dict(),
                         commit=dict(type='bool', default=False))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False,
                           required_one_of=[['api_key', 'password']])

    module.deprecate('This module is deprecated; use panos_administrator',
                     version='3.0.0',
                     collection_name='paloaltonetworks.panos')

    if not HAS_LIB:
        module.fail_json(msg='Missing required libraries.')

    ip_address = module.params["ip_address"]
    port = module.params['port']
    password = module.params["password"]
    username = module.params['username']
    api_key = module.params['api_key']
    admin_username = module.params['admin_username']
    admin_password = module.params['admin_password']
    role = module.params['role']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password,
                            api_key=api_key,
                            port=port)

    changed = admin_set(xapi, module, admin_username, admin_password, role)

    if commit:
        module.deprecate(
            'Please use the commit modules instead of the commit option.',
            version='3.0.0',
            collection_name='paloaltonetworks.panos')

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #21
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        pg_name=dict(default=None),
        data_filtering=dict(default=None),
        file_blocking=dict(default=None),
        spyware=dict(default=None),
        url_filtering=dict(default=None),
        virus=dict(default=None),
        vulnerability=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    pg_name = module.params['pg_name']
    if not pg_name:
        module.fail_json(msg='pg_name is required')
    data_filtering = module.params['data_filtering']
    file_blocking = module.params['file_blocking']
    spyware = module.params['spyware']
    url_filtering = module.params['url_filtering']
    virus = module.params['virus']
    vulnerability = module.params['vulnerability']
    commit = module.params['commit']

    changed = add_pg(xapi, pg_name, data_filtering, file_blocking,
                     spyware, url_filtering, virus, vulnerability)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #22
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        dns_server_primary=dict(),
        dns_server_secondary=dict(),
        panorama_primary=dict(),
        panorama_secondary=dict(),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    dns_server_primary = module.params['dns_server_primary']
    dns_server_secondary = module.params['dns_server_secondary']
    panorama_primary = module.params['panorama_primary']
    panorama_secondary = module.params['panorama_secondary']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    changed = False
    try:
        if dns_server_primary is not None:
            changed |= set_dns_server(xapi, dns_server_primary, primary=True)
        if dns_server_secondary is not None:
            changed |= set_dns_server(xapi, dns_server_secondary, primary=False)
        if panorama_primary is not None:
            changed |= set_panorama_server(xapi, panorama_primary, primary=True)
        if panorama_secondary is not None:
            changed |= set_panorama_server(xapi, panorama_secondary, primary=False)

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    module.exit_json(changed=changed, msg="okey dokey")
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        dns_server_primary=dict(default=None),
        dns_server_secondary=dict(default=None),
        panorama_primary=dict(default=None),
        panorama_secondary=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    dns_server_primary = module.params['dns_server_primary']
    dns_server_secondary = module.params['dns_server_secondary']
    panorama_primary = module.params['panorama_primary']
    panorama_secondary = module.params['panorama_secondary']
    commit = module.params['commit']

    changed = False
    if dns_server_primary is not None:
        changed |= set_dns_server(xapi, dns_server_primary, primary=True)
    if dns_server_secondary is not None:
        changed |= set_dns_server(xapi, dns_server_secondary, primary=False)
    if panorama_primary is not None:
        changed |= set_panorama_server(xapi, panorama_primary, primary=True)
    if panorama_secondary is not None:
        changed |= set_panorama_server(xapi, panorama_secondary, primary=False)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #24
0
def push_service(service, context):
    xapi = panorama_login()
    snippets_dir = Path(os.path.join(settings.BASE_DIR, 'mssp', 'snippets'))

    if xapi is None:
        print('Could not push service to Panorama')
        return False

    try:
        for snippet in service['snippets']:
            xpath = snippet['xpath']
            xml_file_name = snippet['file']

            xml_full_path = os.path.join(snippets_dir, service['name'],
                                         xml_file_name)
            with open(xml_full_path, 'r') as xml_file:
                xml_string = xml_file.read()
                xml_template = Environment(
                    loader=BaseLoader()).from_string(xml_string)
                xpath_template = Environment(
                    loader=BaseLoader()).from_string(xpath)
                xml_snippet = xml_template.render(context).replace('\n', '')
                xpath_string = xpath_template.render(context)
                print('Pushing xpath: %s' % xpath_string)
                #print('Pushing element: %s' % xml_snippet)
                xapi.set(xpath=xpath_string, element=xml_snippet)
                # FIXME - We need to fix this
                if xapi.status_code == '19' or xapi.status_code == '20':
                    print('xpath is already present')
                elif xapi.status_code == '7':
                    print('xpath was NOT found')
                    return False

        xapi.commit('<commit/>', sync=True)
        print(xapi.xml_result())
        return True

    except IOError as ioe:
        print('Could not open xml snippet file for reading!!!')
        # FIXME - raise a decent error here
        return False

    except pan.xapi.PanXapiError as pxe:
        print('Could not push service snippet!')
        print(pxe)
        return False
Пример #25
0
def palo_commit(xapi, xpath, element, logfp):
    try:
        xapi.edit(xpath=xpath,
                  element=element)
    except pan.xapi.PanXapiError as msg:
        print('edit:', msg, file=logfp)
        sys.exit(1)

    #validate safhasi
    if options['version'] == 6:
        c = pan.commit.PanCommit(force=False,
                                 commit_all=False,
                                 merge_with_candidate=False)
        cmd = c.cmd()
        kwargs = {
            'cmd': cmd,
            'sync': False,
            'interval': None,
            'timeout': None,
            }
        action = 'commit'
        xapi.commit(**kwargs)
        res = print_status(xapi, action)
        if "success" in res:
            print('Validate OK. Continue.', file=logfp)
        else:
            print('Validate not OK. Exit!', file=logfp)
            sys.exit(1)
        print('Waiting for the 30 sec to validation commit to complete...', file=logfp)
        #TODO: pan xapiden donulen degere gore beklemeli sonsuz
        time.sleep(30)
    else:
        print(options['version'], "icin validate kodu eklenecek", logfp)
    #commit safhasi

    cmd = "<commit></commit>"
    kwargs = {
                    'cmd': cmd,
                    'sync': options['sync'],
                    'interval': options['interval'],
                    'timeout': options['job_timeout'],
                    }
    action = 'commit'
    xapi.commit(**kwargs)
    print_status(xapi, action)
    print('Commit gonderildi!', file=logfp)
Пример #26
0
def palo_commit(xapi, xpath, element, logfp):
    try:
        xapi.edit(xpath=xpath, element=element)
    except pan.xapi.PanXapiError as msg:
        print('edit:', msg, file=logfp)
        sys.exit(1)

    #validate safhasi
    if options['version'] == 6:
        c = pan.commit.PanCommit(force=False,
                                 commit_all=False,
                                 merge_with_candidate=False)
        cmd = c.cmd()
        kwargs = {
            'cmd': cmd,
            'sync': False,
            'interval': None,
            'timeout': None,
        }
        action = 'commit'
        xapi.commit(**kwargs)
        res = print_status(xapi, action)
        if "success" in res:
            print('Validate OK. Continue.', file=logfp)
        else:
            print('Validate not OK. Exit!', file=logfp)
            sys.exit(1)
        print('Waiting for the 30 sec to validation commit to complete...',
              file=logfp)
        #TODO: pan xapiden donulen degere gore beklemeli sonsuz
        time.sleep(30)
    else:
        print(options['version'], "icin validate kodu eklenecek", logfp)
    #commit safhasi

    cmd = "<commit></commit>"
    kwargs = {
        'cmd': cmd,
        'sync': options['sync'],
        'interval': options['interval'],
        'timeout': options['job_timeout'],
    }
    action = 'commit'
    xapi.commit(**kwargs)
    print_status(xapi, action)
    print('Commit gonderildi!', file=logfp)
Пример #27
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        if_name=dict(default=None),
        zone_name=dict(default=None),
        create_default_route=dict(type='bool', default=False),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    if_name = module.params['if_name']
    if not if_name:
        module.fail_json(msg="if_name required")
    zone_name = module.params['zone_name']
    if not zone_name:
        module.fail_json(msg="zone_name required")
    create_default_route = module.params['create_default_route']
    commit = module.params['commit']

    ifexists = if_exists(xapi, if_name)
    if ifexists:
        module.exit_json(changed=False, msg="if exists, not changed")

    changed = add_dhcp_if(xapi, if_name, zone_name, create_default_route)
    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #28
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         pg_name=dict(default=None),
                         data_filtering=dict(default=None),
                         file_blocking=dict(default=None),
                         spyware=dict(default=None),
                         url_filtering=dict(default=None),
                         virus=dict(default=None),
                         vulnerability=dict(default=None),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    pg_name = module.params['pg_name']
    if not pg_name:
        module.fail_json(msg='pg_name is required')
    data_filtering = module.params['data_filtering']
    file_blocking = module.params['file_blocking']
    spyware = module.params['spyware']
    url_filtering = module.params['url_filtering']
    virus = module.params['virus']
    vulnerability = module.params['vulnerability']
    commit = module.params['commit']

    changed = add_pg(xapi, pg_name, data_filtering, file_blocking, spyware,
                     url_filtering, virus, vulnerability)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #29
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        if_name=dict(required=True),
        zone_name=dict(required=True),
        create_default_route=dict(type='bool', default=False),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    if_name = module.params['if_name']
    zone_name = module.params['zone_name']
    create_default_route = module.params['create_default_route']
    commit = module.params['commit']

    ifexists = if_exists(xapi, if_name)

    if ifexists:
        module.exit_json(changed=False, msg="interface exists, not changed")

    try:
        changed = add_dhcp_if(xapi, if_name, zone_name, create_default_route)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #30
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         service_name=dict(default=None),
                         protocol=dict(default=None, choices=['tcp', 'udp']),
                         port=dict(default=None),
                         source_port=dict(default=None),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    service_name = module.params['service_name']
    if not service_name:
        module.fail_json(msg='service_name is required')
    protocol = module.params['protocol']
    if not protocol:
        module.fail_json(msg="protocol is required")
    port = module.params['port']
    if not port:
        module.fail_json(msg="port is required")
    source_port = module.params['source_port']
    commit = module.params['commit']

    changed = False
    changed = add_service(xapi, module, service_name, protocol, port,
                          source_port)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #31
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         password=dict(required=True, no_log=True),
                         username=dict(default='admin'),
                         tunnel_unit=dict(required=True),
                         zone_name=dict(required=True),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    tunnel_unit = module.params['tunnel_unit']
    if not tunnel_unit:
        module.fail_json(msg="tunnel_unit required")
    zone_name = module.params['zone_name']
    if not zone_name:
        module.fail_json(msg="zone_name required")

    commit = module.params['commit']

    ifexists = if_exists(xapi, tunnel_unit)
    if ifexists:
        module.exit_json(changed=False, msg="tunnel unit exists, not changed")

    changed = add_tunnel_if(xapi, tunnel_unit, zone_name)
    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #32
0
def main():
    argument_spec = dict(
        ip_address=dict(),
        password=dict(no_log=True),
        username=dict(default='admin'),
        admin_username=dict(default='admin'),
        admin_password=dict(no_log=True),
        role=dict(),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)

    if not HAS_LIB:
        module.fail_json(msg='pan-python required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    admin_username = module.params['admin_username']
    if admin_username is None:
        module.fail_json(msg="admin_username is required")
    admin_password = module.params['admin_password']
    role = module.params['role']
    commit = module.params['commit']

    changed = admin_set(xapi, module, admin_username, admin_password, role)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #33
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         password=dict(required=True, no_log=True),
                         username=dict(default='admin'),
                         app_name=dict(required=True),
                         host_regex=dict(required=True),
                         convert_hostname=dict(type='bool', default=False),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    app_name = module.params['app_name']
    if not app_name:
        module.fail_json(msg='app_name is required')
    host_regex = module.params['host_regex']
    if not host_regex:
        module.fail_json(msg='host_regex is required')
    convert_hostname = module.params['convert_hostname']
    if convert_hostname:
        host_regex = convert_to_regex(host_regex)
    commit = module.params['commit']

    changed = add_custom_app(xapi, app_name, host_regex)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #34
0
 def _set_config(self, config, hostname, xpath):
     xapi = pan.xapi.PanXapi(**self._get_pan_credentials(hostname))
     try:
         xapi.set(xpath=xpath, element=config)
     except pan.xapi.PanXapiError as e:
         print("{error}".format(error=e))
         return False
     time.sleep(3)
     print("Config: {status}".format(status=xapi.status))
     time.sleep(1)
     print(
         "Applying config on {hostname} with user {username} and password {password}..."
         .format(hostname=hostname,
                 username=self.username,
                 password=self.password[:1]))
     try:
         xapi.commit(cmd="<commit></commit>", timeout=10)
     except pan.xapi.PanXapiError as e:
         print("{error}".format(error=e))
         return False
     print("Commit: {status}".format(status=xapi.status))
Пример #35
0
def main():
    argument_spec = dict(
        ip_address=dict(),
        password=dict(no_log=True),
        username=dict(default='admin'),
        interval=dict(default=0.5),
        timeout=dict(),
        sync=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)

    if not HAS_LIB:
        module.fail_json(msg='pan-python required for this module')

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    interval = module.params['interval']
    timeout = module.params['timeout']
    sync = module.params['sync']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    xapi.commit(
        cmd="<commit></commit>",
        sync=sync,
        interval=interval,
        timeout=timeout
    )

    module.exit_json(changed=True, msg="okey dokey")
Пример #36
0
def main():
    argument_spec = dict(ip_address=dict(default=None),
                         password=dict(default=None, no_log=True),
                         username=dict(default='admin'),
                         if_name=dict(default=None),
                         zone_name=dict(default=None),
                         create_default_route=dict(type='bool', default=False),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    if_name = module.params['if_name']
    if not if_name:
        module.fail_json(msg="if_name required")
    zone_name = module.params['zone_name']
    if not zone_name:
        module.fail_json(msg="zone_name required")
    create_default_route = module.params['create_default_route']
    commit = module.params['commit']

    ifexists = if_exists(xapi, if_name)
    if ifexists:
        module.exit_json(changed=False, msg="if exists, not changed")

    changed = add_dhcp_if(xapi, if_name, zone_name, create_default_route)
    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #37
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None),
        username=dict(default='admin'),
        dag_name=dict(default=None),
        dag_filter=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    dag_name = module.params['dag_name']
    if not dag_name:
        module.fail_json(msg="dag_name is required")
    dag_filter = module.params['dag_filter']
    if not dag_filter:
        module.fail_json(msg="dag_filter is required")
    commit = module.params['commit']

    changed = add_dag(xapi, dag_name, dag_filter)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #38
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(no_log=True),
        username=dict(default='admin'),
        api_key=dict(no_log=True),
        admin_username=dict(default='admin'),
        admin_password=dict(no_log=True, required=True),
        role=dict(),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False,
                           required_one_of=[['api_key', 'password']])

    if not HAS_LIB:
        module.fail_json(msg='Missing required libraries.')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    api_key = module.params['api_key']
    admin_username = module.params['admin_username']
    admin_password = module.params['admin_password']
    role = module.params['role']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password,
        api_key=api_key
    )

    changed = admin_set(xapi, module, admin_username, admin_password, role)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #39
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         password=dict(required=True, no_log=True),
                         username=dict(default='admin'),
                         service_name=dict(required=True),
                         protocol=dict(required=True, choices=['tcp', 'udp']),
                         port=dict(required=True),
                         source_port=dict(),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)
    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']
    service_name = module.params['service_name']
    protocol = module.params['protocol']
    port = module.params['port']
    source_port = module.params['source_port']
    commit = module.params['commit']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    try:
        changed = add_service(xapi, module, service_name, protocol, port,
                              source_port)
        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #40
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        rule_name=dict(default=None),
        bidirectional=dict(type='bool', default=False),
        snat_type=dict(default='static-ip',
                       choices=['static-ip', 'dynamic-ip-and-port']),
        translated_address=dict(default=None),
        interface_address_if=dict(default=None),
        interface_address_ip=dict(default=None),
        from_zone=dict(default=None),
        to_zone=dict(default=None),
        source=dict(default="any"),
        destination=dict(default="any"),
        service=dict(default="any"),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    rule_name = module.params['rule_name']
    if not rule_name:
        module.fail_json(msg='rule_name is required')
    bidirectional = module.params['bidirectional']
    snat_type = module.params['snat_type']
    translated_address = module.params['translated_address']
    interface_address_if = module.params['interface_address_if']
    interface_address_ip = module.params['interface_address_ip']
    from_zone = module.params['from_zone']
    if from_zone is None:
        module.fail_json(msg='from_zone is required')
    if type(from_zone) == str:
        from_zone = [from_zone]
    to_zone = module.params['to_zone']
    if to_zone is None:
        module.fail_json(msg='to_zone is required')
    source = module.params['source']
    if type(source) == str:
        source = [source]
    destination = module.params['destination']
    if type(destination) == str:
        destination = [destination]
    service = module.params['service']
    commit = module.params['commit']

    changed = False
    if snat_type == 'static-ip':
        changed = add_snat_static_ip(xapi, module,
                                     rule_name,
                                     from_zone,
                                     to_zone,
                                     source,
                                     destination,
                                     service,
                                     bidirectional,
                                     translated_address)
    elif snat_type == 'dynamic-ip-and-port':
        changed = add_snat_dipp(xapi, module,
                                rule_name,
                                from_zone,
                                to_zone,
                                source,
                                destination,
                                service,
                                translated_address,
                                interface_address_ip,
                                interface_address_if)
    else:
        module.fail_json(msg="unsupported snat type "+snat_type)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #41
0
def main():
    argument_spec = dict(ip_address=dict(required=True),
                         password=dict(required=True, no_log=True),
                         username=dict(default='admin'),
                         rule_name=dict(required=True),
                         from_zone=dict(type='list', required=True),
                         to_zone=dict(required=True),
                         source=dict(type='list', default=["any"]),
                         destination=dict(type='list', default=["any"]),
                         service=dict(default="any"),
                         snat_type=dict(),
                         snat_address=dict(),
                         snat_interface=dict(),
                         snat_interface_address=dict(),
                         snat_bidirectional=dict(default=False),
                         dnat_address=dict(),
                         dnat_port=dict(),
                         override=dict(type='bool', default=False),
                         commit=dict(type='bool', default=True))
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=False)

    if module._name == 'panos_nat_policy':
        module.deprecate(
            "The 'panos_nat_policy' module is being renamed 'panos_nat_rule'",
            version=2.8)

    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(hostname=ip_address,
                            api_username=username,
                            api_password=password)

    rule_name = module.params['rule_name']
    from_zone = module.params['from_zone']
    to_zone = module.params['to_zone']
    source = module.params['source']
    destination = module.params['destination']
    service = module.params['service']

    snat_type = module.params['snat_type']
    snat_address = module.params['snat_address']
    snat_interface = module.params['snat_interface']
    snat_interface_address = module.params['snat_interface_address']
    snat_bidirectional = module.params['snat_bidirectional']

    dnat_address = module.params['dnat_address']
    dnat_port = module.params['dnat_port']
    commit = module.params['commit']

    override = module.params["override"]
    if not override and nat_rule_exists(xapi, rule_name):
        module.exit_json(changed=False, msg="rule exists")

    try:
        changed = add_nat(xapi,
                          module,
                          rule_name,
                          from_zone,
                          to_zone,
                          source,
                          destination,
                          service,
                          dnatxml=dnat_xml(module, dnat_address, dnat_port),
                          snatxml=snat_xml(module, snat_type, snat_address,
                                           snat_interface,
                                           snat_interface_address,
                                           snat_bidirectional))

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

        module.exit_json(changed=changed, msg="okey dokey")

    except PanXapiError:
        exc = get_exception()
        module.fail_json(msg=exc.message)
Пример #42
0
    try:
        xapi = pan.xapi.PanXapi(api_username=os.environ['username'],
                                api_password=os.environ['password'],
                                hostname=os.environ['ipAddr'])
        print("Successfully Connected!")

        xapi.op(cmd='show system info', cmd_xml=True)
        print(xapi.xml_result())

        #set the config using the above xpath
        xapi.set(xpath, element=data)
        print(xapi.xml_result())

        #commit the config. Make sure to add the xml command.
        xapi.commit('<commit/>')
        print(xapi.xml_result())

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

elif cmd == "stop":

    # Build the XML tree for the settings we want to add to the FW. In this case adding a named address.
    #		root.set("name", "Kimberly")

    try:
        xapi = pan.xapi.PanXapi(api_username=os.environ['username'],
                                api_password=os.environ['password'],
                                hostname=os.environ['ipAddr'])
Пример #43
0
def main():
    set_encoding()
    options = parse_opts()

    try:
        xapi = pan.xapi.PanXapi(debug=options['debug'],
                                timeout=options['timeout'],
                                tag=options['tag'],
                                use_http=options['use_http'],
                                use_get=options['use_get'],
                                api_username=options['api_username'],
                                api_password=options['api_password'],
                                api_key=options['api_key'],
                                hostname=options['hostname'],
                                port=options['port'],
                                serial=options['serial'],
                                cafile=options['cafile'],
                                capath=options['capath'])

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

    if options['debug'] > 2:
        print('xapi.__str__()===>\n', xapi, '\n<===',
              sep='', file=sys.stderr)

    try:
        if options['ad_hoc'] is not None:
            action = 'ad_hoc'
            xapi.ad_hoc(qs=options['ad_hoc'],
                        xpath=options['xpath'],
                        modify_qs=options['modify'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['keygen']:
            action = 'keygen'
            xapi.keygen()
            print_status(xapi, action)
            print_response(xapi, options)
            print('API key:  "%s"' % xapi.api_key)

        if options['show']:
            action = 'show'
            xapi.show(xpath=options['xpath'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['get']:
            action = 'get'
            xapi.get(xpath=options['xpath'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['delete']:
            action = 'delete'
            xapi.delete(xpath=options['xpath'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['edit']:
            action = 'edit'
            xapi.edit(xpath=options['xpath'],
                      element=options['element'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['set']:
            action = 'set'
            xapi.set(xpath=options['xpath'],
                     element=options['element'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['dynamic-update']:
            action = 'dynamic-update'
            kwargs = {
                'cmd': options['cmd'],
                }
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.user_id(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if options['move'] is not None:
            action = 'move'
            xapi.move(xpath=options['xpath'],
                      where=options['move'],
                      dst=options['dst'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['rename']:
            action = 'rename'
            xapi.rename(xpath=options['xpath'],
                        newname=options['dst'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['clone']:
            action = 'clone'
            xapi.clone(xpath=options['xpath'],
                       xpath_from=options['src'],
                       newname=options['dst'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['override']:
            action = 'override'
            xapi.override(xpath=options['xpath'],
                          element=options['element'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['export'] is not None:
            action = 'export'
            xapi.export(category=options['export'],
                        from_name=options['src'])
            print_status(xapi, action)
            print_response(xapi, options)
            if options['pcap_listing']:
                pcap_listing(xapi, options)
            save_pcap(xapi, options)

        if options['log'] is not None:
            action = 'log'
            xapi.log(log_type=options['log'],
                     nlogs=options['nlogs'],
                     skip=options['skip'],
                     filter=options['filter'],
                     interval=options['interval'],
                     timeout=options['job_timeout'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['op'] is not None:
            action = 'op'
            kwargs = {
                'cmd': options['op'],
                'cmd_xml': options['cmd_xml'],
                }
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.op(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if (options['commit'] or options['commit_all']):
            if options['cmd']:
                cmd = options['cmd']
                if options['cmd_xml']:
                    cmd = xapi.cmd_xml(cmd)
            else:
                c = pan.commit.PanCommit(debug=options['debug'],
                                         validate=options['validate'],
                                         force=options['force'],
                                         commit_all=options['commit_all'],
                                         merge_with_candidate=
                                         options['merge'])

                for part in options['partial']:
                    if part == 'device-and-network-excluded':
                        c.device_and_network_excluded()
                    elif part == 'policy-and-objects-excluded':
                        c.policy_and_objects_excluded()
                    elif part == 'shared-object-excluded':
                        c.shared_object_excluded()
                    elif part == 'no-vsys':
                        c.no_vsys()
                    elif part == 'vsys':
                        c.vsys(options['vsys'])

                if options['serial'] is not None:
                    c.device(options['serial'])
                if options['group'] is not None:
                    c.device_group(options['group'])
                if options['commit_all'] and options['vsys']:
                    c.vsys(options['vsys'][0])

                cmd = c.cmd()

            kwargs = {
                'cmd': cmd,
                'sync': options['sync'],
                'interval': options['interval'],
                'timeout': options['job_timeout'],
                }
            if options['commit_all']:
                kwargs['action'] = 'all'

            action = 'commit'
            xapi.commit(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

    except pan.xapi.PanXapiError as msg:
        print_status(xapi, action, msg)
        print_response(xapi, options)
        sys.exit(1)

    sys.exit(0)
Пример #44
0
def main():
    argument_spec = dict(
        ip_address=dict(required=True),
        password=dict(required=True, no_log=True),
        username=dict(default='admin'),
        rule_name=dict(required=True),
        from_zone=dict(type='list', required=True),
        to_zone=dict(required=True),
        source=dict(type='list', default=["any"]),
        destination=dict(type='list', default=["any"]),
        service=dict(default="any"),
        snat_type=dict(),
        snat_address=dict(),
        snat_interface=dict(),
        snat_interface_address=dict(),
        snat_bidirectional=dict(default=False),
        dnat_address=dict(),
        dnat_port=dict(),
        override=dict(type='bool', default=False),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)

    if module._name == 'panos_nat_policy':
        module.deprecate("The 'panos_nat_policy' module is being renamed 'panos_nat_rule'", version=2.8)

    if not HAS_LIB:
        module.fail_json(msg='pan-python is required for this module')

    ip_address = module.params["ip_address"]
    password = module.params["password"]
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    rule_name = module.params['rule_name']
    from_zone = module.params['from_zone']
    to_zone = module.params['to_zone']
    source = module.params['source']
    destination = module.params['destination']
    service = module.params['service']

    snat_type = module.params['snat_type']
    snat_address = module.params['snat_address']
    snat_interface = module.params['snat_interface']
    snat_interface_address = module.params['snat_interface_address']
    snat_bidirectional = module.params['snat_bidirectional']

    dnat_address = module.params['dnat_address']
    dnat_port = module.params['dnat_port']
    commit = module.params['commit']

    override = module.params["override"]
    if not override and nat_rule_exists(xapi, rule_name):
        module.exit_json(changed=False, msg="rule exists")

    try:
        changed = add_nat(
            xapi,
            module,
            rule_name,
            from_zone,
            to_zone,
            source,
            destination,
            service,
            dnatxml=dnat_xml(module, dnat_address, dnat_port),
            snatxml=snat_xml(module, snat_type, snat_address,
                             snat_interface, snat_interface_address,
                             snat_bidirectional)
        )

        if changed and commit:
            xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

        module.exit_json(changed=changed, msg="okey dokey")

    except PanXapiError as exc:
        module.fail_json(msg=to_native(exc))
Пример #45
0
def main():
    try:
        signal.signal(signal.SIGPIPE, signal.SIG_DFL)
    except AttributeError:
        # Windows
        pass

    set_encoding()
    options = parse_opts()

    if options['debug']:
        logger = logging.getLogger()
        if options['debug'] == 3:
            logger.setLevel(pan.xapi.DEBUG3)
        elif options['debug'] == 2:
            logger.setLevel(pan.xapi.DEBUG2)
        elif options['debug'] == 1:
            logger.setLevel(pan.xapi.DEBUG1)

#        log_format = '%(levelname)s %(name)s %(message)s'
        log_format = '%(message)s'
        handler = logging.StreamHandler()
        formatter = logging.Formatter(log_format)
        handler.setFormatter(formatter)
        logger.addHandler(handler)

    if options['cafile'] or options['capath']:
        ssl_context = create_ssl_context(options['cafile'],
                                         options['capath'])
    else:
        ssl_context = None

    try:
        xapi = pan.xapi.PanXapi(timeout=options['timeout'],
                                tag=options['tag'],
                                use_http=options['use_http'],
                                use_get=options['use_get'],
                                api_username=options['api_username'],
                                api_password=options['api_password'],
                                api_key=options['api_key'],
                                hostname=options['hostname'],
                                port=options['port'],
                                serial=options['serial'],
                                ssl_context=ssl_context)

    except pan.xapi.PanXapiError as msg:
        print('pan.xapi.PanXapi:', msg, file=sys.stderr)
        sys.exit(1)

    if options['debug'] > 2:
        print('xapi.__str__()===>\n', xapi, '\n<===',
              sep='', file=sys.stderr)

    extra_qs_used = False

    try:
        if options['keygen']:
            action = 'keygen'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.keygen(extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)
            print('API key:  "%s"' % xapi.api_key)

        if options['show']:
            action = 'show'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.show(xpath=options['xpath'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['get']:
            action = 'get'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.get(xpath=options['xpath'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['delete']:
            action = 'delete'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.delete(xpath=options['xpath'],
                        extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['edit']:
            action = 'edit'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.edit(xpath=options['xpath'],
                      element=options['element'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['set']:
            action = 'set'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.set(xpath=options['xpath'],
                     element=options['element'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['dynamic-update']:
            action = 'dynamic-update'
            kwargs = {
                'cmd': options['cmd'],
                }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.user_id(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if options['move'] is not None:
            action = 'move'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.move(xpath=options['xpath'],
                      where=options['move'],
                      dst=options['dst'],
                      extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['rename']:
            action = 'rename'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.rename(xpath=options['xpath'],
                        newname=options['dst'],
                        extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['clone']:
            action = 'clone'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.clone(xpath=options['xpath'],
                       xpath_from=options['src'],
                       newname=options['dst'],
                       extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['override']:
            action = 'override'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.override(xpath=options['xpath'],
                          element=options['element'],
                          extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['export'] is not None:
            action = 'export'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            if options['pcapid'] is not None:
                xapi.export(category=options['export'],
                            pcapid=options['pcapid'],
                            search_time=options['stime'],
                            serialno=options['serial'],
                            extra_qs=options['ad_hoc'])
            else:
                xapi.export(category=options['export'],
                            from_name=options['src'],
                            extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)
            if options['pcap_listing']:
                pcap_listing(xapi, options['export'])
            save_attachment(xapi, options)

        if options['log'] is not None:
            action = 'log'
            if options['ad_hoc'] is not None:
                extra_qs_used = True
            xapi.log(log_type=options['log'],
                     nlogs=options['nlogs'],
                     skip=options['skip'],
                     filter=options['filter'],
                     interval=options['interval'],
                     timeout=options['job_timeout'],
                     extra_qs=options['ad_hoc'])
            print_status(xapi, action)
            print_response(xapi, options)

        if options['op'] is not None:
            action = 'op'
            kwargs = {
                'cmd': options['op'],
                'cmd_xml': options['cmd_xml'],
                }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if len(options['vsys']):
                kwargs['vsys'] = options['vsys'][0]
            xapi.op(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if (options['commit'] or options['commit_all']):
            if options['cmd']:
                cmd = options['cmd']
                if options['cmd_xml']:
                    cmd = xapi.cmd_xml(cmd)
            else:
                c = pan.commit.PanCommit(validate=options['validate'],
                                         force=options['force'],
                                         commit_all=options['commit_all'],
                                         merge_with_candidate=
                                         options['merge'])

                for part in options['partial']:
                    if part == 'device-and-network-excluded':
                        c.device_and_network_excluded()
                    elif part == 'policy-and-objects-excluded':
                        c.policy_and_objects_excluded()
                    elif part == 'shared-object-excluded':
                        c.shared_object_excluded()
                    elif part == 'no-vsys':
                        c.no_vsys()
                    elif part == 'vsys':
                        c.vsys(options['vsys'])

                if options['serial'] is not None:
                    c.device(options['serial'])
                if options['group'] is not None:
                    c.device_group(options['group'])
                if options['commit_all'] and options['vsys']:
                    c.vsys(options['vsys'][0])

                cmd = c.cmd()

            kwargs = {
                'cmd': cmd,
                'sync': options['sync'],
                'interval': options['interval'],
                'timeout': options['job_timeout'],
                }
            if options['ad_hoc'] is not None:
                extra_qs_used = True
                kwargs['extra_qs'] = options['ad_hoc']
            if options['commit_all']:
                kwargs['action'] = 'all'

            action = 'commit'
            xapi.commit(**kwargs)
            print_status(xapi, action)
            print_response(xapi, options)

        if not extra_qs_used and options['ad_hoc'] is not None:
            action = 'ad_hoc'
            xapi.ad_hoc(qs=options['ad_hoc'],
                        xpath=options['xpath'],
                        modify_qs=options['modify'])
            print_status(xapi, action)
            print_response(xapi, options)

    except pan.xapi.PanXapiError as msg:
        print_status(xapi, action, msg)
        print_response(xapi, options)
        sys.exit(1)

    sys.exit(0)
Пример #46
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        rule_name=dict(default=None),
        translated_address=dict(default=None),
        translated_port=dict(default=None),
        from_zone=dict(default=None),
        to_zone=dict(default=None),
        source=dict(default="any"),
        destination=dict(default="any"),
        service=dict(default="any"),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    rule_name = module.params['rule_name']
    if not rule_name:
        module.fail_json(msg='rule_name is required')
    translated_address = module.params['translated_address']
    translated_port = module.params['translated_port']
    from_zone = module.params['from_zone']
    if from_zone is None:
        module.fail_json(msg='from_zone is required')
    if type(from_zone) == str:
        from_zone = [from_zone]
    to_zone = module.params['to_zone']
    if to_zone is None:
        module.fail_json(msg='to_zone is required')
    source = module.params['source']
    if type(source) == str:
        source = [source]
    destination = module.params['destination']
    if type(destination) == str:
        destination = [destination]
    service = module.params['service']
    commit = module.params['commit']

    changed = False
    changed = add_dnat(xapi, module,
                       rule_name,
                       from_zone,
                       to_zone,
                       source,
                       destination,
                       service,
                       translated_address,
                       translated_port)

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
Пример #47
0
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        rule_name=dict(default=None),
        from_zone=dict(default=None),
        to_zone=dict(default=None),
        source=dict(default=["any"]),
        destination=dict(default=["any"]),
        service=dict(default="any"),
        snat_type=dict(default=None),
        snat_address=dict(default=None),
        snat_interface=dict(default=None),
        snat_interface_address=dict(default=None),
        snat_bidirectional=dict(default=False),
        dnat_address=dict(default=None),
        dnat_port=dict(default=None),
        override=dict(default=False),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    rule_name = module.params['rule_name']
    if not rule_name:
        module.fail_json(msg='rule_name is required')
    from_zone = module.params['from_zone']
    if from_zone is None:
        module.fail_json(msg='from_zone is required')
    to_zone = module.params['to_zone']
    if to_zone is None:
        module.fail_json(msg='to_zone is required')
    source = module.params['source']
    destination = module.params['destination']
    service = module.params['service']

    snat_type = module.params['snat_type']
    snat_address = module.params['snat_address']
    snat_interface = module.params['snat_interface']
    snat_interface_address = module.params['snat_interface_address']
    snat_bidirectional = module.params['snat_bidirectional']

    dnat_address = module.params['dnat_address']
    dnat_port = module.params['dnat_port']
    commit = module.params['commit']

    override = module.params["override"]
    if not override and nat_rule_exists(xapi, rule_name):
        module.exit_json(changed=False, msg="rule exists")

    changed = add_nat(
        xapi,
        module,
        rule_name,
        from_zone,
        to_zone,
        source,
        destination,
        service,
        dnatxml=dnat_xml(module, dnat_address, dnat_port),
        snatxml=snat_xml(module, snat_type, snat_address,
                         snat_interface, snat_interface_address,
                         snat_bidirectional)
    )

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")
def main():
    argument_spec = dict(
        ip_address=dict(default=None),
        password=dict(default=None, no_log=True),
        username=dict(default='admin'),
        portal_name=dict(default=None),
        config_name=dict(default=None),
        gateway_address=dict(default=None),
        type=dict(default="external", choices=['internal', 'external']),
        state=dict(default="present", choices=['absent', 'present']),
        manual=dict(type='bool', default=None),
        description=dict(default=None),
        commit=dict(type='bool', default=True)
    )
    module = AnsibleModule(argument_spec=argument_spec)

    ip_address = module.params["ip_address"]
    if not ip_address:
        module.fail_json(msg="ip_address should be specified")
    password = module.params["password"]
    if not password:
        module.fail_json(msg="password is required")
    username = module.params['username']

    xapi = pan.xapi.PanXapi(
        hostname=ip_address,
        api_username=username,
        api_password=password
    )

    portal_name = module.params['portal_name']
    if portal_name is None:
        module.fail_json(msg='portal_name is required')
    config_name = module.params['config_name']
    if config_name is None:
        module.fail_json(msg='config_name is required')
    gateway_address = module.params['gateway_address']
    if gateway_address is None:
        module.fail_json(msg='gateway_address is required')
    type_ = module.params['type']
    state = module.params['state']
    manual = module.params['manual']
    description = module.params['description']
    commit = module.params['commit']

    changed = False
    changed = check_gpp_gateway(
        xapi,
        module,
        portal_name,
        config_name,
        gateway_address,
        type_,
        state,
        manual,
        description
    )

    if changed and commit:
        xapi.commit(cmd="<commit></commit>", sync=True, interval=1)

    module.exit_json(changed=changed, msg="okey dokey")