def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
file=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
file_ = module.params['file']
if file_ is None:
module.fail_json(msg="file is required")
commit = module.params['commit']
changed = load_cfgfile(xapi, module, ip_address, file_)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None),
username=dict(default='admin'),
dag_name=dict(default=None),
dag_filter=dict(default=None),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
dag_name = module.params['dag_name']
if not dag_name:
module.fail_json(msg="dag_name is required")
dag_filter = module.params['dag_filter']
if not dag_filter:
module.fail_json(msg="dag_filter is required")
commit = module.params['commit']
changed = add_dag(xapi, dag_name, dag_filter)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
file=dict(),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
file_ = module.params['file']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
changed = load_cfgfile(xapi, module, ip_address, file_)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
file=dict(),
commit=dict(type='bool', default=False))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
file_ = module.params['file']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
changed = load_cfgfile(xapi, module, ip_address, file_)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
admin_username=dict(default='admin'),
admin_password=dict(default=None, no_log=True),
role=dict(default=None),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
admin_username = module.params['admin_username']
if admin_username is None:
module.fail_json(msg="admin_username is required")
admin_password = module.params['admin_password']
role = module.params['role']
commit = module.params['commit']
changed = admin_set(xapi, module, admin_username, admin_password, role)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(),
password=dict(no_log=True),
username=dict(default='admin'),
interval=dict(default=0.5),
timeout=dict(),
sync=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python required for this module')
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
interval = module.params['interval']
timeout = module.params['timeout']
sync = module.params['sync']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
xapi.commit(cmd="<commit></commit>",
sync=sync,
interval=interval,
timeout=timeout)
module.exit_json(changed=True, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
portal_name=dict(required=True),
config_name=dict(required=True),
gateway_address=dict(required=True),
type=dict(default="external", choices=['internal', 'external']),
state=dict(default="present", choices=['absent', 'present']),
manual=dict(type='bool', default=None),
description=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
portal_name = module.params['portal_name']
config_name = module.params['config_name']
gateway_address = module.params['gateway_address']
type_ = module.params['type']
state = module.params['state']
manual = module.params['manual']
description = module.params['description']
commit = module.params['commit']
changed = False
try:
changed = check_gpp_gateway(
xapi,
module,
portal_name,
config_name,
gateway_address,
type_,
state,
manual,
description
)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
vulnprofile_name=dict(required=True),
description=dict(default=None),
rule_tuples=dict(default=None),
exception_ids=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
vulnprofile_name = module.params["vulnprofile_name"]
if not vulnprofile_name:
module.fail_json(msg="vulnprofile_name must be specified")
description = module.params["description"]
rule_tuples = module.params["rule_tuples"]
rule_tuples = rule_tuples.replace('\'','"') #get rid of double-quotes
rule_tuples = json.loads(rule_tuples)
exception_ids = module.params["exception_ids"]
if not rule_tuples and not exception_ids:
module.fail_json(msg="You cannot have both exception and rules empty")
commit = module.params['commit']
try:
changed = add_vulnerability_profile(xapi,
vulnprofile_name=vulnprofile_name,
description=description,
rule_tuples=rule_tuples,
exception_ids=exception_ids)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
except PanXapiError:
import sys
x = sys.exc_info()[1]
module.fail_json(msg=x.message)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
port=dict(default=443),
password=dict(no_log=True),
username=dict(default="admin"),
api_key=dict(no_log=True),
admin_username=dict(default="admin"),
admin_password=dict(no_log=True, required=True),
role=dict(),
commit=dict(type="bool", default=False),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[["api_key", "password"]],
)
module.deprecate(
"This module is deprecated; use panos_administrator",
version="3.0.0",
collection_name="paloaltonetworks.panos",
)
if not HAS_LIB:
module.fail_json(msg="Missing required libraries.")
ip_address = module.params["ip_address"]
port = module.params["port"]
password = module.params["password"]
username = module.params["username"]
api_key = module.params["api_key"]
admin_username = module.params["admin_username"]
admin_password = module.params["admin_password"]
role = module.params["role"]
commit = module.params["commit"]
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password,
api_key=api_key,
port=port,
)
changed = admin_set(xapi, module, admin_username, admin_password, role)
if commit:
module.deprecate(
"Please use the commit modules instead of the commit option.",
version="3.0.0",
collection_name="paloaltonetworks.panos",
)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
if_name=dict(required=True),
if_type=dict(default='dhcp'), #dhcp or static
if_address=dict(),
vr_name=dict(default='default'),
zone_name=dict(required=True),
create_default_route=dict(type='bool', default=False),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
if_name = module.params['if_name']
if_type = module.params['if_type']
if_address = module.params['if_address']
vr_name = module.params['vr_name']
zone_name = module.params['zone_name']
create_default_route = module.params['create_default_route']
commit = module.params['commit']
ifexists = if_exists(xapi, if_name)
if ifexists:
module.exit_json(changed=False, msg="interface exists, not changed")
try:
changed = add_if(xapi, if_name, if_type, if_address, vr_name,
zone_name, create_default_route)
if (not changed):
module.exit_json(
changed=False,
msg="Invalid interface type (if_type), use static of dhcp")
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
admin_username=dict(default=None, required=True),
public_key=dict(default=None),
state=dict(choices=['present', 'absent'], required=True,
default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
panos_user = module.params['admin_username']
public_key = module.params['public_key']
state = module.params['state']
commit = module.params['commit']
changed = False
pkey = get_publickey(xapi, panos_user)
if state == 'absent':
if pkey is not None:
delete_publickey(xapi, panos_user)
changed = True
else:
# state 'present'
if pkey is None and public_key is None:
module.fail_json(msg="state 'present' but no public_key to set")
if pkey != public_key and public_key is not None:
set_publickey(xapi, panos_user, pkey, public_key)
changed = True
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
monitor_name=dict(default=None),
vpc_id=dict(default=None),
source=dict(default=None),
access_key=dict(default=None),
secret_access_key=dict(default=None, no_log=True),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
monitor_name = module.params['monitor_name']
if not monitor_name:
module.fail_json(msg="monitor_name is required")
vpc_id = module.params['vpc_id']
if not vpc_id:
module.fail_json(msg="vpc_id is required")
source = module.params['source']
if not source:
module.fail_json(msg="source is required")
access_key = module.params['access_key']
if not access_key:
module.fail_json(msg="access_key is required")
secret_access_key = module.params['secret_access_key']
if not secret_access_key:
module.fail_json(msg="secret_access_key is required")
commit = module.params['commit']
changed = add_awsmonitor(xapi, monitor_name, vpc_id,
source, access_key, secret_access_key)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
portal_name=dict(default=None),
config_name=dict(default=None),
gateway_address=dict(default=None),
type=dict(default="external",
choices=['internal', 'external']),
state=dict(default="present",
choices=['absent', 'present']),
manual=dict(type='bool', default=None),
description=dict(default=None),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
portal_name = module.params['portal_name']
if portal_name is None:
module.fail_json(msg='portal_name is required')
config_name = module.params['config_name']
if config_name is None:
module.fail_json(msg='config_name is required')
gateway_address = module.params['gateway_address']
if gateway_address is None:
module.fail_json(msg='gateway_address is required')
type_ = module.params['type']
state = module.params['state']
manual = module.params['manual']
description = module.params['description']
commit = module.params['commit']
changed = False
changed = check_gpp_gateway(xapi, module, portal_name, config_name,
gateway_address, type_, state, manual,
description)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
vulnprofile_name=dict(default=None),
description=dict(default=None),
rule_tuples=dict(default=None),
exception_ids=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
vulnprofile_name = module.params["vulnprofile_name"]
if not vulnprofile_name:
module.fail_json(msg="vulnprofile_name must be specified")
description = module.params["description"]
rule_tuples = module.params["rule_tuples"]
exception_ids = module.params["exception_ids"]
if not rule_tuples and not exception_ids:
module.fail_json(msg="You cannot have both exception and rules empty")
commit = module.params['commit']
changed = False
changed = add_vulnerability_profile(xapi,
vulnprofile_name=vulnprofile_name,
description=description,
rule_tuples=rule_tuples,
exception_ids=exception_ids)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
address_name=dict(required=True),
address=dict(),
description=dict(),
tag=dict(),
type=dict(default='ip-netmask', choices=['ip-netmask', 'ip-range', 'fqdn']),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
address_name = module.params['address_name']
address = module.params['address']
commit = module.params['commit']
description = module.params['description']
tag = module.params['tag']
type = module.params['type']
changed = False
try:
changed = add_address(xapi, module,
address,
address_name,
description,
type,
tag)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
dns_server_primary=dict(),
dns_server_secondary=dict(),
panorama_primary=dict(),
panorama_secondary=dict(),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
dns_server_primary = module.params['dns_server_primary']
dns_server_secondary = module.params['dns_server_secondary']
panorama_primary = module.params['panorama_primary']
panorama_secondary = module.params['panorama_secondary']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
changed = False
try:
if dns_server_primary is not None:
changed |= set_dns_server(xapi, dns_server_primary, primary=True)
if dns_server_secondary is not None:
changed |= set_dns_server(xapi,
dns_server_secondary,
primary=False)
if panorama_primary is not None:
changed |= set_panorama_server(xapi,
panorama_primary,
primary=True)
if panorama_secondary is not None:
changed |= set_panorama_server(xapi,
panorama_secondary,
primary=False)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
admin_username=dict(default=None, required=True),
public_key=dict(default=None),
state=dict(choices=['present', 'absent'],
required=True,
default=None),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
panos_user = module.params['admin_username']
public_key = module.params['public_key']
state = module.params['state']
commit = module.params['commit']
changed = False
pkey = get_publickey(xapi, panos_user)
if state == 'absent':
if pkey is not None:
delete_publickey(xapi, panos_user)
changed = True
else:
# state 'present'
if pkey is None and public_key is None:
module.fail_json(msg="state 'present' but no public_key to set")
if pkey != public_key and public_key is not None:
set_publickey(xapi, panos_user, pkey, public_key)
changed = True
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
pg_name=dict(required=True),
data_filtering=dict(),
file_blocking=dict(),
spyware=dict(),
url_filtering=dict(),
virus=dict(),
vulnerability=dict(),
wildfire=dict(),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
pg_name = module.params['pg_name']
data_filtering = module.params['data_filtering']
file_blocking = module.params['file_blocking']
spyware = module.params['spyware']
url_filtering = module.params['url_filtering']
virus = module.params['virus']
vulnerability = module.params['vulnerability']
wildfire = module.params['wildfire']
commit = module.params['commit']
try:
changed = add_pg(xapi, pg_name, data_filtering, file_blocking,
spyware, url_filtering, virus, vulnerability, wildfire)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
pg_name=dict(required=True),
data_filtering=dict(),
file_blocking=dict(),
spyware=dict(),
url_filtering=dict(),
virus=dict(),
vulnerability=dict(),
wildfire=dict(),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
pg_name = module.params['pg_name']
data_filtering = module.params['data_filtering']
file_blocking = module.params['file_blocking']
spyware = module.params['spyware']
url_filtering = module.params['url_filtering']
virus = module.params['virus']
vulnerability = module.params['vulnerability']
wildfire = module.params['wildfire']
commit = module.params['commit']
try:
changed = add_pg(xapi, pg_name, data_filtering, file_blocking,
spyware, url_filtering, virus, vulnerability, wildfire)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
port=dict(default=443),
password=dict(no_log=True),
username=dict(default='admin'),
api_key=dict(no_log=True),
admin_username=dict(default='admin'),
admin_password=dict(no_log=True, required=True),
role=dict(),
commit=dict(type='bool', default=False))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
module.deprecate('This module is deprecated; use panos_administrator',
version='3.0.0',
collection_name='paloaltonetworks.panos')
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
ip_address = module.params["ip_address"]
port = module.params['port']
password = module.params["password"]
username = module.params['username']
api_key = module.params['api_key']
admin_username = module.params['admin_username']
admin_password = module.params['admin_password']
role = module.params['role']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password,
api_key=api_key,
port=port)
changed = admin_set(xapi, module, admin_username, admin_password, role)
if commit:
module.deprecate(
'Please use the commit modules instead of the commit option.',
version='3.0.0',
collection_name='paloaltonetworks.panos')
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
pg_name=dict(default=None),
data_filtering=dict(default=None),
file_blocking=dict(default=None),
spyware=dict(default=None),
url_filtering=dict(default=None),
virus=dict(default=None),
vulnerability=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
pg_name = module.params['pg_name']
if not pg_name:
module.fail_json(msg='pg_name is required')
data_filtering = module.params['data_filtering']
file_blocking = module.params['file_blocking']
spyware = module.params['spyware']
url_filtering = module.params['url_filtering']
virus = module.params['virus']
vulnerability = module.params['vulnerability']
commit = module.params['commit']
changed = add_pg(xapi, pg_name, data_filtering, file_blocking,
spyware, url_filtering, virus, vulnerability)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
dns_server_primary=dict(),
dns_server_secondary=dict(),
panorama_primary=dict(),
panorama_secondary=dict(),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
dns_server_primary = module.params['dns_server_primary']
dns_server_secondary = module.params['dns_server_secondary']
panorama_primary = module.params['panorama_primary']
panorama_secondary = module.params['panorama_secondary']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
changed = False
try:
if dns_server_primary is not None:
changed |= set_dns_server(xapi, dns_server_primary, primary=True)
if dns_server_secondary is not None:
changed |= set_dns_server(xapi, dns_server_secondary, primary=False)
if panorama_primary is not None:
changed |= set_panorama_server(xapi, panorama_primary, primary=True)
if panorama_secondary is not None:
changed |= set_panorama_server(xapi, panorama_secondary, primary=False)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
dns_server_primary=dict(default=None),
dns_server_secondary=dict(default=None),
panorama_primary=dict(default=None),
panorama_secondary=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
dns_server_primary = module.params['dns_server_primary']
dns_server_secondary = module.params['dns_server_secondary']
panorama_primary = module.params['panorama_primary']
panorama_secondary = module.params['panorama_secondary']
commit = module.params['commit']
changed = False
if dns_server_primary is not None:
changed |= set_dns_server(xapi, dns_server_primary, primary=True)
if dns_server_secondary is not None:
changed |= set_dns_server(xapi, dns_server_secondary, primary=False)
if panorama_primary is not None:
changed |= set_panorama_server(xapi, panorama_primary, primary=True)
if panorama_secondary is not None:
changed |= set_panorama_server(xapi, panorama_secondary, primary=False)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def push_service(service, context):
xapi = panorama_login()
snippets_dir = Path(os.path.join(settings.BASE_DIR, 'mssp', 'snippets'))
if xapi is None:
print('Could not push service to Panorama')
return False
try:
for snippet in service['snippets']:
xpath = snippet['xpath']
xml_file_name = snippet['file']
xml_full_path = os.path.join(snippets_dir, service['name'],
xml_file_name)
with open(xml_full_path, 'r') as xml_file:
xml_string = xml_file.read()
xml_template = Environment(
loader=BaseLoader()).from_string(xml_string)
xpath_template = Environment(
loader=BaseLoader()).from_string(xpath)
xml_snippet = xml_template.render(context).replace('\n', '')
xpath_string = xpath_template.render(context)
print('Pushing xpath: %s' % xpath_string)
#print('Pushing element: %s' % xml_snippet)
xapi.set(xpath=xpath_string, element=xml_snippet)
# FIXME - We need to fix this
if xapi.status_code == '19' or xapi.status_code == '20':
print('xpath is already present')
elif xapi.status_code == '7':
print('xpath was NOT found')
return False
xapi.commit('<commit/>', sync=True)
print(xapi.xml_result())
return True
except IOError as ioe:
print('Could not open xml snippet file for reading!!!')
# FIXME - raise a decent error here
return False
except pan.xapi.PanXapiError as pxe:
print('Could not push service snippet!')
print(pxe)
return False
def palo_commit(xapi, xpath, element, logfp):
try:
xapi.edit(xpath=xpath,
element=element)
except pan.xapi.PanXapiError as msg:
print('edit:', msg, file=logfp)
sys.exit(1)
#validate safhasi
if options['version'] == 6:
c = pan.commit.PanCommit(force=False,
commit_all=False,
merge_with_candidate=False)
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': False,
'interval': None,
'timeout': None,
}
action = 'commit'
xapi.commit(**kwargs)
res = print_status(xapi, action)
if "success" in res:
print('Validate OK. Continue.', file=logfp)
else:
print('Validate not OK. Exit!', file=logfp)
sys.exit(1)
print('Waiting for the 30 sec to validation commit to complete...', file=logfp)
#TODO: pan xapiden donulen degere gore beklemeli sonsuz
time.sleep(30)
else:
print(options['version'], "icin validate kodu eklenecek", logfp)
#commit safhasi
cmd = "<commit></commit>"
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print('Commit gonderildi!', file=logfp)
def palo_commit(xapi, xpath, element, logfp):
try:
xapi.edit(xpath=xpath, element=element)
except pan.xapi.PanXapiError as msg:
print('edit:', msg, file=logfp)
sys.exit(1)
#validate safhasi
if options['version'] == 6:
c = pan.commit.PanCommit(force=False,
commit_all=False,
merge_with_candidate=False)
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': False,
'interval': None,
'timeout': None,
}
action = 'commit'
xapi.commit(**kwargs)
res = print_status(xapi, action)
if "success" in res:
print('Validate OK. Continue.', file=logfp)
else:
print('Validate not OK. Exit!', file=logfp)
sys.exit(1)
print('Waiting for the 30 sec to validation commit to complete...',
file=logfp)
#TODO: pan xapiden donulen degere gore beklemeli sonsuz
time.sleep(30)
else:
print(options['version'], "icin validate kodu eklenecek", logfp)
#commit safhasi
cmd = "<commit></commit>"
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print('Commit gonderildi!', file=logfp)
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
if_name=dict(default=None),
zone_name=dict(default=None),
create_default_route=dict(type='bool', default=False),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
if_name = module.params['if_name']
if not if_name:
module.fail_json(msg="if_name required")
zone_name = module.params['zone_name']
if not zone_name:
module.fail_json(msg="zone_name required")
create_default_route = module.params['create_default_route']
commit = module.params['commit']
ifexists = if_exists(xapi, if_name)
if ifexists:
module.exit_json(changed=False, msg="if exists, not changed")
changed = add_dhcp_if(xapi, if_name, zone_name, create_default_route)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
pg_name=dict(default=None),
data_filtering=dict(default=None),
file_blocking=dict(default=None),
spyware=dict(default=None),
url_filtering=dict(default=None),
virus=dict(default=None),
vulnerability=dict(default=None),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
pg_name = module.params['pg_name']
if not pg_name:
module.fail_json(msg='pg_name is required')
data_filtering = module.params['data_filtering']
file_blocking = module.params['file_blocking']
spyware = module.params['spyware']
url_filtering = module.params['url_filtering']
virus = module.params['virus']
vulnerability = module.params['vulnerability']
commit = module.params['commit']
changed = add_pg(xapi, pg_name, data_filtering, file_blocking, spyware,
url_filtering, virus, vulnerability)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
if_name=dict(required=True),
zone_name=dict(required=True),
create_default_route=dict(type='bool', default=False),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
if_name = module.params['if_name']
zone_name = module.params['zone_name']
create_default_route = module.params['create_default_route']
commit = module.params['commit']
ifexists = if_exists(xapi, if_name)
if ifexists:
module.exit_json(changed=False, msg="interface exists, not changed")
try:
changed = add_dhcp_if(xapi, if_name, zone_name, create_default_route)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
service_name=dict(default=None),
protocol=dict(default=None, choices=['tcp', 'udp']),
port=dict(default=None),
source_port=dict(default=None),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
service_name = module.params['service_name']
if not service_name:
module.fail_json(msg='service_name is required')
protocol = module.params['protocol']
if not protocol:
module.fail_json(msg="protocol is required")
port = module.params['port']
if not port:
module.fail_json(msg="port is required")
source_port = module.params['source_port']
commit = module.params['commit']
changed = False
changed = add_service(xapi, module, service_name, protocol, port,
source_port)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
tunnel_unit=dict(required=True),
zone_name=dict(required=True),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
tunnel_unit = module.params['tunnel_unit']
if not tunnel_unit:
module.fail_json(msg="tunnel_unit required")
zone_name = module.params['zone_name']
if not zone_name:
module.fail_json(msg="zone_name required")
commit = module.params['commit']
ifexists = if_exists(xapi, tunnel_unit)
if ifexists:
module.exit_json(changed=False, msg="tunnel unit exists, not changed")
changed = add_tunnel_if(xapi, tunnel_unit, zone_name)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(),
password=dict(no_log=True),
username=dict(default='admin'),
admin_username=dict(default='admin'),
admin_password=dict(no_log=True),
role=dict(),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python required for this module')
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
admin_username = module.params['admin_username']
if admin_username is None:
module.fail_json(msg="admin_username is required")
admin_password = module.params['admin_password']
role = module.params['role']
commit = module.params['commit']
changed = admin_set(xapi, module, admin_username, admin_password, role)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
app_name=dict(required=True),
host_regex=dict(required=True),
convert_hostname=dict(type='bool', default=False),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
app_name = module.params['app_name']
if not app_name:
module.fail_json(msg='app_name is required')
host_regex = module.params['host_regex']
if not host_regex:
module.fail_json(msg='host_regex is required')
convert_hostname = module.params['convert_hostname']
if convert_hostname:
host_regex = convert_to_regex(host_regex)
commit = module.params['commit']
changed = add_custom_app(xapi, app_name, host_regex)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def _set_config(self, config, hostname, xpath):
xapi = pan.xapi.PanXapi(**self._get_pan_credentials(hostname))
try:
xapi.set(xpath=xpath, element=config)
except pan.xapi.PanXapiError as e:
print("{error}".format(error=e))
return False
time.sleep(3)
print("Config: {status}".format(status=xapi.status))
time.sleep(1)
print(
"Applying config on {hostname} with user {username} and password {password}..."
.format(hostname=hostname,
username=self.username,
password=self.password[:1]))
try:
xapi.commit(cmd="<commit></commit>", timeout=10)
except pan.xapi.PanXapiError as e:
print("{error}".format(error=e))
return False
print("Commit: {status}".format(status=xapi.status))
def main():
argument_spec = dict(
ip_address=dict(),
password=dict(no_log=True),
username=dict(default='admin'),
interval=dict(default=0.5),
timeout=dict(),
sync=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python required for this module')
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
interval = module.params['interval']
timeout = module.params['timeout']
sync = module.params['sync']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
xapi.commit(
cmd="<commit></commit>",
sync=sync,
interval=interval,
timeout=timeout
)
module.exit_json(changed=True, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
if_name=dict(default=None),
zone_name=dict(default=None),
create_default_route=dict(type='bool', default=False),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
if_name = module.params['if_name']
if not if_name:
module.fail_json(msg="if_name required")
zone_name = module.params['zone_name']
if not zone_name:
module.fail_json(msg="zone_name required")
create_default_route = module.params['create_default_route']
commit = module.params['commit']
ifexists = if_exists(xapi, if_name)
if ifexists:
module.exit_json(changed=False, msg="if exists, not changed")
changed = add_dhcp_if(xapi, if_name, zone_name, create_default_route)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None),
username=dict(default='admin'),
dag_name=dict(default=None),
dag_filter=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
dag_name = module.params['dag_name']
if not dag_name:
module.fail_json(msg="dag_name is required")
dag_filter = module.params['dag_filter']
if not dag_filter:
module.fail_json(msg="dag_filter is required")
commit = module.params['commit']
changed = add_dag(xapi, dag_name, dag_filter)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(no_log=True),
username=dict(default='admin'),
api_key=dict(no_log=True),
admin_username=dict(default='admin'),
admin_password=dict(no_log=True, required=True),
role=dict(),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
api_key = module.params['api_key']
admin_username = module.params['admin_username']
admin_password = module.params['admin_password']
role = module.params['role']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password,
api_key=api_key
)
changed = admin_set(xapi, module, admin_username, admin_password, role)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
service_name=dict(required=True),
protocol=dict(required=True, choices=['tcp', 'udp']),
port=dict(required=True),
source_port=dict(),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
service_name = module.params['service_name']
protocol = module.params['protocol']
port = module.params['port']
source_port = module.params['source_port']
commit = module.params['commit']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
try:
changed = add_service(xapi, module, service_name, protocol, port,
source_port)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
rule_name=dict(default=None),
bidirectional=dict(type='bool', default=False),
snat_type=dict(default='static-ip',
choices=['static-ip', 'dynamic-ip-and-port']),
translated_address=dict(default=None),
interface_address_if=dict(default=None),
interface_address_ip=dict(default=None),
from_zone=dict(default=None),
to_zone=dict(default=None),
source=dict(default="any"),
destination=dict(default="any"),
service=dict(default="any"),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
rule_name = module.params['rule_name']
if not rule_name:
module.fail_json(msg='rule_name is required')
bidirectional = module.params['bidirectional']
snat_type = module.params['snat_type']
translated_address = module.params['translated_address']
interface_address_if = module.params['interface_address_if']
interface_address_ip = module.params['interface_address_ip']
from_zone = module.params['from_zone']
if from_zone is None:
module.fail_json(msg='from_zone is required')
if type(from_zone) == str:
from_zone = [from_zone]
to_zone = module.params['to_zone']
if to_zone is None:
module.fail_json(msg='to_zone is required')
source = module.params['source']
if type(source) == str:
source = [source]
destination = module.params['destination']
if type(destination) == str:
destination = [destination]
service = module.params['service']
commit = module.params['commit']
changed = False
if snat_type == 'static-ip':
changed = add_snat_static_ip(xapi, module,
rule_name,
from_zone,
to_zone,
source,
destination,
service,
bidirectional,
translated_address)
elif snat_type == 'dynamic-ip-and-port':
changed = add_snat_dipp(xapi, module,
rule_name,
from_zone,
to_zone,
source,
destination,
service,
translated_address,
interface_address_ip,
interface_address_if)
else:
module.fail_json(msg="unsupported snat type "+snat_type)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
rule_name=dict(required=True),
from_zone=dict(type='list', required=True),
to_zone=dict(required=True),
source=dict(type='list', default=["any"]),
destination=dict(type='list', default=["any"]),
service=dict(default="any"),
snat_type=dict(),
snat_address=dict(),
snat_interface=dict(),
snat_interface_address=dict(),
snat_bidirectional=dict(default=False),
dnat_address=dict(),
dnat_port=dict(),
override=dict(type='bool', default=False),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False)
if module._name == 'panos_nat_policy':
module.deprecate(
"The 'panos_nat_policy' module is being renamed 'panos_nat_rule'",
version=2.8)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(hostname=ip_address,
api_username=username,
api_password=password)
rule_name = module.params['rule_name']
from_zone = module.params['from_zone']
to_zone = module.params['to_zone']
source = module.params['source']
destination = module.params['destination']
service = module.params['service']
snat_type = module.params['snat_type']
snat_address = module.params['snat_address']
snat_interface = module.params['snat_interface']
snat_interface_address = module.params['snat_interface_address']
snat_bidirectional = module.params['snat_bidirectional']
dnat_address = module.params['dnat_address']
dnat_port = module.params['dnat_port']
commit = module.params['commit']
override = module.params["override"]
if not override and nat_rule_exists(xapi, rule_name):
module.exit_json(changed=False, msg="rule exists")
try:
changed = add_nat(xapi,
module,
rule_name,
from_zone,
to_zone,
source,
destination,
service,
dnatxml=dnat_xml(module, dnat_address, dnat_port),
snatxml=snat_xml(module, snat_type, snat_address,
snat_interface,
snat_interface_address,
snat_bidirectional))
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
except PanXapiError:
exc = get_exception()
module.fail_json(msg=exc.message)
try:
xapi = pan.xapi.PanXapi(api_username=os.environ['username'],
api_password=os.environ['password'],
hostname=os.environ['ipAddr'])
print("Successfully Connected!")
xapi.op(cmd='show system info', cmd_xml=True)
print(xapi.xml_result())
#set the config using the above xpath
xapi.set(xpath, element=data)
print(xapi.xml_result())
#commit the config. Make sure to add the xml command.
xapi.commit('<commit/>')
print(xapi.xml_result())
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
elif cmd == "stop":
# Build the XML tree for the settings we want to add to the FW. In this case adding a named address.
# root.set("name", "Kimberly")
try:
xapi = pan.xapi.PanXapi(api_username=os.environ['username'],
api_password=os.environ['password'],
hostname=os.environ['ipAddr'])
def main():
set_encoding()
options = parse_opts()
try:
xapi = pan.xapi.PanXapi(debug=options['debug'],
timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
cafile=options['cafile'],
capath=options['capath'])
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===',
sep='', file=sys.stderr)
try:
if options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
if options['keygen']:
action = 'keygen'
xapi.keygen()
print_status(xapi, action)
print_response(xapi, options)
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
xapi.show(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
xapi.get(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
xapi.delete(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
xapi.edit(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
xapi.set(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
xapi.rename(xpath=options['xpath'],
newname=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
xapi.override(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
xapi.export(category=options['export'],
from_name=options['src'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options)
save_pcap(xapi, options)
if options['log'] is not None:
action = 'log'
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(debug=options['debug'],
validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=
options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, msg)
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
def main():
argument_spec = dict(
ip_address=dict(required=True),
password=dict(required=True, no_log=True),
username=dict(default='admin'),
rule_name=dict(required=True),
from_zone=dict(type='list', required=True),
to_zone=dict(required=True),
source=dict(type='list', default=["any"]),
destination=dict(type='list', default=["any"]),
service=dict(default="any"),
snat_type=dict(),
snat_address=dict(),
snat_interface=dict(),
snat_interface_address=dict(),
snat_bidirectional=dict(default=False),
dnat_address=dict(),
dnat_port=dict(),
override=dict(type='bool', default=False),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False)
if module._name == 'panos_nat_policy':
module.deprecate("The 'panos_nat_policy' module is being renamed 'panos_nat_rule'", version=2.8)
if not HAS_LIB:
module.fail_json(msg='pan-python is required for this module')
ip_address = module.params["ip_address"]
password = module.params["password"]
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
rule_name = module.params['rule_name']
from_zone = module.params['from_zone']
to_zone = module.params['to_zone']
source = module.params['source']
destination = module.params['destination']
service = module.params['service']
snat_type = module.params['snat_type']
snat_address = module.params['snat_address']
snat_interface = module.params['snat_interface']
snat_interface_address = module.params['snat_interface_address']
snat_bidirectional = module.params['snat_bidirectional']
dnat_address = module.params['dnat_address']
dnat_port = module.params['dnat_port']
commit = module.params['commit']
override = module.params["override"]
if not override and nat_rule_exists(xapi, rule_name):
module.exit_json(changed=False, msg="rule exists")
try:
changed = add_nat(
xapi,
module,
rule_name,
from_zone,
to_zone,
source,
destination,
service,
dnatxml=dnat_xml(module, dnat_address, dnat_port),
snatxml=snat_xml(module, snat_type, snat_address,
snat_interface, snat_interface_address,
snat_bidirectional)
)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
except PanXapiError as exc:
module.fail_json(msg=to_native(exc))
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.xapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.xapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.xapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
if options['cafile'] or options['capath']:
ssl_context = create_ssl_context(options['cafile'],
options['capath'])
else:
ssl_context = None
try:
xapi = pan.xapi.PanXapi(timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
ssl_context=ssl_context)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===',
sep='', file=sys.stderr)
extra_qs_used = False
try:
if options['keygen']:
action = 'keygen'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.keygen(extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.show(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.get(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.delete(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.edit(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.set(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.rename(xpath=options['xpath'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.override(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
if options['ad_hoc'] is not None:
extra_qs_used = True
if options['pcapid'] is not None:
xapi.export(category=options['export'],
pcapid=options['pcapid'],
search_time=options['stime'],
serialno=options['serial'],
extra_qs=options['ad_hoc'])
else:
xapi.export(category=options['export'],
from_name=options['src'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options['export'])
save_attachment(xapi, options)
if options['log'] is not None:
action = 'log'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=
options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if not extra_qs_used and options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, msg)
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
rule_name=dict(default=None),
translated_address=dict(default=None),
translated_port=dict(default=None),
from_zone=dict(default=None),
to_zone=dict(default=None),
source=dict(default="any"),
destination=dict(default="any"),
service=dict(default="any"),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
rule_name = module.params['rule_name']
if not rule_name:
module.fail_json(msg='rule_name is required')
translated_address = module.params['translated_address']
translated_port = module.params['translated_port']
from_zone = module.params['from_zone']
if from_zone is None:
module.fail_json(msg='from_zone is required')
if type(from_zone) == str:
from_zone = [from_zone]
to_zone = module.params['to_zone']
if to_zone is None:
module.fail_json(msg='to_zone is required')
source = module.params['source']
if type(source) == str:
source = [source]
destination = module.params['destination']
if type(destination) == str:
destination = [destination]
service = module.params['service']
commit = module.params['commit']
changed = False
changed = add_dnat(xapi, module,
rule_name,
from_zone,
to_zone,
source,
destination,
service,
translated_address,
translated_port)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
rule_name=dict(default=None),
from_zone=dict(default=None),
to_zone=dict(default=None),
source=dict(default=["any"]),
destination=dict(default=["any"]),
service=dict(default="any"),
snat_type=dict(default=None),
snat_address=dict(default=None),
snat_interface=dict(default=None),
snat_interface_address=dict(default=None),
snat_bidirectional=dict(default=False),
dnat_address=dict(default=None),
dnat_port=dict(default=None),
override=dict(default=False),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
rule_name = module.params['rule_name']
if not rule_name:
module.fail_json(msg='rule_name is required')
from_zone = module.params['from_zone']
if from_zone is None:
module.fail_json(msg='from_zone is required')
to_zone = module.params['to_zone']
if to_zone is None:
module.fail_json(msg='to_zone is required')
source = module.params['source']
destination = module.params['destination']
service = module.params['service']
snat_type = module.params['snat_type']
snat_address = module.params['snat_address']
snat_interface = module.params['snat_interface']
snat_interface_address = module.params['snat_interface_address']
snat_bidirectional = module.params['snat_bidirectional']
dnat_address = module.params['dnat_address']
dnat_port = module.params['dnat_port']
commit = module.params['commit']
override = module.params["override"]
if not override and nat_rule_exists(xapi, rule_name):
module.exit_json(changed=False, msg="rule exists")
changed = add_nat(
xapi,
module,
rule_name,
from_zone,
to_zone,
source,
destination,
service,
dnatxml=dnat_xml(module, dnat_address, dnat_port),
snatxml=snat_xml(module, snat_type, snat_address,
snat_interface, snat_interface_address,
snat_bidirectional)
)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")
def main():
argument_spec = dict(
ip_address=dict(default=None),
password=dict(default=None, no_log=True),
username=dict(default='admin'),
portal_name=dict(default=None),
config_name=dict(default=None),
gateway_address=dict(default=None),
type=dict(default="external", choices=['internal', 'external']),
state=dict(default="present", choices=['absent', 'present']),
manual=dict(type='bool', default=None),
description=dict(default=None),
commit=dict(type='bool', default=True)
)
module = AnsibleModule(argument_spec=argument_spec)
ip_address = module.params["ip_address"]
if not ip_address:
module.fail_json(msg="ip_address should be specified")
password = module.params["password"]
if not password:
module.fail_json(msg="password is required")
username = module.params['username']
xapi = pan.xapi.PanXapi(
hostname=ip_address,
api_username=username,
api_password=password
)
portal_name = module.params['portal_name']
if portal_name is None:
module.fail_json(msg='portal_name is required')
config_name = module.params['config_name']
if config_name is None:
module.fail_json(msg='config_name is required')
gateway_address = module.params['gateway_address']
if gateway_address is None:
module.fail_json(msg='gateway_address is required')
type_ = module.params['type']
state = module.params['state']
manual = module.params['manual']
description = module.params['description']
commit = module.params['commit']
changed = False
changed = check_gpp_gateway(
xapi,
module,
portal_name,
config_name,
gateway_address,
type_,
state,
manual,
description
)
if changed and commit:
xapi.commit(cmd="<commit></commit>", sync=True, interval=1)
module.exit_json(changed=changed, msg="okey dokey")