def editPanoramaEntry(pn, xpath, file, module):
if 'hostname' not in pn or 'username' not in pn or 'password' not in pn:
module.fail_json(msg='Panorama credentials not specified!')
#print('Reading configuration file: {}'. format(file))
try:
f = open(file, 'r')
d = f.read()
f.close()
except Exception as msg:
module.fail_json(msg='Error while reading file: {}'.format(msg))
#print('Configuration file read, connecting to Panorama...')
try:
xapi = pan.xapi.PanXapi(hostname=pn['hostname'],
api_username=pn['username'],
api_password=pn['password'])
except pan.xapi.PanXapiError as msg:
module.fail_json(msg='pan.xapi.PanXapi: {}'.format(msg))
except Exception as e:
module.fail_json(msg='Exception: {}'.format(e))
#print('Connected to Panorama, editing configuration in path: {}'.format(xpath))
try:
xapi.edit(xpath=xpath, element=d)
except pan.xapi.PanXapiError as msg:
module.fail_json(msg='pan.xapi.PanXapi (edit): {}'.format(msg))
#print('Configuration successfully edited!')
return True
def set_publickey(xapi, user, cpkey, pkey):
b64pkey = base64.b64encode(pkey)
e = "<public-key>%s</public-key>" % b64pkey
if cpkey is None:
xapi.set(xpath=_ADMINPROFILE_XPATH % user, element=e)
else:
xapi.edit(xpath=_PKEY_XPATH % user, element=e)
def modify_gpp_gateway(cgw, xapi, module, portal_name, config_name,
type_, gateway_address, manual, description):
result = False
if manual is not None:
cmanual = cgw.find('manual')
if cmanual is None:
raise Exception('No manual value tag')
if cmanual.text not in ['yes', 'no']:
raise Exception('Invalid manual value: %s' % cmanual.text)
if bool(cmanual == 'yes') ^ bool(manual):
xapi.edit(xpath=(_GW_PATH + "/manual") %
(portal_name, config_name, type_, gateway_address),
element="<manual>%s</manual>" %
('yes' if manual else 'no'))
result = True
if description is not None:
cdescription = cgw.find('description')
if cdescription is not None and \
cdescription.text is not None and \
cdescription.text == description:
return result
xapi.edit(xpath=(_GW_PATH + "/description") %
(portal_name, config_name, type_, gateway_address),
element="<description>%s</description>" %
description)
result = True
return result
def add_mgtprf(xapi, mgtprf_name, http, https, http_ocsp, ssh, snmp, userid,
userid_syslog_ssl, userid_syslog_udp, ping, response_pages,
telnet, iplist):
#Create IP list
if len(iplist) > 0:
ips = iplist.split(',')
ip_xml = '<permitted-ip>'
for ip in ips:
ip_xml += '<entry name="' + ip + '"/>'
ip_xml += '</permitted-ip>'
mgtprf_xml = [
'<entry name="%s">', ip_xml, '<http>' + http + '</http>', '<https>' +
https + '</https>', '<http-ocsp>' + http_ocsp + '</http-ocsp>',
'<ssh>' + ssh + '</ssh>', '<snmp>' + snmp + '</snmp>',
'<userid-service>' + userid + '</userid-service>',
'<userid-syslog-listener-ssl>' + userid_syslog_ssl +
'</userid-syslog-listener-ssl>', '<userid-syslog-listener-udp>' +
userid_syslog_udp + '</userid-syslog-listener-udp>',
'<ping>' + ping + '</ping>',
'<response-pages>' + response_pages + '</response-pages>',
'<telnet>' + telnet + '</telnet>', '</entry>'
]
mgtprf_xml = (''.join(mgtprf_xml) % mgtprf_name)
xapi.edit(xpath=_MGT_PRF_XPATH % mgtprf_name, element=mgtprf_xml)
return True
def modify_gpp_gateway(cgw, xapi, module, portal_name, config_name,
type_, gateway_address, manual, description):
result = False
if manual is not None:
cmanual = cgw.find('manual')
if cmanual is None:
raise Exception('No manual value tag')
if cmanual.text not in ['yes', 'no']:
raise Exception('Invalid manual value: %s' % cmanual.text)
if bool(cmanual == 'yes') ^ bool(manual):
xapi.edit(xpath=(_GW_PATH+"/manual") %
(portal_name, config_name, type_, gateway_address),
element="<manual>%s</manual>" %
('yes' if manual else 'no'))
result = True
if description is not None:
cdescription = cgw.find('description')
if cdescription is not None and \
cdescription.text is not None and \
cdescription.text == description:
return result
xapi.edit(xpath=(_GW_PATH+"/description") %
(portal_name, config_name, type_, gateway_address),
element="<description>%s</description>" %
description)
result = True
return result
def set_publickey(xapi, user, cpkey, pkey):
b64pkey = base64.b64encode(pkey)
e = "<public-key>%s</public-key>" % b64pkey
if cpkey is None:
xapi.set(xpath=_ADMINPROFILE_XPATH % user, element=e)
else:
xapi.edit(xpath=_PKEY_XPATH % user, element=e)
def add_vr(xapi, vr_name):
vr_xml = [
'<entry name="%s">',
'</entry>'
]
vr_xml = (''.join(vr_xml) % vr_name)
xapi.edit(xpath=_VR_XPATH % vr_name, element=vr_xml)
return True
def add_tunnel_if(xapi, tunnel_unit, zone_name):
tif_xml = ['<entry name="tunnel.%s"></entry>']
tif_xml = (''.join(tif_xml)) % (tunnel_unit)
xapi.edit(xpath=_TIF_XPATH % tunnel_unit, element=tif_xml)
xapi.set(xpath=_ZONE_XPATH + "[@name='%s']/network/layer3" % zone_name,
element='<member>tunnel.%s</member>' % tunnel_unit)
xapi.set(xpath=_VR_XPATH + "[@name='default']/interface",
element='<member>tunnel.%s</member>' % tunnel_unit)
return True
def add_tunnel_if(xapi, tunnel_unit, zone_name):
tif_xml = ['<entry name="tunnel.%s"></entry>']
tif_xml = (''.join(tif_xml)) % (tunnel_unit)
xapi.edit(xpath=_TIF_XPATH % tunnel_unit, element=tif_xml)
xapi.set(xpath=_ZONE_XPATH+"[@name='%s']/network/layer3" % zone_name,
element='<member>tunnel.%s</member>' % tunnel_unit)
xapi.set(xpath=_VR_XPATH+"[@name='default']/interface",
element='<member>tunnel.%s</member>' % tunnel_unit)
return True
def admin_set(xapi, module, admin_username, admin_password, role):
if admin_password is not None:
xapi.op(cmd='request password-hash password "%s"' % admin_password,
cmd_xml=True)
r = xapi.element_root
phash = r.find(".//phash").text
if role is not None:
rbval = "yes"
if role != "superuser" and role != "superreader":
rbval = ""
ea = admin_exists(xapi, admin_username)
if ea is not None:
# user exists
changed = False
if role is not None:
rb = ea.find(".//role-based")
if rb is not None:
if rb[0].tag != role:
changed = True
xpath = _ADMIN_XPATH % admin_username
xpath += "/permissions/role-based/%s" % rb[0].tag
xapi.delete(xpath=xpath)
xpath = _ADMIN_XPATH % admin_username
xpath += "/permissions/role-based"
xapi.set(xpath=xpath,
element="<%s>%s</%s>" % (role, rbval, role))
if admin_password is not None:
xapi.edit(
xpath=_ADMIN_XPATH % admin_username + "/phash",
element="<phash>%s</phash>" % phash,
)
changed = True
return changed
# setup the non encrypted part of the monitor
exml = []
exml.append("<phash>%s</phash>" % phash)
exml.append("<permissions><role-based><%s>%s</%s>"
"</role-based></permissions>" % (role, rbval, role))
exml = "".join(exml)
# module.fail_json(msg=exml)
xapi.set(xpath=_ADMIN_XPATH % admin_username, element=exml)
return True
def admin_set(xapi, module, admin_username, admin_password, role):
if admin_password is not None:
xapi.op(cmd='request password-hash password "%s"' % admin_password,
cmd_xml=True)
r = xapi.element_root
phash = r.find('.//phash').text
if role is not None:
rbval = "yes"
if role != "superuser" and role != 'superreader':
rbval = ""
ea = admin_exists(xapi, admin_username)
if ea is not None:
# user exists
changed = False
if role is not None:
rb = ea.find('.//role-based')
if rb is not None:
if rb[0].tag != role:
changed = True
xpath = _ADMIN_XPATH % admin_username
xpath += '/permissions/role-based/%s' % rb[0].tag
xapi.delete(xpath=xpath)
xpath = _ADMIN_XPATH % admin_username
xpath += '/permissions/role-based'
xapi.set(xpath=xpath,
element='<%s>%s</%s>' % (role, rbval, role))
if admin_password is not None:
xapi.edit(xpath=_ADMIN_XPATH % admin_username+'/phash',
element='<phash>%s</phash>' % phash)
changed = True
return changed
# setup the non encrypted part of the monitor
exml = []
exml.append('<phash>%s</phash>' % phash)
exml.append('<permissions><role-based><%s>%s</%s>'
'</role-based></permissions>' % (role, rbval, role))
exml = ''.join(exml)
# module.fail_json(msg=exml)
xapi.set(xpath=_ADMIN_XPATH % admin_username, element=exml)
return True
def palo_commit(xapi, xpath, element, logfp):
try:
xapi.edit(xpath=xpath, element=element)
except pan.xapi.PanXapiError as msg:
print('edit:', msg, file=logfp)
sys.exit(1)
#validate safhasi
if options['version'] == 6:
c = pan.commit.PanCommit(force=False,
commit_all=False,
merge_with_candidate=False)
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': False,
'interval': None,
'timeout': None,
}
action = 'commit'
xapi.commit(**kwargs)
res = print_status(xapi, action)
if "success" in res:
print('Validate OK. Continue.', file=logfp)
else:
print('Validate not OK. Exit!', file=logfp)
sys.exit(1)
print('Waiting for the 30 sec to validation commit to complete...',
file=logfp)
#TODO: pan xapiden donulen degere gore beklemeli sonsuz
time.sleep(30)
else:
print(options['version'], "icin validate kodu eklenecek", logfp)
#commit safhasi
cmd = "<commit></commit>"
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print('Commit gonderildi!', file=logfp)
def palo_commit(xapi, xpath, element, logfp):
try:
xapi.edit(xpath=xpath,
element=element)
except pan.xapi.PanXapiError as msg:
print('edit:', msg, file=logfp)
sys.exit(1)
#validate safhasi
if options['version'] == 6:
c = pan.commit.PanCommit(force=False,
commit_all=False,
merge_with_candidate=False)
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': False,
'interval': None,
'timeout': None,
}
action = 'commit'
xapi.commit(**kwargs)
res = print_status(xapi, action)
if "success" in res:
print('Validate OK. Continue.', file=logfp)
else:
print('Validate not OK. Exit!', file=logfp)
sys.exit(1)
print('Waiting for the 30 sec to validation commit to complete...', file=logfp)
#TODO: pan xapiden donulen degere gore beklemeli sonsuz
time.sleep(30)
else:
print(options['version'], "icin validate kodu eklenecek", logfp)
#commit safhasi
cmd = "<commit></commit>"
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print('Commit gonderildi!', file=logfp)
def add_dhcp_if(xapi, if_name, zone_name, create_default_route):
if_xml = [
'<entry name="%s">', '<layer3>', '<dhcp-client>',
'<create-default-route>%s</create-default-route>', '</dhcp-client>'
'</layer3>'
'</entry>'
]
cdr = 'yes'
if not create_default_route:
cdr = 'no'
if_xml = (''.join(if_xml)) % (if_name, cdr)
xapi.edit(xpath=_IF_XPATH % if_name, element=if_xml)
xapi.set(xpath=_ZONE_XPATH + "[@name='%s']/network/layer3" % zone_name,
element='<member>%s</member>' % if_name)
xapi.set(xpath=_VR_XPATH + "[@name='default']/interface",
element='<member>%s</member>' % if_name)
return True
def set_dns_server(xapi, new_dns_server, primary=True):
if primary:
tag = "primary"
else:
tag = "secondary"
xpath = _XPATH_DNS_SERVERS + "/" + tag
# check the current element value
xapi.get(xpath)
val = xapi.element_root.find(".//" + tag)
if val is not None:
# element exists
val = val.text
if val == new_dns_server:
return False
element = "<%(tag)s>%(value)s</%(tag)s>" %\
dict(tag=tag, value=new_dns_server)
xapi.edit(xpath, element)
return True
def set_dns_server(xapi, new_dns_server, primary=True):
if primary:
tag = "primary"
else:
tag = "secondary"
xpath = _XPATH_DNS_SERVERS + "/" + tag
# check the current element value
xapi.get(xpath)
val = xapi.element_root.find(".//" + tag)
if val is not None:
# element exists
val = val.text
if val == new_dns_server:
return False
element = "<%(tag)s>%(value)s</%(tag)s>" %\
dict(tag=tag, value=new_dns_server)
xapi.edit(xpath, element)
return True
def add_dhcp_if(xapi, if_name, zone_name, create_default_route):
if_xml = [
'<entry name="%s">',
'<layer3>',
'<dhcp-client>',
'<create-default-route>%s</create-default-route>',
'</dhcp-client>'
'</layer3>'
'</entry>'
]
cdr = 'yes'
if not create_default_route:
cdr = 'no'
if_xml = (''.join(if_xml)) % (if_name, cdr)
xapi.edit(xpath=_IF_XPATH % if_name, element=if_xml)
xapi.set(xpath=_ZONE_XPATH + "[@name='%s']/network/layer3" % zone_name,
element='<member>%s</member>' % if_name)
xapi.set(xpath=_VR_XPATH + "[@name='default']/interface",
element='<member>%s</member>' % if_name)
return True
def add_if(xapi, if_name, if_type, if_address, vr_name, zone_name,
create_default_route):
if_xml = ['<entry name="%s">', '<layer3>', '%s', '</layer3>', '</entry>']
if (if_type == "dhcp"):
cdr = 'yes'
if not create_default_route:
cdr = 'no'
if_ip = '<dhcp-client><create-default-route>' + cdr + '</create-default-route></dhcp-client>'
elif (if_type == "static"):
if_ip = '<ip><entry name="' + if_address + '"/></ip>'
else:
return False
if_xml = (''.join(if_xml)) % (if_name, if_ip)
xapi.edit(xpath=_IF_XPATH % if_name, element=if_xml)
xapi.set(xpath=_ZONE_XPATH + "[@name='%s']/network/layer3" % zone_name,
element='<member>%s</member>' % if_name)
xapi.set(xpath=_VR_XPATH + "[@name='" + vr_name + "']/interface",
element='<member>%s</member>' % if_name)
return True
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.xapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.xapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.xapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
if options['cafile'] or options['capath']:
ssl_context = create_ssl_context(options['cafile'], options['capath'])
else:
ssl_context = None
try:
xapi = pan.xapi.PanXapi(timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
ssl_context=ssl_context)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr)
extra_qs_used = False
try:
if options['keygen']:
action = 'keygen'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.keygen(extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if (options['api_username'] and options['api_password']
and options['hostname'] and options['tag']):
# .panrc
d = datetime.now()
print('# %s generated: %s' % (os.path.basename(
sys.argv[0]), d.strftime('%Y/%m/%d %H:%M:%S')))
print('hostname%%%s=%s' %
(options['tag'], options['hostname']))
print('api_key%%%s=%s' % (options['tag'], xapi.api_key))
else:
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.edit(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.set(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.rename(xpath=options['xpath'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.override(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
if options['ad_hoc'] is not None:
extra_qs_used = True
if options['pcapid'] is not None:
xapi.export(category=options['export'],
pcapid=options['pcapid'],
search_time=options['stime'],
serialno=options['serial'],
extra_qs=options['ad_hoc'])
else:
xapi.export(category=options['export'],
from_name=options['src'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options['export'])
save_attachment(xapi, options)
if options['log'] is not None:
action = 'log'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if not extra_qs_used and options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, str(msg))
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
def main():
try:
signal.signal(signal.SIGPIPE, signal.SIG_DFL)
except AttributeError:
# Windows
pass
set_encoding()
options = parse_opts()
if options['debug']:
logger = logging.getLogger()
if options['debug'] == 3:
logger.setLevel(pan.xapi.DEBUG3)
elif options['debug'] == 2:
logger.setLevel(pan.xapi.DEBUG2)
elif options['debug'] == 1:
logger.setLevel(pan.xapi.DEBUG1)
# log_format = '%(levelname)s %(name)s %(message)s'
log_format = '%(message)s'
handler = logging.StreamHandler()
formatter = logging.Formatter(log_format)
handler.setFormatter(formatter)
logger.addHandler(handler)
if options['cafile'] or options['capath']:
ssl_context = create_ssl_context(options['cafile'],
options['capath'])
else:
ssl_context = None
try:
xapi = pan.xapi.PanXapi(timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
ssl_context=ssl_context)
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===',
sep='', file=sys.stderr)
extra_qs_used = False
try:
if options['keygen']:
action = 'keygen'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.keygen(extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.show(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.get(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.delete(xpath=options['xpath'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.edit(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.set(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.rename(xpath=options['xpath'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.override(xpath=options['xpath'],
element=options['element'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
if options['ad_hoc'] is not None:
extra_qs_used = True
if options['pcapid'] is not None:
xapi.export(category=options['export'],
pcapid=options['pcapid'],
search_time=options['stime'],
serialno=options['serial'],
extra_qs=options['ad_hoc'])
else:
xapi.export(category=options['export'],
from_name=options['src'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options['export'])
save_attachment(xapi, options)
if options['log'] is not None:
action = 'log'
if options['ad_hoc'] is not None:
extra_qs_used = True
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'],
extra_qs=options['ad_hoc'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=
options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['ad_hoc'] is not None:
extra_qs_used = True
kwargs['extra_qs'] = options['ad_hoc']
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if not extra_qs_used and options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, msg)
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
def main():
set_encoding()
options = parse_opts()
try:
xapi = pan.xapi.PanXapi(debug=options['debug'],
timeout=options['timeout'],
tag=options['tag'],
use_http=options['use_http'],
use_get=options['use_get'],
api_username=options['api_username'],
api_password=options['api_password'],
api_key=options['api_key'],
hostname=options['hostname'],
port=options['port'],
serial=options['serial'],
cafile=options['cafile'],
capath=options['capath'])
except pan.xapi.PanXapiError as msg:
print('pan.xapi.PanXapi:', msg, file=sys.stderr)
sys.exit(1)
if options['debug'] > 2:
print('xapi.__str__()===>\n', xapi, '\n<===',
sep='', file=sys.stderr)
try:
if options['ad_hoc'] is not None:
action = 'ad_hoc'
xapi.ad_hoc(qs=options['ad_hoc'],
xpath=options['xpath'],
modify_qs=options['modify'])
print_status(xapi, action)
print_response(xapi, options)
if options['keygen']:
action = 'keygen'
xapi.keygen()
print_status(xapi, action)
print_response(xapi, options)
print('API key: "%s"' % xapi.api_key)
if options['show']:
action = 'show'
xapi.show(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['get']:
action = 'get'
xapi.get(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['delete']:
action = 'delete'
xapi.delete(xpath=options['xpath'])
print_status(xapi, action)
print_response(xapi, options)
if options['edit']:
action = 'edit'
xapi.edit(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['set']:
action = 'set'
xapi.set(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['dynamic-update']:
action = 'dynamic-update'
kwargs = {
'cmd': options['cmd'],
}
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if options['move'] is not None:
action = 'move'
xapi.move(xpath=options['xpath'],
where=options['move'],
dst=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['rename']:
action = 'rename'
xapi.rename(xpath=options['xpath'],
newname=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['clone']:
action = 'clone'
xapi.clone(xpath=options['xpath'],
xpath_from=options['src'],
newname=options['dst'])
print_status(xapi, action)
print_response(xapi, options)
if options['override']:
action = 'override'
xapi.override(xpath=options['xpath'],
element=options['element'])
print_status(xapi, action)
print_response(xapi, options)
if options['export'] is not None:
action = 'export'
xapi.export(category=options['export'],
from_name=options['src'])
print_status(xapi, action)
print_response(xapi, options)
if options['pcap_listing']:
pcap_listing(xapi, options)
save_pcap(xapi, options)
if options['log'] is not None:
action = 'log'
xapi.log(log_type=options['log'],
nlogs=options['nlogs'],
skip=options['skip'],
filter=options['filter'],
interval=options['interval'],
timeout=options['job_timeout'])
print_status(xapi, action)
print_response(xapi, options)
if options['op'] is not None:
action = 'op'
kwargs = {
'cmd': options['op'],
'cmd_xml': options['cmd_xml'],
}
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
if (options['commit'] or options['commit_all']):
if options['cmd']:
cmd = options['cmd']
if options['cmd_xml']:
cmd = xapi.cmd_xml(cmd)
else:
c = pan.commit.PanCommit(debug=options['debug'],
validate=options['validate'],
force=options['force'],
commit_all=options['commit_all'],
merge_with_candidate=
options['merge'])
for part in options['partial']:
if part == 'device-and-network-excluded':
c.device_and_network_excluded()
elif part == 'policy-and-objects-excluded':
c.policy_and_objects_excluded()
elif part == 'shared-object-excluded':
c.shared_object_excluded()
elif part == 'no-vsys':
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
if options['serial'] is not None:
c.device(options['serial'])
if options['group'] is not None:
c.device_group(options['group'])
if options['commit_all'] and options['vsys']:
c.vsys(options['vsys'][0])
cmd = c.cmd()
kwargs = {
'cmd': cmd,
'sync': options['sync'],
'interval': options['interval'],
'timeout': options['job_timeout'],
}
if options['commit_all']:
kwargs['action'] = 'all'
action = 'commit'
xapi.commit(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
except pan.xapi.PanXapiError as msg:
print_status(xapi, action, msg)
print_response(xapi, options)
sys.exit(1)
sys.exit(0)
</register>
</payload>
</uid-message>
'''
xmlFh.write(xmlString)
DAG_POST_XML_PATH = 'https://' + PA_HOST + '/api/?type=user-id&action=set&key=' + PA_API_KEY + '=&file-name=' + DAG_XML_FNAME + '&client=PANTool'
sys.exit(1)
try:
xapi = pan.xapi.PanXapi(api_key=PA_API_KEY, hostname=PA_HOST)
except pan.xapi.PanXapiError as msg:
print('edit: ' + msg)
sys.exit(1)
xpath = "/config/devices/entry/vsys/entry/rulebase/security/rules/"
xpath += "entry[@name='api_delete_rule']/disabled"
element = "<disabled>yes</disabled>"
try:
xapi.edit(xpath=xpath, element=element)
except pan.xapi.PanXapiError as msg:
print('edit: ' + msg)
sys.exit(1)
print('policy disabled')
