def export_text(module, xapi, category, filename): xapi.export(category=category) f = None try: f = open(filename, 'w') except IOError as msg: module.fail_json(msg=msg) else: if category == 'configuration': f.write(xapi.xml_root()) elif category in HTML_EXPORTS: f.write(xapi.text_document) f.close()
def export_binary(module, xapi, category, filename): f = None xapi.export(category=category) try: f = open(filename, "wb") except IOError as msg: module.fail_json(msg=msg) else: content = xapi.export_result["content"] if content is not None: f.write(content) f.close()
def export_async(module, xapi, category, filename, interval=60, timeout=600): # Submit job, get resulting job id xapi.export(category=category) job_result = ET.fromstring(xapi.xml_root()) job_id = None if job_result.find('.//job') is not None: job_id = job_result.find('.//job').text end_time = time.time() + timeout while True: # Check job progress xapi.export(category=category, extra_qs={ 'action': 'status', 'job-id': job_id }) poll_result = ET.fromstring(xapi.xml_root()) status = poll_result.find('.//status') if status.text == "FIN": break if time.time() > end_time: module.fail_json(msg='Timeout') time.sleep(interval) # Get completed job xapi.export(category=category, extra_qs={ 'action': 'get', 'job-id': job_id }) export_binary(module, xapi, filename)
def main(): try: signal.signal(signal.SIGPIPE, signal.SIG_DFL) except AttributeError: # Windows pass set_encoding() options = parse_opts() if options['debug']: logger = logging.getLogger() if options['debug'] == 3: logger.setLevel(pan.xapi.DEBUG3) elif options['debug'] == 2: logger.setLevel(pan.xapi.DEBUG2) elif options['debug'] == 1: logger.setLevel(pan.xapi.DEBUG1) # log_format = '%(levelname)s %(name)s %(message)s' log_format = '%(message)s' handler = logging.StreamHandler() formatter = logging.Formatter(log_format) handler.setFormatter(formatter) logger.addHandler(handler) if options['cafile'] or options['capath']: ssl_context = create_ssl_context(options['cafile'], options['capath']) else: ssl_context = None try: xapi = pan.xapi.PanXapi(timeout=options['timeout'], tag=options['tag'], use_http=options['use_http'], use_get=options['use_get'], api_username=options['api_username'], api_password=options['api_password'], api_key=options['api_key'], hostname=options['hostname'], port=options['port'], serial=options['serial'], ssl_context=ssl_context) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) if options['debug'] > 2: print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr) extra_qs_used = False try: if options['keygen']: action = 'keygen' if options['ad_hoc'] is not None: extra_qs_used = True xapi.keygen(extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if (options['api_username'] and options['api_password'] and options['hostname'] and options['tag']): # .panrc d = datetime.now() print('# %s generated: %s' % (os.path.basename( sys.argv[0]), d.strftime('%Y/%m/%d %H:%M:%S'))) print('hostname%%%s=%s' % (options['tag'], options['hostname'])) print('api_key%%%s=%s' % (options['tag'], xapi.api_key)) else: print('API key: "%s"' % xapi.api_key) if options['show']: action = 'show' if options['ad_hoc'] is not None: extra_qs_used = True xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['get']: action = 'get' if options['ad_hoc'] is not None: extra_qs_used = True xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['delete']: action = 'delete' if options['ad_hoc'] is not None: extra_qs_used = True xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['edit']: action = 'edit' if options['ad_hoc'] is not None: extra_qs_used = True xapi.edit(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['set']: action = 'set' if options['ad_hoc'] is not None: extra_qs_used = True xapi.set(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['dynamic-update']: action = 'dynamic-update' kwargs = { 'cmd': options['cmd'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.user_id(**kwargs) print_status(xapi, action) print_response(xapi, options) if options['move'] is not None: action = 'move' if options['ad_hoc'] is not None: extra_qs_used = True xapi.move(xpath=options['xpath'], where=options['move'], dst=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['rename']: action = 'rename' if options['ad_hoc'] is not None: extra_qs_used = True xapi.rename(xpath=options['xpath'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['clone']: action = 'clone' if options['ad_hoc'] is not None: extra_qs_used = True xapi.clone(xpath=options['xpath'], xpath_from=options['src'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['override']: action = 'override' if options['ad_hoc'] is not None: extra_qs_used = True xapi.override(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['export'] is not None: action = 'export' if options['ad_hoc'] is not None: extra_qs_used = True if options['pcapid'] is not None: xapi.export(category=options['export'], pcapid=options['pcapid'], search_time=options['stime'], serialno=options['serial'], extra_qs=options['ad_hoc']) else: xapi.export(category=options['export'], from_name=options['src'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['pcap_listing']: pcap_listing(xapi, options['export']) save_attachment(xapi, options) if options['log'] is not None: action = 'log' if options['ad_hoc'] is not None: extra_qs_used = True xapi.log(log_type=options['log'], nlogs=options['nlogs'], skip=options['skip'], filter=options['filter'], interval=options['interval'], timeout=options['job_timeout'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['op'] is not None: action = 'op' kwargs = { 'cmd': options['op'], 'cmd_xml': options['cmd_xml'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.op(**kwargs) print_status(xapi, action) print_response(xapi, options) if (options['commit'] or options['commit_all']): if options['cmd']: cmd = options['cmd'] if options['cmd_xml']: cmd = xapi.cmd_xml(cmd) else: c = pan.commit.PanCommit(validate=options['validate'], force=options['force'], commit_all=options['commit_all'], merge_with_candidate=options['merge']) for part in options['partial']: if part == 'device-and-network-excluded': c.device_and_network_excluded() elif part == 'policy-and-objects-excluded': c.policy_and_objects_excluded() elif part == 'shared-object-excluded': c.shared_object_excluded() elif part == 'no-vsys': c.no_vsys() elif part == 'vsys': c.vsys(options['vsys']) if options['serial'] is not None: c.device(options['serial']) if options['group'] is not None: c.device_group(options['group']) if options['commit_all'] and options['vsys']: c.vsys(options['vsys'][0]) cmd = c.cmd() kwargs = { 'cmd': cmd, 'sync': options['sync'], 'interval': options['interval'], 'timeout': options['job_timeout'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if options['commit_all']: kwargs['action'] = 'all' action = 'commit' xapi.commit(**kwargs) print_status(xapi, action) print_response(xapi, options) if not extra_qs_used and options['ad_hoc'] is not None: action = 'ad_hoc' xapi.ad_hoc(qs=options['ad_hoc'], xpath=options['xpath'], modify_qs=options['modify']) print_status(xapi, action) print_response(xapi, options) except pan.xapi.PanXapiError as msg: print_status(xapi, action, str(msg)) print_response(xapi, options) sys.exit(1) sys.exit(0)
def main(): try: signal.signal(signal.SIGPIPE, signal.SIG_DFL) except AttributeError: # Windows pass set_encoding() options = parse_opts() if options['debug']: logger = logging.getLogger() if options['debug'] == 3: logger.setLevel(pan.xapi.DEBUG3) elif options['debug'] == 2: logger.setLevel(pan.xapi.DEBUG2) elif options['debug'] == 1: logger.setLevel(pan.xapi.DEBUG1) # log_format = '%(levelname)s %(name)s %(message)s' log_format = '%(message)s' handler = logging.StreamHandler() formatter = logging.Formatter(log_format) handler.setFormatter(formatter) logger.addHandler(handler) if options['cafile'] or options['capath']: ssl_context = create_ssl_context(options['cafile'], options['capath']) else: ssl_context = None try: xapi = pan.xapi.PanXapi(timeout=options['timeout'], tag=options['tag'], use_http=options['use_http'], use_get=options['use_get'], api_username=options['api_username'], api_password=options['api_password'], api_key=options['api_key'], hostname=options['hostname'], port=options['port'], serial=options['serial'], ssl_context=ssl_context) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) if options['debug'] > 2: print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr) extra_qs_used = False try: if options['keygen']: action = 'keygen' if options['ad_hoc'] is not None: extra_qs_used = True xapi.keygen(extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) print('API key: "%s"' % xapi.api_key) if options['show']: action = 'show' if options['ad_hoc'] is not None: extra_qs_used = True xapi.show(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['get']: action = 'get' if options['ad_hoc'] is not None: extra_qs_used = True xapi.get(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['delete']: action = 'delete' if options['ad_hoc'] is not None: extra_qs_used = True xapi.delete(xpath=options['xpath'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['edit']: action = 'edit' if options['ad_hoc'] is not None: extra_qs_used = True xapi.edit(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['set']: action = 'set' if options['ad_hoc'] is not None: extra_qs_used = True xapi.set(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['dynamic-update']: action = 'dynamic-update' kwargs = { 'cmd': options['cmd'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.user_id(**kwargs) print_status(xapi, action) print_response(xapi, options) if options['move'] is not None: action = 'move' if options['ad_hoc'] is not None: extra_qs_used = True xapi.move(xpath=options['xpath'], where=options['move'], dst=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['rename']: action = 'rename' if options['ad_hoc'] is not None: extra_qs_used = True xapi.rename(xpath=options['xpath'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['clone']: action = 'clone' if options['ad_hoc'] is not None: extra_qs_used = True xapi.clone(xpath=options['xpath'], xpath_from=options['src'], newname=options['dst'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['override']: action = 'override' if options['ad_hoc'] is not None: extra_qs_used = True xapi.override(xpath=options['xpath'], element=options['element'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['export'] is not None: action = 'export' if options['ad_hoc'] is not None: extra_qs_used = True if options['pcapid'] is not None: xapi.export(category=options['export'], pcapid=options['pcapid'], search_time=options['stime'], serialno=options['serial'], extra_qs=options['ad_hoc']) else: xapi.export(category=options['export'], from_name=options['src'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['pcap_listing']: pcap_listing(xapi, options['export']) save_attachment(xapi, options) if options['log'] is not None: action = 'log' if options['ad_hoc'] is not None: extra_qs_used = True xapi.log(log_type=options['log'], nlogs=options['nlogs'], skip=options['skip'], filter=options['filter'], interval=options['interval'], timeout=options['job_timeout'], extra_qs=options['ad_hoc']) print_status(xapi, action) print_response(xapi, options) if options['op'] is not None: action = 'op' kwargs = { 'cmd': options['op'], 'cmd_xml': options['cmd_xml'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.op(**kwargs) print_status(xapi, action) print_response(xapi, options) if (options['commit'] or options['commit_all']): if options['cmd']: cmd = options['cmd'] if options['cmd_xml']: cmd = xapi.cmd_xml(cmd) else: c = pan.commit.PanCommit(validate=options['validate'], force=options['force'], commit_all=options['commit_all'], merge_with_candidate= options['merge']) for part in options['partial']: if part == 'device-and-network-excluded': c.device_and_network_excluded() elif part == 'policy-and-objects-excluded': c.policy_and_objects_excluded() elif part == 'shared-object-excluded': c.shared_object_excluded() elif part == 'no-vsys': c.no_vsys() elif part == 'vsys': c.vsys(options['vsys']) if options['serial'] is not None: c.device(options['serial']) if options['group'] is not None: c.device_group(options['group']) if options['commit_all'] and options['vsys']: c.vsys(options['vsys'][0]) cmd = c.cmd() kwargs = { 'cmd': cmd, 'sync': options['sync'], 'interval': options['interval'], 'timeout': options['job_timeout'], } if options['ad_hoc'] is not None: extra_qs_used = True kwargs['extra_qs'] = options['ad_hoc'] if options['commit_all']: kwargs['action'] = 'all' action = 'commit' xapi.commit(**kwargs) print_status(xapi, action) print_response(xapi, options) if not extra_qs_used and options['ad_hoc'] is not None: action = 'ad_hoc' xapi.ad_hoc(qs=options['ad_hoc'], xpath=options['xpath'], modify_qs=options['modify']) print_status(xapi, action) print_response(xapi, options) except pan.xapi.PanXapiError as msg: print_status(xapi, action, msg) print_response(xapi, options) sys.exit(1) sys.exit(0)
def main(): helper = get_connection( with_classic_provider_spec=True, argument_spec=dict( category=dict( default='configuration', choices=sorted(['configuration', 'certificate'] + HTML_EXPORTS + FILE_EXPORTS + [ 'application-pcap', 'filter-pcap', 'dlp-pcap', 'threat-pcap' ]), ), filename=dict(type='str'), certificate_name=dict(type='str'), certificate_format=dict(type='str', choices=['pem', 'pkcs10', 'pkcs12']), certificate_include_keys=dict(type='bool', default=False), certificate_passphrase=dict(type='str', no_log=True), application_pcap_name=dict(type='str'), dlp_pcap_name=dict(type='str'), dlp_password=dict(type='str', no_log=True), filter_pcap_name=dict(type='str'), threat_pcap_id=dict(type='str'), threat_pcap_search_time=dict(type='str'), threat_pcap_serial=dict(type='str'), timeout=dict(type='int', default=600), ), ) module = AnsibleModule(argument_spec=helper.argument_spec, supports_check_mode=False, required_one_of=helper.required_one_of, required_together=[ ['certificate_name', 'certificate_format'], ['dlp_pcap_name', 'dlp_password'], ]) if not HAS_LIB: module.fail_json( msg= 'pan-python, pandevice, and xmltodict are required for this module' ) category = module.params['category'] filename = module.params['filename'] timeout = module.params['timeout'] parent = helper.get_pandevice_parent(module) xapi = parent.xapi if category in (['configuration'] + HTML_EXPORTS): if filename is None: module.fail_json(msg='filename is required for export') export_text(module, xapi, category, filename) elif category in FILE_EXPORTS: if filename is None: module.fail_json(msg='filename is required for export') if category == 'stats-dump' and isinstance(parent, Panorama): module.fail_json(msg='stats-dump is not supported on Panorama') export_async(module, xapi, category, filename, timeout=timeout) elif category == 'certificate': if filename is None: module.fail_json(msg='filename is required for export') cert_name = module.params['certificate_name'] cert_format = module.params['certificate_format'] cert_include_keys = 'yes' if module.params[ 'certificate_include_keys'] else 'no' cert_passphrase = module.params['certificate_passphrase'] params = { 'certificate-name': cert_name, 'format': cert_format, 'include-key': cert_include_keys } if cert_include_keys == 'yes' and cert_passphrase is None: module.exit_json( msg= 'certificate_passphrase is required when certificate_include_keys is yes' ) if cert_passphrase is not None: params['passphrase'] = cert_passphrase xapi.export(category='certificate', extra_qs=params) export_binary(module, xapi, filename) elif category == 'application-pcap': # When exporting an application pcap, from_name can be: # - nothing, which gets you a list of directories # - a directory name, which gets you a list of pcaps in that directory # - a filename, which gets you the pcap file from_name = module.params['application_pcap_name'] xapi.export(category='application-pcap', from_name=from_name) if from_name is None or '.pcap' not in from_name: xml_result = xapi.xml_result() obj_dict = xmltodict.parse(xml_result) json_output = json.dumps(obj_dict) module.exit_json(changed=False, stdout=json_output, stdout_xml=xml_result) else: if filename is None: module.fail_json(msg='filename is required for export') export_binary(module, xapi, filename) elif category == 'filter-pcap': # When exporting a filter pcap, from_name can be: # - nothing, which gets you a list of files # - a filename, which gets you the pcap file from_name = module.params['filter_pcap_name'] xapi.export(category='filter-pcap', from_name=from_name) if from_name is None: xml_result = xapi.xml_result() obj_dict = xmltodict.parse(xml_result) json_output = json.dumps(obj_dict) module.exit_json(changed=False, stdout=json_output, stdout_xml=xml_result) else: if filename is None: module.fail_json(msg='filename is required for export') export_binary(module, xapi, filename) elif category == 'dlp-pcap': from_name = module.params['dlp_pcap_name'] dlp_password = module.params['dlp_password'] xapi.export(category='dlp-pcap', from_name=from_name, extra_qs={'dlp-password': dlp_password}) # When exporting a dlp pcap, from_name can be: # - nothing, which gets you a list of files # - a filename, which gets you the pcap file if from_name is None: xml_result = xapi.xml_result() obj_dict = xmltodict.parse(xml_result) json_output = json.dumps(obj_dict) module.exit_json(changed=False, stdout=json_output, stdout_xml=xml_result) else: if filename is None: module.fail_json(msg='filename is required for export') export_binary(module, xapi, filename) elif category == 'threat-pcap': if filename is None: module.fail_json(msg='filename is required for export') pcap_id = module.params['threat_pcap_id'] search_time = module.params['threat_pcap_search_time'] # pan-python says serial number is not required on certain PAN-OS releases (not required on 9.0 or 10.0) serial = module.params['threat_pcap_serial'] if isinstance(parent, Panorama) and serial is None: module.fail_json( msg='threat_pcap_serial is required when connecting to Panorama' ) xapi.export(category='threat-pcap', pcapid=pcap_id, search_time=search_time, serialno=serial) export_binary(module, xapi, filename) module.exit_json(changed=False)
def main(): helper = get_connection( with_classic_provider_spec=True, argument_spec=dict( category=dict( default="configuration", choices=sorted(["configuration", "certificate"] + HTML_EXPORTS + FILE_EXPORTS + ["device-state"] + [ "application-pcap", "filter-pcap", "dlp-pcap", "threat-pcap" ]), ), filename=dict(type="str"), certificate_name=dict(type="str"), certificate_format=dict(type="str", choices=["pem", "pkcs10", "pkcs12"]), certificate_include_keys=dict(type="bool", default=False), certificate_passphrase=dict(type="str", no_log=True), application_pcap_name=dict(type="str"), dlp_pcap_name=dict(type="str"), dlp_password=dict(type="str", no_log=True), filter_pcap_name=dict(type="str"), threat_pcap_id=dict(type="str"), threat_pcap_search_time=dict(type="str"), threat_pcap_serial=dict(type="str"), timeout=dict(type="int", default=600), ), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=False, required_one_of=helper.required_one_of, required_together=[ ["certificate_name", "certificate_format"], ["dlp_pcap_name", "dlp_password"], ], ) if not HAS_LIB: module.fail_json( msg= "pan-python, pandevice, and xmltodict are required for this module" ) category = module.params["category"] filename = module.params["filename"] timeout = module.params["timeout"] parent = helper.get_pandevice_parent(module) xapi = parent.xapi if category in (["configuration"] + HTML_EXPORTS): if filename is None: module.fail_json(msg="filename is required for export") export_text(module, xapi, category, filename) elif category in FILE_EXPORTS: if filename is None: module.fail_json(msg="filename is required for export") if category == "stats-dump" and isinstance(parent, Panorama): module.fail_json(msg="stats-dump is not supported on Panorama") export_async(module, xapi, category, filename, timeout=timeout) elif category == "device-state": if filename is None: module.fail_json(msg="filename is required for export") export_binary(module, xapi, category, filename) elif category == "certificate": if filename is None: module.fail_json(msg="filename is required for export") cert_name = module.params["certificate_name"] cert_format = module.params["certificate_format"] cert_include_keys = "yes" if module.params[ "certificate_include_keys"] else "no" cert_passphrase = module.params["certificate_passphrase"] params = { "certificate-name": cert_name, "format": cert_format, "include-key": cert_include_keys, } if cert_include_keys == "yes" and cert_passphrase is None: module.exit_json( msg= "certificate_passphrase is required when certificate_include_keys is yes" ) if cert_passphrase is not None: params["passphrase"] = cert_passphrase xapi.export(category="certificate", extra_qs=params) export_binary(module, xapi, filename) elif category == "application-pcap": # When exporting an application pcap, from_name can be: # - nothing, which gets you a list of directories # - a directory name, which gets you a list of pcaps in that directory # - a filename, which gets you the pcap file from_name = module.params["application_pcap_name"] xapi.export(category="application-pcap", from_name=from_name) if from_name is None or ".pcap" not in from_name: xml_result = xapi.xml_result() obj_dict = xmltodict.parse(xml_result) json_output = json.dumps(obj_dict) module.exit_json(changed=False, stdout=json_output, stdout_xml=xml_result) else: if filename is None: module.fail_json(msg="filename is required for export") export_binary(module, xapi, filename) elif category == "filter-pcap": # When exporting a filter pcap, from_name can be: # - nothing, which gets you a list of files # - a filename, which gets you the pcap file from_name = module.params["filter_pcap_name"] xapi.export(category="filter-pcap", from_name=from_name) if from_name is None: xml_result = xapi.xml_result() obj_dict = xmltodict.parse(xml_result) json_output = json.dumps(obj_dict) module.exit_json(changed=False, stdout=json_output, stdout_xml=xml_result) else: if filename is None: module.fail_json(msg="filename is required for export") export_binary(module, xapi, filename) elif category == "dlp-pcap": from_name = module.params["dlp_pcap_name"] dlp_password = module.params["dlp_password"] xapi.export( category="dlp-pcap", from_name=from_name, extra_qs={"dlp-password": dlp_password}, ) # When exporting a dlp pcap, from_name can be: # - nothing, which gets you a list of files # - a filename, which gets you the pcap file if from_name is None: xml_result = xapi.xml_result() obj_dict = xmltodict.parse(xml_result) json_output = json.dumps(obj_dict) module.exit_json(changed=False, stdout=json_output, stdout_xml=xml_result) else: if filename is None: module.fail_json(msg="filename is required for export") export_binary(module, xapi, filename) elif category == "threat-pcap": if filename is None: module.fail_json(msg="filename is required for export") pcap_id = module.params["threat_pcap_id"] search_time = module.params["threat_pcap_search_time"] # pan-python says serial number is not required on certain PAN-OS releases (not required on 9.0 or 10.0) serial = module.params["threat_pcap_serial"] if isinstance(parent, Panorama) and serial is None: module.fail_json( msg="threat_pcap_serial is required when connecting to Panorama" ) xapi.export( category="threat-pcap", pcapid=pcap_id, search_time=search_time, serialno=serial, ) export_binary(module, xapi, filename) module.exit_json(changed=False)
def main(): set_encoding() options = parse_opts() try: xapi = pan.xapi.PanXapi(debug=options['debug'], timeout=options['timeout'], tag=options['tag'], use_http=options['use_http'], use_get=options['use_get'], api_username=options['api_username'], api_password=options['api_password'], api_key=options['api_key'], hostname=options['hostname'], port=options['port'], serial=options['serial'], cafile=options['cafile'], capath=options['capath']) except pan.xapi.PanXapiError as msg: print('pan.xapi.PanXapi:', msg, file=sys.stderr) sys.exit(1) if options['debug'] > 2: print('xapi.__str__()===>\n', xapi, '\n<===', sep='', file=sys.stderr) try: if options['ad_hoc'] is not None: action = 'ad_hoc' xapi.ad_hoc(qs=options['ad_hoc'], xpath=options['xpath'], modify_qs=options['modify']) print_status(xapi, action) print_response(xapi, options) if options['keygen']: action = 'keygen' xapi.keygen() print_status(xapi, action) print_response(xapi, options) print('API key: "%s"' % xapi.api_key) if options['show']: action = 'show' xapi.show(xpath=options['xpath']) print_status(xapi, action) print_response(xapi, options) if options['get']: action = 'get' xapi.get(xpath=options['xpath']) print_status(xapi, action) print_response(xapi, options) if options['delete']: action = 'delete' xapi.delete(xpath=options['xpath']) print_status(xapi, action) print_response(xapi, options) if options['edit']: action = 'edit' xapi.edit(xpath=options['xpath'], element=options['element']) print_status(xapi, action) print_response(xapi, options) if options['set']: action = 'set' xapi.set(xpath=options['xpath'], element=options['element']) print_status(xapi, action) print_response(xapi, options) if options['dynamic-update']: action = 'dynamic-update' kwargs = { 'cmd': options['cmd'], } if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.user_id(**kwargs) print_status(xapi, action) print_response(xapi, options) if options['move'] is not None: action = 'move' xapi.move(xpath=options['xpath'], where=options['move'], dst=options['dst']) print_status(xapi, action) print_response(xapi, options) if options['rename']: action = 'rename' xapi.rename(xpath=options['xpath'], newname=options['dst']) print_status(xapi, action) print_response(xapi, options) if options['clone']: action = 'clone' xapi.clone(xpath=options['xpath'], xpath_from=options['src'], newname=options['dst']) print_status(xapi, action) print_response(xapi, options) if options['override']: action = 'override' xapi.override(xpath=options['xpath'], element=options['element']) print_status(xapi, action) print_response(xapi, options) if options['export'] is not None: action = 'export' xapi.export(category=options['export'], from_name=options['src']) print_status(xapi, action) print_response(xapi, options) if options['pcap_listing']: pcap_listing(xapi, options) save_pcap(xapi, options) if options['log'] is not None: action = 'log' xapi.log(log_type=options['log'], nlogs=options['nlogs'], skip=options['skip'], filter=options['filter'], interval=options['interval'], timeout=options['job_timeout']) print_status(xapi, action) print_response(xapi, options) if options['op'] is not None: action = 'op' kwargs = { 'cmd': options['op'], 'cmd_xml': options['cmd_xml'], } if len(options['vsys']): kwargs['vsys'] = options['vsys'][0] xapi.op(**kwargs) print_status(xapi, action) print_response(xapi, options) if (options['commit'] or options['commit_all']): if options['cmd']: cmd = options['cmd'] if options['cmd_xml']: cmd = xapi.cmd_xml(cmd) else: c = pan.commit.PanCommit(debug=options['debug'], validate=options['validate'], force=options['force'], commit_all=options['commit_all'], merge_with_candidate= options['merge']) for part in options['partial']: if part == 'device-and-network-excluded': c.device_and_network_excluded() elif part == 'policy-and-objects-excluded': c.policy_and_objects_excluded() elif part == 'shared-object-excluded': c.shared_object_excluded() elif part == 'no-vsys': c.no_vsys() elif part == 'vsys': c.vsys(options['vsys']) if options['serial'] is not None: c.device(options['serial']) if options['group'] is not None: c.device_group(options['group']) if options['commit_all'] and options['vsys']: c.vsys(options['vsys'][0]) cmd = c.cmd() kwargs = { 'cmd': cmd, 'sync': options['sync'], 'interval': options['interval'], 'timeout': options['job_timeout'], } if options['commit_all']: kwargs['action'] = 'all' action = 'commit' xapi.commit(**kwargs) print_status(xapi, action) print_response(xapi, options) except pan.xapi.PanXapiError as msg: print_status(xapi, action, msg) print_response(xapi, options) sys.exit(1) sys.exit(0)