Python Panorama примеры использования

Пример #1

Файл: panorama-commit-push.py Проект: djspears/pythonscripts

def main():

    # Get command line arguments
    parser = argparse.ArgumentParser(
        description="Commit and Push an updated Panorama device group configuration"
    )
    parser.add_argument(
        "-v", "--verbose", action="count", help="Verbose (-vv for extra verbose)"
    )
    parser.add_argument("-q", "--quiet", action="store_true", help="No output")

    # Palo Alto Networks related arguments
    fw_group = parser.add_argument_group("Palo Alto Networks Device")
    fw_group.add_argument("hostname", help="Hostname of Panorama")
    fw_group.add_argument("username", help="Username for Panorama")
    fw_group.add_argument("password", help="Password for Panorama")
    fw_group.add_argument("devicegroup", help="DeviceGroup for Panorama")
    args = parser.parse_args()

    # Connects to Panorama.
    pano = panorama.Panorama(args.hostname, args.username, args.password,) # Create a panorama object
    # Performs the commit and device group push
    print("Performing commit...")
    pano.commit(sync_all=True,sync=True)
    print("Done")
    print("Performing device push...")
    pano.commit_all(sync=True,sync_all=True,cmd="<commit-all><shared-policy><device-group><entry name='%s'/></device-group></shared-policy></commit-all>"%(args.devicegroup))
    print("Done")

Пример #2

def test_device_group_xpath_unchanged():
    expected = "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='somegroup']/address/entry[@name='intnet']"
    pano = panorama.Panorama("127.0.0.1")
    dg = panorama.DeviceGroup("somegroup")
    ao = objects.AddressObject("intnet", "192.168.0.0/16")
    pano.add(dg)
    dg.add(ao)

    assert expected == ao.xpath()

Пример #3

def _check(obj, vsys, with_pano, chk_import=False):
    if chk_import:
        func = "xpath_import_base"
    else:
        func = "xpath"
    fw = firewall.Firewall("127.0.0.1", "admin", "admin", serial="01234567890")
    fw.vsys = vsys
    fw.add(obj)

    if with_pano:
        pano = panorama.Panorama("127.0.0.1", "admin2", "admin2")
        pano.add(fw)

    expected = getattr(obj, func)()

    fw.remove(obj)
    fw.vsys = None
    vsys = device.Vsys(vsys or "vsys1")
    fw.add(vsys)
    vsys.add(obj)

    result = getattr(obj, func)()

    assert expected == result

Пример #4

Файл: conftest.py Проект: zacho112/pan-os-python

def init():
    """
    Environment variables:
        PD_USERNAME
        PD_PASSWORD
        PD_PANORAMAS
        PD_FIREWALLS
    """
    global live_devices
    global one_fw_per_version
    global one_device_per_version
    global one_panorama_per_version
    global ha_pairs
    global panorama_fw_combinations

    # Get os.environ stuff to set the live_devices global.
    try:
        username = os.environ["PD_USERNAME"]
        password = os.environ["PD_PASSWORD"]
        panos = os.environ["PD_PANORAMAS"].split()
        fws = os.environ["PD_FIREWALLS"].split()
    except KeyError as e:
        print('NOT RUNNING LIVE TESTS - missing "{0}"'.format(e))
        return

    # Add each panorama to the live_devices.
    for hostname in panos:
        c = panorama.Panorama(hostname, username, password)
        try:
            c.refresh_system_info()
        except Exception as e:
            raise ValueError("Failed to connect to panorama {0}: {1}".format(
                hostname, e))

        # There should only be one panorama per version.
        version = c._version_info
        if version in live_devices:
            raise ValueError("Two panoramas, same version: {0} and {1}".format(
                live_devices[version]["pano"].hostname, hostname))
        live_devices.setdefault(version, {"fws": [], "pano": None})
        live_devices[version]["pano"] = c

    # Add each firewall to the live_devices.
    for hostname in fws:
        c = firewall.Firewall(hostname, username, password)
        try:
            c.refresh_system_info()
        except Exception as e:
            raise ValueError("Failed to connect to firewall {0}: {1}".format(
                hostname, e))

        # Multiple firewalls are allowed per version, but only ever the first
        # two will be used.
        version = c._version_info
        live_devices.setdefault(version, {"fws": [], "pano": None})
        live_devices[version]["fws"].append(c)

    # Set:
    #   one_fw_per_version
    #   one_device_type_per_version
    #   one_panorama_per_version
    for version in live_devices:
        pano = live_devices[version]["pano"]
        fws = live_devices[version]["fws"]
        if fws:
            fw = random.choice(fws)
            one_device_type_per_version.append((fw, desc(fw=version)))
            one_fw_per_version.append((fw, desc(fw=version)))
        if pano is not None:
            one_panorama_per_version.append((pano, desc(pano=version)))
            one_device_type_per_version.append((pano, desc(pano=version)))

    # Set: ha_pairs
    for version in live_devices:
        fws = live_devices[version]["fws"]
        if len(fws) >= 2:
            ha_pairs.append((fws[:2], version))

    # Set panorama_fw_combinations
    for pano_version in live_devices:
        pano = live_devices[pano_version]["pano"]
        if pano is None:
            continue

        for fw_version in live_devices:
            fws = live_devices[fw_version]["fws"]
            if not fws or pano_version < fw_version:
                continue

            fw = random.choice(fws)
            panorama_fw_combinations.append((
                (pano, fw),
                desc(pano_version, fw_version),
            ))

Пример #5

Файл: 8x8-to-panorama.py Проект: gosse/8x8-to-pan

def connect(panoAddress):
  username = input('Username: ' )
  password = getpass.getpass()
  print(panoAddress)
  pano = panorama.Panorama(panoAddress, username, password)
  return pano

Пример #6

Файл: panorama.py Проект: PaloAltoNetworks/ps-regional-2021-aws-labs

from panos import panorama
import os
username = os.environ["panorama_username"]
passw = os.environ["panorama_password"]
hostname = os.environ["panorama_host"]
student_id = os.environ["panorama_student_id"]
# destroy = True
# create = False
pano = panorama.Panorama(hostname=hostname,
                         api_password=passw,
                         api_username=username)


def build_access_domain():
    access_domain_xp = "/config/mgt-config/access-domain/entry[@name='ACD-STUDENT-{}']".format(
        student_id)
    access_domain_e = "<device-groups><member>DG-STUDENT-{}</member></device-groups><templates>" \
                      "<member>TPL-COMMON</member><member>TPL-STUDENT-BASE-{}</member>" \
                      "<member>TPL-STUDENT-STACK-{}</member></templates>" \
                      "<shared-access>write</shared-access>".format(student_id, student_id, student_id)
    pano.xapi.set(xpath=access_domain_xp, element=access_domain_e)


def build_admin_user():
    admin_password = pano.xapi.op(
        'request password-hash password "{}"'.format("student-" + student_id),
        cmd_xml=True)
    r = admin_password
    phash = r.find(".//phash").text
    admin_add_xp = "/config/mgt-config/users/entry[@name='student-{}']".format(
        student_id)

Пример #7

def eastwesthelper(pa_ip, username, password, pa_type, filename=None):
    """
    Main point of entry.
    Connect to PA/Panorama.
    Grab security rules from pa/pan.
    Modify them for intra-zone migration.
    """

    for subnet in settings.EXISTING_TRUST_SUBNET:
        if subnet.endswith("/32"):
            mem.singleip = True

    if pa_type == "panorama":

        # Grab 'start' time
        start = time.perf_counter()

        panfw = panorama.Panorama(pa_ip, username, password)
        # Grab the Device Groups and Template Names, we don't need Template names.
        pa = pa_api.api_lib_pa(pa_ip, username, password, pa_type)
        device_group = get_device_group(pa)
        pre_rulebase = policies.PreRulebase()
        post_rulebase = policies.PostRulebase()
        dg = panorama.DeviceGroup(device_group)
        dg.add(pre_rulebase)
        dg.add(post_rulebase)
        panfw.add(dg)

        # Grab Objects and Rules
        mem.address_object_entries = objects.AddressObject.refreshall(dg, add=False)#,add=False)
        mem.address_group_entries = objects.AddressGroup.refreshall(dg, add=False)#,add=False)

        #Grabbing the Shared address objects and groups..
        shared = panorama.DeviceGroup('shared')
        panfw.add(shared)

        shared_objects = objects.AddressObject.refreshall(shared, add=False)
        mem.address_object_entries += shared_objects
        shared_groups = objects.AddressGroup.refreshall(shared, add=False)
        mem.address_group_entries += shared_groups

        # Add parent DG (like Shared), if used. Ask Chris Evans or me for details.
        if settings.OBJ_PARENT_DEVICE_GROUP:
            parent_dg = panorama.DeviceGroup(settings.OBJ_PARENT_DEVICE_GROUP)
            panfw.add(parent_dg)

            parent_objects = objects.AddressObject.refreshall(parent_dg, add=False)
            mem.address_object_entries += parent_objects
            parent_groups = objects.AddressGroup.refreshall(parent_dg, add=False)
            mem.address_group_entries += parent_groups

        # GRAB PRE/POST RULES
        pre_security_rules = policies.SecurityRule.refreshall(pre_rulebase)#, add=False)
        post_security_rules = policies.SecurityRule.refreshall(post_rulebase)#, add=False)

        # Modify the rules, Pre & Post
        if pre_security_rules:
            eastwest_addnew_zone(pre_security_rules, panfw, pre_rulebase)
        if post_security_rules:
            eastwest_addnew_zone(post_security_rules, panfw, post_rulebase)
            
    elif pa_type == "pa":
        # Grab 'start' time
        start = time.perf_counter()

        panfw = firewall.Firewall(pa_ip, username, password)

        # Grab Rules
        mem.address_object_entries = objects.AddressObject.refreshall(panfw,add=False)
        mem.address_group_entries = objects.AddressGroup.refreshall(panfw,add=False)

        rulebase = policies.Rulebase()
        panfw.add(rulebase)
        security_rules = policies.SecurityRule.refreshall(rulebase)

        # Modify the rules
        if security_rules:
            modified_rules = eastwest_addnew_zone(security_rules, panfw, rulebase)

    # Finished
    end = time.perf_counter()
    runtime = end - start
    print(f"Took {runtime} Seconds.\n")