palo_alto 0.1.2 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d8a6152aa6eb0aa5b5a8ba4e6a31149b45ed06646ac2cbd12907e390ecfc4812
-  data.tar.gz: f1b8cc362bcad0902ddbdbc4eb38db276cabeee8b4cbc9155003f3e86a4b7ca1
+  metadata.gz: e727fd699e499c9c7cdf0f445f1f83dc6b39721595060eb40f8ca686742f76fe
+  data.tar.gz: 538f05942d1bebd82c67c79749cf4cca51c57d3f56d6acbe6c8765eccd0abaca
 SHA512:
-  metadata.gz: 5813d1df939b84e47cb15138d82442f153e24165d0fc9efd50df726922b0f7bb9aa88d7266ec9523d84fe2bd9debae8a840967e4867c3039f04da57f91939037
-  data.tar.gz: '09a3c66024510102688e1fa27dc3b4bebecdab9b3e7511c2fc5669eb6e50ecbad8e2fe82aed5e2b6c8e6da58b9a39c44dbbb93b5c36151927084a3db1d380cae'
+  metadata.gz: 6e02483ec9f3e9860d2a248b043e30f8da48a89c7385feee667fffdea51abfaced43db81a487ba2bdf79b0c396310baf65f0b30c2132a7e1486e9e5ba4fc09f8
+  data.tar.gz: 1be23db7b31ed050c9fea102f2ba3007b916572a0f1b6d9b25e94bc1ebb09b923a6f938bc31c9b165c057cc8af984aa245266de71afb5cb20ac2890b167443d2

data/README.md

@@ -0,0 +1,3 @@
+Works for me :)
+
+You can find examples on how to use this module in the examples/ directory

data/examples/connecttest.rb

@@ -0,0 +1,4 @@
+require 'palo_alto'
+
+xml = PaloAlto::XML.new(host: "panorama-test", port: "443", username: "admin", password: "Admin123!", debug: [:sent, :received, :statistics])
+

data/examples/test_config.rb

@@ -0,0 +1,50 @@
+require 'palo_alto'
+require "byebug"
+
+xml = PaloAlto::XML.new(host: "panorama-test", port: "443", username: "admin", password: "Admin123!", debug: [:sent, :received, :statistics])
+
+#rules=xml.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules.entry{(child(:source).child(:member).text=="VPN_Net_10.1.1.0-24").or(child(:destination).child(:member).text == 'VPN_Net_10.1.1.0-24')}.get_all
+
+rules=xml.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules.entry{}.get_all
+
+pp rules
+pp rules.length
+
+
+
+
+tag_name='vpn:test'
+
+tag = xml.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: dg).tag.entry(name:tag_name).create!
+tag.color = "color23"
+tag.push!
+
+
+
+dg='PLAYGROUND'
+rules=xml.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.entry{}.get_all
+rules.reject!{|rule| rule.api_attributes['loc'] != dg}
+
+pp rules.first.api_attributes # attributes like uuid and loc
+pp rules.first.values()
+
+r = rules.first
+r.tag.member = [tag.name]
+r.group_tag = tag.name
+r.description += "...."
+r.push!
+
+puts r.to_xpath
+r.rename!("Test 1")
+puts r.to_xpath
+pp r.name
+
+exit 0
+
+# create a new template with persisted subclasses
+new_template = xml.config.devices.entry(name:'localhost.localdomain').template.entry(name: 'testtemplate').create!
+new_template.push!
+
+
+
+

data/examples/test_log.rb

@@ -0,0 +1,27 @@
+require 'palo_alto'
+
+xml = PaloAlto::XML.new(host: "panorama-test", port: "443", username: "admin", password: "Admin123!", debug: [:statistics, :warnings, :_sent, :_received])
+
+query = "( full-path contains '/config/devices/entry[@name=\\'localhost.localdomain\\']/device-group/entry[@name=\\'gr\\']/address/entry[@name=\\'Blah_19\\']' )"
+l=xml.log(query: query, log_type: 'config', nlogs: 50, show_detail: true, days: nil)
+
+pp l.count
+x = l.first
+pp x
+
+
+#################
+
+
+
+ritm = 'RITM1234567'
+
+def quote_string(v)
+  "'" + v.to_s.gsub(/'/, "\\\\'") + "'"
+end
+
+query = "( ( cmd eq edit ) or ( cmd eq audit-commit ) ) and ( comment contains #{quote_string(ritm)} )"
+
+l=xml.log(query: query, log_type: 'config', nlogs: 50, show_detail: true, days: nil)
+
+pp l.count

data/examples/test_op.rb

@@ -0,0 +1,127 @@
+require 'palo_alto'
+
+a= {commit: { partial:[
+  {'admin': ['admin']},
+   'no-template',
+   'no-template-stack',
+   'no-log-collector',
+   'no-log-collector-group',
+   'no-wildfire-appliance',
+   'no-wildfire-appliance-cluster',
+   {'device-and-network': 'excluded'},
+   {'shared-object': 'excluded'}
+ ]}}
+
+b= { show: {devices: 'all' } }
+
+c = {revert: { config: {
+ partial:[
+  {'admin': ['admin']},
+   'no-template',
+   'no-template-stack',
+   'no-log-collector',
+   'no-log-collector-group',
+   'no-wildfire-appliance',
+   'no-wildfire-appliance-cluster',
+   {'device-and-network': 'excluded'},
+   {'shared-object': 'excluded'}
+ ]}}}
+
+d = {commit: nil}
+
+e = 'commit'
+
+f = {revert: 'config'}
+
+g= {show: 'templates'}
+
+h= {show: 'devicegroups'}
+
+j={show: {jobs: {id: 12431}}}
+
+k={check: 'full-commit-required'}
+
+push_to_device={	'commit-all': { 'shared-policy': { 'device-group': [{name:'TEST-DG'}]}}}
+
+#validate:
+p={	'commit-all': 
+	{
+		'shared-policy': [
+			{'device-group': [{name:'PLAYGROUND'}]},
+			{'include-template':'yes'},
+			{'merge-with-candidate-cfg':'yes'},
+			{'force-template-values':'no'},
+			{'validate-only':'yes'}
+		]
+	}
+}
+
+i = {show: {query: {result: {id: 10438 }}}}
+
+
+# hit counts:
+device_group = 'PLAYGROUND'
+
+l = {
+  show: {
+    'rule-hit-count': [{
+      'device-group': [{
+        entry: [{
+          name: device_group
+        }, {
+          "pre-rulebase": [{
+            entry: [{
+              name: 'security'
+            }, {
+              'rules': 'all'
+            }]
+          }]
+        }]
+      }]
+    }]
+  }
+}
+
+# hit count for one rule, with more details:
+rule_name = "Rule 27"
+l = {
+  show: {
+    'rule-hit-count': [{
+      'device-group': [{
+        entry: [{
+          name: device_group
+        }, {
+          "pre-rulebase": [{
+            entry: [{
+              name: 'security'
+            }, {
+              'rules': {
+                "rule-name": [{
+                  entry: [{
+                    name: rule_name
+                  }]
+                }]
+              }
+            }]
+          }]
+        }]
+      }]
+    }]
+  }
+}
+
+
+xml = PaloAlto::XML.new(host: "panorama-test", port: "443", username: "admin", password: "Admin123!", debug: [:sent, :received])
+
+#pp xml.op.execute(a)
+#pp xml.op.execute(b)
+#pp xml.op.execute(c)
+pp xml.op.execute(d)
+puts "---------------------------"
+pp xml.op.execute(e)
+puts "---------------------------"
+
+#pp xml.op.execute(f)
+
+pp xml.op.execute(k)
+

data/lib/palo_alto/config.rb

@@ -1,4 +1,4 @@
-# generated: 2021-08-27 17:33:49 +0200
+# generated: 2021-10-19 00:56:02 +0200
 require 'openssl'
 require 'nokogiri'
 
@@ -425,7 +425,7 @@ module PaloAlto
 				start_time=Time.now
 				result = self.parent_instance.dup.create!.clear!.external_set(data.xpath('//response/result').first)
 				if XML.debug.include?(:statistics)
-					puts "Elapsed for parsing #{result.length} results: #{Time.now-start_time} seconds"
+					warn "Elapsed for parsing #{result.length} results: #{Time.now-start_time} seconds"
 				end
 				result
 			end
@@ -436,7 +436,7 @@ module PaloAlto
 				self
 			end
 
-			def get(ignore_empty_result: false, xpath: self.to_xpath)
+			def get(ignore_empty_result: false, xpath: self.to_xpath, return_only: false)
 				if self.class.superclass == ArrayConfigClass && !@selector
 					raise(InvalidCommandException, "Please use 'get_all' here")
 				end
@@ -454,23 +454,28 @@ module PaloAlto
 					if ignore_empty_result==false
 						raise(ObjectNotPresentException, "empty result: #{payload.inspect}")
 					end
+				end
+
+				if return_only
+					data.xpath('//response/result/*')
 				else
-					#self.parent_instance.dup.create!.clear!.external_set(data.xpath('//response/result').first).first
 					@create_children=true
 					n = data.xpath('//response/result/*')
+					if n.any?
+						clear!
+						external_set(n.first)
 
-					clear!
-					external_set(n.first)
-
-					if is_a?(ArrayConfigClass)
-						primary_key = get_primary_key(n.first.attribute_nodes, self.class.props)
-						set_array_class_attributes(n.first, primary_key) # primary key, api_attributes
+						if is_a?(ArrayConfigClass)
+							primary_key = get_primary_key(n.first.attribute_nodes, self.class.props)
+							set_array_class_attributes(n.first, primary_key) # primary key, api_attributes
+						end
+					end
+					self
+				end.tap do
+					if XML.debug.include?(:statistics)
+						warn "Elapsed for parsing: #{Time.now-start_time} seconds"
 					end
 				end
-				if XML.debug.include?(:statistics)
-					puts "Elapsed for parsing: #{Time.now-start_time} seconds"
-				end
-				self
 			end
 
 			def get_primary_key(attribute_nodes, props)
@@ -526,9 +531,9 @@ module PaloAlto
 					when 'bool'
 						return true if ['yes', true].include?(value)
 						return false if ['no', false].include?(value)
-						raise ArgumentError, 'Not bool: ' + value.inspect
+						raise ArgumentError, "Not bool: #{value.inspect}"
 					when 'string', 'ipdiscontmask', 'iprangespec', 'ipspec', 'rangelistspec'
-						raise(ArgumentError, 'Not string') unless value.is_a?(String)
+						raise(ArgumentError, "Not string: #{value.inspect}") unless value.is_a?(String)
 						if prop_arr['regex']
 							raise ArgumentError, "Not matching regex: #{value.inspect} (#{prop_arr["regex"].inspect})" unless value.match(prop_arr["regex"])
 						end
@@ -662,28 +667,34 @@ module PaloAlto
 				elsif @external_values.has_key?(prop)
 					return @external_values[prop]
 				elsif my_prop.has_key?("default") && include_defaults
-					return enforce_type(my_prop, my_prop['default'])
+					return enforce_types(my_prop, my_prop['default'])
 				else
 					return nil
 				end
 			end
 
-			def prop_set(prop, value)
-				my_prop = self.class.props[prop] or raise(InternalErrorException, "Unknown attribute for #{self.class}: #{prop}")
+			def enforce_types(prop_arr, values)
+				return if values.nil?
 
-				if has_multiple_values? && value.is_a?(String)
-					value = value.split(/\s+/)
+				if has_multiple_values? && values.is_a?(String)
+					values = values.split(/\s+/)
 				end
 
-				if value.is_a?(Array)
-					@values[prop] = value.map{|v| enforce_type(my_prop, v)}
-				elsif value.nil?
-					@values[prop] = nil
+				if values.is_a?(Array) && has_multiple_values?
+					values.map{|v| enforce_type(prop_arr, v)}
+				elsif !has_multiple_values?
+					enforce_type(prop_arr, values)
 				else
-					@values[prop] = enforce_type(my_prop, value)
+					raise(ArgumentError, 'Needs to be Array but is not, or vice versa')
 				end
 			end
 
+			def prop_set(prop, value)
+				my_prop = self.class.props[prop] or raise(InternalErrorException, "Unknown attribute for #{self.class}: #{prop}")
+
+				@values[prop] = enforce_types(my_prop, value)
+			end
+
 			def to_xml(changed_only:, full_tree:, include_root: )
 				builder = Nokogiri::XML::Builder.new{|xml|
 					xml.send(self._section, (self.selector rescue nil)) {
@@ -768,23 +779,25 @@ module PaloAlto
 
 			def set_xpath_from_selector(selector: @selector)
 				xpath = self.parent_instance.child(_section)
-				k,v=selector.first
+				k, v = selector.first
 				obj = xpath.where(PaloAlto.xpath_attr(k.to_sym) == v)
 
 				@expression = obj.expression
 				@arguments = obj.arguments
 			end
 
-			def rename!(new_name)
+			def rename!(new_name, internal_only: false)
 				# https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-panorama-api/pan-os-xml-api-request-types/configuration-api/rename-configuration.html
-				payload = {
-					type:		'config',
-					action: 'rename',
-					xpath:	self.to_xpath,
-					newname: new_name
-				}
+				unless internal_only
+					payload = {
+						type:   'config',
+						action: 'rename',
+						xpath:  self.to_xpath,
+						newname: new_name
+					}
 
-				result = XML.execute(payload)
+					result = XML.execute(payload)
+				end
 
 				# now update also the internal value to the new name
 				self.selector.transform_values!{new_name}

data/lib/palo_alto/log.rb

@@ -1,5 +1,3 @@
-require "pp"
-
 module PaloAlto
 	class XML
 
@@ -23,7 +21,6 @@ module PaloAlto
 				@count=nil
 				@skip=0
 				@first_result = fetch_result
-				#pp @current_result
 				super
 			end
 

data/lib/palo_alto/op.rb

@@ -1,5 +1,4 @@
 require "nokogiri"
-require "pp"
 
 module PaloAlto
   class XML
@@ -49,9 +48,7 @@ module PaloAlto
           section = obj.keys.first
           data = obj[section]
         else
-          puts "----------"
-          pp obj
-          raise
+          raise obj.pretty_inspect
         end
 
         unless ops.has_key?(section.to_s)
@@ -60,9 +57,6 @@ module PaloAlto
         end
 
         ops_tree = ops[section.to_s]
-        #pp [:ops, ops_tree]
-        #pp [:obj, obj]
-        #puts "****************** build #{section} (#{ops_tree[:obj]})"
 
         section = escape_xpath_tag(section)
 
@@ -104,8 +98,7 @@ module PaloAlto
             xml_builder(xml, ops_tree, v)
           }
         else
-          pp ops_tree[:obj]
-          raise
+          raise ops_tree[:obj].pretty_inspect
         end
         xml
       end

data/lib/palo_alto/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PaloAlto
-  VERSION = '0.1.2'
+  VERSION = '0.1.6'
 end

data/lib/palo_alto.rb

@@ -2,6 +2,8 @@
 
 require 'openssl'
 require 'nokogiri'
+require 'net/http'
+require 'pp'
 
 require_relative 'palo_alto/version'
 
@@ -10,7 +12,6 @@ require_relative 'palo_alto/log'
 require_relative 'palo_alto/op'
 
 module PaloAlto
-
   class PermanentException < StandardError
   end
 
@@ -212,12 +213,15 @@ module PaloAlto
       end
     end
 
-    def commit!(all: false)
+    def commit!(all: false, device_groups: nil, wait_for_completion: true)
+      return nil if device_groups.is_a?(Array) && device_groups.empty?
+
       op = if all
              'commit'
            else
              { commit: { partial: [
                { 'admin': [XML.username] },
+               device_groups ? {'device-group': device_groups } : nil,
                'no-template',
                'no-template-stack',
                'no-log-collector',
@@ -226,9 +230,39 @@ module PaloAlto
                'no-wildfire-appliance-cluster',
                { 'device-and-network': 'excluded' },
                { 'shared-object': 'excluded' }
-             ] } }
+             ].compact } }
            end
-      Op.new.execute(op)
+      Op.new.execute(op).tap do |result|
+        if wait_for_completion
+          job_id = result.at_xpath('response/result/job')&.text
+          wait_for_job_completion(job_id) if job_id
+        end
+      end
+    end
+
+    def full_commit_required?
+      result = Op.new.execute({check: 'full-commit-required'})
+      return true unless result.at_xpath('response/result').text == 'no'
+
+      false
+    end
+
+    def check_for_changes(usernames: [XML.username])
+      result = Op.new.execute({show: {config: {list: {'change-summary': {partial: {admin: usernames}}}}}})
+      result.xpath('response/result/summary/device-group/member').map(&:inner_text)
+    end
+
+    def wait_for_job_completion(job_id, wait: 5, timeout: 300)
+      cmd = {show: {jobs: {id: job_id}}}
+      start = Time.now
+      begin
+        result = Op.new.execute(cmd)
+        unless result.at_xpath('response/result/job/status')&.text=='ACT'
+          return result
+        end
+        sleep wait
+      end while start+timeout > Time.now
+      return false
     end
 
     def revert!(all: false)

data/palo_alto.gemspec

@@ -14,8 +14,8 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.7.0'
 
   spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata["source_code_uri"]   = 'https://github.com/Sebbb/palo_alto'
-  spec.metadata["changelog_uri"]     = 'https://github.com/Sebbb/palo_alto/blob/main/README.md'
+  spec.metadata["source_code_uri"]   = 'https://github.com/Sebbb/palo_alto/'
+  spec.metadata["changelog_uri"]     = 'https://github.com/Sebbb/palo_alto/blob/main/CHANGELOG.md'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: palo_alto
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.6
 platform: ruby
 authors:
 - Sebastian Roesner
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-08 00:00:00.000000000 Z
+date: 2021-10-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri
@@ -37,6 +37,10 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- examples/connecttest.rb
+- examples/test_config.rb
+- examples/test_log.rb
+- examples/test_op.rb
 - lib/palo_alto.rb
 - lib/palo_alto/config.rb
 - lib/palo_alto/log.rb
@@ -48,8 +52,8 @@ licenses:
 - artistic-2.0
 metadata:
   homepage_uri: https://github.com/Sebbb/
-  source_code_uri: https://github.com/Sebbb/palo_alto
-  changelog_uri: https://github.com/Sebbb/palo_alto/blob/main/README.md
+  source_code_uri: https://github.com/Sebbb/palo_alto/
+  changelog_uri: https://github.com/Sebbb/palo_alto/blob/main/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: