palo_alto 0.1.2

data/lib/palo_alto/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module PaloAlto
+  VERSION = '0.1.2'
+end

data/lib/palo_alto.rb

@@ -0,0 +1,287 @@
+# frozen_string_literal: true
+
+require 'openssl'
+require 'nokogiri'
+
+require_relative 'palo_alto/version'
+
+require_relative 'palo_alto/config'
+require_relative 'palo_alto/log'
+require_relative 'palo_alto/op'
+
+module PaloAlto
+
+  class PermanentException < StandardError
+  end
+
+  class TemporaryException < StandardError
+  end
+
+  class ConnectionErrorException < TemporaryException
+  end
+
+  class BadRequestException < PermanentException
+  end
+
+  class ForbiddenException < PermanentException
+  end
+
+  class UnknownCommandException < PermanentException
+  end
+
+  class InternalErrorsException < TemporaryException
+  end
+
+  class BadXpathException < PermanentException
+  end
+
+  class ObjectNotPresentException < PermanentException
+  end
+
+  class ObjectNotUniqueException < PermanentException
+  end
+
+  class ReferenceCountNotZeroException < PermanentException
+  end
+
+  class InvalidObjectException < PermanentException
+  end
+
+  class OperationNotPossibleException < PermanentException
+  end
+
+  class OperationDeniedException < PermanentException
+  end
+
+  class UnauthorizedException < PermanentException
+  end
+
+  class InvalidCommandException < PermanentException
+  end
+
+  class MalformedCommandException < PermanentException
+  end
+
+  class SuccessException < PermanentException
+  end
+
+  class InternalErrorException < TemporaryException
+  end
+
+  class SessionTimedOutException < TemporaryException
+  end
+  
+  module Helpers
+    class Rest
+      def self.make_request(opts)
+        options                            = {}
+        options[:verify_ssl]              = OpenSSL::SSL::VERIFY_PEER
+        options[:timeout]                  = 60
+
+        headers                  = {}
+        headers['User-Agent']    = 'ruby-keystone-client'
+        headers['Accept']        = 'application/xml'
+        headers['Content-Type'] = 'application/x-www-form-urlencoded'
+
+        # merge in settings from method caller
+        options = options.merge(opts)
+        options[:headers].merge!(headers)
+
+        thread = Thread.current
+        unless thread[:http]
+          thread[:http] = Net::HTTP.new(options[:host], options[:port])
+          thread[:http].use_ssl = true
+          thread[:http].verify_mode = options[:verify_ssl]
+          thread[:http].read_timeout = thread[:http].open_timeout = options[:timeout]
+          thread[:http].set_debug_output($stdout) if XML.debug.include?(:http)
+        end
+
+        thread[:http].start unless thread[:http].started?
+
+        response = thread[:http].post('/api/', URI.encode_www_form(options[:payload]), options[:headers])
+
+        if response.code == '200'
+          return response.body
+        elsif response.code == '400' or response.code == '403'
+          begin
+            data = Nokogiri::XML.parse(response.body)
+            message = data.xpath('//response/response/msg').text
+            code = response.code.to_i
+          rescue
+            raise ConnectionErrorException, "#{response.code} #{response.message}"
+          end
+          raise_error(code, message)
+        else
+          raise ConnectionErrorException, "#{response.code} #{response.message}"
+        end
+        nil
+
+      rescue Net::OpenTimeout, Errno::ECONNREFUSED => e
+        raise ConnectionErrorException, e.message
+      end
+
+      def self.raise_error(code, message)
+        error = case code
+                when 400 then BadRequestException
+                when 403 then ForbiddenException
+                when 1 then UnknownCommandException
+                when 2..5 then InternalErrorsException
+                when 6 then BadXpathException
+                when 7 then ObjectNotPresentException
+                when 8 then ObjectNotUniqueException
+                when 10 then ReferenceCountNotZeroException
+                when 0, 11, 21 then InternalErrorException # also if there is no code..
+                when 12 then InvalidObjectException
+                when 14 then OperationNotPossibleException
+                when 15 then OperationDeniedException
+                when 16 then UnauthorizedException
+                when 17 then InvalidCommandException
+                when 18 then MalformedCommandException
+                when 19..20 then SuccessException
+                when 22 then SessionTimedOutException
+                else InternalErrorException
+        end
+        raise error, message
+      end
+
+      def self.execute(payload, headers: {})
+        retried = false
+        # configure options for the request
+        options = {}
+        options[:host]     = XML.host
+        options[:port]     = XML.port
+        options[:verify_ssl] = XML.verify_ssl
+        options[:payload] = payload
+        options[:headers] = headers
+
+        if XML.debug.include?(:sent)
+          warn "sent: (#{Time.now}\n#{options.pretty_inspect}\n"
+        end
+
+        start_time = Time.now
+        text = Helpers::Rest.make_request(options)
+        if XML.debug.include?(:statistics)
+          warn "Elapsed for API call #{payload[:type]}/#{payload[:action]||'(unknown action)'}: #{Time.now-start_time} seconds"
+        end
+
+        if XML.debug.include?(:received)
+          warn "received: #{Time.now}\n#{text}\n"
+        end
+
+        data = Nokogiri::XML.parse(text)
+        unless data.xpath('//response/@status').to_s == 'success'
+          if XML.debug.include?(:sent_on_error)
+            warn "sent:\n#{options.inspect}\n"
+          end
+          if XML.debug.include?(:received_on_error)
+            warn "received:\n#{text.inspect}\n"
+          end
+          code = data.at_xpath('//response/@code')&.value.to_i # sometimes there is no code :( e.g. for 'op' errors
+          message = data.xpath('/response/msg/line').map(&:text).map(&:strip).join("\n")
+          raise_error(code, message)
+        end
+
+        return data
+      end
+
+    end
+  end
+
+  class XML
+    class << self
+      attr_accessor :host, :port, :username, :password, :auth_key, :verify_ssl, :debug
+
+      def execute(payload)
+        retried = false
+        begin
+          Helpers::Rest.execute(payload, headers: {'X-PAN-KEY': self.auth_key})
+        rescue TemporaryException => e
+          unless retried
+            if XML.debug.include?(:warnings)
+              warn "Got error #{e.inspect}; retrying"
+            end
+            retried = true
+            if e.is_a?(SessionTimedOutException)
+              get_auth_key
+            end
+            retry
+          else
+            raise e
+          end
+        end
+      end
+    end
+
+    def commit!(all: false)
+      op = if all
+             'commit'
+           else
+             { commit: { partial: [
+               { 'admin': [XML.username] },
+               'no-template',
+               'no-template-stack',
+               'no-log-collector',
+               'no-log-collector-group',
+               'no-wildfire-appliance',
+               'no-wildfire-appliance-cluster',
+               { 'device-and-network': 'excluded' },
+               { 'shared-object': 'excluded' }
+             ] } }
+           end
+      Op.new.execute(op)
+    end
+
+    def revert!(all: false)
+      op = if all
+             { revert: 'config' }
+           else
+             { revert: { config: { partial: [
+               { 'admin': [XML.username] },
+               'no-template',
+               'no-template-stack',
+               'no-log-collector',
+               'no-log-collector-group',
+               'no-wildfire-appliance',
+               'no-wildfire-appliance-cluster',
+               { 'device-and-network': 'excluded' },
+               { 'shared-object': 'excluded' }
+             ] } } }
+           end
+      Op.new.execute(op)
+    end
+
+    def initialize(host:, port:, username:, password:, debug: [])
+      self.class.host      = host
+      self.class.port      = port
+      self.class.username = username
+      self.class.password = password
+      self.class.verify_ssl = OpenSSL::SSL::VERIFY_NONE
+      self.class.debug = debug
+
+      @subclasses = {}
+
+      # xpath
+      @expression = :root
+      @arguments = [Expression.new(:this_node), []]
+
+      # attempt to obtain the auth_key
+      #raise 'Exception attempting to obtain the auth_key' if (self.class.auth_key = get_auth_key).nil?
+      self.class.get_auth_key
+
+      self
+    end
+
+    # Perform a query to the API endpoint for an auth_key based on the credentials provided
+    def self.get_auth_key
+
+      # establish the required options for the key request
+      payload = { type: 'keygen',
+                  user: self.username,
+                  password: self.password }
+
+      # get and parse the response for the key
+      xml_data = Helpers::Rest.execute(payload)
+      self.auth_key = xml_data.xpath('//response/result/key')[0].content
+    end
+  end
+end

data/palo_alto.gemspec

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require_relative 'lib/palo_alto/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'palo_alto'
+  spec.version       = PaloAlto::VERSION
+  spec.authors       = ['Sebastian Roesner']
+  spec.email         = ['sroesner-paloalto@roesner-online.de']
+
+  spec.summary       = 'Palo Alto API for Ruby'
+  spec.homepage      = 'https://github.com/Sebbb/'
+  spec.license       = 'artistic-2.0'
+  spec.required_ruby_version = '>= 2.7.0'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata["source_code_uri"]   = 'https://github.com/Sebbb/palo_alto'
+  spec.metadata["changelog_uri"]     = 'https://github.com/Sebbb/palo_alto/blob/main/README.md'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features|_generators|bin|pkg|.env)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'nokogiri', '~> 1.10'
+end

metadata

@@ -0,0 +1,72 @@
+--- !ruby/object:Gem::Specification
+name: palo_alto
+version: !ruby/object:Gem::Version
+  version: 0.1.2
+platform: ruby
+authors:
+- Sebastian Roesner
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-09-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+description: 
+email:
+- sroesner-paloalto@roesner-online.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/palo_alto.rb
+- lib/palo_alto/config.rb
+- lib/palo_alto/log.rb
+- lib/palo_alto/op.rb
+- lib/palo_alto/version.rb
+- palo_alto.gemspec
+homepage: https://github.com/Sebbb/
+licenses:
+- artistic-2.0
+metadata:
+  homepage_uri: https://github.com/Sebbb/
+  source_code_uri: https://github.com/Sebbb/palo_alto
+  changelog_uri: https://github.com/Sebbb/palo_alto/blob/main/README.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.7.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Palo Alto API for Ruby
+test_files: []