palo_alto 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/lib/palo_alto/config.rb +701 -679
- data/lib/palo_alto/op.rb +71 -40
- data/lib/palo_alto/version.rb +1 -1
- data/lib/palo_alto.rb +5 -35
- metadata +3 -2
data/lib/palo_alto/op.rb
CHANGED
|
@@ -1,58 +1,90 @@
|
|
|
1
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'nokogiri'
|
|
2
4
|
|
|
3
5
|
module PaloAlto
|
|
4
6
|
class XML
|
|
5
|
-
|
|
6
7
|
def op
|
|
7
8
|
Op.new
|
|
8
9
|
end
|
|
9
10
|
|
|
10
11
|
class Op
|
|
11
|
-
def execute(
|
|
12
|
+
def execute(cmd, type: nil, location: nil, additional_payload: {})
|
|
13
|
+
payload = build_payload(cmd).merge(additional_payload)
|
|
14
|
+
|
|
15
|
+
if type == 'tpl'
|
|
16
|
+
run_with_template_scope(location) { XML.execute(payload) }
|
|
17
|
+
elsif type == 'dg'
|
|
18
|
+
XML.execute(payload.merge({ vsys: location }))
|
|
19
|
+
elsif !type || type == 'shared'
|
|
20
|
+
XML.execute(payload)
|
|
21
|
+
else
|
|
22
|
+
raise(ArgumentError, "invalid type: #{type.inspect}")
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def run_with_template_scope(name)
|
|
27
|
+
if block_given?
|
|
28
|
+
run_with_template_scope(name)
|
|
29
|
+
begin
|
|
30
|
+
return yield
|
|
31
|
+
ensure
|
|
32
|
+
run_with_template_scope(nil)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
cmd = if name
|
|
37
|
+
{ set: { system: { setting: { target: { template: { name: name } } } } } }
|
|
38
|
+
else
|
|
39
|
+
{ set: { system: { setting: { target: 'none' } } } }
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
execute(cmd)
|
|
43
|
+
end
|
|
12
44
|
|
|
45
|
+
def build_payload(obj)
|
|
13
46
|
cmd = to_xml(obj)
|
|
14
47
|
|
|
15
|
-
if obj=='commit' || obj.keys.first.to_sym == :commit
|
|
16
|
-
type='commit'
|
|
17
|
-
action='panorama'
|
|
18
|
-
elsif obj=='commit-all' || obj.keys.first.to_sym == :'commit-all'
|
|
19
|
-
type='commit'
|
|
20
|
-
action='all'
|
|
48
|
+
if obj == 'commit' || obj.keys.first.to_sym == :commit
|
|
49
|
+
type = 'commit'
|
|
50
|
+
action = 'panorama'
|
|
51
|
+
elsif obj == 'commit-all' || obj.keys.first.to_sym == :'commit-all'
|
|
52
|
+
type = 'commit'
|
|
53
|
+
action = 'all'
|
|
21
54
|
else
|
|
22
|
-
type='op'
|
|
23
|
-
action='panorama'
|
|
55
|
+
type = 'op'
|
|
56
|
+
action = 'panorama'
|
|
24
57
|
end
|
|
25
58
|
|
|
26
|
-
|
|
27
|
-
type:
|
|
59
|
+
{
|
|
60
|
+
type: type,
|
|
28
61
|
action: action,
|
|
29
|
-
cmd:
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
XML.execute(payload)
|
|
62
|
+
cmd: cmd
|
|
63
|
+
}
|
|
33
64
|
end
|
|
34
65
|
|
|
35
66
|
def escape_xpath_tag(tag)
|
|
36
67
|
if tag.to_s.include?('-') # https://stackoverflow.com/questions/48628259/nokogiri-how-to-name-a-node-comment
|
|
37
68
|
tag
|
|
38
69
|
else
|
|
39
|
-
tag
|
|
70
|
+
"#{tag}_"
|
|
40
71
|
end
|
|
41
72
|
end
|
|
42
73
|
|
|
43
74
|
def xml_builder(xml, ops, obj)
|
|
44
|
-
|
|
75
|
+
case obj
|
|
76
|
+
when String
|
|
45
77
|
section = obj
|
|
46
78
|
data = nil
|
|
47
|
-
|
|
79
|
+
when Hash
|
|
48
80
|
section = obj.keys.first
|
|
49
81
|
data = obj[section]
|
|
50
82
|
else
|
|
51
83
|
raise obj.pretty_inspect
|
|
52
84
|
end
|
|
53
85
|
|
|
54
|
-
unless ops.
|
|
55
|
-
err = "Error #{section
|
|
86
|
+
unless ops.key?(section.to_s)
|
|
87
|
+
err = "Error #{section} does not exist. Valid: " + ops.keys.pretty_inspect
|
|
56
88
|
raise err
|
|
57
89
|
end
|
|
58
90
|
|
|
@@ -64,50 +96,49 @@ module PaloAlto
|
|
|
64
96
|
when :element
|
|
65
97
|
xml.public_send(section, data)
|
|
66
98
|
when :array
|
|
67
|
-
xml.public_send(section)
|
|
68
|
-
data.each
|
|
99
|
+
xml.public_send(section) do
|
|
100
|
+
data.each do |el|
|
|
69
101
|
key = ops_tree.keys.first
|
|
70
102
|
xml.public_send(escape_xpath_tag(key), el)
|
|
71
|
-
|
|
72
|
-
|
|
103
|
+
end
|
|
104
|
+
end
|
|
73
105
|
when :sequence
|
|
74
|
-
if data
|
|
106
|
+
if data.nil?
|
|
75
107
|
xml.send(section)
|
|
76
108
|
elsif data.is_a?(Hash)
|
|
77
|
-
xml.send(section)
|
|
109
|
+
xml.send(section) do
|
|
78
110
|
xml_builder(xml, ops_tree, data)
|
|
79
|
-
|
|
111
|
+
end
|
|
80
112
|
else # array
|
|
81
113
|
|
|
82
114
|
if data.is_a?(Array)
|
|
83
|
-
attr = data.find { |child| child.is_a?(Hash) && ops_tree[child.keys.first.to_s][:obj]
|
|
115
|
+
attr = data.find { |child| child.is_a?(Hash) && ops_tree[child.keys.first.to_s][:obj] == :'attr-req' }
|
|
84
116
|
data.delete(attr)
|
|
85
117
|
else
|
|
86
118
|
attr = {}
|
|
87
119
|
end
|
|
88
120
|
|
|
89
|
-
xml.public_send(section, attr)
|
|
90
|
-
data.each
|
|
121
|
+
xml.public_send(section, attr) do
|
|
122
|
+
data.each do |child|
|
|
91
123
|
xml_builder(xml, ops_tree, child)
|
|
92
|
-
|
|
93
|
-
|
|
124
|
+
end
|
|
125
|
+
end
|
|
94
126
|
end
|
|
95
127
|
when :union
|
|
96
|
-
k,v=obj.first
|
|
97
|
-
xml.send("#{k}_")
|
|
128
|
+
k, v = obj.first
|
|
129
|
+
xml.send("#{k}_") do
|
|
98
130
|
xml_builder(xml, ops_tree, v)
|
|
99
|
-
|
|
131
|
+
end
|
|
100
132
|
else
|
|
101
133
|
raise ops_tree[:obj].pretty_inspect
|
|
102
134
|
end
|
|
103
135
|
xml
|
|
104
136
|
end
|
|
105
137
|
|
|
106
|
-
|
|
107
138
|
def to_xml(obj)
|
|
108
|
-
builder = Nokogiri::XML::Builder.new
|
|
139
|
+
builder = Nokogiri::XML::Builder.new do |xml|
|
|
109
140
|
xml_builder(xml, @@ops, obj)
|
|
110
|
-
|
|
141
|
+
end
|
|
111
142
|
builder.doc.root.to_xml
|
|
112
143
|
end
|
|
113
144
|
@@ops={"schedule"=>
|
data/lib/palo_alto/version.rb
CHANGED
data/lib/palo_alto.rb
CHANGED
|
@@ -263,18 +263,6 @@ module PaloAlto
|
|
|
263
263
|
end
|
|
264
264
|
end
|
|
265
265
|
|
|
266
|
-
def execute_with_type(cmd, type:, location:)
|
|
267
|
-
if type == 'tpl'
|
|
268
|
-
run_with_template_scope(location) { Op.new.execute(cmd) }
|
|
269
|
-
elsif type == 'dg'
|
|
270
|
-
Op.new.execute(cmd, { vsys: location })
|
|
271
|
-
elsif !type || type == 'shared'
|
|
272
|
-
Op.new.execute(cmd)
|
|
273
|
-
else
|
|
274
|
-
raise(ArgumentError, "invalid type: #{type.inspect}")
|
|
275
|
-
end
|
|
276
|
-
end
|
|
277
|
-
|
|
278
266
|
# will execute block if given and unlock afterwards. returns false if lock could not be aquired
|
|
279
267
|
def lock(area:, comment: nil, type: nil, location: nil)
|
|
280
268
|
if block_given?
|
|
@@ -291,7 +279,7 @@ module PaloAlto
|
|
|
291
279
|
|
|
292
280
|
begin
|
|
293
281
|
cmd = { request: { "#{area}-lock": { add: { comment: comment || '(null)' } } } }
|
|
294
|
-
|
|
282
|
+
Op.new.execute(cmd, type: type, location: location)
|
|
295
283
|
true
|
|
296
284
|
rescue PaloAlto::InternalErrorException
|
|
297
285
|
false
|
|
@@ -305,7 +293,7 @@ module PaloAlto
|
|
|
305
293
|
else
|
|
306
294
|
{ request: { "#{area}-lock": 'remove' } }
|
|
307
295
|
end
|
|
308
|
-
|
|
296
|
+
Op.new.execute(cmd, type: type, location: location)
|
|
309
297
|
rescue PaloAlto::InternalErrorException
|
|
310
298
|
return false
|
|
311
299
|
end
|
|
@@ -315,30 +303,11 @@ module PaloAlto
|
|
|
315
303
|
def remove_all_locks
|
|
316
304
|
%w[config commit].each do |area|
|
|
317
305
|
show_locks(area: area).each do |lock|
|
|
318
|
-
unlock(area: area, type: lock[:type], location: lock[:location], name: area=='commit' ? lock[:name] : nil
|
|
306
|
+
unlock(area: area, type: lock[:type], location: lock[:location], name: area == 'commit' ? lock[:name] : nil)
|
|
319
307
|
end
|
|
320
308
|
end
|
|
321
309
|
end
|
|
322
310
|
|
|
323
|
-
def run_with_template_scope(name)
|
|
324
|
-
if block_given?
|
|
325
|
-
run_with_template_scope(name)
|
|
326
|
-
begin
|
|
327
|
-
return yield
|
|
328
|
-
ensure
|
|
329
|
-
run_with_template_scope(nil)
|
|
330
|
-
end
|
|
331
|
-
end
|
|
332
|
-
|
|
333
|
-
cmd = if name
|
|
334
|
-
{ set: { system: { setting: { target: { template: { name: name } } } } } }
|
|
335
|
-
else
|
|
336
|
-
{ set: { system: { setting: { target: 'none' } } } }
|
|
337
|
-
end
|
|
338
|
-
|
|
339
|
-
Op.new.execute(cmd)
|
|
340
|
-
end
|
|
341
|
-
|
|
342
311
|
def check_for_changes(usernames: [XML.username])
|
|
343
312
|
result = Op.new.execute({ show: { config: { list: { 'change-summary': { partial: { admin: usernames } } } } } })
|
|
344
313
|
result.xpath('response/result/summary/device-group/member').map(&:inner_text)
|
|
@@ -349,7 +318,8 @@ module PaloAlto
|
|
|
349
318
|
start = Time.now
|
|
350
319
|
loop do
|
|
351
320
|
result = Op.new.execute(cmd)
|
|
352
|
-
|
|
321
|
+
status = result.at_xpath('response/result/job/status')&.text
|
|
322
|
+
return result unless %w[ACT PEND].include?(status)
|
|
353
323
|
|
|
354
324
|
sleep wait
|
|
355
325
|
break unless start + timeout > Time.now
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: palo_alto
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sebastian Roesner
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nokogiri
|
|
@@ -31,6 +31,7 @@ executables: []
|
|
|
31
31
|
extensions: []
|
|
32
32
|
extra_rdoc_files: []
|
|
33
33
|
files:
|
|
34
|
+
- ".gitignore"
|
|
34
35
|
- CHANGELOG.md
|
|
35
36
|
- Gemfile
|
|
36
37
|
- Gemfile.lock
|