RubyGems - palo_alto - Versions diffs - 0.4.0 → 0.5.1 - Mend

palo_alto 0.4.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/README.md +2 -0
data/examples/test_config.rb +31 -15
data/examples/test_op.rb +54 -73
data/lib/palo_alto/config.rb +79922 -52904
data/lib/palo_alto/op.rb +5290 -756
data/lib/palo_alto/version.rb +1 -1
data/lib/palo_alto.rb +41 -31
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9654a19211c22214ca6a69527a71faf712c1e80349d386d6702a2290ac623ec0
-  data.tar.gz: acdd59c33501c07cc8f078d9ba3401e96ba9e2d89a509921781df9a4c7a8e6d7
+  metadata.gz: 35c89839bc38cd0398a88bd1c12c701b27e86de98bd1012a6c9d939898e9982a
+  data.tar.gz: 4c7e1ac46cf17e7d0780e768c2923dfa457e8cda93b8b3e714057e5909c3e764
 SHA512:
-  metadata.gz: 39ae97dc44e33c2b10f18c5363e0d9c627010dc665bc487f8b63adb7520da60b3cb9ebc33cef72d99db8548dbad0185b991d32d4bce04b8786f2d25ba1e4d012
-  data.tar.gz: bd1a49b9dd0d6e26341b62a04c5ee8c215fcb53277eac0004686367b48132c4447ea143c027d4502644ca1d64285698988cf7b01569bd82bb3128a52048e9939
+  metadata.gz: 351d244c00165c18d7d94d1c0e35d820db16f6cb586d613fe0d682df00fd1f49c68846548effa82d6568521fac0cfff31c62135bd8dfc81bb7b96f8ad3181d02
+  data.tar.gz: 65bb8bf61772a2630edb8354f9eb6098e25aaef0c420413bb00995f0eab9f6b4ab8c7a4d964a87ecd8921b9b53da9ad133ad249872e33badd59a0957a74db04e

data/CHANGELOG.md CHANGED Viewed

@@ -1 +1,5 @@
+Version 0.5.1: Breaking changes for op commands, to be able to build more complex scenarios
+Version 0.5.0: Update schema for Panorama 11.0
+Version 0.4.1: Update schema for Panorama 10.2 for op commands
+Version 0.4.0: Update schema for Panorama 10.2 for config
 Version 0.3.0: Update schema for Panorama 10.1

data/README.md CHANGED Viewed

@@ -2,5 +2,7 @@ Works for me :)
 - Version 0.2.x: Panorama 10.0
 - Version 0.3.x: Panorama 10.1
+- Version 0.4.x: Panorama 10.2
+- Version 0.5.x: Panorama 11.0
 You can find examples on how to use this module in the examples/ directory

data/examples/test_config.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'palo_alto'
 client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!',
@@ -6,11 +8,11 @@ dg = 'PLAYGROUND'
 # create a tag
 tag_name = 'test'
 new_tag = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).tag.entry(name: tag_name).create!
 new_tag.color = 'color23'
-new_tag.push!
+new_tag.set!
+# get rules
 # filtered rules:
 # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
 #                .entry{ (child(:source).child(:member).text == "Net_10.1.1.0-24").or(child(:destination).child(:member).text == 'Net_10.1.1.0-24') }
@@ -19,46 +21,60 @@ new_tag.push!
 # or:
 #
 # filter = (PaloAlto.child(:source).child(:member).text == "Net_10.1.1.0-24").or(PaloAlto.child(:destination).child(:member).text == 'Net_10.1.1.0-24')
-# puts filter.to_xpath
+# puts filter.to_xpath # prints generated Xpath filter
 # => ./source/member/text()='Net_10.1.1.0-24'or./destination/member/text()='Net_10.1.1.0-24'
 #
 # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
 #               .entry{filter}.get_all
-#
 # also more advanced filters are possible:
-# PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
+# filter = PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
 #   PaloAlto.parenthesis(
 #     (PaloAlto.child(:tag).child(:member) == 'ips_enabled').or(
 #       PaloAlto.child(:tag).child(:member) == 'ips_force_enabled'
 #     )
 #   )
-# ).to_xpath
-#
+# )
+# puts filter.to_xpath
 # => not(./profile-setting/group/member='IPS-Policy')and(./tag/member='ips_enabled'or./tag/member='ips_force_enabled')
 rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.entry{}.get_all
-rules.reject! { |rule| rule.api_attributes['loc'] != dg } # remove rules inherited from upper device groups from array
+rules.select! { |rule| rule.api_attributes['loc'] == dg } # filter rules inherited from upper device groups
 pp rules
 pp rules.length
-pp rules.first.api_attributes # attributes like uuid and loc
-pp rules.first.values # values as hash
 rule = rules.first
+pp rule.api_attributes # attributes like uuid and loc
+pp rule.values # values as hash
 rule.tag.member = [new_tag.name]
 rule.group_tag = new_tag.name
 rule.description += '....'
-rule.push!
+rule.edit!
+# renaming rules
 puts rule.to_xpath
 rule.rename!('Test 1')
 puts rule.to_xpath
-pp rule.name
+puts rule.name
-exit 0
+# Bulk changes on multiple rules:
+rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.get
+rules.entries.each do |name, rule|
+  next unless rule.values.dig('profile-setting', 'group', 'member') == ['Internal-detect']
+  rule.profile_setting.group.member = ['Internal']
+  # to remove profile-setting: rule.delete_child('profile-setting')
+end
+puts "Pushing all rules to #{rules.to_xpath}"
+rules.edit!
 # create a new template
 new_template = client.config.devices.entry(name: 'localhost.localdomain').template.entry(name: 'testtemplate').create!
-new_template.push!
+new_template.set!
+exit 0

data/examples/test_op.rb CHANGED Viewed

@@ -1,31 +1,33 @@
-require 'palo_alto'
+# frozen_string_literal: true
-a = { commit: { partial: [
-  { admin: ['admin'] },
-  'no-template',
-  'no-template-stack',
-  'no-log-collector',
-  'no-log-collector-group',
-  'no-wildfire-appliance',
-  'no-wildfire-appliance-cluster',
-  { 'device-and-network': 'excluded' },
-  { 'shared-object': 'excluded' }
-] } }
+require 'palo_alto'
+load '/usr/share/panorama-api/new_op.rb'
+a = { commit: { partial:
+  { admin: ['admin'],
+    'no-template': true,
+    'no-template-stack': true,
+    'no-log-collector': true,
+    'no-log-collector-group': true,
+    'no-wildfire-appliance': true,
+    'no-wildfire-appliance-cluster': true,
+    'device-and-network': 'excluded',
+    'shared-object': 'excluded' } } }
 b = { show: { devices: 'all' } }
 c = { revert: { config: {
-  partial: [
-    { admin: ['admin'] },
-    'no-template',
-    'no-template-stack',
-    'no-log-collector',
-    'no-log-collector-group',
-    'no-wildfire-appliance',
-    'no-wildfire-appliance-cluster',
-    { 'device-and-network': 'excluded' },
-    { 'shared-object': 'excluded' }
-  ]
+  partial: {
+    admin: ['admin'],
+    'no-template': true,
+    'no-template-stack': true,
+    'no-log-collector': true,
+    'no-log-collector-group': true,
+    'no-wildfire-appliance': true,
+    'no-wildfire-appliance-cluster': true,
+    'device-and-network': 'excluded',
+    'shared-object': 'excluded'
+  }
 } } }
 d = { commit: nil }
@@ -42,18 +44,22 @@ j = { show: { jobs: { id: 12_431 } } }
 k = { check: 'full-commit-required' }
+l = { show: { config: { 'commit-scope': { partial: { admin: ['admin'] } } } } }
+m = { show: { config: { 'commit-scope': { partial: { admin: %w[admin1 admin2] } } } } }
 push_to_device = {	'commit-all': { 'shared-policy': { 'device-group': [{ name: 'TEST-DG' }] } } }
 # validate:
 p = {	'commit-all':
   {
-    'shared-policy': [
-      { 'device-group': [{ name: 'PLAYGROUND' }] },
-      { 'include-template': 'yes' },
-      { 'merge-with-candidate-cfg': 'yes' },
-      { 'force-template-values': 'no' },
-      { 'validate-only': 'yes' }
-    ]
+    'shared-policy': {
+      'device-group': [{ name: 'PLAYGROUND' }],
+      'include-template': 'yes',
+      'merge-with-candidate-cfg': 'yes',
+      'force-template-values': 'no',
+      'validate-only': 'yes'
+    }
   } }
 i = { show: { query: { result: { id: 10_438 } } } }
@@ -61,64 +67,39 @@ i = { show: { query: { result: { id: 10_438 } } } }
 # hit counts:
 device_group = 'PLAYGROUND'
-l = {
+hc1 = {
   show: {
-    'rule-hit-count': [{
+    'rule-hit-count': {
       'device-group': [{
-        entry: [{
-          name: device_group
-        }, {
-          'pre-rulebase': [{
-            entry: [{
-              name: 'security'
-            }, {
-              rules: 'all'
-            }]
-          }]
+        name: device_group,
+        'pre-rulebase': [{
+          name: 'security',
+          rules: ['all']
         }]
       }]
-    }]
+    }
   }
 }
 # hit count for one rule, with more details:
 rule_name = 'Rule 27'
-l = {
+hc2 = {
   show: {
-    'rule-hit-count': [{
+    'rule-hit-count': {
       'device-group': [{
-        entry: [{
-          name: device_group
-        }, {
-          'pre-rulebase': [{
-            entry: [{
-              name: 'security'
-            }, {
-              rules: {
-                'rule-name': [{
-                  entry: [{
-                    name: rule_name
-                  }]
-                }]
-              }
-            }]
-          }]
+        name: device_group,
+        'pre-rulebase': [{
+          name: 'security',
+          rules: { 'rule-name': [{ name: rule_name }] }
         }]
       }]
-    }]
+    }
   }
 }
 client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!', debug: %i[sent received])
-# pp client.op.execute(a)
-# pp client.op.execute(b)
-# pp client.op.execute(c)
-pp client.op.execute(d)
-puts '---------------------------'
-pp client.op.execute(e)
-puts '---------------------------'
-# pp client.op.execute(f)
-pp client.op.execute(k)
+[a, b, c, d, e, f, g, h, j, k, l, m, push_to_device, p, i, hc1, hc2].each do |cmd|
+  puts client.op.to_xml(cmd)
+  puts '---------------------------'
+end