palo_alto 0.4.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9654a19211c22214ca6a69527a71faf712c1e80349d386d6702a2290ac623ec0
4
- data.tar.gz: acdd59c33501c07cc8f078d9ba3401e96ba9e2d89a509921781df9a4c7a8e6d7
3
+ metadata.gz: 35c89839bc38cd0398a88bd1c12c701b27e86de98bd1012a6c9d939898e9982a
4
+ data.tar.gz: 4c7e1ac46cf17e7d0780e768c2923dfa457e8cda93b8b3e714057e5909c3e764
5
5
  SHA512:
6
- metadata.gz: 39ae97dc44e33c2b10f18c5363e0d9c627010dc665bc487f8b63adb7520da60b3cb9ebc33cef72d99db8548dbad0185b991d32d4bce04b8786f2d25ba1e4d012
7
- data.tar.gz: bd1a49b9dd0d6e26341b62a04c5ee8c215fcb53277eac0004686367b48132c4447ea143c027d4502644ca1d64285698988cf7b01569bd82bb3128a52048e9939
6
+ metadata.gz: 351d244c00165c18d7d94d1c0e35d820db16f6cb586d613fe0d682df00fd1f49c68846548effa82d6568521fac0cfff31c62135bd8dfc81bb7b96f8ad3181d02
7
+ data.tar.gz: 65bb8bf61772a2630edb8354f9eb6098e25aaef0c420413bb00995f0eab9f6b4ab8c7a4d964a87ecd8921b9b53da9ad133ad249872e33badd59a0957a74db04e
data/CHANGELOG.md CHANGED
@@ -1 +1,5 @@
1
+ Version 0.5.1: Breaking changes for op commands, to be able to build more complex scenarios
2
+ Version 0.5.0: Update schema for Panorama 11.0
3
+ Version 0.4.1: Update schema for Panorama 10.2 for op commands
4
+ Version 0.4.0: Update schema for Panorama 10.2 for config
1
5
  Version 0.3.0: Update schema for Panorama 10.1
data/README.md CHANGED
@@ -2,5 +2,7 @@ Works for me :)
2
2
 
3
3
  - Version 0.2.x: Panorama 10.0
4
4
  - Version 0.3.x: Panorama 10.1
5
+ - Version 0.4.x: Panorama 10.2
6
+ - Version 0.5.x: Panorama 11.0
5
7
 
6
8
  You can find examples on how to use this module in the examples/ directory
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'palo_alto'
2
4
 
3
5
  client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!',
@@ -6,11 +8,11 @@ dg = 'PLAYGROUND'
6
8
 
7
9
  # create a tag
8
10
  tag_name = 'test'
9
-
10
11
  new_tag = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).tag.entry(name: tag_name).create!
11
12
  new_tag.color = 'color23'
12
- new_tag.push!
13
+ new_tag.set!
13
14
 
15
+ # get rules
14
16
  # filtered rules:
15
17
  # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
16
18
  # .entry{ (child(:source).child(:member).text == "Net_10.1.1.0-24").or(child(:destination).child(:member).text == 'Net_10.1.1.0-24') }
@@ -19,46 +21,60 @@ new_tag.push!
19
21
  # or:
20
22
  #
21
23
  # filter = (PaloAlto.child(:source).child(:member).text == "Net_10.1.1.0-24").or(PaloAlto.child(:destination).child(:member).text == 'Net_10.1.1.0-24')
22
- # puts filter.to_xpath
24
+ # puts filter.to_xpath # prints generated Xpath filter
23
25
  # => ./source/member/text()='Net_10.1.1.0-24'or./destination/member/text()='Net_10.1.1.0-24'
24
26
  #
25
27
  # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
26
28
  # .entry{filter}.get_all
27
- #
29
+
28
30
  # also more advanced filters are possible:
29
- # PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
31
+ # filter = PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
30
32
  # PaloAlto.parenthesis(
31
33
  # (PaloAlto.child(:tag).child(:member) == 'ips_enabled').or(
32
34
  # PaloAlto.child(:tag).child(:member) == 'ips_force_enabled'
33
35
  # )
34
36
  # )
35
- # ).to_xpath
36
- #
37
+ # )
38
+ # puts filter.to_xpath
37
39
  # => not(./profile-setting/group/member='IPS-Policy')and(./tag/member='ips_enabled'or./tag/member='ips_force_enabled')
38
40
 
39
41
  rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.entry{}.get_all
40
42
 
41
- rules.reject! { |rule| rule.api_attributes['loc'] != dg } # remove rules inherited from upper device groups from array
43
+ rules.select! { |rule| rule.api_attributes['loc'] == dg } # filter rules inherited from upper device groups
42
44
 
43
45
  pp rules
44
46
  pp rules.length
45
47
 
46
- pp rules.first.api_attributes # attributes like uuid and loc
47
- pp rules.first.values # values as hash
48
-
49
48
  rule = rules.first
49
+
50
+ pp rule.api_attributes # attributes like uuid and loc
51
+ pp rule.values # values as hash
52
+
50
53
  rule.tag.member = [new_tag.name]
51
54
  rule.group_tag = new_tag.name
52
55
  rule.description += '....'
53
- rule.push!
56
+ rule.edit!
54
57
 
58
+ # renaming rules
55
59
  puts rule.to_xpath
56
60
  rule.rename!('Test 1')
57
61
  puts rule.to_xpath
58
- pp rule.name
62
+ puts rule.name
59
63
 
60
- exit 0
64
+ # Bulk changes on multiple rules:
65
+ rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.get
66
+
67
+ rules.entries.each do |name, rule|
68
+ next unless rule.values.dig('profile-setting', 'group', 'member') == ['Internal-detect']
69
+
70
+ rule.profile_setting.group.member = ['Internal']
71
+ # to remove profile-setting: rule.delete_child('profile-setting')
72
+ end
73
+ puts "Pushing all rules to #{rules.to_xpath}"
74
+ rules.edit!
61
75
 
62
76
  # create a new template
63
77
  new_template = client.config.devices.entry(name: 'localhost.localdomain').template.entry(name: 'testtemplate').create!
64
- new_template.push!
78
+ new_template.set!
79
+
80
+ exit 0
data/examples/test_op.rb CHANGED
@@ -1,31 +1,33 @@
1
- require 'palo_alto'
1
+ # frozen_string_literal: true
2
2
 
3
- a = { commit: { partial: [
4
- { admin: ['admin'] },
5
- 'no-template',
6
- 'no-template-stack',
7
- 'no-log-collector',
8
- 'no-log-collector-group',
9
- 'no-wildfire-appliance',
10
- 'no-wildfire-appliance-cluster',
11
- { 'device-and-network': 'excluded' },
12
- { 'shared-object': 'excluded' }
13
- ] } }
3
+ require 'palo_alto'
4
+ load '/usr/share/panorama-api/new_op.rb'
5
+
6
+ a = { commit: { partial:
7
+ { admin: ['admin'],
8
+ 'no-template': true,
9
+ 'no-template-stack': true,
10
+ 'no-log-collector': true,
11
+ 'no-log-collector-group': true,
12
+ 'no-wildfire-appliance': true,
13
+ 'no-wildfire-appliance-cluster': true,
14
+ 'device-and-network': 'excluded',
15
+ 'shared-object': 'excluded' } } }
14
16
 
15
17
  b = { show: { devices: 'all' } }
16
18
 
17
19
  c = { revert: { config: {
18
- partial: [
19
- { admin: ['admin'] },
20
- 'no-template',
21
- 'no-template-stack',
22
- 'no-log-collector',
23
- 'no-log-collector-group',
24
- 'no-wildfire-appliance',
25
- 'no-wildfire-appliance-cluster',
26
- { 'device-and-network': 'excluded' },
27
- { 'shared-object': 'excluded' }
28
- ]
20
+ partial: {
21
+ admin: ['admin'],
22
+ 'no-template': true,
23
+ 'no-template-stack': true,
24
+ 'no-log-collector': true,
25
+ 'no-log-collector-group': true,
26
+ 'no-wildfire-appliance': true,
27
+ 'no-wildfire-appliance-cluster': true,
28
+ 'device-and-network': 'excluded',
29
+ 'shared-object': 'excluded'
30
+ }
29
31
  } } }
30
32
 
31
33
  d = { commit: nil }
@@ -42,18 +44,22 @@ j = { show: { jobs: { id: 12_431 } } }
42
44
 
43
45
  k = { check: 'full-commit-required' }
44
46
 
47
+ l = { show: { config: { 'commit-scope': { partial: { admin: ['admin'] } } } } }
48
+
49
+ m = { show: { config: { 'commit-scope': { partial: { admin: %w[admin1 admin2] } } } } }
50
+
45
51
  push_to_device = { 'commit-all': { 'shared-policy': { 'device-group': [{ name: 'TEST-DG' }] } } }
46
52
 
47
53
  # validate:
48
54
  p = { 'commit-all':
49
55
  {
50
- 'shared-policy': [
51
- { 'device-group': [{ name: 'PLAYGROUND' }] },
52
- { 'include-template': 'yes' },
53
- { 'merge-with-candidate-cfg': 'yes' },
54
- { 'force-template-values': 'no' },
55
- { 'validate-only': 'yes' }
56
- ]
56
+ 'shared-policy': {
57
+ 'device-group': [{ name: 'PLAYGROUND' }],
58
+ 'include-template': 'yes',
59
+ 'merge-with-candidate-cfg': 'yes',
60
+ 'force-template-values': 'no',
61
+ 'validate-only': 'yes'
62
+ }
57
63
  } }
58
64
 
59
65
  i = { show: { query: { result: { id: 10_438 } } } }
@@ -61,64 +67,39 @@ i = { show: { query: { result: { id: 10_438 } } } }
61
67
  # hit counts:
62
68
  device_group = 'PLAYGROUND'
63
69
 
64
- l = {
70
+ hc1 = {
65
71
  show: {
66
- 'rule-hit-count': [{
72
+ 'rule-hit-count': {
67
73
  'device-group': [{
68
- entry: [{
69
- name: device_group
70
- }, {
71
- 'pre-rulebase': [{
72
- entry: [{
73
- name: 'security'
74
- }, {
75
- rules: 'all'
76
- }]
77
- }]
74
+ name: device_group,
75
+ 'pre-rulebase': [{
76
+ name: 'security',
77
+ rules: ['all']
78
78
  }]
79
79
  }]
80
- }]
80
+ }
81
81
  }
82
82
  }
83
83
 
84
84
  # hit count for one rule, with more details:
85
85
  rule_name = 'Rule 27'
86
- l = {
86
+ hc2 = {
87
87
  show: {
88
- 'rule-hit-count': [{
88
+ 'rule-hit-count': {
89
89
  'device-group': [{
90
- entry: [{
91
- name: device_group
92
- }, {
93
- 'pre-rulebase': [{
94
- entry: [{
95
- name: 'security'
96
- }, {
97
- rules: {
98
- 'rule-name': [{
99
- entry: [{
100
- name: rule_name
101
- }]
102
- }]
103
- }
104
- }]
105
- }]
90
+ name: device_group,
91
+ 'pre-rulebase': [{
92
+ name: 'security',
93
+ rules: { 'rule-name': [{ name: rule_name }] }
106
94
  }]
107
95
  }]
108
- }]
96
+ }
109
97
  }
110
98
  }
111
99
 
112
100
  client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!', debug: %i[sent received])
113
101
 
114
- # pp client.op.execute(a)
115
- # pp client.op.execute(b)
116
- # pp client.op.execute(c)
117
- pp client.op.execute(d)
118
- puts '---------------------------'
119
- pp client.op.execute(e)
120
- puts '---------------------------'
121
-
122
- # pp client.op.execute(f)
123
-
124
- pp client.op.execute(k)
102
+ [a, b, c, d, e, f, g, h, j, k, l, m, push_to_device, p, i, hc1, hc2].each do |cmd|
103
+ puts client.op.to_xml(cmd)
104
+ puts '---------------------------'
105
+ end