RubyGems - palo_alto - Versions diffs - 0.5.0 → 0.6.0 - Mend

palo_alto 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +2 -0
data/README.md +1 -0
data/examples/test_config.rb +31 -15
data/examples/test_op.rb +52 -73
data/lib/palo_alto/config.rb +75269 -51836
data/lib/palo_alto/op.rb +59 -38
data/lib/palo_alto/version.rb +1 -1
data/lib/palo_alto.rb +120 -56
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99770a923e262b0fbbf0fbc9a24008a2d31dcd863e59db9c583d15337679e0c8
-  data.tar.gz: e1387ace8b607aebebc4d11c73c82dc3c112a6ddb2ceb1744fcad50b0233322c
+  metadata.gz: 5d9a8a70e1915fa8ed130e98c55d91a5851d385d7adcc1c13a18077771c3a0b2
+  data.tar.gz: 41ef6c1bcfc5021a949bd4636bf18821912afc5f2e71e6e941bcd27ff55ee03a
 SHA512:
-  metadata.gz: 3ca35a0bb12cf88ab772ddd57f8aac60f4d913b38f844b6dbd3b5c9cf6d7cdfe028c5d98506df597075908ca34e60eecfe8b3e9333d1d3eec669f19610b9bf24
-  data.tar.gz: 89f6c2e888e1f2093aa0b2d1563de4b3e23f13ed1d3b48ef41dcbf3b25b4948acea6d399f2dea7b231636ec2417077ebae4286eb47b2e77425987f5bd1c18cb3
+  metadata.gz: 96efd9b2de4059173e9ec726481a5ef2c931a302e8bef4e1ab54cb7655771cbcbb6460165ebe30c0912a089dbbcf16d635af2c9189f345c979312a8fc60cf92f
+  data.tar.gz: 0d9eb96a1be8439b55b5a56e3d60fb40935b86cf950c2c329074b930ac14cd70f79594931e5aacfda3793fb16a0d78c3062c6a5b2db76496900188dbe383a196

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,5 @@
+Version 0.5.1: Breaking changes for op commands, to be able to build more complex scenarios
+Version 0.5.0: Update schema for Panorama 11.0
 Version 0.4.1: Update schema for Panorama 10.2 for op commands
 Version 0.4.0: Update schema for Panorama 10.2 for config
 Version 0.3.0: Update schema for Panorama 10.1

data/README.md CHANGED Viewed

@@ -4,5 +4,6 @@ Works for me :)
 - Version 0.3.x: Panorama 10.1
 - Version 0.4.x: Panorama 10.2
 - Version 0.5.x: Panorama 11.0
+- Version 0.6.x: Panorama 11.1
 You can find examples on how to use this module in the examples/ directory

data/examples/test_config.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 require 'palo_alto'
 client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!',
@@ -6,11 +8,11 @@ dg = 'PLAYGROUND'
 # create a tag
 tag_name = 'test'
 new_tag = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).tag.entry(name: tag_name).create!
 new_tag.color = 'color23'
-new_tag.push!
+new_tag.set!
+# get rules
 # filtered rules:
 # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
 #                .entry{ (child(:source).child(:member).text == "Net_10.1.1.0-24").or(child(:destination).child(:member).text == 'Net_10.1.1.0-24') }
@@ -19,46 +21,60 @@ new_tag.push!
 # or:
 #
 # filter = (PaloAlto.child(:source).child(:member).text == "Net_10.1.1.0-24").or(PaloAlto.child(:destination).child(:member).text == 'Net_10.1.1.0-24')
-# puts filter.to_xpath
+# puts filter.to_xpath # prints generated Xpath filter
 # => ./source/member/text()='Net_10.1.1.0-24'or./destination/member/text()='Net_10.1.1.0-24'
 #
 # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
 #               .entry{filter}.get_all
-#
 # also more advanced filters are possible:
-# PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
+# filter = PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
 #   PaloAlto.parenthesis(
 #     (PaloAlto.child(:tag).child(:member) == 'ips_enabled').or(
 #       PaloAlto.child(:tag).child(:member) == 'ips_force_enabled'
 #     )
 #   )
-# ).to_xpath
-#
+# )
+# puts filter.to_xpath
 # => not(./profile-setting/group/member='IPS-Policy')and(./tag/member='ips_enabled'or./tag/member='ips_force_enabled')
 rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.entry{}.get_all
-rules.reject! { |rule| rule.api_attributes['loc'] != dg } # remove rules inherited from upper device groups from array
+rules.select! { |rule| rule.api_attributes['loc'] == dg } # filter rules inherited from upper device groups
 pp rules
 pp rules.length
-pp rules.first.api_attributes # attributes like uuid and loc
-pp rules.first.values # values as hash
 rule = rules.first
+pp rule.api_attributes # attributes like uuid and loc
+pp rule.values # values as hash
 rule.tag.member = [new_tag.name]
 rule.group_tag = new_tag.name
 rule.description += '....'
-rule.push!
+rule.edit!
+# renaming rules
 puts rule.to_xpath
 rule.rename!('Test 1')
 puts rule.to_xpath
-pp rule.name
+puts rule.name
-exit 0
+# Bulk changes on multiple rules:
+rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.get
+rules.entries.each do |name, rule|
+  next unless rule.values.dig('profile-setting', 'group', 'member') == ['Internal-detect']
+  rule.profile_setting.group.member = ['Internal']
+  # to remove profile-setting: rule.delete_child('profile-setting')
+end
+puts "Pushing all rules to #{rules.to_xpath}"
+rules.edit!
 # create a new template
 new_template = client.config.devices.entry(name: 'localhost.localdomain').template.entry(name: 'testtemplate').create!
-new_template.push!
+new_template.set!
+exit 0

data/examples/test_op.rb CHANGED Viewed

@@ -1,31 +1,33 @@
-require 'palo_alto'
+# frozen_string_literal: true
-a = { commit: { partial: [
-  { admin: ['admin'] },
-  'no-template',
-  'no-template-stack',
-  'no-log-collector',
-  'no-log-collector-group',
-  'no-wildfire-appliance',
-  'no-wildfire-appliance-cluster',
-  { 'device-and-network': 'excluded' },
-  { 'shared-object': 'excluded' }
-] } }
+require 'palo_alto'
+load '/usr/share/panorama-api/new_op.rb'
+a = { commit: { partial:
+  { admin: ['admin'],
+    'no-template': true,
+    'no-template-stack': true,
+    'no-log-collector': true,
+    'no-log-collector-group': true,
+    'no-wildfire-appliance': true,
+    'no-wildfire-appliance-cluster': true,
+    'device-and-network': 'excluded',
+    'shared-object': 'excluded' } } }
 b = { show: { devices: 'all' } }
 c = { revert: { config: {
-  partial: [
-    { admin: ['admin'] },
-    'no-template',
-    'no-template-stack',
-    'no-log-collector',
-    'no-log-collector-group',
-    'no-wildfire-appliance',
-    'no-wildfire-appliance-cluster',
-    { 'device-and-network': 'excluded' },
-    { 'shared-object': 'excluded' }
-  ]
+  partial: {
+    admin: ['admin'],
+    'no-template': true,
+    'no-template-stack': true,
+    'no-log-collector': true,
+    'no-log-collector-group': true,
+    'no-wildfire-appliance': true,
+    'no-wildfire-appliance-cluster': true,
+    'device-and-network': 'excluded',
+    'shared-object': 'excluded'
+  }
 } } }
 d = { commit: nil }
@@ -44,18 +46,20 @@ k = { check: 'full-commit-required' }
 l = { show: { config: { 'commit-scope': { partial: { admin: ['admin'] } } } } }
+m = { show: { config: { 'commit-scope': { partial: { admin: %w[admin1 admin2] } } } } }
 push_to_device = {	'commit-all': { 'shared-policy': { 'device-group': [{ name: 'TEST-DG' }] } } }
 # validate:
 p = {	'commit-all':
   {
-    'shared-policy': [
-      { 'device-group': [{ name: 'PLAYGROUND' }] },
-      { 'include-template': 'yes' },
-      { 'merge-with-candidate-cfg': 'yes' },
-      { 'force-template-values': 'no' },
-      { 'validate-only': 'yes' }
-    ]
+    'shared-policy': {
+      'device-group': [{ name: 'PLAYGROUND' }],
+      'include-template': 'yes',
+      'merge-with-candidate-cfg': 'yes',
+      'force-template-values': 'no',
+      'validate-only': 'yes'
+    }
   } }
 i = { show: { query: { result: { id: 10_438 } } } }
@@ -63,64 +67,39 @@ i = { show: { query: { result: { id: 10_438 } } } }
 # hit counts:
 device_group = 'PLAYGROUND'
-l = {
+hc1 = {
   show: {
-    'rule-hit-count': [{
+    'rule-hit-count': {
       'device-group': [{
-        entry: [{
-          name: device_group
-        }, {
-          'pre-rulebase': [{
-            entry: [{
-              name: 'security'
-            }, {
-              rules: 'all'
-            }]
-          }]
+        name: device_group,
+        'pre-rulebase': [{
+          name: 'security',
+          rules: ['all']
         }]
       }]
-    }]
+    }
   }
 }
 # hit count for one rule, with more details:
 rule_name = 'Rule 27'
-l = {
+hc2 = {
   show: {
-    'rule-hit-count': [{
+    'rule-hit-count': {
       'device-group': [{
-        entry: [{
-          name: device_group
-        }, {
-          'pre-rulebase': [{
-            entry: [{
-              name: 'security'
-            }, {
-              rules: {
-                'rule-name': [{
-                  entry: [{
-                    name: rule_name
-                  }]
-                }]
-              }
-            }]
-          }]
+        name: device_group,
+        'pre-rulebase': [{
+          name: 'security',
+          rules: { 'rule-name': [{ name: rule_name }] }
         }]
       }]
-    }]
+    }
   }
 }
 client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!', debug: %i[sent received])
-# pp client.op.execute(a)
-# pp client.op.execute(b)
-# pp client.op.execute(c)
-pp client.op.execute(d)
-puts '---------------------------'
-pp client.op.execute(e)
-puts '---------------------------'
-# pp client.op.execute(f)
-pp client.op.execute(k)
+[a, b, c, d, e, f, g, h, j, k, l, m, push_to_device, p, i, hc1, hc2].each do |cmd|
+  puts client.op.to_xml(cmd)
+  puts '---------------------------'
+end