palo_alto 0.5.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99770a923e262b0fbbf0fbc9a24008a2d31dcd863e59db9c583d15337679e0c8
-  data.tar.gz: e1387ace8b607aebebc4d11c73c82dc3c112a6ddb2ceb1744fcad50b0233322c
+  metadata.gz: 35c89839bc38cd0398a88bd1c12c701b27e86de98bd1012a6c9d939898e9982a
+  data.tar.gz: 4c7e1ac46cf17e7d0780e768c2923dfa457e8cda93b8b3e714057e5909c3e764
 SHA512:
-  metadata.gz: 3ca35a0bb12cf88ab772ddd57f8aac60f4d913b38f844b6dbd3b5c9cf6d7cdfe028c5d98506df597075908ca34e60eecfe8b3e9333d1d3eec669f19610b9bf24
-  data.tar.gz: 89f6c2e888e1f2093aa0b2d1563de4b3e23f13ed1d3b48ef41dcbf3b25b4948acea6d399f2dea7b231636ec2417077ebae4286eb47b2e77425987f5bd1c18cb3
+  metadata.gz: 351d244c00165c18d7d94d1c0e35d820db16f6cb586d613fe0d682df00fd1f49c68846548effa82d6568521fac0cfff31c62135bd8dfc81bb7b96f8ad3181d02
+  data.tar.gz: 65bb8bf61772a2630edb8354f9eb6098e25aaef0c420413bb00995f0eab9f6b4ab8c7a4d964a87ecd8921b9b53da9ad133ad249872e33badd59a0957a74db04e

data/CHANGELOG.md

@@ -1,3 +1,5 @@
+Version 0.5.1: Breaking changes for op commands, to be able to build more complex scenarios
+Version 0.5.0: Update schema for Panorama 11.0
 Version 0.4.1: Update schema for Panorama 10.2 for op commands
 Version 0.4.0: Update schema for Panorama 10.2 for config
 Version 0.3.0: Update schema for Panorama 10.1

data/examples/test_config.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'palo_alto'
 
 client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!',
@@ -6,11 +8,11 @@ dg = 'PLAYGROUND'
 
 # create a tag
 tag_name = 'test'
-
 new_tag = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).tag.entry(name: tag_name).create!
 new_tag.color = 'color23'
-new_tag.push!
+new_tag.set!
 
+# get rules
 # filtered rules:
 # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
 #                .entry{ (child(:source).child(:member).text == "Net_10.1.1.0-24").or(child(:destination).child(:member).text == 'Net_10.1.1.0-24') }
@@ -19,46 +21,60 @@ new_tag.push!
 # or:
 #
 # filter = (PaloAlto.child(:source).child(:member).text == "Net_10.1.1.0-24").or(PaloAlto.child(:destination).child(:member).text == 'Net_10.1.1.0-24')
-# puts filter.to_xpath
+# puts filter.to_xpath # prints generated Xpath filter
 # => ./source/member/text()='Net_10.1.1.0-24'or./destination/member/text()='Net_10.1.1.0-24'
 #
 # rules = client.config.devices.entry(name:'localhost.localdomain').device_group.entry(name: 'PLAYGROUND').pre_rulebase.security.rules
 #               .entry{filter}.get_all
-#
+
 # also more advanced filters are possible:
-# PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
+# filter = PaloAlto.not(PaloAlto.child(:'profile-setting').child(:group).child(:member) == 'IPS-Policy').and(
 #   PaloAlto.parenthesis(
 #     (PaloAlto.child(:tag).child(:member) == 'ips_enabled').or(
 #       PaloAlto.child(:tag).child(:member) == 'ips_force_enabled'
 #     )
 #   )
-# ).to_xpath
-#
+# )
+# puts filter.to_xpath
 # => not(./profile-setting/group/member='IPS-Policy')and(./tag/member='ips_enabled'or./tag/member='ips_force_enabled')
 
 rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.entry{}.get_all
 
-rules.reject! { |rule| rule.api_attributes['loc'] != dg } # remove rules inherited from upper device groups from array
+rules.select! { |rule| rule.api_attributes['loc'] == dg } # filter rules inherited from upper device groups
 
 pp rules
 pp rules.length
 
-pp rules.first.api_attributes # attributes like uuid and loc
-pp rules.first.values # values as hash
-
 rule = rules.first
+
+pp rule.api_attributes # attributes like uuid and loc
+pp rule.values # values as hash
+
 rule.tag.member = [new_tag.name]
 rule.group_tag = new_tag.name
 rule.description += '....'
-rule.push!
+rule.edit!
 
+# renaming rules
 puts rule.to_xpath
 rule.rename!('Test 1')
 puts rule.to_xpath
-pp rule.name
+puts rule.name
 
-exit 0
+# Bulk changes on multiple rules:
+rules = client.config.devices.entry(name: 'localhost.localdomain').device_group.entry(name: dg).pre_rulebase.security.rules.get
+
+rules.entries.each do |name, rule|
+  next unless rule.values.dig('profile-setting', 'group', 'member') == ['Internal-detect']
+ 
+  rule.profile_setting.group.member = ['Internal']
+  # to remove profile-setting: rule.delete_child('profile-setting')
+end
+puts "Pushing all rules to #{rules.to_xpath}"
+rules.edit!
 
 # create a new template
 new_template = client.config.devices.entry(name: 'localhost.localdomain').template.entry(name: 'testtemplate').create!
-new_template.push!
+new_template.set!
+
+exit 0

data/examples/test_op.rb

@@ -1,31 +1,33 @@
-require 'palo_alto'
+# frozen_string_literal: true
 
-a = { commit: { partial: [
-  { admin: ['admin'] },
-  'no-template',
-  'no-template-stack',
-  'no-log-collector',
-  'no-log-collector-group',
-  'no-wildfire-appliance',
-  'no-wildfire-appliance-cluster',
-  { 'device-and-network': 'excluded' },
-  { 'shared-object': 'excluded' }
-] } }
+require 'palo_alto'
+load '/usr/share/panorama-api/new_op.rb'
+
+a = { commit: { partial:
+  { admin: ['admin'],
+    'no-template': true,
+    'no-template-stack': true,
+    'no-log-collector': true,
+    'no-log-collector-group': true,
+    'no-wildfire-appliance': true,
+    'no-wildfire-appliance-cluster': true,
+    'device-and-network': 'excluded',
+    'shared-object': 'excluded' } } }
 
 b = { show: { devices: 'all' } }
 
 c = { revert: { config: {
-  partial: [
-    { admin: ['admin'] },
-    'no-template',
-    'no-template-stack',
-    'no-log-collector',
-    'no-log-collector-group',
-    'no-wildfire-appliance',
-    'no-wildfire-appliance-cluster',
-    { 'device-and-network': 'excluded' },
-    { 'shared-object': 'excluded' }
-  ]
+  partial: {
+    admin: ['admin'],
+    'no-template': true,
+    'no-template-stack': true,
+    'no-log-collector': true,
+    'no-log-collector-group': true,
+    'no-wildfire-appliance': true,
+    'no-wildfire-appliance-cluster': true,
+    'device-and-network': 'excluded',
+    'shared-object': 'excluded'
+  }
 } } }
 
 d = { commit: nil }
@@ -44,18 +46,20 @@ k = { check: 'full-commit-required' }
 
 l = { show: { config: { 'commit-scope': { partial: { admin: ['admin'] } } } } }
 
+m = { show: { config: { 'commit-scope': { partial: { admin: %w[admin1 admin2] } } } } }
+
 push_to_device = {	'commit-all': { 'shared-policy': { 'device-group': [{ name: 'TEST-DG' }] } } }
 
 # validate:
 p = {	'commit-all':
   {
-    'shared-policy': [
-      { 'device-group': [{ name: 'PLAYGROUND' }] },
-      { 'include-template': 'yes' },
-      { 'merge-with-candidate-cfg': 'yes' },
-      { 'force-template-values': 'no' },
-      { 'validate-only': 'yes' }
-    ]
+    'shared-policy': {
+      'device-group': [{ name: 'PLAYGROUND' }],
+      'include-template': 'yes',
+      'merge-with-candidate-cfg': 'yes',
+      'force-template-values': 'no',
+      'validate-only': 'yes'
+    }
   } }
 
 i = { show: { query: { result: { id: 10_438 } } } }
@@ -63,64 +67,39 @@ i = { show: { query: { result: { id: 10_438 } } } }
 # hit counts:
 device_group = 'PLAYGROUND'
 
-l = {
+hc1 = {
   show: {
-    'rule-hit-count': [{
+    'rule-hit-count': {
       'device-group': [{
-        entry: [{
-          name: device_group
-        }, {
-          'pre-rulebase': [{
-            entry: [{
-              name: 'security'
-            }, {
-              rules: 'all'
-            }]
-          }]
+        name: device_group,
+        'pre-rulebase': [{
+          name: 'security',
+          rules: ['all']
         }]
       }]
-    }]
+    }
   }
 }
 
 # hit count for one rule, with more details:
 rule_name = 'Rule 27'
-l = {
+hc2 = {
   show: {
-    'rule-hit-count': [{
+    'rule-hit-count': {
       'device-group': [{
-        entry: [{
-          name: device_group
-        }, {
-          'pre-rulebase': [{
-            entry: [{
-              name: 'security'
-            }, {
-              rules: {
-                'rule-name': [{
-                  entry: [{
-                    name: rule_name
-                  }]
-                }]
-              }
-            }]
-          }]
+        name: device_group,
+        'pre-rulebase': [{
+          name: 'security',
+          rules: { 'rule-name': [{ name: rule_name }] }
         }]
       }]
-    }]
+    }
   }
 }
 
 client = PaloAlto::XML.new(host: 'panorama-test', username: 'admin', password: 'Admin123!', debug: %i[sent received])
 
-# pp client.op.execute(a)
-# pp client.op.execute(b)
-# pp client.op.execute(c)
-pp client.op.execute(d)
-puts '---------------------------'
-pp client.op.execute(e)
-puts '---------------------------'
-
-# pp client.op.execute(f)
-
-pp client.op.execute(k)
+[a, b, c, d, e, f, g, h, j, k, l, m, push_to_device, p, i, hc1, hc2].each do |cmd|
+  puts client.op.to_xml(cmd)
+  puts '---------------------------'
+end

data/lib/palo_alto/config.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-# generated: 2023-11-22 12:05:10 +0100
+# generated: 2024-03-22 15:42:08 +0100
 # rubocop:disable Style/FrozenStringLiteralComment
 require 'openssl'
 require 'nokogiri'
@@ -494,9 +494,8 @@ end
 raise(ArgumentError, "Nothing matching found for #{value.inspect} (#{prop_hash.inspect})")
 end
 end
-def xml_builder(xml, full_tree: false)
-keys = self._class.props.keys
-keys.map do |k|
+def xml_builder(xml, full_tree: false, tag_filter: nil)
+self._class.props.keys.select { |key| tag_filter.nil? || tag_filter.include?(key) }.map do |k|
 next if k.start_with?('@')
 v = prop_get(k, include_defaults: false)
 next if v.nil?
@@ -508,6 +507,7 @@ end
 end
 if full_tree
 @subclasses.each do |tag_name, subclass|
+next if tag_filter && !tag_filter.include?(tag_name)
 if subclass.is_a?(Hash)
 subclass.each do |k2, subclass2|
 tag_attr = k2.merge(subclass2.api_attributes.select { |attr, _| %w(uuid).include?(attr)})
@@ -625,14 +625,14 @@ my_prop = self._class.props[prop] or raise(InternalErrorException,
 "Unknown attribute for #{self._class}: #{prop}")
 @values[prop] = enforce_types(my_prop, value)
 end
-def to_xml(full_tree:, include_root:)
+def to_xml(tag_filter: nil, full_tree:, include_root:)
 builder = Nokogiri::XML::Builder.new do |xml|
 xml.public_send(_section, begin
 selector
 rescue StandardError
 nil
 end) do
-xml_builder(xml, full_tree: full_tree)
+xml_builder(xml, full_tree: full_tree, tag_filter: tag_filter)
 end
 end
 if include_root
@@ -652,12 +652,12 @@ element: xml_str
 @client.execute(payload)
 end
 alias :push! :edit!
-def set!
-xml_str = to_xml(full_tree: true, include_root: true)
+def set!(tag_filter: nil)
+xml_str = to_xml(full_tree: true, include_root: false, tag_filter: tag_filter)
 payload = {
 type: 'config',
 action: 'set',
-xpath: parent_instance.to_xpath,
+xpath: to_xpath,
 element: xml_str
 }
 @client.execute(payload)
@@ -23659,6 +23659,66 @@ def has_multiple_values?; false; end
 def _section
 :entry
 end
+class CustomWidget < XML::ConfigClass
+def has_multiple_values?; true; end
+def _section
+:'custom-widget'
+end
+class Entry < ArrayConfigClass
+def has_multiple_values?; false; end
+def _section
+:entry
+end
+@props = {'@name'=>{'node-type'=>'attr-req', 'type'=>'string', 'maxlen'=>'31', 'help-string'=>'positive number', 'regex'=>'[1-9][0-9]*'}, 'predefined-report'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'custom-report'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'pdf-summary-report'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'log-view'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'csv'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}}
+# positive number
+def name
+prop_get('@name')
+end
+def predefined_report
+prop_get('predefined-report')
+end
+def predefined_report=(val)
+prop_set('predefined-report', val)
+end
+def custom_report
+prop_get('custom-report')
+end
+def custom_report=(val)
+prop_set('custom-report', val)
+end
+def pdf_summary_report
+prop_get('pdf-summary-report')
+end
+def pdf_summary_report=(val)
+prop_set('pdf-summary-report', val)
+end
+def log_view
+prop_get('log-view')
+end
+def log_view=(val)
+prop_set('log-view', val)
+end
+def csv
+prop_get('csv')
+end
+def csv=(val)
+prop_set('csv', val)
+end
+end
+def selector_subclasses
+['entry']
+end
+def entries
+return @subclasses['entry']
+end
+def entry(*args, &block)
+array_class_setter(*args, klass: Entry, section: 'entry', &block)
+end
+@props = {}
+end
+def custom_widget
+maybe_register_subclass('custom-widget', CustomWidget.new(parent_instance: self, client: @client, create_children: @create_children))
+end
 class All < XML::ConfigClass
 def has_multiple_values?; true; end
 def _section
@@ -23813,7 +23873,7 @@ end
 def variable
 maybe_register_subclass('variable', Variable.new(parent_instance: self, client: @client, create_children: @create_children))
 end
-@props = {'@name'=>{'node-type'=>'attr-req', 'type'=>'string', 'maxlen'=>'63', 'subtype'=>'object-name', 'help-string'=>'alphanumeric string [ 0-9a-zA-Z._-]'}, 'title-page'=>{'node-type'=>'element', 'type'=>'bool', 'optional'=>'yes'}}
+@props = {'@name'=>{'node-type'=>'attr-req', 'type'=>'string', 'maxlen'=>'63', 'subtype'=>'object-name', 'help-string'=>'alphanumeric string [ 0-9a-zA-Z._-]'}, 'title-page'=>{'node-type'=>'element', 'type'=>'bool', 'optional'=>'yes'}, 'predefined'=>{'node-type'=>'element', 'type'=>'enum', 'enum'=>[{'value'=>'user-activity-report'}, {'value'=>'saas-application-usage-report'}]}}
 # alphanumeric string [ 0-9a-zA-Z._-]
 def name
 prop_get('@name')
@@ -23824,6 +23884,12 @@ end
 def title_page=(val)
 prop_set('title-page', val)
 end
+def predefined
+prop_get('predefined')
+end
+def predefined=(val)
+prop_set('predefined', val)
+end
 end
 def selector_subclasses
 ['entry']
@@ -75590,6 +75656,60 @@ def has_multiple_values?; false; end
 def _section
 :entry
 end
+class CustomWidget < XML::ConfigClass
+def has_multiple_values?; true; end
+def _section
+:'custom-widget'
+end
+class Entry < ArrayConfigClass
+def has_multiple_values?; false; end
+def _section
+:entry
+end
+@props = {'@name'=>{'node-type'=>'attr-req', 'type'=>'string', 'maxlen'=>'31', 'help-string'=>'positive number', 'regex'=>'[1-9][0-9]*'}, 'custom-report'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'pdf-summary-report'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'log-view'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}, 'csv'=>{'node-type'=>'element', 'type'=>'string', 'maxlen'=>'63'}}
+# positive number
+def name
+prop_get('@name')
+end
+def custom_report
+prop_get('custom-report')
+end
+def custom_report=(val)
+prop_set('custom-report', val)
+end
+def pdf_summary_report
+prop_get('pdf-summary-report')
+end
+def pdf_summary_report=(val)
+prop_set('pdf-summary-report', val)
+end
+def log_view
+prop_get('log-view')
+end
+def log_view=(val)
+prop_set('log-view', val)
+end
+def csv
+prop_get('csv')
+end
+def csv=(val)
+prop_set('csv', val)
+end
+end
+def selector_subclasses
+['entry']
+end
+def entries
+return @subclasses['entry']
+end
+def entry(*args, &block)
+array_class_setter(*args, klass: Entry, section: 'entry', &block)
+end
+@props = {}
+end
+def custom_widget
+maybe_register_subclass('custom-widget', CustomWidget.new(parent_instance: self, client: @client, create_children: @create_children))
+end
 class All < XML::ConfigClass
 def has_multiple_values?; true; end
 def _section
@@ -75744,7 +75864,7 @@ end
 def variable
 maybe_register_subclass('variable', Variable.new(parent_instance: self, client: @client, create_children: @create_children))
 end
-@props = {'@name'=>{'node-type'=>'attr-req', 'type'=>'string', 'maxlen'=>'63', 'subtype'=>'object-name', 'help-string'=>'alphanumeric string [ 0-9a-zA-Z._-]'}, 'title-page'=>{'node-type'=>'element', 'type'=>'bool', 'optional'=>'yes'}}
+@props = {'@name'=>{'node-type'=>'attr-req', 'type'=>'string', 'maxlen'=>'63', 'subtype'=>'object-name', 'help-string'=>'alphanumeric string [ 0-9a-zA-Z._-]'}, 'title-page'=>{'node-type'=>'element', 'type'=>'bool', 'optional'=>'yes'}, 'predefined'=>{'node-type'=>'element', 'type'=>'enum', 'enum'=>[{'value'=>'user-activity-report'}, {'value'=>'saas-application-usage-report'}]}}
 # alphanumeric string [ 0-9a-zA-Z._-]
 def name
 prop_get('@name')
@@ -75755,6 +75875,12 @@ end
 def title_page=(val)
 prop_set('title-page', val)
 end
+def predefined
+prop_get('predefined')
+end
+def predefined=(val)
+prop_set('predefined', val)
+end
 end
 def selector_subclasses
 ['entry']

data/lib/palo_alto/op.rb

@@ -75,63 +75,84 @@ module PaloAlto
         end
       end
 
-      def xml_builder(xml, ops, obj)
-        case obj
+      def xml_builder_iter(xml, ops, data)
+        raise 'No Ops?!' if ops.nil?
+
+        case data
         when String
-          section = obj
-          data = nil
-        when Hash
-          section = obj.keys.first
-          data = obj[section]
+          section = data
+          data2 = nil
+          xml_builder(xml, ops, section, data2)
+        when Hash, Array
+          data.each do |section, data2|
+            xml_builder(xml, ops, section, data2)
+          end
         else
-          raise obj.pretty_inspect
-        end
-
-        unless ops.key?(section.to_s)
-          err = "Error #{section} does not exist. Valid: " + ops.keys.pretty_inspect
-          raise err
+          raise data.pretty_inspect
         end
+      end
 
-        ops_tree = ops[section.to_s]
-
-        section = escape_xpath_tag(section)
+      def xml_builder(xml, ops, section, data, type = ops[section.to_s]&.[](:obj))
+        ops_tree = ops[section.to_s] || raise("no ops tree for section #{section}, #{ops.keys.inspect}")
+        # pp [:xml_builder, :section, section, :type, type]
+        # obj = data
 
-        case ops_tree[:obj]
+        case type
         when :element
-          xml.public_send(section, data)
+          xml.public_send(escape_xpath_tag(section), data)
         when :array
-          xml.public_send(section) do
+          xml.public_send(escape_xpath_tag(section)) do
+            raise 'data is Hash and should be Array' if data.is_a?(Hash)
+
             data.each do |el|
               key = ops_tree.keys.first
-              xml.public_send(escape_xpath_tag(key), el)
+              case el
+              when Hash
+                attr = ops_tree[key].find { |_k, v| v.is_a?(Hash) && v[:obj] == :'attr-req' }.first
+                xml.public_send(escape_xpath_tag(key), { attr => el[attr.to_sym] }) do
+                  remaining_attrs = el.reject { |k, _v| k == attr.to_sym }
+
+                  if remaining_attrs.any?
+                    xml_builder(xml, ops_tree[key], remaining_attrs.keys.first.to_s, remaining_attrs.values.first,
+                                :array)
+                  end
+                end
+              when String
+                xml.public_send(key, el)
+              end
             end
           end
         when :sequence
-          if data.nil?
-            xml.send(section)
+          if data.nil? || data == true
+            xml.send(escape_xpath_tag(section))
           elsif data.is_a?(Hash)
-            xml.send(section)  do
-              xml_builder(xml, ops_tree, data)
+            xml.send(escape_xpath_tag(section)) do
+              xml_builder_iter(xml, ops_tree, data)
             end
-          else # array
+          else # array, what else could it be?!
+            raise "Unknown: #{attr.inspect}" unless data.is_a?(Array)
 
-            if data.is_a?(Array)
-              attr = data.find { |child| child.is_a?(Hash) && ops_tree[child.keys.first.to_s][:obj] == :'attr-req' }
-              data.delete(attr)
-            else
-              attr = {}
-            end
+            raise 'Too many hashes in an array, please update' if data.length > 1
+
+            key = ops_tree.keys.first
+            attr_name = ops_tree[key].find { |_k, v| v.is_a?(Hash) && v[:obj] == :'attr-req' }.first
+
+            hash = data.first.dup
+
+            data = [hash.reject { |k| k == attr_name.to_sym }]
+            attr = { attr_name => hash[attr_name.to_sym] }
 
-            xml.public_send(section, attr) do
-              data.each do |child|
-                xml_builder(xml, ops_tree, child)
+            xml.public_send(escape_xpath_tag(section)) do
+              xml.public_send(escape_xpath_tag(key), attr) do
+                data.each do |child|
+                  xml_builder_iter(xml, ops_tree[key], child)
+                end
               end
             end
           end
         when :union
-          k, v = obj.first
-          xml.send("#{k}_")  do
-            xml_builder(xml, ops_tree, v)
+          xml.public_send(escape_xpath_tag(section)) do
+            xml_builder_iter(xml, ops[section.to_s], data)
           end
         else
           raise ops_tree[:obj].pretty_inspect
@@ -141,7 +162,7 @@ module PaloAlto
 
       def to_xml(obj)
         builder = Nokogiri::XML::Builder.new do |xml|
-          xml_builder(xml, @@ops, obj)
+          xml_builder_iter(xml, @@ops, obj)
         end
         builder.doc.root.to_xml
       end

data/lib/palo_alto/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PaloAlto
-  VERSION = '0.5.0'
+  VERSION = '0.5.1'
 end

data/lib/palo_alto.rb

@@ -129,6 +129,7 @@ module PaloAlto
           raise SessionTimedOutException
         when '400', '403'
           begin
+            pp [:error, options[:host], response.code, response.message]
             data = Nokogiri::XML.parse(response.body)
             message = data.xpath('//response/response/msg').text
             code = response.code.to_i
@@ -194,7 +195,7 @@ module PaloAlto
             new_xpath = 'response/result/' + search_xpath[(remove+2)..]
 
             results = cache.xpath(new_xpath)
-						xml = Nokogiri.parse("<?xml version=\"1.0\"?><response><result>#{results.to_s}</result></response>")
+            xml = Nokogiri.parse("<?xml version=\"1.0\"?><response><result>#{results.to_s}</result></response>")
 
             if debug.include?(:statistics)
               warn "Elapsed for parsing cache: #{Time.now - start_time} seconds"
@@ -215,7 +216,7 @@ module PaloAlto
         options[:verify_ssl] = verify_ssl
         options[:payload]    = payload
         options[:debug]      = debug
-        options[:timeout]    = timeout || 180
+        options[:timeout]    = timeout || 600
         options[:headers]    = if payload[:type] == 'keygen'
                                  {}
                                else
@@ -262,6 +263,7 @@ module PaloAlto
       rescue TemporaryException => e
         dont_retry_at = [
           'Partial revert is not allowed. Full system commit must be completed.',
+          'Local commit jobs are queued. Revert operation is not allowed.',
           'Config for scope ',
           'Config is not currently locked for scope ',
           'Commit lock is not currently held by',
@@ -275,7 +277,7 @@ module PaloAlto
         max_retries = if dont_retry_at.any? { |str| e.message.start_with?(str) }
                         0
                       elsif e.message.start_with?('Timed out while getting config lock. Please try again.')
-                        10
+                        30
                       else
                         1
                       end
@@ -321,23 +323,31 @@ module PaloAlto
       cmd = if all
               'commit'
             else
-              { commit: { partial: [
-                { 'admin': admins },
-                if device_groups
-                  device_groups.empty? ? 'no-device-group' : { 'device-group': device_groups }
-                end,
-                if templates
-                  templates.empty? ? 'no-template' : { 'template': templates }
-                end,
-                'no-template-stack',
-                'no-log-collector',
-                'no-log-collector-group',
-                'no-wildfire-appliance',
-                'no-wildfire-appliance-cluster',
-                { 'device-and-network': 'excluded' },
-                { 'shared-object': 'excluded' }
-              ].compact } }
+              commit_partial = {
+                'no-template-stack': true,
+                'no-log-collector': true,
+                'no-log-collector-group': true,
+                'no-wildfire-appliance': true,
+                'no-wildfire-appliance-cluster': true,
+                'device-and-network': 'excluded',
+                'shared-object': 'excluded'
+              }
+
+              if device_groups
+                commit_partial.merge!(device_groups.empty? ? {'no-device-group': true} : { 'device-group': device_groups })
+              end
+
+              if templates
+                commit_partial.merge!(templates.empty? ? {'no-template': true} : { 'template': templates })
+              end
+
+              if admins
+                commit_partial.merge!({'admin': admins})
+              end
+
+              { commit: { partial: commit_partial } }
             end
+
       result = op.execute(cmd)
 
       return result if raw_result
@@ -358,7 +368,7 @@ module PaloAlto
     def primary_active?
       cmd = { show: { 'high-availability': 'state' } }
       state = op.execute(cmd)
-      state.at_xpath('response/result/local-info/state').text == 'primary-active'
+      state.at_xpath('response/result/local-info/state')&.text == 'primary-active'
     end
 
     # area: config, commit
@@ -500,17 +510,17 @@ module PaloAlto
       cmd = if all
               { revert: 'config' }
             else
-              { revert: { config: { partial: [
-                { 'admin': [username] },
-                'no-template',
-                'no-template-stack',
-                'no-log-collector',
-                'no-log-collector-group',
-                'no-wildfire-appliance',
-                'no-wildfire-appliance-cluster',
-                { 'device-and-network': 'excluded' },
-                { 'shared-object': 'excluded' }
-              ] } } }
+              { revert: { config: { partial: {
+                'admin': [username],
+                'no-template': true,
+                'no-template-stack': true,
+                'no-log-collector': true,
+                'no-log-collector-group': true,
+                'no-wildfire-appliance': true,
+                'no-wildfire-appliance-cluster': true,
+                'device-and-network': 'excluded',
+                'shared-object': 'excluded'
+              } } } }
             end
 
       waited = 0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: palo_alto
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Sebastian Roesner
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2023-11-28 00:00:00.000000000 Z
+date: 2024-04-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri