PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /opt/saltstack/salt/lib/python3.10/site-packages/salt/modules
/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/
Viewing File: /opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/panos.py
""" Module to provide Palo Alto compatibility to Salt :codeauthor: ``Spencer Ervin <spencer_ervin@hotmail.com>`` :maturity: new :depends: none :platform: unix .. versionadded:: 2018.3.0 Configuration ============= This module accepts connection configuration details either as parameters, or as configuration settings in pillar as a Salt proxy. Options passed into opts will be ignored if options are passed into pillar. .. seealso:: :py:mod:`Palo Alto Proxy Module <salt.proxy.panos>` About ===== This execution module was designed to handle connections to a Palo Alto based firewall. This module adds support to send connections directly to the device through the XML API or through a brokered connection to Panorama. """ import logging import time import salt.proxy.panos import salt.utils.platform from salt.exceptions import CommandExecutionError log = logging.getLogger(__name__) __virtualname__ = "panos" def __virtual__(): """ Will load for the panos proxy minions. """ try: if salt.utils.platform.is_proxy() and __opts__["proxy"]["proxytype"] == "panos": return __virtualname__ except KeyError: pass return ( False, "The panos execution module can only be loaded for panos proxy minions.", ) def _get_job_results(query=None): """ Executes a query that requires a job for completion. This function will wait for the job to complete and return the results. """ if not query: raise CommandExecutionError("Query parameters cannot be empty.") response = __proxy__["panos.call"](query) # If the response contains a job, we will wait for the results if "result" in response and "job" in response["result"]: jid = response["result"]["job"] while get_job(jid)["result"]["job"]["status"] != "FIN": time.sleep(5) return get_job(jid) else: return response def add_config_lock(): """ Prevent other users from changing configuration until the lock is released. CLI Example: .. code-block:: bash salt '*' panos.add_config_lock """ query = { "type": "op", "cmd": "<request><config-lock><add></add></config-lock></request>", } return __proxy__["panos.call"](query) def check_antivirus(): """ Get anti-virus information from PaloAlto Networks server CLI Example: .. code-block:: bash salt '*' panos.check_antivirus """ query = { "type": "op", "cmd": "<request><anti-virus><upgrade><check></check></upgrade></anti-virus></request>", } return __proxy__["panos.call"](query) def check_software(): """ Get software information from PaloAlto Networks server. CLI Example: .. code-block:: bash salt '*' panos.check_software """ query = { "type": "op", "cmd": ( "<request><system><software><check></check></software></system></request>" ), } return __proxy__["panos.call"](query) def clear_commit_tasks(): """ Clear all commit tasks. CLI Example: .. code-block:: bash salt '*' panos.clear_commit_tasks """ query = { "type": "op", "cmd": "<request><clear-commit-tasks></clear-commit-tasks></request>", } return __proxy__["panos.call"](query) def commit(): """ Commits the candidate configuration to the running configuration. CLI Example: .. code-block:: bash salt '*' panos.commit """ query = {"type": "commit", "cmd": "<commit></commit>"} return _get_job_results(query) def deactivate_license(key_name=None): """ Deactivates an installed license. Required version 7.0.0 or greater. key_name(str): The file name of the license key installed. CLI Example: .. code-block:: bash salt '*' panos.deactivate_license key_name=License_File_Name.key """ _required_version = "7.0.0" if not __proxy__["panos.is_required_version"](_required_version): return ( False, "The panos device requires version {} or greater for this command.".format( _required_version ), ) if not key_name: return False, "You must specify a key_name." else: query = { "type": "op", "cmd": ( "<request><license><deactivate><key><features><member>{}</member></features>" "</key></deactivate></license></request>".format(key_name) ), } return __proxy__["panos.call"](query) def delete_license(key_name=None): """ Remove license keys on disk. key_name(str): The file name of the license key to be deleted. CLI Example: .. code-block:: bash salt '*' panos.delete_license key_name=License_File_Name.key """ if not key_name: return False, "You must specify a key_name." else: query = { "type": "op", "cmd": f"<delete><license><key>{key_name}</key></license></delete>", } return __proxy__["panos.call"](query) def download_antivirus(): """ Download the most recent anti-virus package. CLI Example: .. code-block:: bash salt '*' panos.download_antivirus """ query = { "type": "op", "cmd": ( "<request><anti-virus><upgrade><download>" "<latest></latest></download></upgrade></anti-virus></request>" ), } return _get_job_results(query) def download_software_file(filename=None, synch=False): """ Download software packages by filename. Args: filename(str): The filename of the PANOS file to download. synch (bool): If true then the file will synch to the peer unit. CLI Example: .. code-block:: bash salt '*' panos.download_software_file PanOS_5000-8.0.0 salt '*' panos.download_software_file PanOS_5000-8.0.0 True """ if not filename: raise CommandExecutionError("Filename option must not be none.") if not isinstance(synch, bool): raise CommandExecutionError("Synch option must be boolean..") if synch is True: query = { "type": "op", "cmd": ( "<request><system><software><download>" "<file>{}</file></download></software></system></request>".format( filename ) ), } else: query = { "type": "op", "cmd": ( "<request><system><software><download><sync-to-peer>yes</sync-to-peer>" "<file>{}</file></download></software></system></request>".format( filename ) ), } return _get_job_results(query) def download_software_version(version=None, synch=False): """ Download software packages by version number. Args: version(str): The version of the PANOS file to download. synch (bool): If true then the file will synch to the peer unit. CLI Example: .. code-block:: bash salt '*' panos.download_software_version 8.0.0 salt '*' panos.download_software_version 8.0.0 True """ if not version: raise CommandExecutionError("Version option must not be none.") if not isinstance(synch, bool): raise CommandExecutionError("Synch option must be boolean..") if synch is True: query = { "type": "op", "cmd": ( "<request><system><software><download>" "<version>{}</version></download></software></system></request>".format( version ) ), } else: query = { "type": "op", "cmd": ( "<request><system><software><download><sync-to-peer>yes</sync-to-peer>" "<version>{}</version></download></software></system></request>".format( version ) ), } return _get_job_results(query) def fetch_license(auth_code=None): """ Get new license(s) using from the Palo Alto Network Server. auth_code The license authorization code. CLI Example: .. code-block:: bash salt '*' panos.fetch_license salt '*' panos.fetch_license auth_code=foobar """ if not auth_code: query = { "type": "op", "cmd": "<request><license><fetch></fetch></license></request>", } else: query = { "type": "op", "cmd": ( "<request><license><fetch><auth-code>{}</auth-code></fetch></license>" "</request>".format(auth_code) ), } return __proxy__["panos.call"](query) def get_address(address=None, vsys="1"): """ Get the candidate configuration for the specified get_address object. This will not return address objects that are marked as pre-defined objects. address(str): The name of the address object. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_address myhost salt '*' panos.get_address myhost 3 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "address/entry[@name='{}']".format(vsys, address) ), } return __proxy__["panos.call"](query) def get_address_group(addressgroup=None, vsys="1"): """ Get the candidate configuration for the specified address group. This will not return address groups that are marked as pre-defined objects. addressgroup(str): The name of the address group. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_address_group foobar salt '*' panos.get_address_group foobar 3 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "address-group/entry[@name='{}']".format(vsys, addressgroup) ), } return __proxy__["panos.call"](query) def get_admins_active(): """ Show active administrators. CLI Example: .. code-block:: bash salt '*' panos.get_admins_active """ query = {"type": "op", "cmd": "<show><admins></admins></show>"} return __proxy__["panos.call"](query) def get_admins_all(): """ Show all administrators. CLI Example: .. code-block:: bash salt '*' panos.get_admins_all """ query = {"type": "op", "cmd": "<show><admins><all></all></admins></show>"} return __proxy__["panos.call"](query) def get_antivirus_info(): """ Show information about available anti-virus packages. CLI Example: .. code-block:: bash salt '*' panos.get_antivirus_info """ query = { "type": "op", "cmd": "<request><anti-virus><upgrade><info></info></upgrade></anti-virus></request>", } return __proxy__["panos.call"](query) def get_arp(): """ Show ARP information. CLI Example: .. code-block:: bash salt '*' panos.get_arp """ query = {"type": "op", "cmd": "<show><arp><entry name = 'all'/></arp></show>"} return __proxy__["panos.call"](query) def get_cli_idle_timeout(): """ Show timeout information for this administrative session. CLI Example: .. code-block:: bash salt '*' panos.get_cli_idle_timeout """ query = { "type": "op", "cmd": "<show><cli><idle-timeout></idle-timeout></cli></show>", } return __proxy__["panos.call"](query) def get_cli_permissions(): """ Show cli administrative permissions. CLI Example: .. code-block:: bash salt '*' panos.get_cli_permissions """ query = {"type": "op", "cmd": "<show><cli><permissions></permissions></cli></show>"} return __proxy__["panos.call"](query) def get_disk_usage(): """ Report filesystem disk space usage. CLI Example: .. code-block:: bash salt '*' panos.get_disk_usage """ query = { "type": "op", "cmd": "<show><system><disk-space></disk-space></system></show>", } return __proxy__["panos.call"](query) def get_dns_server_config(): """ Get the DNS server configuration from the candidate configuration. CLI Example: .. code-block:: bash salt '*' panos.get_dns_server_config """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/dns-setting/servers", } return __proxy__["panos.call"](query) def get_domain_config(): """ Get the domain name configuration from the candidate configuration. CLI Example: .. code-block:: bash salt '*' panos.get_domain_config """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/domain", } return __proxy__["panos.call"](query) def get_dos_blocks(): """ Show the DoS block-ip table. CLI Example: .. code-block:: bash salt '*' panos.get_dos_blocks """ query = { "type": "op", "cmd": "<show><dos-block-table><all></all></dos-block-table></show>", } return __proxy__["panos.call"](query) def get_fqdn_cache(): """ Print FQDNs used in rules and their IPs. CLI Example: .. code-block:: bash salt '*' panos.get_fqdn_cache """ query = { "type": "op", "cmd": "<request><system><fqdn><show></show></fqdn></system></request>", } return __proxy__["panos.call"](query) def get_ha_config(): """ Get the high availability configuration. CLI Example: .. code-block:: bash salt '*' panos.get_ha_config """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/high-availability", } return __proxy__["panos.call"](query) def get_ha_link(): """ Show high-availability link-monitoring state. CLI Example: .. code-block:: bash salt '*' panos.get_ha_link """ query = { "type": "op", "cmd": "<show><high-availability><link-monitoring></link-monitoring></high-availability></show>", } return __proxy__["panos.call"](query) def get_ha_path(): """ Show high-availability path-monitoring state. CLI Example: .. code-block:: bash salt '*' panos.get_ha_path """ query = { "type": "op", "cmd": "<show><high-availability><path-monitoring></path-monitoring></high-availability></show>", } return __proxy__["panos.call"](query) def get_ha_state(): """ Show high-availability state information. CLI Example: .. code-block:: bash salt '*' panos.get_ha_state """ query = { "type": "op", "cmd": "<show><high-availability><state></state></high-availability></show>", } return __proxy__["panos.call"](query) def get_ha_transitions(): """ Show high-availability transition statistic information. CLI Example: .. code-block:: bash salt '*' panos.get_ha_transitions """ query = { "type": "op", "cmd": "<show><high-availability><transitions></transitions></high-availability></show>", } return __proxy__["panos.call"](query) def get_hostname(): """ Get the hostname of the device. CLI Example: .. code-block:: bash salt '*' panos.get_hostname """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/hostname", } return __proxy__["panos.call"](query) def get_interface_counters(name="all"): """ Get the counter statistics for interfaces. Args: name (str): The name of the interface to view. By default, all interface statistics are viewed. CLI Example: .. code-block:: bash salt '*' panos.get_interface_counters salt '*' panos.get_interface_counters ethernet1/1 """ query = { "type": "op", "cmd": f"<show><counter><interface>{name}</interface></counter></show>", } return __proxy__["panos.call"](query) def get_interfaces(name="all"): """ Show interface information. Args: name (str): The name of the interface to view. By default, all interface statistics are viewed. CLI Example: .. code-block:: bash salt '*' panos.get_interfaces salt '*' panos.get_interfaces ethernet1/1 """ query = { "type": "op", "cmd": f"<show><interface>{name}</interface></show>", } return __proxy__["panos.call"](query) def get_job(jid=None): """ List all a single job by ID. jid The ID of the job to retrieve. CLI Example: .. code-block:: bash salt '*' panos.get_job jid=15 """ if not jid: raise CommandExecutionError("ID option must not be none.") query = {"type": "op", "cmd": f"<show><jobs><id>{jid}</id></jobs></show>"} return __proxy__["panos.call"](query) def get_jobs(state="all"): """ List all jobs on the device. state The state of the jobs to display. Valid options are all, pending, or processed. Pending jobs are jobs that are currently in a running or waiting state. Processed jobs are jobs that have completed execution. CLI Example: .. code-block:: bash salt '*' panos.get_jobs salt '*' panos.get_jobs state=pending """ if state.lower() == "all": query = {"type": "op", "cmd": "<show><jobs><all></all></jobs></show>"} elif state.lower() == "pending": query = {"type": "op", "cmd": "<show><jobs><pending></pending></jobs></show>"} elif state.lower() == "processed": query = { "type": "op", "cmd": "<show><jobs><processed></processed></jobs></show>", } else: raise CommandExecutionError( "The state parameter must be all, pending, or processed." ) return __proxy__["panos.call"](query) def get_lacp(): """ Show LACP state. CLI Example: .. code-block:: bash salt '*' panos.get_lacp """ query = { "type": "op", "cmd": "<show><lacp><aggregate-ethernet>all</aggregate-ethernet></lacp></show>", } return __proxy__["panos.call"](query) def get_license_info(): """ Show information about owned license(s). CLI Example: .. code-block:: bash salt '*' panos.get_license_info """ query = {"type": "op", "cmd": "<request><license><info></info></license></request>"} return __proxy__["panos.call"](query) def get_license_tokens(): """ Show license token files for manual license deactivation. CLI Example: .. code-block:: bash salt '*' panos.get_license_tokens """ query = { "type": "op", "cmd": "<show><license-token-files></license-token-files></show>", } return __proxy__["panos.call"](query) def get_lldp_config(): """ Show lldp config for interfaces. CLI Example: .. code-block:: bash salt '*' panos.get_lldp_config """ query = {"type": "op", "cmd": "<show><lldp><config>all</config></lldp></show>"} return __proxy__["panos.call"](query) def get_lldp_counters(): """ Show lldp counters for interfaces. CLI Example: .. code-block:: bash salt '*' panos.get_lldp_counters """ query = {"type": "op", "cmd": "<show><lldp><counters>all</counters></lldp></show>"} return __proxy__["panos.call"](query) def get_lldp_local(): """ Show lldp local info for interfaces. CLI Example: .. code-block:: bash salt '*' panos.get_lldp_local """ query = {"type": "op", "cmd": "<show><lldp><local>all</local></lldp></show>"} return __proxy__["panos.call"](query) def get_lldp_neighbors(): """ Show lldp neighbors info for interfaces. CLI Example: .. code-block:: bash salt '*' panos.get_lldp_neighbors """ query = { "type": "op", "cmd": "<show><lldp><neighbors>all</neighbors></lldp></show>", } return __proxy__["panos.call"](query) def get_local_admins(): """ Show all local administrator accounts. CLI Example: .. code-block:: bash salt '*' panos.get_local_admins """ admin_list = get_users_config() response = [] if "users" not in admin_list["result"]: return response if isinstance(admin_list["result"]["users"]["entry"], list): for entry in admin_list["result"]["users"]["entry"]: response.append(entry["name"]) else: response.append(admin_list["result"]["users"]["entry"]["name"]) return response def get_logdb_quota(): """ Report the logdb quotas. CLI Example: .. code-block:: bash salt '*' panos.get_logdb_quota """ query = { "type": "op", "cmd": "<show><system><logdb-quota></logdb-quota></system></show>", } return __proxy__["panos.call"](query) def get_master_key(): """ Get the master key properties. CLI Example: .. code-block:: bash salt '*' panos.get_master_key """ query = { "type": "op", "cmd": "<show><system><masterkey-properties></masterkey-properties></system></show>", } return __proxy__["panos.call"](query) def get_ntp_config(): """ Get the NTP configuration from the candidate configuration. CLI Example: .. code-block:: bash salt '*' panos.get_ntp_config """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers", } return __proxy__["panos.call"](query) def get_ntp_servers(): """ Get list of configured NTP servers. CLI Example: .. code-block:: bash salt '*' panos.get_ntp_servers """ query = {"type": "op", "cmd": "<show><ntp></ntp></show>"} return __proxy__["panos.call"](query) def get_operational_mode(): """ Show device operational mode setting. CLI Example: .. code-block:: bash salt '*' panos.get_operational_mode """ query = {"type": "op", "cmd": "<show><operational-mode></operational-mode></show>"} return __proxy__["panos.call"](query) def get_panorama_status(): """ Show panorama connection status. CLI Example: .. code-block:: bash salt '*' panos.get_panorama_status """ query = {"type": "op", "cmd": "<show><panorama-status></panorama-status></show>"} return __proxy__["panos.call"](query) def get_permitted_ips(): """ Get the IP addresses that are permitted to establish management connections to the device. CLI Example: .. code-block:: bash salt '*' panos.get_permitted_ips """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/permitted-ip", } return __proxy__["panos.call"](query) def get_platform(): """ Get the platform model information and limitations. CLI Example: .. code-block:: bash salt '*' panos.get_platform """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/platform", } return __proxy__["panos.call"](query) def get_predefined_application(application=None): """ Get the configuration for the specified pre-defined application object. This will only return pre-defined application objects. application(str): The name of the pre-defined application object. CLI Example: .. code-block:: bash salt '*' panos.get_predefined_application saltstack """ query = { "type": "config", "action": "get", "xpath": f"/config/predefined/application/entry[@name='{application}']", } return __proxy__["panos.call"](query) def get_security_rule(rulename=None, vsys="1"): """ Get the candidate configuration for the specified security rule. rulename(str): The name of the security rule. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_security_rule rule01 salt '*' panos.get_security_rule rule01 3 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "rulebase/security/rules/entry[@name='{}']".format(vsys, rulename) ), } return __proxy__["panos.call"](query) def get_service(service=None, vsys="1"): """ Get the candidate configuration for the specified service object. This will not return services that are marked as pre-defined objects. service(str): The name of the service object. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_service tcp-443 salt '*' panos.get_service tcp-443 3 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "service/entry[@name='{}']".format(vsys, service) ), } return __proxy__["panos.call"](query) def get_service_group(servicegroup=None, vsys="1"): """ Get the candidate configuration for the specified service group. This will not return service groups that are marked as pre-defined objects. servicegroup(str): The name of the service group. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_service_group foobar salt '*' panos.get_service_group foobar 3 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "service-group/entry[@name='{}']".format(vsys, servicegroup) ), } return __proxy__["panos.call"](query) def get_session_info(): """ Show device session statistics. CLI Example: .. code-block:: bash salt '*' panos.get_session_info """ query = {"type": "op", "cmd": "<show><session><info></info></session></show>"} return __proxy__["panos.call"](query) def get_snmp_config(): """ Get the SNMP configuration from the device. CLI Example: .. code-block:: bash salt '*' panos.get_snmp_config """ query = { "type": "config", "action": "get", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/snmp-setting", } return __proxy__["panos.call"](query) def get_software_info(): """ Show information about available software packages. CLI Example: .. code-block:: bash salt '*' panos.get_software_info """ query = { "type": "op", "cmd": "<request><system><software><info></info></software></system></request>", } return __proxy__["panos.call"](query) def get_system_date_time(): """ Get the system date/time. CLI Example: .. code-block:: bash salt '*' panos.get_system_date_time """ query = {"type": "op", "cmd": "<show><clock></clock></show>"} return __proxy__["panos.call"](query) def get_system_files(): """ List important files in the system. CLI Example: .. code-block:: bash salt '*' panos.get_system_files """ query = {"type": "op", "cmd": "<show><system><files></files></system></show>"} return __proxy__["panos.call"](query) def get_system_info(): """ Get the system information. CLI Example: .. code-block:: bash salt '*' panos.get_system_info """ query = {"type": "op", "cmd": "<show><system><info></info></system></show>"} return __proxy__["panos.call"](query) def get_system_services(): """ Show system services. CLI Example: .. code-block:: bash salt '*' panos.get_system_services """ query = {"type": "op", "cmd": "<show><system><services></services></system></show>"} return __proxy__["panos.call"](query) def get_system_state(mask=None): """ Show the system state variables. mask Filters by a subtree or a wildcard. CLI Example: .. code-block:: bash salt '*' panos.get_system_state salt '*' panos.get_system_state mask=cfg.ha.config.enabled salt '*' panos.get_system_state mask=cfg.ha.* """ if mask: query = { "type": "op", "cmd": ( "<show><system><state><filter>{}</filter></state></system></show>".format( mask ) ), } else: query = {"type": "op", "cmd": "<show><system><state></state></system></show>"} return __proxy__["panos.call"](query) def get_uncommitted_changes(): """ Retrieve a list of all uncommitted changes on the device. Requires PANOS version 8.0.0 or greater. CLI Example: .. code-block:: bash salt '*' panos.get_uncommitted_changes """ _required_version = "8.0.0" if not __proxy__["panos.is_required_version"](_required_version): return ( False, "The panos device requires version {} or greater for this command.".format( _required_version ), ) query = { "type": "op", "cmd": "<show><config><list><changes></changes></list></config></show>", } return __proxy__["panos.call"](query) def get_users_config(): """ Get the local administrative user account configuration. CLI Example: .. code-block:: bash salt '*' panos.get_users_config """ query = {"type": "config", "action": "get", "xpath": "/config/mgt-config/users"} return __proxy__["panos.call"](query) def get_vlans(): """ Show all VLAN information. CLI Example: .. code-block:: bash salt '*' panos.get_vlans """ query = {"type": "op", "cmd": "<show><vlan>all</vlan></show>"} return __proxy__["panos.call"](query) def get_xpath(xpath=""): """ Retrieve a specified xpath from the candidate configuration. xpath(str): The specified xpath in the candidate configuration. CLI Example: .. code-block:: bash salt '*' panos.get_xpath /config/shared/service """ query = {"type": "config", "action": "get", "xpath": xpath} return __proxy__["panos.call"](query) def get_zone(zone="", vsys="1"): """ Get the candidate configuration for the specified zone. zone(str): The name of the zone. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_zone trust salt '*' panos.get_zone trust 2 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "zone/entry[@name='{}']".format(vsys, zone) ), } return __proxy__["panos.call"](query) def get_zones(vsys="1"): """ Get all the zones in the candidate configuration. vsys(str): The string representation of the VSYS ID. CLI Example: .. code-block:: bash salt '*' panos.get_zones salt '*' panos.get_zones 2 """ query = { "type": "config", "action": "get", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys{}']/" "zone".format(vsys) ), } return __proxy__["panos.call"](query) def install_antivirus( version=None, latest=False, synch=False, skip_commit=False, ): """ Install anti-virus packages. Args: version(str): The version of the PANOS file to install. latest(bool): If true, the latest anti-virus file will be installed. The specified version option will be ignored. synch(bool): If true, the anti-virus will synch to the peer unit. skip_commit(bool): If true, the install will skip committing to the device. CLI Example: .. code-block:: bash salt '*' panos.install_antivirus 8.0.0 """ if not version and latest is False: raise CommandExecutionError("Version option must not be none.") if synch is True: s = "yes" else: s = "no" if skip_commit is True: c = "yes" else: c = "no" if latest is True: query = { "type": "op", "cmd": ( "<request><anti-virus><upgrade><install>" "<commit>{}</commit><sync-to-peer>{}</sync-to-peer>" "<version>latest</version></install></upgrade></anti-virus></request>".format( c, s ) ), } else: query = { "type": "op", "cmd": ( "<request><anti-virus><upgrade><install>" "<commit>{}</commit><sync-to-peer>{}</sync-to-peer>" "<version>{}</version></install></upgrade></anti-virus></request>".format( c, s, version ) ), } return _get_job_results(query) def install_license(): """ Install the license key(s). CLI Example: .. code-block:: bash salt '*' panos.install_license """ query = { "type": "op", "cmd": "<request><license><install></install></license></request>", } return __proxy__["panos.call"](query) def install_software(version=None): """ Upgrade to a software package by version. Args: version(str): The version of the PANOS file to install. CLI Example: .. code-block:: bash salt '*' panos.install_license 8.0.0 """ if not version: raise CommandExecutionError("Version option must not be none.") query = { "type": "op", "cmd": ( "<request><system><software><install>" "<version>{}</version></install></software></system></request>".format( version ) ), } return _get_job_results(query) def reboot(): """ Reboot a running system. CLI Example: .. code-block:: bash salt '*' panos.reboot """ query = { "type": "op", "cmd": "<request><restart><system></system></restart></request>", } return __proxy__["panos.call"](query) def refresh_fqdn_cache(force=False): """ Force refreshes all FQDNs used in rules. force Forces all fqdn refresh CLI Example: .. code-block:: bash salt '*' panos.refresh_fqdn_cache salt '*' panos.refresh_fqdn_cache force=True """ if not isinstance(force, bool): raise CommandExecutionError("Force option must be boolean.") if force: query = { "type": "op", "cmd": "<request><system><fqdn><refresh><force>yes</force></refresh></fqdn></system></request>", } else: query = { "type": "op", "cmd": ( "<request><system><fqdn><refresh></refresh></fqdn></system></request>" ), } return __proxy__["panos.call"](query) def remove_config_lock(): """ Release config lock previously held. CLI Example: .. code-block:: bash salt '*' panos.remove_config_lock """ query = { "type": "op", "cmd": "<request><config-lock><remove></remove></config-lock></request>", } return __proxy__["panos.call"](query) def resolve_address(address=None, vsys=None): """ Resolve address to ip address. Required version 7.0.0 or greater. address Address name you want to resolve. vsys The vsys name. CLI Example: .. code-block:: bash salt '*' panos.resolve_address foo.bar.com salt '*' panos.resolve_address foo.bar.com vsys=2 """ _required_version = "7.0.0" if not __proxy__["panos.is_required_version"](_required_version): return ( False, "The panos device requires version {} or greater for this command.".format( _required_version ), ) if not address: raise CommandExecutionError("FQDN to resolve must be provided as address.") if not vsys: query = { "type": "op", "cmd": "<request><resolve><address>{}</address></resolve></request>".format( address ), } else: query = { "type": "op", "cmd": ( "<request><resolve><vsys>{}</vsys><address>{}</address></resolve>" "</request>".format(vsys, address) ), } return __proxy__["panos.call"](query) def save_device_config(filename=None): """ Save device configuration to a named file. filename The filename to save the configuration to. CLI Example: .. code-block:: bash salt '*' panos.save_device_config foo.xml """ if not filename: raise CommandExecutionError("Filename must not be empty.") query = { "type": "op", "cmd": f"<save><config><to>{filename}</to></config></save>", } return __proxy__["panos.call"](query) def save_device_state(): """ Save files needed to restore device to local disk. CLI Example: .. code-block:: bash salt '*' panos.save_device_state """ query = {"type": "op", "cmd": "<save><device-state></device-state></save>"} return __proxy__["panos.call"](query) def set_authentication_profile(profile=None, deploy=False): """ Set the authentication profile of the Palo Alto proxy minion. A commit will be required before this is processed. CLI Example: Args: profile (str): The name of the authentication profile to set. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_authentication_profile foo salt '*' panos.set_authentication_profile foo deploy=True """ if not profile: raise CommandExecutionError("Profile name option must not be none.") ret = {} query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/" "authentication-profile" ), "element": "<authentication-profile>{}</authentication-profile>".format( profile ), } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_hostname(hostname=None, deploy=False): """ Set the hostname of the Palo Alto proxy minion. A commit will be required before this is processed. CLI Example: Args: hostname (str): The hostname to set deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_hostname newhostname salt '*' panos.set_hostname newhostname deploy=True """ if not hostname: raise CommandExecutionError("Hostname option must not be none.") ret = {} query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system" ), "element": f"<hostname>{hostname}</hostname>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_icmp(enabled=True, deploy=False): """ Enables or disables the ICMP management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_icmp salt '*' panos.set_management_icmp enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-icmp>{value}</disable-icmp>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_http(enabled=True, deploy=False): """ Enables or disables the HTTP management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_http salt '*' panos.set_management_http enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-http>{value}</disable-http>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_https(enabled=True, deploy=False): """ Enables or disables the HTTPS management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_https salt '*' panos.set_management_https enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-https>{value}</disable-https>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_ocsp(enabled=True, deploy=False): """ Enables or disables the HTTP OCSP management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_ocsp salt '*' panos.set_management_ocsp enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-http-ocsp>{value}</disable-http-ocsp>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_snmp(enabled=True, deploy=False): """ Enables or disables the SNMP management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_snmp salt '*' panos.set_management_snmp enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-snmp>{value}</disable-snmp>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_ssh(enabled=True, deploy=False): """ Enables or disables the SSH management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_ssh salt '*' panos.set_management_ssh enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-ssh>{value}</disable-ssh>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_management_telnet(enabled=True, deploy=False): """ Enables or disables the Telnet management service on the device. CLI Example: Args: enabled (bool): If true the service will be enabled. If false the service will be disabled. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_management_telnet salt '*' panos.set_management_telnet enabled=False deploy=True """ if enabled is True: value = "no" elif enabled is False: value = "yes" else: raise CommandExecutionError( "Invalid option provided for service enabled option." ) ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/service", "element": f"<disable-telnet>{value}</disable-telnet>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_ntp_authentication( target=None, authentication_type=None, key_id=None, authentication_key=None, algorithm=None, deploy=False, ): """ Set the NTP authentication of the Palo Alto proxy minion. A commit will be required before this is processed. CLI Example: Args: target(str): Determines the target of the authentication. Valid options are primary, secondary, or both. authentication_type(str): The authentication type to be used. Valid options are symmetric, autokey, and none. key_id(int): The NTP authentication key ID. authentication_key(str): The authentication key. algorithm(str): The algorithm type to be used for a symmetric key. Valid options are md5 and sha1. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' ntp.set_authentication target=both authentication_type=autokey salt '*' ntp.set_authentication target=primary authentication_type=none salt '*' ntp.set_authentication target=both authentication_type=symmetric key_id=15 authentication_key=mykey algorithm=md5 salt '*' ntp.set_authentication target=both authentication_type=symmetric key_id=15 authentication_key=mykey algorithm=md5 deploy=True """ ret = {} if target not in ["primary", "secondary", "both"]: raise salt.exceptions.CommandExecutionError( "Target option must be primary, secondary, or both." ) if authentication_type not in ["symmetric", "autokey", "none"]: raise salt.exceptions.CommandExecutionError( "Type option must be symmetric, autokey, or both." ) if authentication_type == "symmetric" and not authentication_key: raise salt.exceptions.CommandExecutionError( "When using symmetric authentication, authentication_key must be provided." ) if authentication_type == "symmetric" and not key_id: raise salt.exceptions.CommandExecutionError( "When using symmetric authentication, key_id must be provided." ) if authentication_type == "symmetric" and algorithm not in ["md5", "sha1"]: raise salt.exceptions.CommandExecutionError( "When using symmetric authentication, algorithm must be md5 or sha1." ) if authentication_type == "symmetric": if target == "primary" or target == "both": query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "primary-ntp-server/authentication-type" ), "element": ( "<symmetric-key><algorithm><{0}><authentication-key>{1}</authentication-key></{0}>" "</algorithm><key-id>{2}</key-id></symmetric-key>".format( algorithm, authentication_key, key_id ) ), } ret.update({"primary_server": __proxy__["panos.call"](query)}) if target == "secondary" or target == "both": query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "secondary-ntp-server/authentication-type" ), "element": ( "<symmetric-key><algorithm><{0}><authentication-key>{1}</authentication-key></{0}>" "</algorithm><key-id>{2}</key-id></symmetric-key>".format( algorithm, authentication_key, key_id ) ), } ret.update({"secondary_server": __proxy__["panos.call"](query)}) elif authentication_type == "autokey": if target == "primary" or target == "both": query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "primary-ntp-server/authentication-type" ), "element": "<autokey/>", } ret.update({"primary_server": __proxy__["panos.call"](query)}) if target == "secondary" or target == "both": query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "secondary-ntp-server/authentication-type" ), "element": "<autokey/>", } ret.update({"secondary_server": __proxy__["panos.call"](query)}) elif authentication_type == "none": if target == "primary" or target == "both": query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "primary-ntp-server/authentication-type" ), "element": "<none/>", } ret.update({"primary_server": __proxy__["panos.call"](query)}) if target == "secondary" or target == "both": query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "secondary-ntp-server/authentication-type" ), "element": "<none/>", } ret.update({"secondary_server": __proxy__["panos.call"](query)}) if deploy is True: ret.update(commit()) return ret def set_ntp_servers(primary_server=None, secondary_server=None, deploy=False): """ Set the NTP servers of the Palo Alto proxy minion. A commit will be required before this is processed. CLI Example: Args: primary_server(str): The primary NTP server IP address or FQDN. secondary_server(str): The secondary NTP server IP address or FQDN. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' ntp.set_servers 0.pool.ntp.org 1.pool.ntp.org salt '*' ntp.set_servers primary_server=0.pool.ntp.org secondary_server=1.pool.ntp.org salt '*' ntp.ser_servers 0.pool.ntp.org 1.pool.ntp.org deploy=True """ ret = {} if primary_server: query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "primary-ntp-server" ), "element": "<ntp-server-address>{}</ntp-server-address>".format( primary_server ), } ret.update({"primary_server": __proxy__["panos.call"](query)}) if secondary_server: query = { "type": "config", "action": "set", "xpath": ( "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/" "secondary-ntp-server" ), "element": "<ntp-server-address>{}</ntp-server-address>".format( secondary_server ), } ret.update({"secondary_server": __proxy__["panos.call"](query)}) if deploy is True: ret.update(commit()) return ret def set_permitted_ip(address=None, deploy=False): """ Add an IPv4 address or network to the permitted IP list. CLI Example: Args: address (str): The IPv4 address or network to allow access to add to the Palo Alto device. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_permitted_ip 10.0.0.1 salt '*' panos.set_permitted_ip 10.0.0.0/24 salt '*' panos.set_permitted_ip 10.0.0.1 deploy=True """ if not address: raise CommandExecutionError("Address option must not be empty.") ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/permitted-ip", "element": f"<entry name='{address}'></entry>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def set_timezone(tz=None, deploy=False): """ Set the timezone of the Palo Alto proxy minion. A commit will be required before this is processed. CLI Example: Args: tz (str): The name of the timezone to set. deploy (bool): If true then commit the full candidate configuration, if false only set pending change. .. code-block:: bash salt '*' panos.set_timezone UTC salt '*' panos.set_timezone UTC deploy=True """ if not tz: raise CommandExecutionError("Timezone name option must not be none.") ret = {} query = { "type": "config", "action": "set", "xpath": "/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/timezone", "element": f"<timezone>{tz}</timezone>", } ret.update(__proxy__["panos.call"](query)) if deploy is True: ret.update(commit()) return ret def shutdown(): """ Shutdown a running system. CLI Example: .. code-block:: bash salt '*' panos.shutdown """ query = { "type": "op", "cmd": "<request><shutdown><system></system></shutdown></request>", } return __proxy__["panos.call"](query) def test_fib_route(ip=None, vr="vr1"): """ Perform a route lookup within active route table (fib). ip (str): The destination IP address to test. vr (str): The name of the virtual router to test. CLI Example: .. code-block:: bash salt '*' panos.test_fib_route 4.2.2.2 salt '*' panos.test_fib_route 4.2.2.2 my-vr """ xpath = "<test><routing><fib-lookup>" if ip: xpath += f"<ip>{ip}</ip>" if vr: xpath += f"<virtual-router>{vr}</virtual-router>" xpath += "</fib-lookup></routing></test>" query = {"type": "op", "cmd": xpath} return __proxy__["panos.call"](query) def test_security_policy( sourcezone=None, destinationzone=None, source=None, destination=None, protocol=None, port=None, application=None, category=None, vsys="1", allrules=False, ): """ Checks which security policy as connection will match on the device. sourcezone (str): The source zone matched against the connection. destinationzone (str): The destination zone matched against the connection. source (str): The source address. This must be a single IP address. destination (str): The destination address. This must be a single IP address. protocol (int): The protocol number for the connection. This is the numerical representation of the protocol. port (int): The port number for the connection. application (str): The application that should be matched. category (str): The category that should be matched. vsys (int): The numerical representation of the VSYS ID. allrules (bool): Show all potential match rules until first allow rule. CLI Example: .. code-block:: bash salt '*' panos.test_security_policy sourcezone=trust destinationzone=untrust protocol=6 port=22 salt '*' panos.test_security_policy sourcezone=trust destinationzone=untrust protocol=6 port=22 vsys=2 """ xpath = "<test><security-policy-match>" if sourcezone: xpath += f"<from>{sourcezone}</from>" if destinationzone: xpath += f"<to>{destinationzone}</to>" if source: xpath += f"<source>{source}</source>" if destination: xpath += f"<destination>{destination}</destination>" if protocol: xpath += f"<protocol>{protocol}</protocol>" if port: xpath += f"<destination-port>{port}</destination-port>" if application: xpath += f"<application>{application}</application>" if category: xpath += f"<category>{category}</category>" if allrules: xpath += "<show-all>yes</show-all>" xpath += "</security-policy-match></test>" query = {"type": "op", "vsys": f"vsys{vsys}", "cmd": xpath} return __proxy__["panos.call"](query) def unlock_admin(username=None): """ Unlocks a locked administrator account. username Username of the administrator. CLI Example: .. code-block:: bash salt '*' panos.unlock_admin username=bob """ if not username: raise CommandExecutionError("Username option must not be none.") query = { "type": "op", "cmd": ( "<set><management-server><unlock><admin>{}</admin></unlock></management-server>" "</set>".format(username) ), } return __proxy__["panos.call"](query)
webs 1.0 - Enhanced UI