pango: github.com/PaloAltoNetworks/pango Index | Examples | Files | Directories

package pango

import "github.com/PaloAltoNetworks/pango"

Package pango is a golang cross version mechanism for interacting with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). Versioning support is in place for PAN-OS 6.1 to 8.1.

To start, create a client connection with the desired parameters and then initialize the connection:

package main

import (
    "log"
    "github.com/PaloAltoNetworks/pango"
)

func main() {
    var err error
    c := pango.Firewall{Client: pango.Client{
        Hostname: "127.0.0.1",
        Username: "admin",
        Password: "admin",
        Logging: pango.LogAction | pango.LogOp,
    }}
    if err = c.Initialize(); err != nil {
        log.Printf("Failed to initialize client: %s", err)
        return
    }
    log.Printf("Initialize ok")
}

Initializing the connection creates the API key (if it was not already specified), then performs "show system info" to get the PAN-OS version. Once the firewall client is created, you can query and configure the Palo Alto Networks device from the functions inside the various namespaces of the client connection. Namespaces correspond to the various configuration areas available in the GUI. For example:

err = c.Network.EthernetInterface.Set(...)
myPolicies, err := c.Policies.Security.GetList(...)

Generally speaking, there are the following functions inside each namespace:

* Get / GetList / GetAll
* Show / ShowList / ShowAll
* Set
* Edit
* Delete

These functions correspond with PAN-OS Get, Show, Set, Edit, and Delete API calls. Get(), Set(), and Edit() take and return normalized, version independent objects. These version safe objects are typically named Entry, which corresponds to how the object is placed in the PAN-OS XPATH.

Some Entry objects have a special function, Defaults(). Invoking this function will initialize the object with some default values. Each Entry that implements Defaults() calls out in its documentation what parameters are affected by this, and what the defaults are.

For any version safe object, attempting to configure a parameter that your PAN-OS doesn't support will be safely ignored in the resultant XML sent to the firewall / Panorama.

Using Edit Functions

The PAN-OS XML API Edit command can be used to both create as well as update existing config, however it can also truncate config for the given XPATH. Due to this, if you want to use Edit(), you need to make sure that you perform either a Get() or a Show() first, make your modification, then invoke Edit() using that object. If you don't do this, you will truncate any sub config.

To learn more about PAN-OS XML API, please refer to the Palo Alto Netowrks API documentation.

ExampleCreateInterface demonstrates how to use pango to create an interface if the interface is not already configured.

Code:

var err error

// Connect to the firewall.
fw := pango.Firewall{Client: pango.Client{
    Hostname: "192.168.1.1",
    Username: "admin",
    Password: "admin",
}}

// Connect to the firewall and verify authentication params.
if err = fw.Initialize(); err != nil {
    log.Fatalf("Failed to connect to %s: %s", fw.Hostname, err)
}

// Define the ethernet interface we want to configure.
e := eth.Entry{
    Name:      "ethernet1/7",
    Mode:      "layer3",
    Comment:   "Made by pango",
    StaticIps: []string{"10.1.1.1/24", "10.2.1.1/24"},
}

// If the interface is already present, leave it alone.
ethList, err := fw.Network.EthernetInterface.GetList()
if err != nil {
    log.Fatalf("Failed to get interface listing: %s", err)
}
for i := range ethList {
    if ethList[i] == e.Name {
        log.Printf("Interface %q already exists, quitting.", e.Name)
        return
    }
}

// Since the interface is not present, configure it.
if err = fw.Network.EthernetInterface.Set("vsys1", e); err != nil {
    log.Fatalf("Failed to create %q: %s", e.Name, err)
}
log.Printf("Created %q ok", e.Name)

Code:

var (
    err                                                      error
    configFile, hostname, username, password, apiKey, admins string
    edan, eso, epao, force                                   bool
    jobId                                                    uint
)

log.SetFlags(log.Ldate | log.Ltime | log.Lmicroseconds)

flag.StringVar(&configFile, "config", "", "JSON config file with panos connection info")
flag.StringVar(&hostname, "host", "", "PAN-OS hostname")
flag.StringVar(&username, "user", "", "PAN-OS username")
flag.StringVar(&password, "pass", "", "PAN-OS password")
flag.StringVar(&apiKey, "key", "", "PAN-OS API key")
flag.StringVar(&admins, "admins", "", "CSV of specific admins for partial config commit")
flag.BoolVar(&edan, "exclude-device-and-network", false, "Exclude device and network")
flag.BoolVar(&eso, "exclude-shared-objects", false, "Exclude shared objects")
flag.BoolVar(&epao, "exclude-policy-and-objects", false, "Exclude policy and objects")
flag.BoolVar(&force, "force", false, "Force a commit even if one isn't needed")
flag.Parse()

// Connect to the firewall.
fw := &pango.Firewall{Client: pango.Client{
    Hostname: hostname,
    Username: username,
    Password: password,
    ApiKey:   apiKey,
    Logging:  pango.LogOp | pango.LogAction,
}}
if err = fw.InitializeUsing(configFile, true); err != nil {
    log.Fatalf("Failed: %s", err)
}

// Build the commit to be performed.
cmd := commit.FirewallCommit{
    Description:             flag.Arg(0),
    ExcludeDeviceAndNetwork: edan,
    ExcludeSharedObjects:    eso,
    ExcludePolicyAndObjects: epao,
    Force:                   force,
}
admins = strings.TrimSpace(admins)
if admins != "" {
    cmd.Admins = strings.Split(admins, ",")
}

// Perform the commit
jobId, _, err = fw.Commit(cmd, "", nil)
if err != nil {
    log.Fatalf("Error in commit: %s", err)
} else if jobId == 0 {
    log.Printf("No commit needed")
} else if err = fw.WaitForJob(jobId, nil); err != nil {
    log.Printf("Error in commit: %s", err)
} else {
    log.Printf("Committed config successfully")
}

ExamplePanosInfo outputs various info about a PAN-OS device as JSON.

Code:

package main

import (
    "encoding/json"
    "fmt"

    "github.com/PaloAltoNetworks/pango"
)

// About is a struct to hold information about the given PAN-OS device.
type About struct {
    Hostname string `json:"hostname"`
    Type     string `json:"type"`
    Model    string `json:"model"`
    Version  string `json:"version"`
    Serial   string `json:"serial"`
}

// ExamplePanosInfo outputs various info about a PAN-OS device as
// JSON.
func main() {
    var out About

    conInfo := pango.Client{
        Hostname: "192.168.1.1",
        Username: "admin",
        Password: "admin",
        Logging:  pango.LogQuiet,
    }

    con, err := pango.Connect(conInfo)
    if err != nil {
        return
    }

    switch x := con.(type) {
    case *pango.Firewall:
        out = About{
            Hostname: x.Hostname,
            Type:     "NGFW",
            Model:    x.SystemInfo["model"],
            Version:  x.Version.String(),
            Serial:   x.SystemInfo["serial"],
        }
    case *pango.Panorama:
        out = About{
            Hostname: x.Hostname,
            Type:     "Panorama",
            Model:    x.SystemInfo["model"],
            Version:  x.Version.String(),
            Serial:   x.SystemInfo["serial"],
        }
    }

    b, err := json.Marshal(out)
    if err != nil {
        return
    }

    fmt.Printf("%s\n", b)
}

Index

Examples

Package Files

client.go connect.go doc.go fw.go multiconf.go pano.go

Constants

const (
    LogQuiet = 1 << (iota + 1)
    LogAction
    LogQuery
    LogOp
    LogUid
    LogXpath
    LogSend
    LogReceive
)

These bit flags control what is logged by client connections. Of the flags available for use, LogSend and LogReceive will log ALL communication between the connection object and the PAN-OS XML API. The API key being used for communication will be blanked out, but no other sensitive data will be. As such, those two flags should be considered for debugging only. To disable all logging, set the logging level as LogQuiet.

The bit-wise flags are as follows:

* LogQuiet: disables all logging
* LogAction: action being performed (Set / Delete functions)
* LogQuery: queries being run (Get / Show functions)
* LogOp: operation commands (Op functions)
* LogUid: User-Id commands (Uid functions)
* LogXpath: the resultant xpath
* LogSend: xml docuemnt being sent
* LogReceive: xml responses being received

func Connect Uses

func Connect(c Client) (interface{}, error)

Connect opens a connection to the PAN-OS client, then uses the "model" info to return a pointer to either a Firewall or Panorama struct.

The Initialize function is invoked as part of this discovery, so there is no need to Initialize() the Client connection prior to invoking this.

func ConnectUsing Uses

func ConnectUsing(c Client, filename string, chkenv bool) (interface{}, error)

ConnectUsing does Connect(), but takes in a filename that contains fallback authentication credentials if they aren't specified.

The order of preference for auth / connection settings is:

* explicitly set * environment variable (set chkenv to true to enable this) * json file

type Client Uses

type Client struct {
    // Connection properties.
    Hostname string `json:"hostname"`
    Username string `json:"username"`
    Password string `json:"password"`
    ApiKey   string `json:"api_key"`
    Protocol string `json:"protocol"`
    Port     uint   `json:"port"`
    Timeout  int    `json:"timeout"`
    Target   string `json:"target"`

    // Set to true if you want to check environment variables
    // for auth and connection properties.
    CheckEnvironment bool `json:"-"`

    // HTTP transport options.  Note that the VerifyCertificate setting is
    // only used if you do not specify a HTTP transport yourself.
    VerifyCertificate bool            `json:"verify_certificate"`
    Transport         *http.Transport `json:"-"`

    // Variables determined at runtime.
    Version        version.Number      `json:"-"`
    SystemInfo     map[string]string   `json:"-"`
    Plugin         []map[string]string `json:"-"`
    MultiConfigure *MultiConfigure     `json:"-"`

    // Logging level.
    Logging               uint32   `json:"-"`
    LoggingFromInitialize []string `json:"logging"`
    // contains filtered or unexported fields
}

Client is a generic connector struct. It provides wrapper functions for invoking the various PAN-OS XPath API methods. After creating the client, invoke Initialize() to prepare it for use.

func (*Client) Clock Uses

func (c *Client) Clock() (time.Time, error)

Clock gets the time on the PAN-OS appliance.

func (*Client) Commit Uses

func (c *Client) Commit(cmd interface{}, action string, extras interface{}) (uint, []byte, error)

Commit performs PAN-OS commits.

The cmd param can be a properly formatted XML string, a struct that can be marshalled into XML, or one of the commit types.

The action param is the commit action to be taken (e.g. - "all"). If the cmd param is one of the commit types, and the action passed in to this function is an empty string, then the action will be determined by the commit type.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

Commits result in a job being submitted to the backend. The job ID, assuming the commit action was successfully submitted, the response from the server, and if an error was encountered or not are all returned from this function.

func (*Client) CommitLocks Uses

func (c *Client) CommitLocks(vsys string) ([]util.Lock, error)

CommitLocks returns any commit locks that are currently in place.

If vsys is an empty string, then the vsys will default to "shared".

func (*Client) Communicate Uses

func (c *Client) Communicate(data url.Values, ans interface{}) ([]byte, error)

Communicate sends the given data to PAN-OS.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

Even if an answer struct is given, we first check for known error formats. If a known error format is detected, unmarshalling into the answer struct is not performed.

If the API key is set, but not present in the given data, then it is added in.

func (*Client) CommunicateFile Uses

func (c *Client) CommunicateFile(content, filename, fp string, data url.Values, ans interface{}) ([]byte, error)

CommunicateFile does a file upload to PAN-OS.

The content param is the content of the file you want to upload.

The filename param is the basename of the file you want to specify in the multipart form upload.

The fp param is the name of the param for the file upload.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

Even if an answer struct is given, we first check for known error formats. If a known error format is detected, unmarshalling into the answer struct is not performed.

If the API key is set, but not present in the given data, then it is added in.

func (*Client) ConfigLocks Uses

func (c *Client) ConfigLocks(vsys string) ([]util.Lock, error)

ConfigLocks returns any config locks that are currently in place.

If vsys is an empty string, then the vsys will default to "shared".

func (*Client) Delete Uses

func (c *Client) Delete(path, extras, ans interface{}) ([]byte, error)

Delete runs a "delete" type command, removing the supplied xpath and everything underneath it.

The path param should be either a string or a slice of strings.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) Edit Uses

func (c *Client) Edit(path, element, extras, ans interface{}) ([]byte, error)

Edit runs a "edit" type command, modifying what is at the given xpath with the supplied element.

The path param should be either a string or a slice of strings.

The element param can be either a string of properly formatted XML to send or a struct which can be marshaled into a string.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) EntryListUsing Uses

func (c *Client) EntryListUsing(fn util.Retriever, path []string) ([]string, error)

EntryListUsing retrieves an list of entries using the given function, either Get or Show.

func (*Client) Get Uses

func (c *Client) Get(path, extras, ans interface{}) ([]byte, error)

Get runs a "get" type command.

The path param should be either a string or a slice of strings.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) Import Uses

func (c *Client) Import(cat, content, filename, fp string, extras map[string]string, ans interface{}) ([]byte, error)

Import performs an import type command.

The cat param is the category.

The content param is the content of the file you want to upload.

The filename param is the basename of the file you want to specify in the multipart form upload.

The fp param is the name of the param for the file upload.

The extras param is any additional key/value file upload params.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) Initialize Uses

func (c *Client) Initialize() error

Initialize does some initial setup of the Client connection, retrieves the API key if it was not already present, then performs "show system info" to get the PAN-OS version. The full results are saved into the client's SystemInfo map.

If not specified, the following is assumed:

* Protocol: https
* Port: (unspecified)
* Timeout: 10
* Logging: LogAction | LogUid

func (*Client) InitializeUsing Uses

func (c *Client) InitializeUsing(filename string, chkenv bool) error

InitializeUsing does Initialize(), but takes in a filename that contains fallback authentication credentials if they aren't specified.

The order of preference for auth / connection settings is:

* explicitly set * environment variable (set chkenv to true to enable this) * json file

func (*Client) IsImported Uses

func (c *Client) IsImported(loc, tmpl, ts, vsys, name string) (bool, error)

IsImported checks if the importable object is actually imported in the specified location.

func (*Client) LockCommits Uses

func (c *Client) LockCommits(vsys, comment string) error

LockCommits locks commits for the given scope with the given comment.

If vsys is an empty string, the scope defaults to "shared".

func (*Client) LockConfig Uses

func (c *Client) LockConfig(vsys, comment string) error

LockConfig locks the config for the given scope with the given comment.

If vsys is an empty string, the scope defaults to "shared".

func (*Client) LogAction Uses

func (c *Client) LogAction(msg string, i ...interface{})

LogAction writes a log message for SET/DELETE operations if LogAction is set.

func (*Client) LogOp Uses

func (c *Client) LogOp(msg string, i ...interface{})

LogOp writes a log message for OP operations if LogOp is set.

func (*Client) LogQuery Uses

func (c *Client) LogQuery(msg string, i ...interface{})

LogQuery writes a log message for GET/SHOW operations if LogQuery is set.

func (*Client) LogUid Uses

func (c *Client) LogUid(msg string, i ...interface{})

LogUid writes a log message for User-Id operations if LogUid is set.

func (*Client) MemberListUsing Uses

func (c *Client) MemberListUsing(fn util.Retriever, path []string) ([]string, error)

MemberListUsing retrieves an list of members using the given function, either Get or Show.

func (*Client) Move Uses

func (c *Client) Move(path interface{}, where, dst string, extras, ans interface{}) ([]byte, error)

Move does a "move" type command.

func (*Client) MultiConfig Uses

func (c *Client) MultiConfig(element MultiConfigure, strict bool, extras interface{}) ([]byte, MultiConfigureResponse, error)

MultiConfig does a "multi-config" type command.

Param strict should be true if you want strict transactional support.

Note that the error returned from this function is only if there was an error unmarshaling the response into the the multi config response struct. If the multi config itself failed, then the reason can be found in its results.

func (*Client) Op Uses

func (c *Client) Op(req interface{}, vsys string, extras, ans interface{}) ([]byte, error)

Op runs an operational or "op" type command.

The req param can be either a properly formatted XML string or a struct that can be marshalled into XML.

The vsys param is the vsys the op command should be executed in, if any.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) Plugins Uses

func (c *Client) Plugins() []map[string]string

Plugins returns the plugin information.

func (*Client) PositionFirstEntity Uses

func (c *Client) PositionFirstEntity(mvt int, rel, ent string, path, elms []string) error

PositionFirstEntity moves an element before another one using the Move API command.

Param `mvt` is a util.Move* constant.

Param `rel` is the relative entity that `mvt` is in relation to.

Param `ent` is the entity that is to be positioned.

Param `path` is the XPATH of `ent`.

Param `elms` is the ordered list of entities that should include both `rel` and `ent`. be found.

func (*Client) PrepareMultiConfigure Uses

func (c *Client) PrepareMultiConfigure(capacity int)

PrepareMultiConfigure will start a multi config command.

Capacity is the initial capacity of the requests to be sent.

func (*Client) Rename Uses

func (c *Client) Rename(path interface{}, newname string, extras, ans interface{}) ([]byte, error)

Rename does a "rename" type command.

func (*Client) RequestPasswordHash Uses

func (c *Client) RequestPasswordHash(val string) (string, error)

RequestPasswordHash requests a password hash of the given string.

func (*Client) RetrieveApiKey Uses

func (c *Client) RetrieveApiKey() error

RetrieveApiKey retrieves the API key, which will require that both the username and password are defined.

The currently set ApiKey is forgotten when invoking this function.

func (*Client) RevertToRunningConfig Uses

func (c *Client) RevertToRunningConfig() error

RevertToRunningConfig discards any changes made and reverts to the last config committed.

func (*Client) SendMultiConfigure Uses

func (c *Client) SendMultiConfigure(strict bool) (MultiConfigureResponse, error)

SendMultiConfigure will send the accumulated multi configure request.

Param strict should be true if you want strict transactional support.

Note that the error returned from this function is only if there was an error unmarshaling the response into the the multi config response struct. If the multi config itself failed, then the reason can be found in its results.

func (*Client) Set Uses

func (c *Client) Set(path, element, extras, ans interface{}) ([]byte, error)

Set runs a "set" type command, creating the element at the given xpath.

The path param should be either a string or a slice of strings.

The element param can be either a string of properly formatted XML to send or a struct which can be marshaled into a string.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) Show Uses

func (c *Client) Show(path, extras, ans interface{}) ([]byte, error)

Show runs a "show" type command.

The path param should be either a string or a slice of strings.

The extras param should be either nil or a url.Values{} to be mixed in with the constructed request.

The ans param should be a pointer to a struct to unmarshal the response into or nil.

Any response received from the server is returned, along with any errors encountered.

func (*Client) String Uses

func (c *Client) String() string

String is the string representation of a client connection. Both the password and API key are replaced with stars, if set, making it safe to print the client connection in log messages.

func (*Client) Uid Uses

func (c *Client) Uid(cmd interface{}, vsys string, extras, ans interface{}) ([]byte, error)

Uid performs User-ID API calls.

func (*Client) UnlockCommits Uses

func (c *Client) UnlockCommits(vsys, admin string) error

UnlockCommits removes the commit lock on the given scope owned by the given admin, if this admin is someone other than the current acting admin.

If vsys is an empty string, the scope defaults to "shared".

func (*Client) UnlockConfig Uses

func (c *Client) UnlockConfig(vsys string) error

UnlockConfig removes the config lock on the given scope.

If vsys is an empty string, the scope defaults to "shared".

func (*Client) ValidateConfig Uses

func (c *Client) ValidateConfig(sync bool) (uint, error)

ValidateConfig performs a commit config validation check.

Setting sync to true means that this function will block until the job finishes.

This function returns the job ID and if any errors were encountered.

func (*Client) Versioning Uses

func (c *Client) Versioning() version.Number

Versioning returns the client version number.

func (*Client) VsysImport Uses

func (c *Client) VsysImport(loc, tmpl, ts, vsys string, names []string) error

VsysImport imports the given names into the specified template / vsys.

func (*Client) VsysUnimport Uses

func (c *Client) VsysUnimport(loc, tmpl, ts string, names []string) error

VsysUnimport removes the given names from all (template, optional) vsys.

func (*Client) WaitForJob Uses

func (c *Client) WaitForJob(id uint, resp interface{}) error

WaitForJob polls the device, waiting for the specified job to finish.

If you want to unmarshal the response into a struct, then pass in a pointer to the struct for the "resp" param. If you just want to know if the job completed with a status other than "FAIL", you only need to check the returned error message.

In the case that there are multiple errors returned from the job, the first error is returned as the error string, and no unmarshaling is attempted.

type Firewall Uses

type Firewall struct {
    Client

    // Namespaces
    Network   *netw.FwNetw
    Device    *dev.FwDev
    Policies  *poli.FwPoli
    Objects   *objs.FwObjs
    Licensing *licen.Licen
    UserId    *userid.UserId
}

Firewall is a firewall specific client, providing version safe functions for the PAN-OS Xpath API methods. After creating the object, invoke Initialize() to prepare it for use.

It has the following namespaces:

* Network
* Device
* Policies
* Objects
* Licensing
* UserId

func (*Firewall) GetDhcpInfo Uses

func (c *Firewall) GetDhcpInfo(i string) (map[string]string, error)

GetDhcpInfo returns the DHCP client information about the given interface.

func (*Firewall) Initialize Uses

func (c *Firewall) Initialize() error

Initialize does some initial setup of the Firewall connection, retrieves the API key if it was not already present, then performs "show system info" to get the PAN-OS version. The full results are saved into the client's SystemInfo map.

If not specified, the following is assumed:

* Protocol: https
* Port: (unspecified)
* Timeout: 10
* Logging: LogAction | LogUid

func (*Firewall) InitializeUsing Uses

func (c *Firewall) InitializeUsing(filename string, chkenv bool) error

InitializeUsing does Initialize(), but takes in a filename that contains fallback authentication credentials if they aren't specified.

The order of preference for auth / connection settings is:

* explicitly set * environment variable (set chkenv to true to enable this) * json file

type McreMsg Uses

type McreMsg struct {
    Line    *util.CdataText `xml:"line"`
    Message string          `xml:",chardata"`
}

type MultiConfigResponseElement Uses

type MultiConfigResponseElement struct {
    XMLName xml.Name `xml:"response"`
    Status  string   `xml:"status,attr"`
    Code    int      `xml:"code,attr"`
    Id      string   `xml:"id,attr,omitempty"`
    Msg     McreMsg  `xml:"msg"`
}

func (*MultiConfigResponseElement) Message Uses

func (m *MultiConfigResponseElement) Message() string

func (*MultiConfigResponseElement) Ok Uses

func (m *MultiConfigResponseElement) Ok() bool

type MultiConfigure Uses

type MultiConfigure struct {
    XMLName xml.Name `xml:"multi-configure-request"`
    Reqs    []MultiConfigureRequest
}

func (*MultiConfigure) IncrementalIds Uses

func (m *MultiConfigure) IncrementalIds()

type MultiConfigureRequest Uses

type MultiConfigureRequest struct {
    XMLName xml.Name
    Id      string `xml:"id,attr,omitempty"`
    Xpath   string `xml:"xpath,attr"`
    Data    interface{}
}

type MultiConfigureResponse Uses

type MultiConfigureResponse struct {
    XMLName xml.Name                     `xml:"response"`
    Status  string                       `xml:"status,attr"`
    Code    int                          `xml:"code,attr"`
    Results []MultiConfigResponseElement `xml:"response"`
}

func (*MultiConfigureResponse) Error Uses

func (m *MultiConfigureResponse) Error() string

func (*MultiConfigureResponse) Ok Uses

func (m *MultiConfigureResponse) Ok() bool

type Panorama Uses

type Panorama struct {
    Client

    // Namespaces
    Device    *dev.PanoDev
    Licensing *licen.Licen
    UserId    *userid.UserId
    Panorama  *pnrm.Pnrm
    Objects   *objs.PanoObjs
    Policies  *poli.PanoPoli
    Network   *netw.PanoNetw
}

Panorama is a panorama specific client, providing version safe functions for the PAN-OS Xpath API methods. After creating the object, invoke Initialize() to prepare it for use.

It has the following namespaces:

* Licensing
* UserId

func (*Panorama) CreateVmAuthKey Uses

func (c *Panorama) CreateVmAuthKey(hours int) (VmAuthKey, error)

CreateVmAuthKey creates a VM auth key to bootstrap a VM-Series firewall.

VM auth keys are only valid for the number of hours specified.

func (*Panorama) GetVmAuthKeys Uses

func (c *Panorama) GetVmAuthKeys() ([]VmAuthKey, error)

GetVmAuthKeys gets the list of VM auth keys.

func (*Panorama) Initialize Uses

func (c *Panorama) Initialize() error

Initialize does some initial setup of the Panorama connection, retrieves the API key if it was not already present, then performs "show system info" to get the PAN-OS version. The full results are saved into the client's SystemInfo map.

If not specified, the following is assumed:

* Protocol: https
* Port: (unspecified)
* Timeout: 10
* Logging: LogAction | LogUid

func (*Panorama) InitializeUsing Uses

func (c *Panorama) InitializeUsing(filename string, chkenv bool) error

InitializeUsing does Initialize(), but takes in a filename that contains fallback authentication credentials if they aren't specified.

The order of preference for auth / connection settings is:

* explicitly set * environment variable (set chkenv to true to enable this) * json file

type PanosError Uses

type PanosError struct {
    Msg  string
    Code int
}

PanosError is the error struct returned from the Communicate method.

func (PanosError) Error Uses

func (e PanosError) Error() string

Error returns the error message.

func (PanosError) ObjectNotFound Uses

func (e PanosError) ObjectNotFound() bool

ObjectNotFound returns true on missing object error.

type VmAuthKey Uses

type VmAuthKey struct {
    AuthKey string `xml:"vm-auth-key"`
    Expiry  string `xml:"expiry-time"`
    Expires time.Time
}

VmAuthKey is a VM auth key paired with when it expires.

The Expiry field is the string returned from PAN-OS, while the Expires field is an attempt at parsing the Expiry field.

func (*VmAuthKey) ParseExpires Uses

func (o *VmAuthKey) ParseExpires(clock time.Time)

ParseExpires sets Expires from the Expiry field.

Since PAN-OS does not output timezone information with the expirations, the current PAN-OS time is retrieved, which does contain timezone information. Then in the string parsing for Expires, the location information of the system clock is applied.

Directories

PathSynopsis
commitPackage commit contains normalizations for firewall and Panorama commits.
devPackage dev is the client.Device namespace.
dev/generalPackage general is the client.Device.GeneralSettings namespace.
dev/profile/emailPackage email is the client.Object.EmailServerProfile namespace.
dev/profile/email/serverPackage server is the client.Object.EmailServer namespace.
dev/profile/httpPackage http is the client.Object.HttpServerProfile namespace.
dev/profile/http/headerPackage header is the client.Object.HttpHeader namespace.
dev/profile/http/paramPackage param is the client.Object.HttpParam namespace.
dev/profile/http/serverPackage server is the client.Object.HttpServer namespace.
dev/profile/snmpPackage snmp is the client.Object.SnmpServerProfile namespace.
dev/profile/snmp/v2cPackage v2c is the client.Object.SnmpV2cServer namespace.
dev/profile/snmp/v3Package v3 is the client.Object.SnmpV3Server namespace.
dev/profile/syslogPackage syslog is the client.Object.SyslogServerProfile namespace.
dev/profile/syslog/serverPackage server is the client.Object.SyslogServer namespace.
dev/telemetryPackage telemetry is the firewall.Device.Telemetry namespace.
licenPackage licen is the client.Licensing namespace.
namespacePackage namespace contains common workflows between most namespaces.
netwPackage netw is the client.Network namespace.
netw/ikegwPackage ikegw is the client.Network.IkeGateway namespace.
netw/interface/aggregatePackage aggregate is the client.Network.AggregateInterface namespace.
netw/interface/arpPackage arp is the client.Network.Arp namespace.
netw/interface/ethPackage eth is the client.Network.EthernetInterface namespace.
netw/interface/loopbackPackage loopback is the client.Network.LoopbackInterface namespace.
netw/interface/subinterface/layer2Package layer2 is the client.Network.Layer2Subinterface namespace.
netw/interface/subinterface/layer3Package layer3 is the client.Network.Layer3Subinterface namespace.
netw/interface/tunnelPackage loopback is the client.Network.TunnelInterface namespace.
netw/interface/vlanPackage vlan is the client.Network.VlanInterface namespace.
netw/ipsectunnelPackage ipsectunnel is the client.Network.IpsecTunnel namespace.
netw/ipsectunnel/proxyid/ipv4Package ipv4 is the client.Network.IpsecTunnelProxyId namespace.
netw/profile/bfdPackage bfd is the client.Network.BfdProfile namespace.
netw/profile/ikePackage ike is the client.Network.IkeCryptoProfile namespace.
netw/profile/ipsecPackage ipsec is the client.Network.IpsecCryptoProfile namespace.
netw/profile/mngtprofPackage mngtprof is the client.Network.ManagementProfile namespace.
netw/profile/monitorPackage monitor is the client.Network.MonitorProfile namespace.
netw/routing/profile/redist/ipv4Package ipv4 is the client.Network.RedistributionProfile namespace.
netw/routing/protocol/bgpPackage bgp is the client.Network.BgpConfig namespace.
netw/routing/protocol/bgp/aggregatePackage aggregate is the client.Network.BgpAggregation namespace.
netw/routing/protocol/bgp/aggregate/filter/advertisePackage advertise is the client.Network.BgpAggAdvertiseFilter namespace.
netw/routing/protocol/bgp/aggregate/filter/suppressPackage suppress is the client.Network.BgpAggSuppressFilter namespace.
netw/routing/protocol/bgp/conadvPackage conadv is the client.Network.BgpConditionalAdv namespace.
netw/routing/protocol/bgp/conadv/filter/advertisePackage advertise is the client.Network.BgpConAdvAdvertiseFilter namespace.
netw/routing/protocol/bgp/conadv/filter/nonexistPackage nonexist is the client.Network.BgpConAdvNonExistFilter namespace.
netw/routing/protocol/bgp/expPackage exp is the client.Network.BgpExport namespace.
netw/routing/protocol/bgp/impPackage imp is the client.Network.BgpImport namespace.
netw/routing/protocol/bgp/peerPackage peer is the client.Network.BgpPeer namespace.
netw/routing/protocol/bgp/peer/groupPackage group is the client.Network.BgpPeerGroup namespace.
netw/routing/protocol/bgp/profile/authPackage auth is the client.Network.BgpAuthProfile namespace.
netw/routing/protocol/bgp/profile/dampeningPackage dampening is the client.Network.BgpDampeningProfile namespace.
netw/routing/protocol/bgp/redistPackage redist is the client.Network.BgpRedistRule namespace.
netw/routing/routerPackage router is the client.Network.VirtualRouter namespace.
netw/routing/route/static/ipv4Package ipv4 is the client.Network.StaticRoute namespace.
netw/tunnel/grePackage gre is the client.Network.GreTunnel namespace.
netw/vlanPackage vlan is the client.Network.Vlan namespace.
netw/zonePackage zone is the client.Network.Zone namespace.
objsPackage objs is the client.Objects namespace.
objs/addrPackage addr is the ngfw.Objects.Address namespace.
objs/addrgrpPackage addrgrp is the client.Objects.AddressGroup namespace.
objs/appPackage app is the client.Objects.Application namespace.
objs/app/groupPackage group is the client.Objects.AppGroup namespace.
objs/app/signaturePackage signature is the client.Objects.AppSignature namespace.
objs/app/signature/andcondPackage andcond is the client.Objects.AppSigAndCond namespace.
objs/app/signature/orcondPackage orcond is the client.Objects.AppSigAndCondOrCond namespace.
objs/edlPackage edl is the ngfw.Objects.Edl namespace.
objs/profile/logfwdPackage logfwd is the client.Object.LogForwardingProfile namespace.
objs/profile/logfwd/matchlistPackage matchlist is the client.Object.LogForwardingProfileMatchList namespace.
objs/profile/logfwd/matchlist/actionPackage action is the client.Object.LogForwardingProfileMatchListAction namespace.
objs/srvcPackage srvc is the client.Objects.Services namespace.
objs/srvcgrpPackage srvcgrp is the client.Objects.ServiceGroup namespace.
objs/tagsPackage tags is the client.Objects.Tags namespace.
pnrmPackage pnrm is the client.Panorama namespace.
pnrm/dgPackage dg is the client.Panorama.DeviceGroup namespace.
pnrm/plugins/gcp/accountPackage account is the client.Panorama.GcpAccount namespace.
pnrm/plugins/gcp/gke/clusterPackage cluster is the client.Panorama.GkeCluster namespace.
pnrm/plugins/gcp/gke/cluster/groupPackage group is the client.Panorama.GkeClusterGroup namespace.
pnrm/templatePackage template is the client.Panorama.Template namespace.
pnrm/template/stackPackage stack is the client.Panorama.TemplateStack namespace.
pnrm/template/variablePackage variable is the client.Panorama.TemplateVariable namespace.
poliPackage poli is the client.Policies namespace.
poli/natPackage nat is the client.Policies.Nat namespace.
poli/pbfPackage pbf is the client.Policies.PolicyBasedForwarding namespace.
poli/securityPackage security is the client.Policies.Security namespace.
useridPackage userid is the client.UserId namespace, for interacting with the User-ID API.
utilPackage util contains various shared structs and functions used across the pango package.
versionPackage version contains a version number struct that pango uses to make decisions on the specific structs to use when sending XML to the PANOS device.

Package pango imports 24 packages (graph) and is imported by 1 packages. Updated 2020-07-14. Refresh now. Tools for package owners.