From 2c97b77884e7d6e8fd7635595e82e56e25cbca86 Mon Sep 17 00:00:00 2001 From: Robert <144030336+rbowden-r7@users.noreply.github.com> Date: Mon, 10 Jun 2024 09:07:30 +0100 Subject: [PATCH] [SOAR-16875] - Palo Alto Pan OS - Addressing SNYK vulnerabilities in gunicorn and validators (#2575) * SOAR-16875-Addressing SNYK vulnerabilities in gunicorn and validators * SOAR-16875-Addressing SNYK vulnerabilities in gunicorn and validators --- plugins/palo_alto_pan_os/.CHECKSUM | 44 +- plugins/palo_alto_pan_os/Dockerfile | 19 +- .../bin/komand_palo_alto_pan_os | 76 +- plugins/palo_alto_pan_os/help.md | 1255 +++++++++-------- .../actions/__init__.py | 47 +- .../add_address_object_to_group/__init__.py | 2 +- .../add_address_object_to_group/action.py | 8 +- .../add_address_object_to_group/schema.py | 22 +- .../add_external_dynamic_list/__init__.py | 2 +- .../add_external_dynamic_list/action.py | 28 +- .../add_external_dynamic_list/schema.py | 22 +- .../actions/add_to_policy/__init__.py | 2 +- .../actions/add_to_policy/action.py | 44 +- .../actions/add_to_policy/schema.py | 22 +- .../__init__.py | 2 +- .../action.py | 12 +- .../schema.py | 22 +- .../actions/commit/__init__.py | 2 +- .../actions/commit/action.py | 14 +- .../actions/commit/schema.py | 22 +- .../actions/delete/__init__.py | 2 +- .../actions/delete/action.py | 12 +- .../actions/delete/schema.py | 20 +- .../actions/edit/__init__.py | 2 +- .../actions/edit/action.py | 14 +- .../actions/edit/schema.py | 22 +- .../actions/get/__init__.py | 2 +- .../actions/get/action.py | 12 +- .../actions/get/schema.py | 20 +- .../get_addresses_from_group/__init__.py | 2 +- .../get_addresses_from_group/action.py | 30 +- .../get_addresses_from_group/schema.py | 22 +- .../actions/get_policy/__init__.py | 2 +- .../actions/get_policy/action.py | 24 +- .../actions/get_policy/schema.py | 22 +- .../actions/op/__init__.py | 2 +- .../actions/op/action.py | 12 +- .../actions/op/schema.py | 22 +- .../__init__.py | 2 +- .../action.py | 10 +- .../schema.py | 22 +- .../actions/remove_from_policy/__init__.py | 2 +- .../actions/remove_from_policy/action.py | 42 +- .../actions/remove_from_policy/schema.py | 22 +- .../actions/retrieve_logs/__init__.py | 2 +- .../actions/retrieve_logs/action.py | 35 +- .../actions/retrieve_logs/schema.py | 20 +- .../actions/set/__init__.py | 2 +- .../actions/set/action.py | 14 +- .../actions/set/schema.py | 22 +- .../actions/set_address_object/__init__.py | 2 +- .../actions/set_address_object/action.py | 16 +- .../actions/set_address_object/schema.py | 22 +- .../set_security_policy_rule/__init__.py | 2 +- .../set_security_policy_rule/action.py | 92 +- .../set_security_policy_rule/schema.py | 20 +- .../actions/show/__init__.py | 2 +- .../actions/show/action.py | 14 +- .../actions/show/schema.py | 20 +- .../connection/__init__.py | 2 +- .../connection/connection.py | 16 +- .../connection/schema.py | 28 +- .../komand_palo_alto_pan_os/tasks/__init__.py | 2 + .../triggers/__init__.py | 3 +- .../util/log_helper.py | 2 +- .../util/pan_os_requests.py | 10 +- .../komand_palo_alto_pan_os/util/util.py | 58 +- plugins/palo_alto_pan_os/plugin.spec.yaml | 109 +- plugins/palo_alto_pan_os/requirements.txt | 5 +- plugins/palo_alto_pan_os/setup.py | 8 +- .../test_add_address_object_to_group.py | 48 +- .../test_add_external_dynamic_list.py | 36 +- .../unit_test/test_add_to_policy.py | 119 +- .../test_check_if_address_object_in_group.py | 54 +- .../palo_alto_pan_os/unit_test/test_commit.py | 16 +- .../palo_alto_pan_os/unit_test/test_delete.py | 14 +- .../palo_alto_pan_os/unit_test/test_edit.py | 14 +- .../palo_alto_pan_os/unit_test/test_get.py | 14 +- .../test_get_addresses_from_group.py | 24 +- .../unit_test/test_get_policy.py | 31 +- plugins/palo_alto_pan_os/unit_test/test_op.py | 14 +- .../test_remove_address_object_from_group.py | 50 +- .../unit_test/test_remove_from_policy.py | 96 +- .../unit_test/test_retrieve_logs.py | 43 +- .../palo_alto_pan_os/unit_test/test_set.py | 14 +- .../unit_test/test_set_address_object.py | 66 +- .../test_set_security_policy_rule.py | 54 +- .../palo_alto_pan_os/unit_test/test_show.py | 15 +- 88 files changed, 1708 insertions(+), 1553 deletions(-) create mode 100644 plugins/palo_alto_pan_os/komand_palo_alto_pan_os/tasks/__init__.py diff --git a/plugins/palo_alto_pan_os/.CHECKSUM b/plugins/palo_alto_pan_os/.CHECKSUM index b8e8dc35be..8d6bdf5616 100644 --- a/plugins/palo_alto_pan_os/.CHECKSUM +++ b/plugins/palo_alto_pan_os/.CHECKSUM @@ -1,83 +1,83 @@ { - "spec": "e1b38b29297a038da1ec6b91b26b22bf", - "manifest": "35ba8c4507362531688b4473d663a298", - "setup": "d8d4d47822a6d5f01f5b285f1a795f5a", + "spec": "7306d1c21890dd515eea59c2b1b44a71", + "manifest": "2f13e2a24ce4e7ff30e39976a212f368", + "setup": "858a422c6d6f7123c68a02a0a32ed2c5", "schemas": [ { "identifier": "add_address_object_to_group/schema.py", - "hash": "f04b5691ff3b451c24d058692b076e54" + "hash": "ec7393f6595e5a011dbf7b94cfee6c4e" }, { "identifier": "add_external_dynamic_list/schema.py", - "hash": "a9f2f9f1444b23d9a0649d193b6eb1dd" + "hash": "e87b41f1908270001572547de3a0df94" }, { "identifier": "add_to_policy/schema.py", - "hash": "4483d8ffabb95a26c55e5d1be3658894" + "hash": "c88aca2ce8d15fc4551d99780ef8d445" }, { "identifier": "check_if_address_object_in_group/schema.py", - "hash": "1d9f2617e050cf7bbe71652527f0ef56" + "hash": "36485b20e58c4f5cf57e99f182d356a0" }, { "identifier": "commit/schema.py", - "hash": "68db1afee25c447bab35de6ad60c28f5" + "hash": "a35fa2960cb7e9481142151a2823ae37" }, { "identifier": "delete/schema.py", - "hash": "9157a5100b6b8dfa7459003519139b1b" + "hash": "1ffc49835e225ce23da5e06c5c9fe996" }, { "identifier": "edit/schema.py", - "hash": "5eebc7d2538eeab8a4ec279eb811f6aa" + "hash": "722e3ac204c560a03f3ec560170e0d46" }, { "identifier": "get/schema.py", - "hash": "8e72d2a850eeb6226a0926dec9f719e3" + "hash": "59181dffc3730168836cc4a036e70807" }, { "identifier": "get_addresses_from_group/schema.py", - "hash": "6349926650f1a7a6281a1938583eb1d1" + "hash": "346f99eda10cd67fd9ec3e21357866ba" }, { "identifier": "get_policy/schema.py", - "hash": "facdbb609079baa0462182afdd87208c" + "hash": "4a07866a54d3ab39c3d45516c03dc91d" }, { "identifier": "op/schema.py", - "hash": "1495b1797c7075f9d2ee056391c3db06" + "hash": "31a5d702435c8329964ec99700704624" }, { "identifier": "remove_address_object_from_group/schema.py", - "hash": "99eed1c3a9ddb8df79db35d8eeec3571" + "hash": "726f6ea8f38c6aa037f8bb6de27597b2" }, { "identifier": "remove_from_policy/schema.py", - "hash": "0b7ec5946614455ae6618f15ef71fa16" + "hash": "6520848a115b8177acd85a33de44a80f" }, { "identifier": "retrieve_logs/schema.py", - "hash": "94976fbfdc277dcf06a7c0a2def688b5" + "hash": "ff18e0d432afc33a58efc106644716fe" }, { "identifier": "set/schema.py", - "hash": "f5c2b91e5261a499d4482d762cd46452" + "hash": "da5b3ae7314fbb7528f0b12a4a7e2f5f" }, { "identifier": "set_address_object/schema.py", - "hash": "b724f581a980b19b9fe067e243b37927" + "hash": "6dc0733af28a83033b8fd1a2d4adac52" }, { "identifier": "set_security_policy_rule/schema.py", - "hash": "bebf88bdbfb89c5b821389c9428d9209" + "hash": "6a4919a1b8841316768015e3e7aaca65" }, { "identifier": "show/schema.py", - "hash": "a36dde81a2264fc3739366fdd801a2ea" + "hash": "f881156e3d988da227a0ab47f5e6c64c" }, { "identifier": "connection/schema.py", - "hash": "8e3dc8ac74f55325b4be7b0172a91ec5" + "hash": "39500737e1002462efc1db2b83a1b52a" } ] } \ No newline at end of file diff --git a/plugins/palo_alto_pan_os/Dockerfile b/plugins/palo_alto_pan_os/Dockerfile index c946b60afe..17080baa9c 100755 --- a/plugins/palo_alto_pan_os/Dockerfile +++ b/plugins/palo_alto_pan_os/Dockerfile @@ -1,27 +1,20 @@ -FROM komand/python-3-37-plugin:3 -# Refer to the following documentation for available SDK parent images: https://docs.rapid7.com/insightconnect/sdk-guide/#sdk-guide +FROM --platform=linux/amd64 rapid7/insightconnect-python-3-plugin:5.4.9 LABEL organization=rapid7 LABEL sdk=python -LABEL type=plugin -# Add any custom package dependencies here -# NOTE: Add pip packages to requirements.txt - -# End package dependencies - -# Add source code WORKDIR /python/src + ADD ./plugin.spec.yaml /plugin.spec.yaml -ADD . /python/src +ADD ./requirements.txt /python/src/requirements.txt -# Install pip dependencies RUN if [ -f requirements.txt ]; then pip install -r requirements.txt; fi -# Install plugin +ADD . /python/src + RUN python setup.py build && python setup.py install # User to run plugin code. The two supported users are: root, nobody -USER root +USER nobody ENTRYPOINT ["/usr/local/bin/komand_palo_alto_pan_os"] diff --git a/plugins/palo_alto_pan_os/bin/komand_palo_alto_pan_os b/plugins/palo_alto_pan_os/bin/komand_palo_alto_pan_os index db6a823e03..f36a10d1bb 100755 --- a/plugins/palo_alto_pan_os/bin/komand_palo_alto_pan_os +++ b/plugins/palo_alto_pan_os/bin/komand_palo_alto_pan_os @@ -1,13 +1,13 @@ #!/usr/bin/env python -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT import os import json from sys import argv Name = "Palo Alto Firewall" Vendor = "rapid7" -Version = "6.1.4" -Description = "Manage Palo Alto Networks firewall devices" +Version = "6.1.5" +Description = "[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama)" def main(): @@ -22,10 +22,10 @@ def main(): from gevent import monkey monkey.patch_all() - import komand - from komand_palo_alto_pan_os import connection, actions, triggers + import insightconnect_plugin_runtime + from komand_palo_alto_pan_os import connection, actions, triggers, tasks - class ICONPaloAltoPanOs(komand.Plugin): + class ICONPaloAltoPanOs(insightconnect_plugin_runtime.Plugin): def __init__(self): super(self.__class__, self).__init__( name=Name, @@ -34,45 +34,45 @@ def main(): description=Description, connection=connection.Connection() ) - self.add_action(actions.AddAddressObjectToGroup()) - - self.add_action(actions.AddExternalDynamicList()) - - self.add_action(actions.AddToPolicy()) - - self.add_action(actions.CheckIfAddressObjectInGroup()) - - self.add_action(actions.Commit()) - + self.add_action(actions.SetSecurityPolicyRule()) + + self.add_action(actions.Show()) + + self.add_action(actions.Get()) + self.add_action(actions.Delete()) - + + self.add_action(actions.Set()) + self.add_action(actions.Edit()) - - self.add_action(actions.Get()) - - self.add_action(actions.GetAddressesFromGroup()) - - self.add_action(actions.GetPolicy()) - + + self.add_action(actions.Commit()) + self.add_action(actions.Op()) - - self.add_action(actions.RemoveAddressObjectFromGroup()) - - self.add_action(actions.RemoveFromPolicy()) - + self.add_action(actions.RetrieveLogs()) - - self.add_action(actions.Set()) - + + self.add_action(actions.AddToPolicy()) + + self.add_action(actions.RemoveFromPolicy()) + + self.add_action(actions.AddExternalDynamicList()) + self.add_action(actions.SetAddressObject()) - - self.add_action(actions.SetSecurityPolicyRule()) - - self.add_action(actions.Show()) - + + self.add_action(actions.GetPolicy()) + + self.add_action(actions.CheckIfAddressObjectInGroup()) + + self.add_action(actions.RemoveAddressObjectFromGroup()) + + self.add_action(actions.AddAddressObjectToGroup()) + + self.add_action(actions.GetAddressesFromGroup()) + """Run plugin""" - cli = komand.CLI(ICONPaloAltoPanOs()) + cli = insightconnect_plugin_runtime.CLI(ICONPaloAltoPanOs()) cli.run() diff --git a/plugins/palo_alto_pan_os/help.md b/plugins/palo_alto_pan_os/help.md index 330a11b759..2404d55529 100644 --- a/plugins/palo_alto_pan_os/help.md +++ b/plugins/palo_alto_pan_os/help.md @@ -1,6 +1,6 @@ # Description -[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama). +[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama) # Key Features @@ -25,21 +25,21 @@ ## Setup -The connection configuration accepts the following parameters: +The connection configuration accepts the following parameters: -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|credentials|credential_username_password|None|True|Username and password|None|{"username":"username", "password":"password"}| -|server|string|None|True|URL pointing to instance of Panorama or an individual Palo Alto Firewall|None|http://www.example.com| -|verify_cert|boolean|None|True|If true, validate the server's TLS certificate when contacting the firewall over HTTPS|None|True| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|credentials|credential_username_password|None|True|Username and password|None|{"username":"username", "password":"password"}|None|None| +|server|string|None|True|URL pointing to instance of Panorama or an individual Palo Alto Firewall|None|http://www.example.com|None|None| +|verify_cert|boolean|None|True|If true, validate the server's TLS certificate when contacting the firewall over HTTPS|None|True|None|None| Example input: ``` { "credentials": { - "username":"username", - "password":"password" + "password": "password", + "username": "username" }, "server": "http://www.example.com", "verify_cert": true @@ -50,19 +50,20 @@ Example input: ### Actions + #### Add Address Object to Group -This action adds address objects to an address group. This action supports FQDNs, IPv4 and IPv6 addresses. +This action is used to adds address objects to an address group. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|address_object|[]string|None|True|The names of the address objects to add|None|["198.51.100.100", "198.51.100.101", "example.com"]| -|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain| -|group|string|None|True|Group name|None|InsightConnect Block List| -|virtual_system|string|vsys1|True|Virtual system name|None|vsys1| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address_object|[]string|None|True|The names of the address objects to add|None|["198.51.100.100", "198.51.100.101", "example.com"]|None|None| +|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain|None|None| +|group|string|None|True|Group name|None|InsightConnect Block List|None|None| +|virtual_system|string|vsys1|True|Virtual system name|None|vsys1|None|None| + Example input: ``` @@ -80,438 +81,305 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|address_objects|[]string|True|Address objects currently in group| -|success|boolean|True|Was operation successful| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|address_objects|[]string|True|Address objects currently in group|["test.com", "domain.com", "198.51.100.102", "198.51.100.100", "198.51.100.101", "example.com"]| +|success|boolean|True|Was operation successful|True| + Example output: ``` { - "success": true, "address_objects": [ "test.com", "domain.com", - "198.51.100.102, + "198.51.100.102", "198.51.100.100", "198.51.100.101", "example.com" - ] -} -``` - -#### Get Addresses from Group - -This action is used to get addresses from an address group. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain| -|group|string|None|True|Group name|None|InsightConnect Block List| -|virtual_system|string|vsys1|True|Virtual system name|None|vsys1| - -Example input: - -``` -{ - "device_name": "localhost.localdomain", - "group": "InsightConnect Block List", - "virtual_system": "vsys1" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|all_addresses|[]string|True|Addresses currently in group| -|fqdn_addresses|[]string|True|FQDN addresses currently in group| -|ipv4_addresses|[]string|True|IPv4 addresses currently in group| -|ipv6_addresses|[]string|True|IPv6 addresses currently in group| -|success|boolean|True|Was operation successful| - -Example output: - -``` -{ - "all_addresses": [ - "1.1.1.1", - "1.1.1.1/24", - "1.2.3.4", - "2.2.2.2", - "2.2.4.5", - "5.182.39.91", - "8.8.8.8", - "8.8.8.9", - "8.8.8.10", - "8.8.8.11", - "domain.com", - "2001:0db8:85a3:0000:0000:8a2e:0370:7334", - "20.20.20.20", - "test.com", - "example1.com", - "example2.com" - ], - "fqdn_addresses": [ - "domain.com", - "test.com", - "example1.com", - "example2.com" - ], - "ipv4_addresses": [ - "1.1.1.1", - "1.1.1.1/24", - "1.2.3.4", - "2.2.2.2", - "2.2.4.5", - "5.182.39.91", - "8.8.8.8", - "8.8.8.9", - "8.8.8.10", - "8.8.8.11", - "20.20.20.20" - ], - "ipv6_addresses": [ - "2001:0db8:85a3:0000:0000:8a2e:0370:7334" ], "success": true } ``` -#### Check if Address in Group +#### Add External Dynamic List -This action checks to see if an IP address, CIDR IP address, or domain is in an Address Group. +This action is used to add an external dynamic list. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|address|string|None|True|The Address Object name to check. If Enable Search is set to true then we search the addresses (IP, CIDR, domain) within the address object instead of matching the name|None|198.51.100.100| -|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain| -|enable_search|boolean|False|True|When enabled, the Address input will accept a IP, CIDR, or domain name to search across the available Address Objects in the system. This is useful when you don't know the Address Object by its name|None|False| -|group|string|None|True|Group name|None|InsightConnect Block List| -|virtual_system|string|vsys1|True|Virtual system name|None|vsys1| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|day|string||True|If repeat is weekly, choose a day to update|["", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday", "Sunday"]|Monday|None|None| +|description|string|None|True|A description of the list|None|List of IP's|None|None| +|list_type|string|None|True|The type of list|["IP List", "Domain List", "URL List"]|IP List|None|None| +|name|string|None|True|An arbitrary name for the list. This name will be used to identify the list in the firewall|None|IP List|None|None| +|repeat|string|None|True|The interval at which to retrieve updates from the list|["Five Minute", "Hourly", "Daily", "Weekly"]|Five Minute|None|None| +|source|string|None|True|The web site you will pull the list from e.g. https://www.example.com/test.txt|None|https://www.example.com/test.txt|None|None| +|time|string||True|If repeat is daily or weekly, choose an hour on a 24 hour clock to update (Default: '')|["", "00", "01", "02", "03", "04", "05", "06", "07", "08", "09", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20", "21", "22", "23"]|00|None|None| + Example input: ``` { - "address": "198.51.100.100", - "device_name": "localhost.localdomain", - "enable_search": false, - "group": "InsightConnect Block List", - "virtual_system": "vsys1" + "day": "", + "description": "List of IP's", + "list_type": "IP List", + "name": "IP List", + "repeat": "Five Minute", + "source": "https://www.example.com/test.txt", + "time": "" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|address_objects|[]string|False|The names of the address objects that match or contain address| -|found|boolean|True|Was address found in group| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|code|string|False|Response code from the firewall|20| +|message|string|False|A message with more detail about the status|command succeeded| +|status|string|False|The status of the requested operation e.g. success, error, etc|success| + Example output: ``` { - "found": true, - "address_objects": [ - "198.51.100.100" - ] + "code": 20, + "message": "command succeeded", + "status": "success" } ``` -#### Remove Address Object from Group +#### Add to Policy -This action removes an address object from an address group. +This action is used to add a rule to a firewall security policy. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|address_object|string|None|True|The name of the address object to remove|None|Malicious Host| -|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain| -|group|string|None|True|Group name|None|InsightConnect Block List| -|virtual_system|string|vsys1|True|Virtual system name|None|vsys1| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|action|string|None|False|Action that will occur if an event meets the rule definitions|None|drop|None|None| +|application|string|None|False|Application for which this rule will be applied e.g. adobe-cloud, dropbox, or any|None|any|None|None| +|destination|string|None|False|A destination for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any|None|None| +|dst_zone|string|None|False|Zone which the traffic is going to e.g. server zone, or any|None|any|None|None| +|hip_profiles|string|None|False|Host information profile|None|any|None|None| +|rule_name|string|None|True|Name of the rule|None|InsightConnect Block Rule|None|None| +|service|string|None|False|Service type for which this rule will be applied e.g. HTTP, HTTPS, or any|None|any|None|None| +|source|string|None|False|A source for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any|None|None| +|source_user|string|None|False|User that the network traffic originated from e.g. Joe Smith, or any|None|Joe Smith|None|None| +|src_zone|string|None|False|Zone in which the traffic originated e.g. server zone, or any|None|any|None|None| +|update_active_or_candidate_configuration|string|None|True|Will apply the update to the active or candidate configuration. If active is chosen any uncommitted candidate configuration will be lost|["active", "candidate"]|active|None|None| +|url_category|string|None|False|The URL category e.g. adult|None|adult|None|None| + Example input: ``` { - "address_object": "Malicious Host", - "device_name": "localhost.localdomain", - "group": "InsightConnect Block List", - "virtual_system": "vsys1" + "action": "drop", + "application": "any", + "destination": "any", + "dst_zone": "any", + "hip_profiles": "any", + "rule_name": "InsightConnect Block Rule", + "service": "any", + "source": "any", + "source_user": "Joe Smith", + "src_zone": "any", + "update_active_or_candidate_configuration": "active", + "url_category": "adult" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|success|boolean|True|Was operation successful| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|code|string|False|Response code from firewall|20| +|message|string|False|A message with more detail about the status|command succeeded| +|status|string|False|Status of the requested operation e.g. success, error, etc|success| + Example output: ``` { - "success": true + "code": 20, + "message": "command succeeded", + "status": "success" } ``` -#### Get Policy +#### Check if Address in Group -This action is used to get a policy. +This action is used to checks to see if an IP address, CIDR IP address, or domain is in an Address Group. Supports +IPv6. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain| -|policy_name|string|None|True|Policy name|None|InsightConnect Block Policy| -|virtual_system|string|vsys1|True|Virtual system name|None|vsys1| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address|string|None|True|The Address Object name to check. If Enable Search is set to true then we search the addresses (IP, CIDR, domain) within the address object instead of matching the name|None|198.51.100.100|None|None| +|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain|None|None| +|enable_search|boolean|False|True|When enabled, the Address input will accept a IP, CIDR, or domain name to search across the available Address Objects in the system. This is useful when you don't know the Address Object by its name|None|False|None|None| +|group|string|None|True|Group name|None|InsightConnect Block List|None|None| +|virtual_system|string|vsys1|True|Virtual system name|None|vsys1|None|None| + Example input: ``` { + "address": "198.51.100.100", "device_name": "localhost.localdomain", - "policy_name": "InsightConnect Block Policy", + "enable_search": false, + "group": "InsightConnect Block List", "virtual_system": "vsys1" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|action|string|False|Action| -|application|[]string|False|Application| -|category|[]string|False|Category| -|destination|[]string|False|Destination| -|from|[]string|False|From| -|hip_profiles|[]string|False|Host Information in Policy Enforcement profile| -|service|[]string|False|Service| -|source|[]string|False|Source| -|source_user|[]string|False|Source user| -|to|[]string|False|To| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|address_objects|[]string|False|The names of the address objects that match or contain address|["198.51.100.100"]| +|found|boolean|True|Was address found in group|True| + Example output: ``` { - "to": [ - "any" - ], - "from": [ - "any" - ], - "source": [ - "1.1.1.1", - "1.1.1.2" - ], - "destination": [ - "any" - ], - "source_user": [ - "any" - ], - "category": [ - "any" - ], - "application": [ - "any" - ], - "service": [ - "application-default" - ], - "hip_profiles": [ - "any" + "address_objects": [ + "198.51.100.100" ], - "action": "drop" + "found": true } ``` -#### Create Address Object - -This action is used to create a new address object. It will accept an IP, CIDR, Fully Qualified Domain Name (FQDN), -or IP range E.g. 10.1.1.1, 192.168.1.0/24, 10.1.1.1-10.1.1.9, or www.example.com. - -This action supports a whitelist as a safety check to prevent users from blocking explicitly stated hosts. -If the action encounters a host or network matched in the whitelist, the action will succeed but skip blocking the entry. +#### Commit -The whitelist accepts one or more of any combination of IP addresses, CIDR addresses, and domains e.g. -["10.1.1.2", "192.168.1.0/24", "www.example.com"]. Note that the whitelist does not support IP ranges, they will not be -checked against the whitelist of objects. An additional note is that the whitelist supports matching against CIDRs exactly but will -not check if a CIDR is within a larger CIDR network. The exception to this rule is if a CIDR is expressed as 1.1.1.1/32. -In this case, we will strip the /32 from the end and check the IP against the whitelist or the exact CIDR match. +This action is used to commits the candidate configuration. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|address|string|None|True|The IP address, network CIDR, or FQDN e.g. 192.168.1.1, 192.168.1.0/24, google.com|None|1.1.1.1| -|address_object|string|None|True|The name of the address object|None|Blocked host| -|description|string|None|False|A description for the address object|None|Blocked host from Insight Connect| -|skip_rfc1918|boolean|False|True|Skip private IP addresses as defined in RFC 1918|None|True| -|tags|string|None|False|Tags for the address object. Use commas to separate multiple tags|None|malware| -|whitelist|[]string|None|False|This list contains a set of network objects that should not be blocked. This can include IPs, CIDR notation, or domains. It can not include an IP range (such as 10.0.0.0-10.0.0.10)|None|["198.51.100.100", "192.0.2.0/24", "example.com"]| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|action|string|all|False|Commit action (Default: 'all')|None|all|None|None| +|cmd|string|None|True|XML specifying any commit arguments|None||None|None| + Example input: ``` { - "address": "1.1.1.1", - "address_object": "Blocked host", - "description": "Blocked host from Insight Connect", - "skip_rfc1918": true, - "tags": "malware", - "whitelist": [ - "198.51.100.100", - "192.0.2.0/24", - "example.com" - ] + "action": "all", + "cmd": "" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|code|string|False|Response code from the firewall| -|message|string|False|A message with more detail about the status| -|status|string|False|The status of the requested operation e.g. success, error, etc| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|object|False|Response from the firewall|{'@status': 'success', '@code': '19', 'result': {'msg': {'line': 'Commit job enqueued with jobid 152'}, 'job': '152'}}| + Example output: ``` { - "message": "command succeeded", - "status": "success", - "code": "20" + "response": { + "@code": "19", + "@status": "success", + "result": { + "job": "152", + "msg": { + "line": "Commit job enqueued with jobid 152" + } + } + } } ``` -#### Set Security Policy Rule +#### Delete -This action is used to create a new security policy rule. +This action is used to delete an object. This action uses Panorama ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|action|string|None|True|Action that will occur if an event meets the rule definitions|None|drop| -|application|string|None|True|Applications for which this rule will be applied e.g. adobe-cloud, dropbox, any|None|any| -|description|string|None|True|Description of the rule and what it does|None|Block Rule| -|destination|string|None|True|Destinations for which this rule will be applied e.g. 10.0.0.1, computername, any|None|any| -|disable_server_response_inspection|boolean|None|True|If true, the firewall will not inspect this traffic|None|False| -|disabled|boolean|None|True|If true, rule is disabled|None|False| -|dst_zone|string|None|True|Zone which the traffic is going to e.g. server zone, any|None|any| -|log_end|boolean|None|True|Generates a traffic log entry for the end of a session|None|False| -|log_start|boolean|None|True|Generates a traffic log entry for the start of a session|None|False| -|negate_destination|boolean|None|True|Negate destination|None|False| -|negate_source|boolean|None|True|Negate source|None|False| -|rule_name|string|None|True|Name of the rule|None|InsightConnect Block Rule| -|service|string|None|True|Service type for which this rule will be applied e.g. HTTP, HTTPS, any|None|any| -|source|string|None|True|Sources for which this rule will be applied e.g. 10.0.0.1, computername, any|None|any| -|source_user|string|None|True|User that the network traffic originated from e.g. Joe Smith, any|None|any| -|src_zone|string|None|True|Zone in which the traffic originated e.g. server zone, any|None|any| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|xpath|string|None|True|Xpath targeting the object to delete|None|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test_group']|None|None| + Example input: ``` { - "action": "drop", - "application": "any", - "description": "Block Rule", - "destination": "any", - "disable_server_response_inspection": false, - "disabled": false, - "dst_zone": "any", - "log_end": false, - "log_start": false, - "negate_destination": false, - "negate_source": false, - "rule_name": "InsightConnect Block Rule", - "service": "any", - "source": "any", - "source_user": "any", - "src_zone": "any" + "xpath": "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test_group']" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|config|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|config|False|Response from the firewall|{'@status': 'success', '@code': '20', 'msg': 'command succeeded'}| + Example output: ``` { "response": { - "@status": "success", "@code": "20", + "@status": "success", "msg": "command succeeded" } } - ``` -#### Set +#### Edit -This action is used to create a new object. +This action is used to edit an existing object. This action uses Panorama ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|element|string|None|True|XML representation of the object to be created|None|8x8| -|xpath|string|None|True|Xpath location to create the new object|None|/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|element|string|None|True|XML representation of the updated object. This replaces the previous object entirely, any unchanged attributes must be restated|None|8x8|None|None| +|xpath|string|None|True|Xpath location of the object to edit|None|/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']/application|None|None| + Example input: ``` { "element": "8x8", - "xpath": "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']" + "xpath": "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']/application" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|object|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|object|False|Response from the firewall|{'@status': 'success', '@code': '20', 'msg': 'command succeeded'}| + Example output: ``` { "response": { - "@status": "success", "@code": "20", + "@status": "success", "msg": "command succeeded" } } - ``` #### Get -This action is used to get candidate configuration. +This action is used to get candidate configuration. This action uses Panorama ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|xpath|string|None|True|Xpath targeting the requested portion of the configuration|None|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test_group']| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|xpath|string|None|True|Xpath targeting the requested portion of the configuration|None|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test_group']|None|None| + Example input: ``` @@ -522,193 +390,390 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|config|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|config|False|Response from the firewall|{'@status': 'success', '@code': '19', 'result': {'@total-count': '1', '@count': '1', 'entry': {'@name': 'test_group', '@admin': 'admin', '@dirtyid': '4', '@time': '2020/08/25 09:35:48', 'static': {'@admin': 'admin', '@dirtyid': '4', '@time': '2020/08/25 09:35:48', 'member': {'@admin': 'admin', '@dirtyid': '4', '@time': '2020/08/25 09:35:48', '#text': '1.1.1.1'}}, 'description': {'@admin': 'admin', '@dirtyid': '4', '@time': '2020/08/25 09:35:48', '#text': 'test'}}}}| + Example output: ``` { "response": { - "@status": "success", "@code": "19", + "@status": "success", "result": { - "@total-count": "1", "@count": "1", + "@total-count": "1", "entry": { - "@name": "test_group", "@admin": "admin", - "@dirtyId": "4", + "@dirtyid": "4", + "@name": "test_group", "@time": "2020/08/25 09:35:48", + "description": { + "#text": "test", + "@admin": "admin", + "@dirtyid": "4", + "@time": "2020/08/25 09:35:48" + }, "static": { "@admin": "admin", - "@dirtyId": "4", + "@dirtyid": "4", "@time": "2020/08/25 09:35:48", "member": { + "#text": "1.1.1.1", "@admin": "admin", - "@dirtyId": "4", - "@time": "2020/08/25 09:35:48", - "#text": "1.1.1.1" + "@dirtyid": "4", + "@time": "2020/08/25 09:35:48" } - }, - "description": { - "@admin": "admin", - "@dirtyId": "4", - "@time": "2020/08/25 09:35:48", - "#text": "test" } } } } } +``` + +#### Get Addresses from Group + +This action is used to get addresses from an address group. This action uses a direct connection to the firewall +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain|None|None| +|group|string|None|True|Group name|None|InsightConnect Block List|None|None| +|virtual_system|string|vsys1|True|Virtual system name|None|vsys1|None|None| + +Example input: + +``` +{ + "device_name": "localhost.localdomain", + "group": "InsightConnect Block List", + "virtual_system": "vsys1" +} ``` -#### Edit +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|all_addresses|[]string|True|Addresses currently in group|["1.1.1.1", "1.1.1.1/24", "1.2.3.4", "2.2.2.2", "2.2.4.5", "5.182.39.91", "8.8.8.8", "8.8.8.9", "8.8.8.10", "8.8.8.11", "20.20.20.20", "2001:0db8:85a3:0000:0000:8a2e:0370:7334", "domain.com", "test.com", "example1.com", "example2.com"]| +|fqdn_addresses|[]string|True|FQDN addresses currently in group|["domain.com", "test.com", "example1.com", "example2.com"]| +|ipv4_addresses|[]string|True|IPv4 addresses currently in group|["1.1.1.1", "1.1.1.1/24", "1.2.3.4", "2.2.2.2", "2.2.4.5", "5.182.39.91", "8.8.8.8", "8.8.8.9", "8.8.8.10", "8.8.8.11", "20.20.20.20"]| +|ipv6_addresses|[]string|True|IPv6 addresses currently in group|["2001:0db8:85a3:0000:0000:8a2e:0370:7334"]| +|success|boolean|True|Was operation successful|True| + +Example output: + +``` +{ + "all_addresses": [ + "1.1.1.1", + "1.1.1.1/24", + "1.2.3.4", + "2.2.2.2", + "2.2.4.5", + "5.182.39.91", + "8.8.8.8", + "8.8.8.9", + "8.8.8.10", + "8.8.8.11", + "20.20.20.20", + "2001:0db8:85a3:0000:0000:8a2e:0370:7334", + "domain.com", + "test.com", + "example1.com", + "example2.com" + ], + "fqdn_addresses": [ + "domain.com", + "test.com", + "example1.com", + "example2.com" + ], + "ipv4_addresses": [ + "1.1.1.1", + "1.1.1.1/24", + "1.2.3.4", + "2.2.2.2", + "2.2.4.5", + "5.182.39.91", + "8.8.8.8", + "8.8.8.9", + "8.8.8.10", + "8.8.8.11", + "20.20.20.20" + ], + "ipv6_addresses": [ + "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + ], + "success": true +} +``` + +#### Get Policy -This action is used to edit an existing object. +This action is used to get a policy by name. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|element|string|None|True|XML representation of the updated object. This replaces the previous object entirely, any unchanged attributes must be restated|None|8x8| -|xpath|string|None|True|Xpath location of the object to edit|None|/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']/application| +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain|None|None| +|policy_name|string|None|True|Policy name|None|InsightConnect Block Policy|None|None| +|virtual_system|string|vsys1|True|Virtual system name|None|vsys1|None|None| + +Example input: + +``` +{ + "device_name": "localhost.localdomain", + "policy_name": "InsightConnect Block Policy", + "virtual_system": "vsys1" +} +``` + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|action|string|False|Action|["drop"]| +|application|[]string|False|Application|["any"]| +|category|[]string|False|Category|["any"]| +|destination|[]string|False|Destination|["any"]| +|from|[]string|False|From|["any"]| +|hip_profiles|[]string|False|Host Information in Policy Enforcement profile|["any"]| +|service|[]string|False|Service|["application-default"]| +|source|[]string|False|Source|["1.1.1.1", "1.1.1.2"]| +|source_user|[]string|False|Source user|["any"]| +|to|[]string|False|To|["any"]| + +Example output: +``` +{ + "action": [ + "drop" + ], + "application": [ + "any" + ], + "category": [ + "any" + ], + "destination": [ + "any" + ], + "from": [ + "any" + ], + "hip_profiles": [ + "any" + ], + "service": [ + "application-default" + ], + "source": [ + "1.1.1.1", + "1.1.1.2" + ], + "source_user": [ + "any" + ], + "to": [ + "any" + ] +} +``` + +#### Op + +This action is used to runs operational command. This action uses a direct connection to the firewall + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|cmd|string|None|False|XML specifying operation to be completed|None||None|None| + Example input: ``` { - "element": "8x8", - "xpath": "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']/application" + "cmd": "" +} +``` + +##### Output + +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|object|False|Response from the firewall|{'@status': 'success', 'result': {'system': {'hostname': 'firewall', 'ip-address': '10.27.0.8', 'netmask': '255.255.254.0', 'default-gateway': '10.27.0.1', 'is-dhcp': 'no', 'ipv6-address': 'unknown', 'ipv6-link-local-address': 'fe80::21b:17dd:dedf:c04a/64', 'mac-address': '00:1b:17:ff:c0:4a', 'time': 'Wed Feb 10 13:03:32 2016', 'uptime': '1 days, 19:35:51', 'devicename': 'firewall', 'family': '3000', 'model': 'PA-3020', 'serial': '001901000114', 'sw-version': '7.1.', 'global-protect-client-package-version': '2.0.0', 'app-version': '557-3138', 'app-release-date': '2016/02/09 16:56:02', 'av-version': '2261-2700', 'av-release-date': '2016/02/09 15:26:53', 'threat-version': '557-3138', 'threat-release-date': '2016/02/09 16:56:02', 'wf-private-version': '0', 'wf-private-release-date': 'unknown', 'url-db': 'paloaltonetworks', 'wildfire-version': '27518-28208', 'wildfire-release-date': '2016/01/08 11:08:16', 'url-filtering-version': '2016.01.08.407', 'global-protect-datafile-version': '1452328885', 'global-protect-datafile-release-date': '2016/01/09 08:41:25', 'logdb-version': '7.0.9', 'platform-family': '3000', 'vpn-disable-mode': 'off', 'multi-vsys': 'on', 'operational-mode': 'normal'}}}| + +Example output: + +``` +{ + "response": { + "@status": "success", + "result": { + "system": { + "app-release-date": "2016/02/09 16:56:02", + "app-version": "557-3138", + "av-release-date": "2016/02/09 15:26:53", + "av-version": "2261-2700", + "default-gateway": "10.27.0.1", + "devicename": "firewall", + "family": "3000", + "global-protect-client-package-version": "2.0.0", + "global-protect-datafile-release-date": "2016/01/09 08:41:25", + "global-protect-datafile-version": "1452328885", + "hostname": "firewall", + "ip-address": "10.27.0.8", + "ipv6-address": "unknown", + "ipv6-link-local-address": "fe80::21b:17dd:dedf:c04a/64", + "is-dhcp": "no", + "logdb-version": "7.0.9", + "mac-address": "00:1b:17:ff:c0:4a", + "model": "PA-3020", + "multi-vsys": "on", + "netmask": "255.255.254.0", + "operational-mode": "normal", + "platform-family": "3000", + "serial": "001901000114", + "sw-version": "7.1.", + "threat-release-date": "2016/02/09 16:56:02", + "threat-version": "557-3138", + "time": "Wed Feb 10 13:03:32 2016", + "uptime": "1 days, 19:35:51", + "url-db": "paloaltonetworks", + "url-filtering-version": "2016.01.08.407", + "vpn-disable-mode": "off", + "wf-private-release-date": "unknown", + "wf-private-version": "0", + "wildfire-release-date": "2016/01/08 11:08:16", + "wildfire-version": "27518-28208" + } + } + } } ``` -``` -{ - "element": "example.com", - "xpath": "/config/devices/entry/vsys/entry/profiles/custom-url-category/", - "/config/devices/entry[@name=‘localhost.localdomain’]/vsys/entry[@name=‘vsys1’]/profiles/custom-url-category/entry[@name='RULE NAME']/list" -} -``` +#### Remove Address Object from Group + +This action is used to removes an address object from an address group. Supports IPv6. This action uses a direct +connection to the firewall + +##### Input + +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address_object|string|None|True|The name of the address object to remove|None|Malicious Host|None|None| +|device_name|string|localhost.localdomain|True|Device name|None|localhost.localdomain|None|None| +|group|string|None|True|Group name|None|InsightConnect Block List|None|None| +|virtual_system|string|vsys1|True|Virtual system name|None|vsys1|None|None| + +Example input: ``` { - "element": "no", - "xpath": "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='RULE NAME']/disabled" + "address_object": "Malicious Host", + "device_name": "localhost.localdomain", + "group": "InsightConnect Block List", + "virtual_system": "vsys1" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|object|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|success|boolean|True|Was operation successful|True| + Example output: ``` { - "response": { - "@status": "success", - "@code": "20", - "msg": "command succeeded" - } + "success": true } - ``` -#### Show +#### Remove from Policy -This action is used to get an active configuration. +This action is used to remove a rule from a firewall security policy. This action uses a direct connection to the +firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|xpath|string|None|True|Xpath targeting the requested portion of the configuration|None|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|action|string|None|False|The action that will occur if an event meets the rule definitions|None|drop|None|None| +|application|string|None|False|Application for which this rule will be applied e.g. adobe-cloud, dropbox, or any|None|any|None|None| +|destination|string|None|False|A Destination for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any|None|None| +|dst_zone|string|None|False|Zone which the traffic is going to e.g. server zone, or any|None|any|None|None| +|hip_profiles|string|None|False|Host information profile|None|any|None|None| +|rule_name|string|None|True|Name of the rule|None|InsightConnect Block Rule|None|None| +|service|string|None|False|Service type for which this rule will be applied e.g. HTTP, HTTPS, any|None|any|None|None| +|source|string|None|False|A source for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any|None|None| +|source_user|string|None|False|User that the network traffic originated from e.g. Joe Smith, or any|None|any|None|None| +|src_zone|string|None|False|Zone in which the traffic originated e.g. server zone, or any|None|any|None|None| +|update_active_or_candidate_configuration|string|None|True|Will apply the update to the active or candidate configuration. If active is chosen any uncommitted candidate configuration will be lost|["active", "candidate"]|active|None|None| +|url_category|string|None|False|The URL category e.g. adult|None|adult|None|None| + Example input: ``` { - "xpath": "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']" + "action": "drop", + "application": "any", + "destination": "any", + "dst_zone": "any", + "hip_profiles": "any", + "rule_name": "InsightConnect Block Rule", + "service": "any", + "source": "any", + "source_user": "any", + "src_zone": "any", + "update_active_or_candidate_configuration": "active", + "url_category": "adult" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|config|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|code|string|False|Response code from the firewall|20| +|message|string|False|A message with more detail about the status|command succeeded| +|status|string|False|Status of the requested operation e.g. success, error, etc|success| + Example output: ``` { - "response": { - "@status": "success", - "result": { - "system": { - "hostname": "firewall", - "ip-address": "10.27.0.8", - "netmask": "255.255.254.0", - "default-gateway": "10.27.0.1", - "is-dhcp": "no", - "ipv6-address": "unknown", - "ipv6-link-local-address": "fe80::21b:17dd:dedf:c04a/64", - "mac-address": "00:1b:17:ff:c0:4a", - "time": "Wed Feb 10 13:03:32 2016", - "uptime": "1 days, 19:35:51", - "devicename": "firewall", - "family": "3000", - "model": "PA-3020", - "serial": "001901000114", - "sw-version": "7.1.", - "global-protect-client-package-version": "2.0.0", - "app-version": "557-3138", - "app-release-date": "2016/02/09 16:56:02", - "av-version": "2261-2700", - "av-release-date": "2016/02/09 15:26:53", - "threat-version": "557-3138", - "threat-release-date": "2016/02/09 16:56:02", - "wf-private-version": "0", - "wf-private-release-date": "unknown", - "url-db": "paloaltonetworks", - "wildfire-version": "27518-28208", - "wildfire-release-date": "2016/01/08 11:08:16", - "url-filtering-version": "2016.01.08.407", - "global-protect-datafile-version": "1452328885", - "global-protect-datafile-release-date": "2016/01/09 08:41:25", - "logdb-version": "7.0.9", - "platform-family": "3000", - "vpn-disable-mode": "off", - "multi-vsys": "on", - "operational-mode": "normal" - } - } - } + "code": 20, + "message": "command succeeded", + "status": "success" } - ``` #### Retrieve Logs -This action is used to query firewall logs. +This action is used to queries firewall logs. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|count|integer|20|False|Number of logs to retrieve (Max: 500, Default: 20)|None|20| -|direction|string|None|False|Order in which to return the logs|['backward', 'forward']|backward| -|filter|string|None|False|Search query. Format as a log filter expression|None|receive_time geq '2021/12/22 08:00:00'| -|interval|float|0.5|False|Time interval in seconds to wait between queries for commit job completion (Default: 0.5)|None|0.5| -|log_type|string|None|False|Type of log to retrieve|['config', 'hipmatch', 'system', 'threat', 'traffic', 'url', 'wildfire']|config| -|max_tries|integer|25|False|Maximum number of times to poll for job completion before timing out (Default: 25)|None|25| -|skip|integer|0|False|Log retrieval offset, number of entries to skip, (Default: 0)|None|0| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|count|integer|20|False|Number of logs to retrieve (Max: 500, Default: 20)|None|20|None|None| +|direction|string|None|False|Order in which to return the logs|["backward", "forward"]|backward|None|None| +|filter|string|None|False|Search query. Format as a log filter expression|None|receive_time geq '2021/12/22 08:00:00'|None|None| +|interval|float|0.5|False|Time interval in seconds to wait between queries for commit job completion (Default: 0.5)|None|0.5|None|None| +|log_type|string|None|False|Type of log to retrieve|["config", "hipmatch", "system", "threat", "traffic", "url", "wildfire"]|config|None|None| +|max_tries|integer|25|False|Maximum number of times to poll for job completion before timing out (Default: 25)|None|25|None|None| +|skip|integer|0|False|Log retrieval offset, number of entries to skip, (Default: 0)|None|0|None|None| + Example input: ``` @@ -725,10 +790,10 @@ Example input: ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|log|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|log|False|Response from the firewall|{'@status': 'success', 'result': {'job': {'tenq': '17:32:53', 'tdeq': '17:32:53', 'tlast': '17:32:53', 'status': 'FIN', 'id': '1466', 'cached-logs': '0'}, 'log': {'logs': {'-count': '0', '-progress': '100'}}, 'meta': {'devices': {'entry': {'-name': 'localhost.localdomain', 'hostname': 'localhost.localdomain', 'vsys': {'entry': {'-name': 'vsys1', 'display-name': 'vsys1'}}}}}}}| + Example output: ``` @@ -737,12 +802,12 @@ Example output: "@status": "success", "result": { "job": { - "tenq": "17:32:53", - "tdeq": "17:32:53", - "tlast": "17:32:53", - "status": "FIN", + "cached-logs": "0", "id": "1466", - "cached-logs": "0" + "status": "FIN", + "tdeq": "17:32:53", + "tenq": "17:32:53", + "tlast": "17:32:53" }, "log": { "logs": { @@ -767,301 +832,255 @@ Example output: } } } - -``` - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|log|False|Response from PAN-OS| - -#### Commit - -This action is used to commit the candidate configuration. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|action|string|all|False|Commit action (Default: 'all')|None|all| -|cmd|string|None|True|XML specifying any commit arguments|None|| - -Example input: - -``` -{ - "action": "all", - "cmd": "" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|object|False|Response from the firewall| - -Example output: - -``` -{ - "response": { - "@status": "success", - "@code": "19", - "result": { - "msg": { "line": "Commit job enqueued with jobid 152" }, - "job": "152" - } - } -} - ``` -#### Delete +#### Set -This action is used to delete an object. +This action is used to create a new object. This action uses Panorama ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|xpath|string|None|True|Xpath targeting the object to delete|None|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test_group']| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|element|string|None|True|XML representation of the object to be created|None|8x8|None|None| +|xpath|string|None|True|Xpath location to create the new object|None|/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']|None|None| + Example input: ``` { - "xpath": "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='test_group']" + "element": "8x8", + "xpath": "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='test rule']" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|config|False|Response from the firewall| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|object|False|Response from the firewall|{'@status': 'success', '@code': '20', 'msg': 'command succeeded'}| + Example output: ``` { "response": { - "@status": "success", "@code": "20", - "msg": "command succeeded" - } -} - -``` - -#### Op - -This action is used to run operational command. - -##### Input - -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|cmd|string|None|False|XML specifying operation to be completed|None|| - -Example input: - -``` -{ - "cmd": "" -} -``` - -##### Output - -|Name|Type|Required|Description| -|----|----|--------|-----------| -|response|object|False|Response from the firewall| - -Example output: - -``` -{ - "response": { "@status": "success", - "result": { - } + "msg": "command succeeded" } } - ``` -#### Add to Policy +#### Create Address Object -This action is used to add a rule to a PAN-OS security policy. +This action is used to create a new address object. Supports IPv6. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|action|string|None|False|Action that will occur if an event meets the rule definitions|None|drop| -|application|string|None|False|Application for which this rule will be applied e.g. adobe-cloud, dropbox, or any|None|any| -|destination|string|None|False|A destination for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any| -|dst_zone|string|None|False|Zone which the traffic is going to e.g. server zone, or any|None|any| -|hip_profiles|string|None|False|Host information profile|None|any| -|rule_name|string|None|True|Name of the rule|None|InsightConnect Block Rule| -|service|string|None|False|Service type for which this rule will be applied e.g. HTTP, HTTPS, or any|None|any| -|source|string|None|False|A source for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any| -|source_user|string|None|False|User that the network traffic originated from e.g. Joe Smith, or any|None|Joe Smith| -|src_zone|string|None|False|Zone in which the traffic originated e.g. server zone, or any|None|any| -|update_active_or_candidate_configuration|string|None|True|Will apply the update to the active or candidate configuration. If active is chosen any uncommitted candidate configuration will be lost|['active', 'candidate']|active| -|url_category|string|None|False|The URL category e.g. adult|None|adult| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|address|string|None|True|The IP address, network CIDR, or FQDN e.g. 192.168.1.1, 192.168.1.0/24, google.com|None|1.1.1.1|None|None| +|address_object|string|None|True|The name of the address object|None|Blocked host|None|None| +|description|string|None|False|A description for the address object|None|Blocked host from Insight Connect|None|None| +|skip_rfc1918|boolean|False|True|Skip private IP addresses as defined in RFC 1918|None|True|None|None| +|tags|string|None|False|Tags for the address object. Use commas to separate multiple tags|None|malware|None|None| +|whitelist|[]string|None|False|This list contains a set of network objects that should not be blocked. This can include IPs, CIDR notation, or domains. It can not include an IP range (such as 10.0.0.0-10.0.0.10)|None|["198.51.100.100", "192.0.2.0/24", "example.com"]|None|None| + Example input: ``` { - "action": "drop", - "application": "any", - "destination": "any", - "dst_zone": "any", - "hip_profiles": "any", - "rule_name": "InsightConnect Block Rule", - "service": "any", - "source": "any", - "source_user": "Joe Smith", - "src_zone": "any", - "update_active_or_candidate_configuration": "active", - "url_category": "adult" + "address": "1.1.1.1", + "address_object": "Blocked host", + "description": "Blocked host from Insight Connect", + "skip_rfc1918": false, + "tags": "malware", + "whitelist": [ + "198.51.100.100", + "192.0.2.0/24", + "example.com" + ] } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|code|string|False|Response code from firewall| -|message|string|False|A message with more detail about the status| -|status|string|False|Status of the requested operation e.g. success, error, etc| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|code|string|False|Response code from the firewall|20| +|message|string|False|A message with more detail about the status|command succeeded| +|status|string|False|The status of the requested operation e.g. success, error, etc|success| + Example output: ``` { - "status": "success", - "code": "20", - "message": "command succeeded" + "code": 20, + "message": "command succeeded", + "status": "success" } ``` -#### Remove from Policy +#### Set Security Policy Rule -This action is used to remove a rule from a PAN-OS security policy. +This action is used to creates a new Security Policy Rule. This action uses a direct connection to the firewall ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|action|string|None|False|The action that will occur if an event meets the rule definitions|None|drop| -|application|string|None|False|Application for which this rule will be applied e.g. adobe-cloud, dropbox, or any|None|any| -|destination|string|None|False|A Destination for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any| -|dst_zone|string|None|False|Zone which the traffic is going to e.g. server zone, or any|None|any| -|hip_profiles|string|None|False|Host information profile|None|any| -|rule_name|string|None|True|Name of the rule|None|InsightConnect Block Rule| -|service|string|None|False|Service type for which this rule will be applied e.g. HTTP, HTTPS, any|None|any| -|source|string|None|False|A source for which this rule will be applied e.g. 10.0.0.1, computername, or any|None|any| -|source_user|string|None|False|User that the network traffic originated from e.g. Joe Smith, or any|None|any| -|src_zone|string|None|False|Zone in which the traffic originated e.g. server zone, or any|None|any| -|update_active_or_candidate_configuration|string|None|True|Will apply the update to the active or candidate configuration. If active is chosen any uncommitted candidate configuration will be lost|['active', 'candidate']|active| -|url_category|string|None|False|The URL category e.g. adult|None|adult| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|action|string|None|True|Action that will occur if an event meets the rule definitions|None|drop|None|None| +|application|string|None|True|Applications for which this rule will be applied e.g. adobe-cloud, dropbox, any|None|any|None|None| +|description|string|None|True|Description of the rule and what it does|None|Block Rule|None|None| +|destination|string|None|True|Destinations for which this rule will be applied e.g. 10.0.0.1, computername, any|None|any|None|None| +|disable_server_response_inspection|boolean|None|True|If true, the firewall will not inspect this traffic|None|False|None|None| +|disabled|boolean|None|True|If true, rule is disabled|None|False|None|None| +|dst_zone|string|None|True|Zone which the traffic is going to e.g. server zone, any|None|any|None|None| +|log_end|boolean|None|True|Generates a traffic log entry for the end of a session|None|False|None|None| +|log_start|boolean|None|True|Generates a traffic log entry for the start of a session|None|False|None|None| +|negate_destination|boolean|None|True|Negate destination|None|False|None|None| +|negate_source|boolean|None|True|Negate source|None|False|None|None| +|rule_name|string|None|True|Name of the rule|None|InsightConnect Block Rule|None|None| +|service|string|None|True|Service type for which this rule will be applied e.g. HTTP, HTTPS, any|None|any|None|None| +|source|string|None|True|Sources for which this rule will be applied e.g. 10.0.0.1, computername, any|None|any|None|None| +|source_user|string|None|True|User that the network traffic originated from e.g. Joe Smith, any|None|any|None|None| +|src_zone|string|None|True|Zone in which the traffic originated e.g. server zone, any|None|any|None|None| + Example input: ``` { "action": "drop", "application": "any", + "description": "Block Rule", "destination": "any", + "disable_server_response_inspection": false, + "disabled": false, "dst_zone": "any", - "hip_profiles": "any", + "log_end": false, + "log_start": false, + "negate_destination": false, + "negate_source": false, "rule_name": "InsightConnect Block Rule", "service": "any", "source": "any", "source_user": "any", - "src_zone": "any", - "update_active_or_candidate_configuration": "active", - "url_category": "adult" + "src_zone": "any" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|code|string|False|Response code from the firewall| -|message|string|False|A message with more detail about the status| -|status|string|False|Status of the requested operation e.g. success, error, etc| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|config|False|Response from the firewall|{'@status': 'success', '@code': '20', 'msg': 'command succeeded'}| + Example output: ``` { - "status": "success", - "code": "20", - "message": "command succeeded" + "response": { + "@code": "20", + "@status": "success", + "msg": "command succeeded" + } } - ``` -#### Add External Dynamic List +#### Show -This action is used to add an external dynamic list. +This action is used to gets active configuration. This action uses Panorama ##### Input -|Name|Type|Default|Required|Description|Enum|Example| -|----|----|-------|--------|-----------|----|-------| -|day|string||True|If repeat is weekly, choose a day to update|['', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday', 'Sunday']|Monday| -|description|string|None|True|A description of the list|None|List of IP's| -|list_type|string|None|True|The type of list|['IP List', 'Domain List', 'URL List']|IP List| -|name|string|None|True|An arbitrary name for the list. This name will be used to identify the list in the firewall|None|IP List| -|repeat|string|None|True|The interval at which to retrieve updates from the list|['Five Minute', 'Hourly', 'Daily', 'Weekly']|Five Minute| -|source|string|None|True|The web site you will pull the list from e.g. https://www.example.com/test.txt|None|https://www.example.com/test.txt| -|time|string||True|If repeat is daily or weekly, choose an hour on a 24 hour clock to update (Default: '')|['', '00', '01', '02', '03', '04', '05', '06', '07', '08', '09', '10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '20', '21', '22', '23']|00| - +|Name|Type|Default|Required|Description|Enum|Example|Placeholder|Tooltip| +| :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | +|xpath|string|None|True|Xpath targeting the requested portion of the configuration|None|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|None|None| + Example input: ``` { - "day": "Monday", - "description": "List of IP's", - "list_type": "IP List", - "name": "IP List", - "repeat": "Five Minute", - "source": "https://www.example.com/test.txt", - "time": "00" + "xpath": "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']" } ``` ##### Output -|Name|Type|Required|Description| -|----|----|--------|-----------| -|code|string|False|Response code from the firewall| -|message|string|False|A message with more detail about the status| -|status|string|False|The status of the requested operation e.g. success, error, etc| - +|Name|Type|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | +|response|config|False|Response from the firewall|{'@status': 'success', 'result': {'system': {'hostname': 'firewall', 'ip-address': '10.27.0.0', 'netmask': '255.255.254.0', 'default-gateway': '10.27.0.1', 'is-dhcp': 'no', 'ipv6-address': 'unknown', 'ipv6-link-local-address': 'fe80::21b:17dd:dedf:c04a/64', 'mac-address': '00:1b:17:ff:c0:4a', 'time': 'Wed Feb 10 13:03:32 2016', 'uptime': '1 days, 19:35:51', 'devicename': 'firewall', 'family': '3000', 'model': 'PA-3020', 'serial': '001901000114', 'sw-version': '7.1.', 'global-protect-client-package-version': '2.0.0', 'app-version': '557-3138', 'app-release-date': '2016/02/09 16:56:02', 'av-version': '2261-2700', 'av-release-date': '2016/02/09 15:26:53', 'threat-version': '557-3138', 'threat-release-date': '2016/02/09 16:56:02', 'wf-private-version': '0', 'wf-private-release-date': 'unknown', 'url-db': 'paloaltonetworks', 'wildfire-version': '27518-28208', 'wildfire-release-date': '2016/01/08 11:08:16', 'url-filtering-version': '2016.01.08.407', 'global-protect-datafile-version': '1452328885', 'global-protect-datafile-release-date': '2016/01/09 08:41:25', 'logdb-version': '7.0.9', 'platform-family': '3000', 'vpn-disable-mode': 'off', 'multi-vsys': 'on', 'operational-mode': 'normal'}}}| + Example output: ``` { - "status": "success", - "code": "20", - "message": "command succeeded" + "response": { + "@status": "success", + "result": { + "system": { + "app-release-date": "2016/02/09 16:56:02", + "app-version": "557-3138", + "av-release-date": "2016/02/09 15:26:53", + "av-version": "2261-2700", + "default-gateway": "10.27.0.1", + "devicename": "firewall", + "family": "3000", + "global-protect-client-package-version": "2.0.0", + "global-protect-datafile-release-date": "2016/01/09 08:41:25", + "global-protect-datafile-version": "1452328885", + "hostname": "firewall", + "ip-address": "10.27.0.0", + "ipv6-address": "unknown", + "ipv6-link-local-address": "fe80::21b:17dd:dedf:c04a/64", + "is-dhcp": "no", + "logdb-version": "7.0.9", + "mac-address": "00:1b:17:ff:c0:4a", + "model": "PA-3020", + "multi-vsys": "on", + "netmask": "255.255.254.0", + "operational-mode": "normal", + "platform-family": "3000", + "serial": "001901000114", + "sw-version": "7.1.", + "threat-release-date": "2016/02/09 16:56:02", + "threat-version": "557-3138", + "time": "Wed Feb 10 13:03:32 2016", + "uptime": "1 days, 19:35:51", + "url-db": "paloaltonetworks", + "url-filtering-version": "2016.01.08.407", + "vpn-disable-mode": "off", + "wf-private-release-date": "unknown", + "wf-private-version": "0", + "wildfire-release-date": "2016/01/08 11:08:16", + "wildfire-version": "27518-28208" + } + } + } } ``` - ### Triggers + +*This plugin does not contain any triggers.* +### Tasks + +*This plugin does not contain any tasks.* -_This plugin does not contain any triggers._ +### Custom Types + +**config** -### Custom Output Types +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|data|object|None|None|None|None| + +**log** + +|Name|Type|Default|Required|Description|Example| +| :--- | :--- | :--- | :--- | :--- | :--- | +|data|object|None|None|None|None| -_This plugin does not contain any custom output types._ ## Troubleshooting @@ -1095,6 +1114,7 @@ Action connection type # Version History +* 6.1.5 - Bumping requirements of `gunicorn` and `validators` | update the SDK to 5.4.9 | Added examples to all actions | Updated unit tests to include schema checks * 6.1.4 - Add information to every action on whether it uses Panorama or a direct firewall connection * 6.1.3 - Fix `check_if_private` method in Set Address Object action | Improve `determine_address_type` method in Set Address Object action | Fix issue where Add External Dynamic List action fails when `repeat` input has been set to retrieve updates from list weekly | Add example for `filter` input for Retrieve Logs action * 6.1.2 - Add `docs_url` in plugin spec | Update `source_url` in plugin spec @@ -1109,7 +1129,7 @@ Action connection type * 5.1.0 - New action Add Address Object to Group * 5.0.0 - Change plugin title to "Palo Alto Firewall" from "Palo Alto PAN-OS" and update remaining references * 4.0.0 - Update to Create Address Object to make input consistent with other actions -* 3.0.0 - New action Remove Address Object from Group | Update to Check if Address in Group to match input of Remove Address Object from Group +* 3.0.0 - New action Remove Address Object from Group | Update to Check if Address in Group to match input of Remove Address Object from Group * 2.2.0 - New action Check if Address in Group * 2.1.0 - New action Get Policy * 2.0.0 - Update to rename Set Address Object to Create Address Object | Update Create Address Object to accept a whitelist of address objects and auto detect the type of incoming object @@ -1133,7 +1153,8 @@ Action connection type # Links +* [Palo Alto PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) + ## References -* [Palo Alto PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) -* [Palo Alto PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) +* [Palo Alto PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) \ No newline at end of file diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/__init__.py index 630bf15b74..d143ca9f4f 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/__init__.py @@ -1,19 +1,38 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -from .add_address_object_to_group.action import AddAddressObjectToGroup -from .add_external_dynamic_list.action import AddExternalDynamicList -from .add_to_policy.action import AddToPolicy -from .check_if_address_object_in_group.action import CheckIfAddressObjectInGroup -from .commit.action import Commit +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + +from .set_security_policy_rule.action import SetSecurityPolicyRule + +from .show.action import Show + +from .get.action import Get + from .delete.action import Delete + +from .set.action import Set + from .edit.action import Edit -from .get.action import Get -from .get_addresses_from_group.action import GetAddressesFromGroup -from .get_policy.action import GetPolicy + +from .commit.action import Commit + from .op.action import Op -from .remove_address_object_from_group.action import RemoveAddressObjectFromGroup -from .remove_from_policy.action import RemoveFromPolicy + from .retrieve_logs.action import RetrieveLogs -from .set.action import Set + +from .add_to_policy.action import AddToPolicy + +from .remove_from_policy.action import RemoveFromPolicy + +from .add_external_dynamic_list.action import AddExternalDynamicList + from .set_address_object.action import SetAddressObject -from .set_security_policy_rule.action import SetSecurityPolicyRule -from .show.action import Show + +from .get_policy.action import GetPolicy + +from .check_if_address_object_in_group.action import CheckIfAddressObjectInGroup + +from .remove_address_object_from_group.action import RemoveAddressObjectFromGroup + +from .add_address_object_to_group.action import AddAddressObjectToGroup + +from .get_addresses_from_group.action import GetAddressesFromGroup + diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/__init__.py index e6d71fca0d..df8d0e2cc5 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import AddAddressObjectToGroup diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/action.py index 1184b4ef0e..f4ce142db7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/action.py @@ -1,4 +1,4 @@ -import komand +import insightconnect_plugin_runtime from .schema import ( AddAddressObjectToGroupInput, AddAddressObjectToGroupOutput, @@ -8,10 +8,10 @@ ) # Custom imports below -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException -class AddAddressObjectToGroup(komand.Action): +class AddAddressObjectToGroup(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="add_address_object_to_group", @@ -79,6 +79,6 @@ def run(self, params={}): def make_xml(names, group_name): members = "" for name in names: - members += f"{name}" + members = members.join(f"{name}") xml_template = f"{members}" return xml_template diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/schema.py index e3dd9b1eb0..ec55f02e35 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_address_object_to_group/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -12,15 +12,15 @@ class Input: DEVICE_NAME = "device_name" GROUP = "group" VIRTUAL_SYSTEM = "virtual_system" - + class Output: ADDRESS_OBJECTS = "address_objects" SUCCESS = "success" - -class AddAddressObjectToGroupInput(komand.Input): - schema = json.loads(""" + +class AddAddressObjectToGroupInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -60,7 +60,8 @@ class AddAddressObjectToGroupInput(komand.Input): "device_name", "group", "virtual_system" - ] + ], + "definitions": {} } """) @@ -68,8 +69,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class AddAddressObjectToGroupOutput(komand.Output): - schema = json.loads(""" +class AddAddressObjectToGroupOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -93,7 +94,8 @@ class AddAddressObjectToGroupOutput(komand.Output): "required": [ "address_objects", "success" - ] + ], + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/__init__.py index 250ba9a83d..8d59a33418 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import AddExternalDynamicList diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/action.py index 4f612ecd61..54a7a93cb8 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/action.py @@ -1,12 +1,12 @@ -import komand -from .schema import AddExternalDynamicListInput, AddExternalDynamicListOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import AddExternalDynamicListInput, AddExternalDynamicListOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below from komand_palo_alto_pan_os.util import util -class AddExternalDynamicList(komand.Action): +class AddExternalDynamicList(insightconnect_plugin_runtime.Action): _LIST_TYPE_KEY = { "Predefined IP List": "", @@ -24,27 +24,27 @@ class AddExternalDynamicList(komand.Action): def __init__(self): super(self.__class__, self).__init__( name="add_external_dynamic_list", - description="Add an external dynamic list", + description=Component.DESCRIPTION, input=AddExternalDynamicListInput(), output=AddExternalDynamicListOutput(), ) def run(self, params={}): add = util.ExternalList() - name = params.get("name") - list_type = params.get("list_type") - description = params.get("description") - source = params.get("source") - repeat = params.get("repeat") - time = params.get("time") - day = params.get("day") + name = params.get(Input.NAME) + list_type = params.get(Input.LIST_TYPE) + description = params.get(Input.DESCRIPTION) + source = params.get(Input.SOURCE) + repeat = params.get(Input.REPEAT) + time = params.get(Input.TIME) + day = params.get(Input.DAY) xpath = f"/config/devices/entry/vsys/entry/external-list/entry[@name='{name}']" element = add.element_for_create_external_list( - self._LIST_TYPE_KEY[list_type], + self._LIST_TYPE_KEY.get(list_type), description, source, - self._REPEAT_KEY[repeat], + self._REPEAT_KEY.get(repeat), time, day.lower(), ) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/schema.py index 15108525e1..da4f57a919 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_external_dynamic_list/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -15,16 +15,16 @@ class Input: REPEAT = "repeat" SOURCE = "source" TIME = "time" - + class Output: CODE = "code" MESSAGE = "message" STATUS = "status" - -class AddExternalDynamicListInput(komand.Input): - schema = json.loads(""" + +class AddExternalDynamicListInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -130,7 +130,8 @@ class AddExternalDynamicListInput(komand.Input): "repeat", "source", "time" - ] + ], + "definitions": {} } """) @@ -138,8 +139,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class AddExternalDynamicListOutput(komand.Output): - schema = json.loads(""" +class AddExternalDynamicListOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -162,7 +163,8 @@ class AddExternalDynamicListOutput(komand.Output): "description": "The status of the requested operation e.g. success, error, etc", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/__init__.py index 9029c8bff1..66ec47f5ee 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import AddToPolicy diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/action.py index c7ceceb310..6cc22e9799 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/action.py @@ -1,12 +1,12 @@ -import komand -from .schema import AddToPolicyInput, AddToPolicyOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import AddToPolicyInput, AddToPolicyOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below from komand_palo_alto_pan_os.util import util -class AddToPolicy(komand.Action): +class AddToPolicy(insightconnect_plugin_runtime.Action): # used to convert from keys used by plugin input to keys expected by PAN-OS _CONVERSION_KEY = { @@ -25,20 +25,20 @@ class AddToPolicy(komand.Action): def __init__(self): super(self.__class__, self).__init__( name="add_to_policy", - description="Add a rule to a PAN-OS security policy", + description=Component.DESCRIPTION, input=AddToPolicyInput(), output=AddToPolicyOutput(), ) def run(self, params={}): update = util.SecurityPolicy() - rule_name = params.get("rule_name") + rule_name = params.get(Input.RULE_NAME) policy_type = False - if params.get("update_active_or_candidate_configuration") == "active": + if params.get(Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION) == "active": policy_type = True # Set xpath to security polices - xpath = "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='{0}']".format(rule_name) + xpath = f"/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='{rule_name}']" # Get current policy config if policy_type: @@ -62,26 +62,26 @@ def run(self, params={}): "action", ] new_policy = {} - for i in key_list: - value = self._CONVERSION_KEY[i] + for key in key_list: + value = self._CONVERSION_KEY[key] if params.get(value): - new_policy[i] = update.add_to_key(current_config[i], params.get(value)) + new_policy[key] = update.add_to_key(current_config[key], params.get(value)) else: - new_policy[i] = current_config[i] + new_policy[key] = current_config[key] # Build new element element = update.element_for_policy_update( rule_name=rule_name, - to=new_policy["to"], - from_=new_policy["from"], - source=new_policy["source"], - destination=new_policy["destination"], - service=new_policy["service"], - application=new_policy["application"], - category=new_policy["category"], - hip_profiles=new_policy["hip-profiles"], - source_user=new_policy["source-user"], - fire_wall_action=new_policy["action"], + to=new_policy.get("to"), + from_=new_policy.get("from"), + source=new_policy.get("source"), + destination=new_policy.get("destination"), + service=new_policy.get("service"), + application=new_policy.get("application"), + category=new_policy.get("category"), + hip_profiles=new_policy.get("hip-profiles"), + source_user=new_policy.get("source-user"), + fire_wall_action=new_policy.get("action"), ) # Update policy diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/schema.py index 304aa6ae5d..206a000f1a 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/add_to_policy/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -20,16 +20,16 @@ class Input: SRC_ZONE = "src_zone" UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION = "update_active_or_candidate_configuration" URL_CATEGORY = "url_category" - + class Output: CODE = "code" MESSAGE = "message" STATUS = "status" - -class AddToPolicyInput(komand.Input): - schema = json.loads(""" + +class AddToPolicyInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -114,7 +114,8 @@ class AddToPolicyInput(komand.Input): "required": [ "rule_name", "update_active_or_candidate_configuration" - ] + ], + "definitions": {} } """) @@ -122,8 +123,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class AddToPolicyOutput(komand.Output): - schema = json.loads(""" +class AddToPolicyOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -146,7 +147,8 @@ class AddToPolicyOutput(komand.Output): "description": "Status of the requested operation e.g. success, error, etc", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/__init__.py index 382aa51f57..902c8352f7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import CheckIfAddressObjectInGroup diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/action.py index f238fc05ca..f4b496c0d7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/action.py @@ -1,12 +1,12 @@ -import komand +import insightconnect_plugin_runtime from .schema import CheckIfAddressObjectInGroupInput, CheckIfAddressObjectInGroupOutput, Input, Output, Component # Custom imports below -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException from komand_palo_alto_pan_os.util.ip_check import IpCheck -class CheckIfAddressObjectInGroup(komand.Action): +class CheckIfAddressObjectInGroup(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="check_if_address_object_in_group", @@ -41,7 +41,7 @@ def run(self, params={}): # noqa: MC0001 self.logger.info(f"Searching through {len(ip_objects)} address objects.") ip_object_names = [] for member in ip_objects.get("member", {}): - if type(member) == str: + if isinstance(member, str): ip_object_names.append(member) else: object_name = member.get("#text", "") @@ -77,7 +77,7 @@ def run(self, params={}): # noqa: MC0001 raise PluginException( cause="PAN OS returned an unexpected response.", assistance=f"Address object '{name}' was not found. Check the name and try again.", - date=object_result, + data=object_result, ) # Now try and deal with that address object @@ -88,7 +88,7 @@ def run(self, params={}): # noqa: MC0001 # Depending on how PAN OS is feeling on a given day, it will either have a string or list returned # in the XML for the key we just found - if type(address_object) is str: + if isinstance(address_object, str): if ip_checker.check_address_against_object(address_object, address_to_check): object_names_to_return.append(name) found = True diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/schema.py index 43cff00ece..4070919ff7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/check_if_address_object_in_group/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -13,15 +13,15 @@ class Input: ENABLE_SEARCH = "enable_search" GROUP = "group" VIRTUAL_SYSTEM = "virtual_system" - + class Output: ADDRESS_OBJECTS = "address_objects" FOUND = "found" - -class CheckIfAddressObjectInGroupInput(komand.Input): - schema = json.loads(""" + +class CheckIfAddressObjectInGroupInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -66,7 +66,8 @@ class CheckIfAddressObjectInGroupInput(komand.Input): "enable_search", "group", "virtual_system" - ] + ], + "definitions": {} } """) @@ -74,8 +75,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class CheckIfAddressObjectInGroupOutput(komand.Output): - schema = json.loads(""" +class CheckIfAddressObjectInGroupOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -98,7 +99,8 @@ class CheckIfAddressObjectInGroupOutput(komand.Output): }, "required": [ "found" - ] + ], + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/__init__.py index 95ebf874f2..dcfd6f15b7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Commit diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/action.py index 9120a8d663..9afacb8085 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/action.py @@ -1,22 +1,22 @@ -import komand -from .schema import CommitInput, CommitOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import CommitInput, CommitOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Commit(komand.Action): +class Commit(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="commit", - description="Commit the candidate configuration", + description=Component.DESCRIPTION, input=CommitInput(), output=CommitOutput(), ) def run(self, params={}): - cmd = params.get("cmd") - action = params.get("action") + cmd = params.get(Input.CMD) + action = params.get(Input.ACTION) output = self.connection.request.commit(action, cmd) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/schema.py index 21d5bcf5ba..c2d7e2a9a0 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/commit/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -10,14 +10,14 @@ class Component: class Input: ACTION = "action" CMD = "cmd" - + class Output: RESPONSE = "response" - -class CommitInput(komand.Input): - schema = json.loads(""" + +class CommitInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -38,7 +38,8 @@ class CommitInput(komand.Input): }, "required": [ "cmd" - ] + ], + "definitions": {} } """) @@ -46,8 +47,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class CommitOutput(komand.Output): - schema = json.loads(""" +class CommitOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -58,7 +59,8 @@ class CommitOutput(komand.Output): "description": "Response from the firewall", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/__init__.py index 414f7280cd..1a89540f13 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Delete diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/action.py index a0877fe29a..c633d0ab83 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/action.py @@ -1,21 +1,21 @@ -import komand -from .schema import DeleteInput, DeleteOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import DeleteInput, DeleteOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Delete(komand.Action): +class Delete(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="delete", - description="Delete an object", + description=Component.DESCRIPTION, input=DeleteInput(), output=DeleteOutput(), ) def run(self, params={}): - xpath = params.get("xpath") + xpath = params.get(Input.XPATH) output = self.connection.request.delete_(xpath=xpath) try: diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/schema.py index a154937627..60a4eed1c2 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/delete/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: XPATH = "xpath" - + class Output: RESPONSE = "response" - -class DeleteInput(komand.Input): - schema = json.loads(""" + +class DeleteInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -30,7 +30,8 @@ class DeleteInput(komand.Input): }, "required": [ "xpath" - ] + ], + "definitions": {} } """) @@ -38,8 +39,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class DeleteOutput(komand.Output): - schema = json.loads(""" +class DeleteOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -58,7 +59,6 @@ class DeleteOutput(komand.Output): "properties": { "data": { "type": "object", - "title": "Data", "order": 1 } } diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/__init__.py index fed480df5d..1e60dcea43 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Edit diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/action.py index fcd1103f85..cad71c1172 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/action.py @@ -1,22 +1,22 @@ -import komand -from .schema import EditInput, EditOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import EditInput, EditOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Edit(komand.Action): +class Edit(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="edit", - description="Edit an existing object", + description=Component.DESCRIPTION, input=EditInput(), output=EditOutput(), ) def run(self, params={}): - xpath = params.get("xpath") - element = params.get("element") + xpath = params.get(Input.XPATH) + element = params.get(Input.ELEMENT) output = self.connection.request.edit_(xpath=xpath, element=element) try: diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/schema.py index 1d797ff040..eedfcf2975 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/edit/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -10,14 +10,14 @@ class Component: class Input: ELEMENT = "element" XPATH = "xpath" - + class Output: RESPONSE = "response" - -class EditInput(komand.Input): - schema = json.loads(""" + +class EditInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -38,7 +38,8 @@ class EditInput(komand.Input): "required": [ "element", "xpath" - ] + ], + "definitions": {} } """) @@ -46,8 +47,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class EditOutput(komand.Output): - schema = json.loads(""" +class EditOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -58,7 +59,8 @@ class EditOutput(komand.Output): "description": "Response from the firewall", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/__init__.py index 7cff8fa89a..98f445da3c 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Get diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/action.py index 8873270ec2..ed1af2eafa 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/action.py @@ -1,21 +1,21 @@ -import komand -from .schema import GetInput, GetOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import GetInput, GetOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Get(komand.Action): +class Get(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="get", - description="Get candidate configuration", + description=Component.DESCRIPTION, input=GetInput(), output=GetOutput(), ) def run(self, params={}): - xpath = params.get("xpath", "") + xpath = params.get(Input.XPATH, "") output = self.connection.request.get_(xpath=xpath) try: diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/schema.py index 0012512ac7..dd30fc328f 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: XPATH = "xpath" - + class Output: RESPONSE = "response" - -class GetInput(komand.Input): - schema = json.loads(""" + +class GetInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -30,7 +30,8 @@ class GetInput(komand.Input): }, "required": [ "xpath" - ] + ], + "definitions": {} } """) @@ -38,8 +39,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class GetOutput(komand.Output): - schema = json.loads(""" +class GetOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -58,7 +59,6 @@ class GetOutput(komand.Output): "properties": { "data": { "type": "object", - "title": "Data", "order": 1 } } diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/__init__.py index 7416e25cd7..8ff98aa57e 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetAddressesFromGroup diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/action.py index fc606f4eca..895cea3dfd 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/action.py @@ -1,12 +1,12 @@ -import komand +import insightconnect_plugin_runtime from .schema import GetAddressesFromGroupInput, GetAddressesFromGroupOutput, Input, Output, Component # Custom imports below -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException import validators -class GetAddressesFromGroup(komand.Action): +class GetAddressesFromGroup(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="get_addresses_from_group", @@ -15,7 +15,7 @@ def __init__(self): output=GetAddressesFromGroupOutput(), ) - def run(self, params={}): + def run(self, params={}): # noqa: MC0001 group_name = params.get(Input.GROUP) device_name = params.get(Input.DEVICE_NAME) virtual_system = params.get(Input.VIRTUAL_SYSTEM) @@ -56,25 +56,17 @@ def run(self, params={}): address = "" if address_object.get("fqdn"): address = self.get_name(address_object.get("fqdn")) - if address in fqdn_addresses: - continue - else: + if address not in fqdn_addresses: fqdn_addresses.append(address) elif address_object.get("ip-netmask"): address = self.get_name(address_object.get("ip-netmask")) - if validators.ipv4(address) or validators.ipv4_cidr(address): - if address in ipv4_addresses: - continue - else: + if validators.ipv4(address) or validators.ipv4(address, cidr=True, strict=True): + if address not in ipv4_addresses: ipv4_addresses.append(address) - if validators.ipv6(address) or validators.ipv6_cidr(address): - if address in ipv6_addresses: - continue - else: + if validators.ipv6(address) or validators.ipv6(address, cidr=True, strict=True): + if address not in ipv6_addresses: ipv6_addresses.append(address) - if address in all_addresses: - continue - else: + if address not in all_addresses: all_addresses.append(address) return { @@ -87,7 +79,7 @@ def run(self, params={}): @staticmethod def get_name(address_object): - if type(address_object) == str: + if isinstance(address_object, str): name = address_object else: name = address_object.get("#text") diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/schema.py index c2eb417ec9..e06f10618f 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_addresses_from_group/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -11,7 +11,7 @@ class Input: DEVICE_NAME = "device_name" GROUP = "group" VIRTUAL_SYSTEM = "virtual_system" - + class Output: ALL_ADDRESSES = "all_addresses" @@ -19,10 +19,10 @@ class Output: IPV4_ADDRESSES = "ipv4_addresses" IPV6_ADDRESSES = "ipv6_addresses" SUCCESS = "success" - -class GetAddressesFromGroupInput(komand.Input): - schema = json.loads(""" + +class GetAddressesFromGroupInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -52,7 +52,8 @@ class GetAddressesFromGroupInput(komand.Input): "device_name", "group", "virtual_system" - ] + ], + "definitions": {} } """) @@ -60,8 +61,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class GetAddressesFromGroupOutput(komand.Output): - schema = json.loads(""" +class GetAddressesFromGroupOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -115,7 +116,8 @@ class GetAddressesFromGroupOutput(komand.Output): "ipv4_addresses", "ipv6_addresses", "success" - ] + ], + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/__init__.py index a20dffa27e..207ee070df 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import GetPolicy diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/action.py index ae546e88fa..2dea6101fa 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/action.py @@ -1,11 +1,11 @@ -import komand +import insightconnect_plugin_runtime from .schema import GetPolicyInput, GetPolicyOutput, Input, Output, Component # Custom imports below -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException -class GetPolicy(komand.Action): +class GetPolicy(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="get_policy", description=Component.DESCRIPTION, input=GetPolicyInput(), output=GetPolicyOutput() @@ -31,7 +31,7 @@ def run(self, params={}): ) entry_action = entry.get("action") - if type(entry_action) is dict: + if isinstance(entry_action, dict): action = entry_action.get("#text") else: action = entry_action @@ -54,15 +54,15 @@ def get_entries(self, entry, key): member = entry.get(key, {}).get("member") - if type(member) is str: + if isinstance(member, str): out.append(member) - elif type(member) is list: - for m in member: - if type(m) is dict: - out.append(m.get("#text", "")) - if type(m) is str: - out.append(m) - elif type(member) is dict: + elif isinstance(member, list): + for mem in member: + if isinstance(mem, dict): + out.append(mem.get("#text", "")) + if isinstance(mem, str): + out.append(mem) + elif isinstance(member, dict): out.append(member.get("#text", "")) return out diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/schema.py index 38a67fff70..0e0bd9db67 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/get_policy/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -11,7 +11,7 @@ class Input: DEVICE_NAME = "device_name" POLICY_NAME = "policy_name" VIRTUAL_SYSTEM = "virtual_system" - + class Output: ACTION = "action" @@ -24,10 +24,10 @@ class Output: SOURCE = "source" SOURCE_USER = "source_user" TO = "to" - -class GetPolicyInput(komand.Input): - schema = json.loads(""" + +class GetPolicyInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -57,7 +57,8 @@ class GetPolicyInput(komand.Input): "device_name", "policy_name", "virtual_system" - ] + ], + "definitions": {} } """) @@ -65,8 +66,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class GetPolicyOutput(komand.Output): - schema = json.loads(""" +class GetPolicyOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -158,7 +159,8 @@ class GetPolicyOutput(komand.Output): }, "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/__init__.py index 07b0d4d0bd..03398cdda8 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Op diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/action.py index c2ca32006d..7ffe2565d2 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/action.py @@ -1,18 +1,18 @@ -import komand -from .schema import OpInput, OpOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import OpInput, OpOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Op(komand.Action): +class Op(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( - name="op", description="Run operational command", input=OpInput(), output=OpOutput() + name="op", description=Component.DESCRIPTION, input=OpInput(), output=OpOutput() ) def run(self, params={}): - cmd = params.get("cmd") + cmd = params.get(Input.CMD) output = self.connection.request.op(cmd) try: return {"response": output["response"]} diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/schema.py index 14ec205d6c..ab58d7768b 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/op/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: CMD = "cmd" - + class Output: RESPONSE = "response" - -class OpInput(komand.Input): - schema = json.loads(""" + +class OpInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -27,7 +27,8 @@ class OpInput(komand.Input): "description": "XML specifying operation to be completed", "order": 1 } - } + }, + "definitions": {} } """) @@ -35,8 +36,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class OpOutput(komand.Output): - schema = json.loads(""" +class OpOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -47,7 +48,8 @@ class OpOutput(komand.Output): "description": "Response from the firewall", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/__init__.py index 0b77cd32a3..4cf89db605 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import RemoveAddressObjectFromGroup diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/action.py index eb7e3033cc..871701603a 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/action.py @@ -1,4 +1,4 @@ -import komand +import insightconnect_plugin_runtime from .schema import ( RemoveAddressObjectFromGroupInput, RemoveAddressObjectFromGroupOutput, @@ -8,10 +8,10 @@ ) # Custom imports below -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException -class RemoveAddressObjectFromGroup(komand.Action): +class RemoveAddressObjectFromGroup(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="remove_address_object_from_group", @@ -42,7 +42,7 @@ def run(self, params={}): found = False names = [] for name in address_objects: - if type(name) == str: + if isinstance(name, str): names.append(name) else: names.append(name.get("#text")) @@ -58,7 +58,7 @@ def run(self, params={}): def make_xml(self, names, group_name): members = "" for name in names: - members += f"{name}" + members = members.join(f"{name}") xml_template = f'{members}' diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/schema.py index 8eeab0e436..061a552d2f 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_address_object_from_group/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -12,14 +12,14 @@ class Input: DEVICE_NAME = "device_name" GROUP = "group" VIRTUAL_SYSTEM = "virtual_system" - + class Output: SUCCESS = "success" - -class RemoveAddressObjectFromGroupInput(komand.Input): - schema = json.loads(""" + +class RemoveAddressObjectFromGroupInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -56,7 +56,8 @@ class RemoveAddressObjectFromGroupInput(komand.Input): "device_name", "group", "virtual_system" - ] + ], + "definitions": {} } """) @@ -64,8 +65,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class RemoveAddressObjectFromGroupOutput(komand.Output): - schema = json.loads(""" +class RemoveAddressObjectFromGroupOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -79,7 +80,8 @@ class RemoveAddressObjectFromGroupOutput(komand.Output): }, "required": [ "success" - ] + ], + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/__init__.py index b4526d67c3..d7701b61ba 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import RemoveFromPolicy diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/action.py index 40eda4b45c..b5d4ec5522 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/action.py @@ -1,12 +1,12 @@ -import komand -from .schema import RemoveFromPolicyInput, RemoveFromPolicyOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import RemoveFromPolicyInput, RemoveFromPolicyOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below from komand_palo_alto_pan_os.util import util -class RemoveFromPolicy(komand.Action): +class RemoveFromPolicy(insightconnect_plugin_runtime.Action): # used to convert from keys used by plugin input to keys expected by PAN-OS _CONVERSION_KEY = { "source": "source", @@ -24,20 +24,20 @@ class RemoveFromPolicy(komand.Action): def __init__(self): super(self.__class__, self).__init__( name="remove_from_policy", - description="Remove a rule to a PAN-OS security policy", + description=Component.DESCRIPTION, input=RemoveFromPolicyInput(), output=RemoveFromPolicyOutput(), ) def run(self, params={}): update = util.SecurityPolicy() - rule_name = params.get("rule_name") + rule_name = params.get(Input.RULE_NAME) policy_type = False if params.get("update_active_or_candidate_configuration") == "active": policy_type = True # Set xpath to security polices - xpath = "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='{0}']".format(rule_name) + xpath = f"/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='{rule_name}']" # Get current policy config if policy_type: @@ -62,26 +62,26 @@ def run(self, params={}): "action", ] new_policy = {} - for i in key_list: - value = self._CONVERSION_KEY[i] + for key in key_list: + value = self._CONVERSION_KEY.get("key") if params.get(value): - new_policy[i] = update.remove_from_key(current_config[i], params.get(value)) + new_policy[key] = update.remove_from_key(current_config[key], params.get(value)) else: - new_policy[i] = current_config[i] + new_policy[key] = current_config[key] # Build new element element = update.element_for_policy_update( rule_name=rule_name, - to=new_policy["to"], - from_=new_policy["from"], - source=new_policy["source"], - destination=new_policy["destination"], - service=new_policy["service"], - application=new_policy["application"], - category=new_policy["category"], - hip_profiles=new_policy["hip-profiles"], - source_user=new_policy["source-user"], - fire_wall_action=new_policy["action"], + to=new_policy.get("to"), + from_=new_policy.get("from"), + source=new_policy.get("source"), + destination=new_policy.get("destination"), + service=new_policy.get("service"), + application=new_policy.get("application"), + category=new_policy.get("category"), + hip_profiles=new_policy.get("hip-profiles"), + source_user=new_policy.get("source-user"), + fire_wall_action=new_policy.get("action"), ) # Update policy diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/schema.py index 8f0de430eb..f8e8389777 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/remove_from_policy/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -20,16 +20,16 @@ class Input: SRC_ZONE = "src_zone" UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION = "update_active_or_candidate_configuration" URL_CATEGORY = "url_category" - + class Output: CODE = "code" MESSAGE = "message" STATUS = "status" - -class RemoveFromPolicyInput(komand.Input): - schema = json.loads(""" + +class RemoveFromPolicyInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -114,7 +114,8 @@ class RemoveFromPolicyInput(komand.Input): "required": [ "rule_name", "update_active_or_candidate_configuration" - ] + ], + "definitions": {} } """) @@ -122,8 +123,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class RemoveFromPolicyOutput(komand.Output): - schema = json.loads(""" +class RemoveFromPolicyOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -146,7 +147,8 @@ class RemoveFromPolicyOutput(komand.Output): "description": "Status of the requested operation e.g. success, error, etc", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/__init__.py index 58260f5bab..cba7f726fb 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import RetrieveLogs diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/action.py index d93d2648d8..807ff2be8f 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/action.py @@ -1,6 +1,6 @@ -import komand -from .schema import RetrieveLogsInput, RetrieveLogsOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import RetrieveLogsInput, RetrieveLogsOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below import requests @@ -8,24 +8,26 @@ import time import json +TIMEOUT = 60 -class RetrieveLogs(komand.Action): + +class RetrieveLogs(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="retrieve_logs", - description="Query firewall logs", + description=Component.DESCRIPTION, input=RetrieveLogsInput(), output=RetrieveLogsOutput(), ) - def run(self, params={}): - log_type = params.get("log_type") - query = params.get("filter") - direction = params.get("direction") - count = params.get("count") - skip = params.get("skip") - max_tries = params.get("max_tries") - interval = params.get("interval") + def run(self, params={}): # noqa: MC0001 + log_type = params.get(Input.LOG_TYPE) + query = params.get(Input.FILTER) + direction = params.get(Input.DIRECTION) + count = params.get(Input.COUNT) + skip = params.get(Input.SKIP) + max_tries = params.get(Input.MAX_TRIES) + interval = params.get(Input.INTERVAL) querystring = { "type": "log", @@ -38,9 +40,7 @@ def run(self, params={}): } response = requests.get( - self.connection.request.url, - params=querystring, - verify=self.connection.request.verify_cert, + self.connection.request.url, params=querystring, verify=self.connection.request.verify_cert, timeout=TIMEOUT ) try: dict_response = xmltodict.parse(response.text) @@ -86,6 +86,7 @@ def run(self, params={}): self.connection.request.url, params=querystring, verify=self.connection.request.verify_cert, + timeout=TIMEOUT, ) dict_job_poll_response = xmltodict.parse(job_poll_response.text) except BaseException as e: @@ -103,7 +104,7 @@ def run(self, params={}): data=error, ) if dict_job_poll_response["response"]["result"]["job"]["status"] == "FIN": - return {"response": dict_job_poll_response["response"]["result"]["log"]} + return {Output.RESPONSE: dict_job_poll_response["response"]["result"]["log"]} tries_completed += 1 if tries_completed != max_tries: self.logger.info("Job not completed, waiting before re-polling...") diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/schema.py index 418b2ec545..fd346a155f 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/retrieve_logs/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -15,14 +15,14 @@ class Input: LOG_TYPE = "log_type" MAX_TRIES = "max_tries" SKIP = "skip" - + class Output: RESPONSE = "response" - -class RetrieveLogsInput(komand.Input): - schema = json.loads(""" + +class RetrieveLogsInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -86,7 +86,8 @@ class RetrieveLogsInput(komand.Input): "default": 0, "order": 3 } - } + }, + "definitions": {} } """) @@ -94,8 +95,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class RetrieveLogsOutput(komand.Output): - schema = json.loads(""" +class RetrieveLogsOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -114,7 +115,6 @@ class RetrieveLogsOutput(komand.Output): "properties": { "data": { "type": "object", - "title": "Data", "order": 1 } } diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/__init__.py index 544eef8cb2..0c75a30689 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Set diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/action.py index ec1aac994f..8851419ce7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/action.py @@ -1,19 +1,19 @@ -import komand -from .schema import SetInput, SetOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import SetInput, SetOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Set(komand.Action): +class Set(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( - name="set", description="Create a new object", input=SetInput(), output=SetOutput() + name="set", description=Component.DESCRIPTION, input=SetInput(), output=SetOutput() ) def run(self, params={}): - xpath = params.get("xpath") - element = params.get("element") + xpath = params.get(Input.XPATH) + element = params.get(Input.ELEMENT) output = self.connection.request.set_(xpath=xpath, element=element) try: diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/schema.py index 48c79aa832..9ee2e98220 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -10,14 +10,14 @@ class Component: class Input: ELEMENT = "element" XPATH = "xpath" - + class Output: RESPONSE = "response" - -class SetInput(komand.Input): - schema = json.loads(""" + +class SetInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -38,7 +38,8 @@ class SetInput(komand.Input): "required": [ "element", "xpath" - ] + ], + "definitions": {} } """) @@ -46,8 +47,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class SetOutput(komand.Output): - schema = json.loads(""" +class SetOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -58,7 +59,8 @@ class SetOutput(komand.Output): "description": "Response from the firewall", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/__init__.py index 0626782581..829ef95bf7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import SetAddressObject diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/action.py index 00d08bce26..9901995e36 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/action.py @@ -1,6 +1,6 @@ -import komand -from .schema import SetAddressObjectInput, SetAddressObjectOutput, Input, Output -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import SetAddressObjectInput, SetAddressObjectOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below import re @@ -9,11 +9,11 @@ import validators -class SetAddressObject(komand.Action): +class SetAddressObject(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="set_address_object", - description="Create a new address object", + description=Component.DESCRIPTION, input=SetAddressObjectInput(), output=SetAddressObjectOutput(), ) @@ -22,9 +22,9 @@ def __init__(self): def determine_address_type(address): if validators.domain(address): return "fqdn" - if validators.ipv4(address) or validators.ipv4_cidr(address): + if validators.ipv4(address) or validators.ipv4(address, cidr=True, strict=True): return "ip-netmask" - if validators.ipv6(address) or validators.ipv6_cidr(address): + if validators.ipv6(address) or validators.ipv6(address, cidr=True, strict=True): return "ip-netmask" if re.search("-", address): split_range = address.split("-") @@ -77,7 +77,7 @@ def check_if_private(address): # Other return IP(address).iptype() in ip_types - def run(self, params={}): + def run(self, params={}): # noqa: MC0001 address = params.get(Input.ADDRESS) # object_type = params.get(Input.TYPE) name = params.get(Input.ADDRESS_OBJECT) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/schema.py index fbe108c231..95c9a20b38 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_address_object/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -14,16 +14,16 @@ class Input: SKIP_RFC1918 = "skip_rfc1918" TAGS = "tags" WHITELIST = "whitelist" - + class Output: CODE = "code" MESSAGE = "message" STATUS = "status" - -class SetAddressObjectInput(komand.Input): - schema = json.loads(""" + +class SetAddressObjectInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -73,7 +73,8 @@ class SetAddressObjectInput(komand.Input): "address", "address_object", "skip_rfc1918" - ] + ], + "definitions": {} } """) @@ -81,8 +82,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class SetAddressObjectOutput(komand.Output): - schema = json.loads(""" +class SetAddressObjectOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -105,7 +106,8 @@ class SetAddressObjectOutput(komand.Output): "description": "The status of the requested operation e.g. success, error, etc", "order": 1 } - } + }, + "definitions": {} } """) diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/__init__.py index 5824452eab..64acf72606 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import SetSecurityPolicyRule diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/action.py index ad2afc4103..713e8dc86c 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/action.py @@ -1,40 +1,40 @@ -import komand -from .schema import SetSecurityPolicyRuleInput, SetSecurityPolicyRuleOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import SetSecurityPolicyRuleInput, SetSecurityPolicyRuleOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class SetSecurityPolicyRule(komand.Action): +class SetSecurityPolicyRule(insightconnect_plugin_runtime.Action): _BOOL_TO_VALUE = {True: "yes", False: "no"} def __init__(self): super(self.__class__, self).__init__( name="set_security_policy_rule", - description="Create a new Security Policy Rule", + description=Component.DESCRIPTION, input=SetSecurityPolicyRuleInput(), output=SetSecurityPolicyRuleOutput(), ) def run(self, params={}): - rule_name = params.get("rule_name") - source = params.get("source") - destination = params.get("destination") - service = params.get("service") - application = params.get("application") - action = params.get("action") - source_user = params.get("source_user") - disable_server_response_inspection = params.get("disable_server_response_inspection") - negate_source = params.get("negate_source") - negate_destination = params.get("negate_destination") - disabled = params.get("disabled") - log_start = params.get("log_start") - log_end = params.get("log_end") - description = params.get("description") - src_zone = params.get("src_zone") - dst_zone = params.get("dst_zone") + rule_name = params.get(Input.RULE_NAME) + source = params.get(Input.SOURCE) + destination = params.get(Input.DESTINATION) + service = params.get(Input.SERVICE) + application = params.get(Input.APPLICATION) + action = params.get(Input.ACTION) + source_user = params.get(Input.SOURCE_USER) + disable_server_response_inspection = params.get(Input.DISABLE_SERVER_RESPONSE_INSPECTION) + negate_source = params.get(Input.NEGATE_SOURCE) + negate_destination = params.get(Input.NEGATE_DESTINATION) + disabled = params.get(Input.DISABLED) + log_start = params.get(Input.LOG_START) + log_end = params.get(Input.LOG_END) + description = params.get(Input.DESCRIPTION) + src_zone = params.get(Input.SRC_ZONE) + dst_zone = params.get(Input.DST_ZONE) # Set boolean values to yes or no disable_server_response_inspection = self._BOOL_TO_VALUE[disable_server_response_inspection] @@ -45,44 +45,28 @@ def run(self, params={}): log_end = self._BOOL_TO_VALUE[log_end] # Build xpath and element - xpath = "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='{0}']".format(rule_name) + xpath = f"/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='{rule_name}']" element = ( - "{source}" - "{destination}" - "{service}" - "{application}" - "{action}" - "{source_user}" - "" - "{negate_source}" - "{negate_destination}" - "{disabled}" - "{log_start}" - "{log_end}" - "{description}" - "{src_zone}" - "{dst_zone}".format( - source=source, - destination=destination, - service=service, - application=application, - action=action, - source_user=source_user, - dsri=disable_server_response_inspection, - negate_source=negate_source, - negate_destination=negate_destination, - disabled=disabled, - log_start=log_start, - log_end=log_end, - description=description, - src_zone=src_zone, - dst_zone=dst_zone, - ) + f"{source}" + f"{destination}" + f"{service}" + f"{application}" + f"{action}" + f"{source_user}" + f"" + f"{negate_source}" + f"{negate_destination}" + f"{disabled}" + f"{log_start}" + f"{log_end}" + f"{description}" + f"{src_zone}" + f"{dst_zone}" ) output = self.connection.request.set_(xpath=xpath, element=element) try: - return {"response": output["response"]} + return {Output.RESPONSE: output["response"]} except KeyError: raise PluginException( cause="The output did not contain expected keys.", diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/schema.py index b2801a62c2..03d2c1a293 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/set_security_policy_rule/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -24,14 +24,14 @@ class Input: SOURCE = "source" SOURCE_USER = "source_user" SRC_ZONE = "src_zone" - + class Output: RESPONSE = "response" - -class SetSecurityPolicyRuleInput(komand.Input): - schema = json.loads(""" + +class SetSecurityPolicyRuleInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -150,7 +150,8 @@ class SetSecurityPolicyRuleInput(komand.Input): "source", "source_user", "src_zone" - ] + ], + "definitions": {} } """) @@ -158,8 +159,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class SetSecurityPolicyRuleOutput(komand.Output): - schema = json.loads(""" +class SetSecurityPolicyRuleOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -178,7 +179,6 @@ class SetSecurityPolicyRuleOutput(komand.Output): "properties": { "data": { "type": "object", - "title": "Data", "order": 1 } } diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/__init__.py index c05e98aa4f..04510748e7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .action import Show diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/action.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/action.py index d716ec7ec5..42b83048a7 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/action.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/action.py @@ -1,25 +1,25 @@ -import komand -from .schema import ShowInput, ShowOutput -from komand.exceptions import PluginException +import insightconnect_plugin_runtime +from .schema import ShowInput, ShowOutput, Input, Output, Component +from insightconnect_plugin_runtime.exceptions import PluginException # Custom imports below -class Show(komand.Action): +class Show(insightconnect_plugin_runtime.Action): def __init__(self): super(self.__class__, self).__init__( name="show", - description="Get active configuration", + description=Component.DESCRIPTION, input=ShowInput(), output=ShowOutput(), ) def run(self, params={}): - xpath = params.get("xpath", "") + xpath = params.get(Input.XPATH, "") output = self.connection.request.show_(xpath=xpath) try: - return {"response": output["response"]} + return {Output.RESPONSE: output["response"]} except KeyError: raise PluginException( cause="The output did not contain expected keys.", diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/schema.py index 0778da9204..d9ed796fc8 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/actions/show/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -9,14 +9,14 @@ class Component: class Input: XPATH = "xpath" - + class Output: RESPONSE = "response" - -class ShowInput(komand.Input): - schema = json.loads(""" + +class ShowInput(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -30,7 +30,8 @@ class ShowInput(komand.Input): }, "required": [ "xpath" - ] + ], + "definitions": {} } """) @@ -38,8 +39,8 @@ def __init__(self): super(self.__class__, self).__init__(self.schema) -class ShowOutput(komand.Output): - schema = json.loads(""" +class ShowOutput(insightconnect_plugin_runtime.Output): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -58,7 +59,6 @@ class ShowOutput(komand.Output): "properties": { "data": { "type": "object", - "title": "Data", "order": 1 } } diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/__init__.py index a515dcf6b0..c78d3356be 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/__init__.py @@ -1,2 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from .connection import Connection diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/connection.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/connection.py index c0af40b4e1..d816683d91 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/connection.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/connection.py @@ -1,12 +1,12 @@ -import komand -from .schema import ConnectionSchema +import insightconnect_plugin_runtime +from .schema import ConnectionSchema, Input # Custom imports below from komand_palo_alto_pan_os.util.pan_os_requests import Request -from komand.exceptions import ConnectionTestException +from insightconnect_plugin_runtime.exceptions import ConnectionTestException -class Connection(komand.Connection): +class Connection(insightconnect_plugin_runtime.Connection): def __init__(self): super(self.__class__, self).__init__(input=ConnectionSchema()) self.request = None @@ -14,11 +14,11 @@ def __init__(self): def connect(self, params={}): self.logger.info("Connect: Connecting..") - hostname = params.get("server") - verify_cert = params.get("verify_cert") + hostname = params.get(Input.SERVER) + verify_cert = params.get(Input.VERIFY_CERT) - username = params.get("credentials").get("username") - password = params.get("credentials").get("password") + username = params.get(Input.CREDENTIALS, {}).get("username") + password = params.get(Input.CREDENTIALS, {}).get("password") self.request = Request.new_session(self, username, password, hostname, verify_cert) def test(self): diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/schema.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/schema.py index 192c71bc9b..be930edb57 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/schema.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/connection/schema.py @@ -1,5 +1,5 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT -import komand +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT +import insightconnect_plugin_runtime import json @@ -7,10 +7,10 @@ class Input: CREDENTIALS = "credentials" SERVER = "server" VERIFY_CERT = "verify_cert" - -class ConnectionSchema(komand.Input): - schema = json.loads(""" + +class ConnectionSchema(insightconnect_plugin_runtime.Input): + schema = json.loads(r""" { "type": "object", "title": "Variables", @@ -24,7 +24,7 @@ class ConnectionSchema(komand.Input): "server": { "type": "string", "title": "Server", - "description": "URL pointing to instance of Panorama or an individual Palo Alto firewall", + "description": "URL pointing to instance of Panorama or an individual Palo Alto Firewall", "order": 1 }, "verify_cert": { @@ -42,23 +42,23 @@ class ConnectionSchema(komand.Input): "definitions": { "credential_username_password": { "id": "credential_username_password", - "type": "object", "title": "Credential: Username and Password", "description": "A username and password combination", + "type": "object", "properties": { + "username": { + "type": "string", + "title": "Username", + "description": "The username to log in with", + "order": 1 + }, "password": { "type": "string", "title": "Password", - "displayType": "password", "description": "The password", "format": "password", + "displayType": "password", "order": 2 - }, - "username": { - "type": "string", - "title": "Username", - "description": "The username to log in with", - "order": 1 } }, "required": [ diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/tasks/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/tasks/__init__.py new file mode 100644 index 0000000000..7020c9a4ad --- /dev/null +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/tasks/__init__.py @@ -0,0 +1,2 @@ +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/triggers/__init__.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/triggers/__init__.py index bace8db897..7020c9a4ad 100755 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/triggers/__init__.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/triggers/__init__.py @@ -1 +1,2 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT + diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/log_helper.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/log_helper.py index 34189b835e..5dcb5d5702 100644 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/log_helper.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/log_helper.py @@ -1,4 +1,4 @@ -from komand.action import Action +from insightconnect_plugin_runtime.action import Action class LogHelper(Action): diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/pan_os_requests.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/pan_os_requests.py index b0c24c081e..088d55c895 100644 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/pan_os_requests.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/pan_os_requests.py @@ -1,10 +1,12 @@ -from komand.exceptions import ConnectionTestException, PluginException +from insightconnect_plugin_runtime.exceptions import ConnectionTestException, PluginException import xmltodict import requests import json -from komand.connection import Connection +from insightconnect_plugin_runtime.connection import Connection from xmltodict import ParsingInterrupted +TIMEOUT = 60 + class Request(object): def __init__(self, logger, url, session, key, verify_cert): @@ -139,7 +141,7 @@ def make_request(self, method, params): elif method == "SESSION.GET": response = self.session.get(self.url, params=params, verify=self.verify_cert) elif method == "REQUESTS.GET": - response = requests.get(self.url, params=params, verify=self.verify_cert) + response = requests.get(self.url, params=params, verify=self.verify_cert, timeout=TIMEOUT) except requests.exceptions.HTTPError as e: self.logger.info(f"Call to Palo Alto Firewall API failed: {e}") raise PluginException(preset=PluginException.Preset.UNKNOWN, data=response.text) @@ -163,7 +165,7 @@ def get_address_object(self, device_name: str, virtual_system: str, object_name: ) @staticmethod - def get_output_with_exceptions(response, element=None): + def get_output_with_exceptions(response, element=None): # noqa: MC0001 if response.status_code == 401: raise PluginException(preset=PluginException.Preset.USERNAME_PASSWORD, data=response.text) if response.status_code == 403: diff --git a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/util.py b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/util.py index 9fbb9dde44..2f2e6d7925 100644 --- a/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/util.py +++ b/plugins/palo_alto_pan_os/komand_palo_alto_pan_os/util/util.py @@ -1,5 +1,5 @@ import dicttoxml -from komand.exceptions import PluginException +from insightconnect_plugin_runtime.exceptions import PluginException from komand_palo_alto_pan_os.util.log_helper import LogHelper @@ -30,17 +30,17 @@ def extract_from_security_policy(self, policy: dict) -> dict: # noqa: MC0001 "hip-profiles", ] output = {} - for i in key_list: + for key in key_list: try: - output[i] = policy["response"]["result"]["entry"][i]["member"] + output[key] = policy["response"]["result"]["entry"][key]["member"] except KeyError: self.logger.info(f"Current policy {policy}") - self.logger.info(f"The current policy has no {i} policy: Setting to any.") - output[i] = "any" + self.logger.info(f"The current policy has no {key} policy: Setting to any.") + output[key] = "any" except TypeError: self.logger.info(f"Current policy {policy}") - self.logger.info(f"The current policy has no policy config for {i}: Setting to any.") - output[i] = "any" + self.logger.info(f"The current policy has no policy config for {key}: Setting to any.") + output[key] = "any" except BaseException: raise PluginException( cause="An unknown formatting error occurred when formatting a security policy.", @@ -56,21 +56,21 @@ def extract_from_security_policy(self, policy: dict) -> dict: # noqa: MC0001 data=f"Policy config: {policy}", ) - for i in output: - if isinstance(output[i], list): - if isinstance(output[i][0], dict): - for k, val in enumerate(output[i]): + for _, object_value in output.items(): + if isinstance(object_value, list): + if isinstance(object_value[0], dict): + for _, object_value_value in object_value.items(): try: - output[i][k] = val["#text"] + object_value[key] = object_value_value["#text"] except KeyError: raise PluginException( cause="An unknown formatting error occurred when formatting a security subpolicy.", assistance="Contact support for help.", - data=f"Subpolicy {output[i][0]}", + data=f"Subpolicy {object_value[0]}", ) - if isinstance(output[i], dict): - if isinstance(output[i], dict) and "#text" in output[i]: - output[i] = output[i]["#text"] + if isinstance(object_value, dict): + if isinstance(object_value, dict) and "#text" in object_value: + object_value = object_value["#text"] return output @@ -171,17 +171,17 @@ def element_for_policy_update( self.logger.debug(f"Dictionary to convert to XML {element}") - for value in element: - if not value == "action" and isinstance(element[value], str): - temp = element[value] - element[value] = {"member": temp} + for key, value in element.items(): + if not value == "action" and isinstance(key, str): + temp = key + key = {"member": temp} element = dicttoxml.dicttoxml(element, attr_type=False, root=False) element = element.decode() element = element.replace("", "") element = element.replace("", "") - element = '{data}'.format(name=rule_name, data=element) - self.logger.info("XML :{}".format(element)) + element = f'{element}' + self.logger.info(f"XML :{element}") return element @@ -234,13 +234,11 @@ def element_for_create_external_list( ) else: element = ( - "<{list_type}>" - "<{repeat}/>" - "{description}" - "{source}" - "".format( - list_type=list_type, repeat=repeat, description=description, source=source - ) + f"<{list_type}>" + f"<{repeat}/>" + f"{description}" + f"{source}" + f"" ) - self.logger.info("XML :{}".format(element)) + self.logger.info(f"XML :{element}") return element diff --git a/plugins/palo_alto_pan_os/plugin.spec.yaml b/plugins/palo_alto_pan_os/plugin.spec.yaml index a9a3bb1181..e68783bce1 100644 --- a/plugins/palo_alto_pan_os/plugin.spec.yaml +++ b/plugins/palo_alto_pan_os/plugin.spec.yaml @@ -3,9 +3,14 @@ extension: plugin products: [insightconnect] name: palo_alto_pan_os title: Palo Alto Firewall -description: Manage Palo Alto Networks firewall devices -version: 6.1.4 +description: "[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama)" +version: 6.1.5 +sdk: + type: full + version: 5.4.9 + user: nobody supported_versions: ["9.0.3"] +connection_version: 6 vendor: rapid7 support: rapid7 status: [] @@ -14,6 +19,55 @@ resources: license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE vendor_url: https://www.paloaltonetworks.com/ docs_url: https://docs.rapid7.com/insightconnect/palo-alto-firewall/ +key_features: + - "Create a new security policy rule to allow or block traffic based on IP addresses, services, applications, users, and zones" + - "Add rules to and remove rules from existing policies to update the active or candidate firewall configuration" + - "Commit the candidate configuration to update the active firewall configuration" + - "Set, Edit, and Delete Objects in order to construct, schedule, and search for policy rules" + - "Add an external dynamic list of IP addresses, URLs, and domains to an enforcement policy" + - "Run an operational command to manage your firewall(s)" + - "Query firewall log events to search for matches or patterns" + - "Get candidate configuration and show active configuration to view configuration settings" +requirements: ["Access to Palo Alto Next Generation firewall or Palo Alto Panorama device"] +references: ["[Palo Alto PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api)"] +links: ["[Palo Alto PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os)"] +version_history: + - "6.1.5 - Bumping requirements of `gunicorn` and `validators` | update the SDK to 5.4.9 | Added examples to all actions | Updated unit tests to include schema checks" + - "6.1.4 - Add information to every action on whether it uses Panorama or a direct firewall connection" + - "6.1.3 - Fix `check_if_private` method in Set Address Object action | Improve `determine_address_type` method in Set Address Object action | Fix issue where Add External Dynamic List action fails when `repeat` input has been set to retrieve updates from list weekly | Add example for `filter` input for Retrieve Logs action" + - "6.1.2 - Add `docs_url` in plugin spec | Update `source_url` in plugin spec" + - "6.1.1 - Remove duplicate Troubleshooting section in documentation" + - "6.1.0 - Improve error handling for xpath elements and paths in `pa_os_request.py` | New action Get Addresses from Group | Support adding a list of address objects in Add Address Object to Group action" + - "6.0.4 - Update error handling in Add Address Object to Group, Check if Address in Group, Get Policy and Remove Address Object from Group actions" + - "6.0.3 - Add Input and Output examples" + - "6.0.2 - Fix issue where Set Network Object did not support IPv6" + - "6.0.1 - Improve error handling in `pa_os_request.py`" + - "6.0.0 - Update to Create Address Object to add Skip RFC 1918 input" + - "5.1.1 - Fix issue where IPv6 address were not supported" + - "5.1.0 - New action Add Address Object to Group" + - "5.0.0 - Change plugin title to \"Palo Alto Firewall\" from \"Palo Alto PAN-OS\" and update remaining references" + - "4.0.0 - Update to Create Address Object to make input consistent with other actions" + - "3.0.0 - New action Remove Address Object from Group | Update to Check if Address in Group to match input of Remove Address Object from Group" + - "2.2.0 - New action Check if Address in Group" + - "2.1.0 - New action Get Policy" + - "2.0.0 - Update to rename Set Address Object to Create Address Object | Update Create Address Object to accept a whitelist of address objects and auto detect the type of incoming object" + - "1.5.7 - Default value of Commit action updated" + - "1.5.6 - Fix issue where edit action was causing an error with certain input" + - "1.5.5 - New spec and help.md format for the Extension Library" + - "1.5.4 - Fix issue where new plugin version was causing SSL to fail" + - "1.5.3 - Fix issue where undefined objects in security configurations caused actions to crash | Add debug logging to assist with future troubleshooting | Update to use the `komand/python-3-37-slim-plugin:3` Docker image to reduce plugin size" + - "1.5.2 - Fix typo in plugin spec" + - "1.5.1 - Fix issue where the Add to Policy action would sometimes fail with candidate configurations" + - "1.5.0 - New action Set Address Object" + - "1.4.1 - Update connection tests" + - "1.4.0 - Update Add to Policy action to allow for updates to active configuration or candidate objects | Update Remove from Policy action to allow for updates to active configuration or candidate objects" + - "1.3.1 - Update descriptions" + - "1.3.0 - New action Add External Dynamic List" + - "1.2.0 - New action Remove from Policy" + - "1.1.0 - New action Add to Policy" + - "1.0.0 - Add action to set a new security policy | Update to v2 Python plugin architecture | Support web server mode | Add error handling" + - "0.1.1 - SSL bug fix in SDK" + - "0.1.0 - Initial plugin" tags: - pan os - firewall @@ -33,9 +87,9 @@ connection: server: title: Server type: string - description: URL pointing to instance of Panorama or an individual Palo Alto firewall + description: URL pointing to instance of Panorama or an individual Palo Alto Firewall required: true - example: http://www.example.com + example: "http://www.example.com" credentials: title: Credentials description: Username and password @@ -161,6 +215,7 @@ actions: description: Response from the firewall type: config required: false + example: {"@status": "success", "@code": "20", "msg": "command succeeded"} show: title: Show description: Gets active configuration. This action uses Panorama @@ -177,6 +232,7 @@ actions: description: Response from the firewall type: config required: false + example: { "@status": "success", "result": { "system": { "hostname": "firewall", "ip-address": "10.27.0.0", "netmask": "255.255.254.0", "default-gateway": "10.27.0.1", "is-dhcp": "no", "ipv6-address": "unknown", "ipv6-link-local-address": "fe80::21b:17dd:dedf:c04a/64", "mac-address": "00:1b:17:ff:c0:4a", "time": "Wed Feb 10 13:03:32 2016", "uptime": "1 days, 19:35:51", "devicename": "firewall", "family": "3000", "model": "PA-3020", "serial": "001901000114", "sw-version": "7.1.", "global-protect-client-package-version": "2.0.0", "app-version": "557-3138", "app-release-date": "2016/02/09 16:56:02", "av-version": "2261-2700", "av-release-date": "2016/02/09 15:26:53", "threat-version": "557-3138", "threat-release-date": "2016/02/09 16:56:02", "wf-private-version": "0", "wf-private-release-date": "unknown", "url-db": "paloaltonetworks", "wildfire-version": "27518-28208", "wildfire-release-date": "2016/01/08 11:08:16", "url-filtering-version": "2016.01.08.407", "global-protect-datafile-version": "1452328885", "global-protect-datafile-release-date": "2016/01/09 08:41:25", "logdb-version": "7.0.9", "platform-family": "3000", "vpn-disable-mode": "off", "multi-vsys": "on", "operational-mode": "normal" } } } get: title: Get description: Get candidate configuration. This action uses Panorama @@ -193,6 +249,7 @@ actions: description: Response from the firewall type: config required: false + example: {'@status':'success', '@code':'19', 'result': {'@total-count': '1', '@count':'1', 'entry': {'@name':'test_group', '@admin':'admin', '@dirtyid':'4', '@time':'2020/08/25 09:35:48', 'static':{'@admin':'admin', '@dirtyid':'4', '@time':'2020/08/25 09:35:48', 'member':{'@admin':'admin', '@dirtyid':'4', '@time':'2020/08/25 09:35:48', '#text': '1.1.1.1'}}, 'description': {'@admin':'admin', '@dirtyid':'4', '@time': '2020/08/25 09:35:48', '#text': 'test'}}}} delete: title: Delete description: Delete an object. This action uses Panorama @@ -209,6 +266,7 @@ actions: description: Response from the firewall type: config required: false + example: {"@status":"success", "@code":"20", "msg":"command succeeded"} set: title: Set description: Create a new object. This action uses Panorama @@ -231,6 +289,7 @@ actions: description: Response from the firewall type: object required: false + example: {"@status": "success", "@code": "20", "msg": "command succeeded"} edit: title: Edit description: Edit an existing object. This action uses Panorama @@ -254,6 +313,7 @@ actions: description: Response from the firewall type: object required: false + example: {"@status":"success", "@code":"20", "msg":"command succeeded"} commit: title: Commit description: Commits the candidate configuration. This action uses a direct connection to the firewall @@ -277,6 +337,7 @@ actions: description: Response from the firewall type: object required: false + example: {"@status": "success", "@code": "19", "result": {"msg": {"line": "Commit job enqueued with jobid 152" }, "job": "152"}} op: title: Op description: Runs operational command. This action uses a direct connection to the firewall @@ -293,6 +354,7 @@ actions: description: Response from the firewall type: object required: false + example: { "@status": "success", "result": { "system": { "hostname": "firewall", "ip-address": "10.27.0.8", "netmask": "255.255.254.0", "default-gateway": "10.27.0.1", "is-dhcp": "no", "ipv6-address": "unknown", "ipv6-link-local-address": "fe80::21b:17dd:dedf:c04a/64", "mac-address": "00:1b:17:ff:c0:4a", "time": "Wed Feb 10 13:03:32 2016", "uptime": "1 days, 19:35:51", "devicename": "firewall", "family": "3000", "model": "PA-3020", "serial": "001901000114", "sw-version": "7.1.", "global-protect-client-package-version": "2.0.0", "app-version": "557-3138", "app-release-date": "2016/02/09 16:56:02", "av-version": "2261-2700", "av-release-date": "2016/02/09 15:26:53", "threat-version": "557-3138", "threat-release-date": "2016/02/09 16:56:02", "wf-private-version": "0", "wf-private-release-date": "unknown", "url-db": "paloaltonetworks", "wildfire-version": "27518-28208", "wildfire-release-date": "2016/01/08 11:08:16", "url-filtering-version": "2016.01.08.407", "global-protect-datafile-version": "1452328885", "global-protect-datafile-release-date": "2016/01/09 08:41:25", "logdb-version": "7.0.9", "platform-family": "3000", "vpn-disable-mode": "off", "multi-vsys": "on", "operational-mode": "normal" } } } retrieve_logs: title: Retrieve Logs description: Queries firewall logs. This action uses a direct connection to the firewall @@ -362,6 +424,7 @@ actions: description: Response from the firewall type: log required: false + example: {"@status": "success", "result": {"job": {"tenq": "17:32:53", "tdeq": "17:32:53", "tlast": "17:32:53", "status": "FIN", "id": "1466", "cached-logs": "0"}, "log": {"logs":{"-count": "0", "-progress": "100"}}, "meta": {"devices": {"entry": {"-name":"localhost.localdomain", "hostname": "localhost.localdomain", "vsys": {"entry": {"-name":"vsys1", "display-name": "vsys1"}}}}}}} add_to_policy: title: Add to Policy description: Add a rule to a firewall security policy. This action uses a direct connection to the firewall @@ -453,16 +516,19 @@ actions: description: Status of the requested operation e.g. success, error, etc type: string required: false + example: "success" code: title: Code description: Response code from firewall type: string required: false + example: "20" message: title: Message description: A message with more detail about the status type: string required: false + example: "command succeeded" remove_from_policy: title: Remove from Policy description: Remove a rule from a firewall security policy. This action uses a direct connection to the firewall @@ -554,16 +620,19 @@ actions: description: Status of the requested operation e.g. success, error, etc type: string required: false + example: "success" code: title: Code description: Response code from the firewall type: string required: false + example: "20" message: title: Message description: A message with more detail about the status type: string required: false + example: "command succeeded" add_external_dynamic_list: title: Add External Dynamic List description: Add an external dynamic list. This action uses a direct connection to the firewall @@ -640,8 +709,8 @@ actions: - '21' - '22' - '23' - default: '' - example: '00' + default: "" + example: "00" day: title: Day description: If repeat is weekly, choose a day to update @@ -656,7 +725,7 @@ actions: - Friday - Saturday - Sunday - default: '' + default: "" example: Monday output: status: @@ -664,16 +733,19 @@ actions: description: The status of the requested operation e.g. success, error, etc type: string required: false + example: "success" code: title: Code description: Response code from the firewall type: string required: false + example: "20" message: title: Message description: A message with more detail about the status type: string required: false + example: "command succeeded" set_address_object: title: Create Address Object description: Create a new address object. Supports IPv6. This action uses a direct connection to the firewall @@ -721,16 +793,19 @@ actions: description: The status of the requested operation e.g. success, error, etc type: string required: false + example: "success" code: title: Code description: Response code from the firewall type: string required: false + example: "20" message: title: Message description: A message with more detail about the status type: string required: false + example: "command succeeded" get_policy: title: Get Policy description: Get a policy by name. This action uses a direct connection to the firewall @@ -764,51 +839,61 @@ actions: description: To type: "[]string" required: false + example: ["any"] from: title: From description: From type: "[]string" required: false + example: ["any"] source: title: Source description: Source type: "[]string" required: false + example: ["1.1.1.1", "1.1.1.2"] destination: title: Destination description: Destination type: "[]string" required: false + example: ["any"] source_user: title: Source User description: Source user type: "[]string" required: false + example: ["any"] category: title: Category description: Category type: "[]string" required: false + example: ["any"] application: title: Application description: Application type: "[]string" required: false + example: ["any"] service: title: Service description: Service type: "[]string" required: false + example: ["application-default"] hip_profiles: title: HIP Profiles description: Host Information in Policy Enforcement profile type: "[]string" required: false + example: ["any"] action: title: Action description: Action type: "string" required: false + example: ["drop"] check_if_address_object_in_group: title: Check if Address in Group description: Checks to see if an IP address, CIDR IP address, or domain is in an Address Group. Supports IPv6. This action uses a direct connection to the firewall @@ -857,11 +942,13 @@ actions: description: Was address found in group type: boolean required: true + example: true address_objects: title: Address Objects description: The names of the address objects that match or contain address type: "[]string" required: false + example: ["198.51.100.100"] remove_address_object_from_group: title: Remove Address Object from Group description: Removes an address object from an address group. Supports IPv6. This action uses a direct connection to the firewall @@ -902,6 +989,7 @@ actions: description: Was operation successful type: boolean required: true + example: true add_address_object_to_group: title: Add Address Object to Group description: Adds address objects to an address group. This action uses a direct connection to the firewall @@ -942,11 +1030,13 @@ actions: description: Was operation successful type: boolean required: true + example: true address_objects: title: Address Objects description: Address objects currently in group type: "[]string" required: true + example: ["test.com", "domain.com", "198.51.100.102", "198.51.100.100", "198.51.100.101", "example.com"] get_addresses_from_group: title: Get Addresses from Group description: Get addresses from an address group. This action uses a direct connection to the firewall @@ -980,23 +1070,28 @@ actions: description: Was operation successful type: boolean required: true + example: true fqdn_addresses: title: FQDN Addresses description: FQDN addresses currently in group type: "[]string" required: true + example: ["domain.com", "test.com", "example1.com", "example2.com"] ipv4_addresses: title: IPv4 Addresses description: IPv4 addresses currently in group type: "[]string" required: true + example: ["1.1.1.1", "1.1.1.1/24", "1.2.3.4", "2.2.2.2", "2.2.4.5", "5.182.39.91", "8.8.8.8", "8.8.8.9", "8.8.8.10", "8.8.8.11", "20.20.20.20"] ipv6_addresses: title: IPv6 Addresses description: IPv6 addresses currently in group type: "[]string" required: true + example: ["2001:0db8:85a3:0000:0000:8a2e:0370:7334"] all_addresses: title: All Addresses description: Addresses currently in group type: "[]string" required: true + example: ["1.1.1.1", "1.1.1.1/24", "1.2.3.4", "2.2.2.2", "2.2.4.5", "5.182.39.91", "8.8.8.8", "8.8.8.9", "8.8.8.10", "8.8.8.11", "20.20.20.20", "2001:0db8:85a3:0000:0000:8a2e:0370:7334", "domain.com", "test.com", "example1.com", "example2.com"] \ No newline at end of file diff --git a/plugins/palo_alto_pan_os/requirements.txt b/plugins/palo_alto_pan_os/requirements.txt index 59f6e9d297..2824fd93de 100755 --- a/plugins/palo_alto_pan_os/requirements.txt +++ b/plugins/palo_alto_pan_os/requirements.txt @@ -1,9 +1,10 @@ # List third-party dependencies here, separated by newlines. # All dependencies must be version-pinned, eg. requests==1.2.0 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files -gunicorn==19.9.0 +gunicorn==22.0.0 xmltodict==0.12.0 dicttoxml==1.7.4 -validators==0.14.2 +validators==0.22.0 IPy==1.01 parameterized==0.8.1 +jsonschema==3.2.0 diff --git a/plugins/palo_alto_pan_os/setup.py b/plugins/palo_alto_pan_os/setup.py index 9183d0d4f3..ad82e1d00c 100755 --- a/plugins/palo_alto_pan_os/setup.py +++ b/plugins/palo_alto_pan_os/setup.py @@ -1,14 +1,14 @@ -# GENERATED BY KOMAND SDK - DO NOT EDIT +# GENERATED BY INSIGHT-PLUGIN - DO NOT EDIT from setuptools import setup, find_packages setup(name="palo_alto_pan_os-rapid7-plugin", - version="6.1.4", - description="Manage Palo Alto Networks firewall devices", + version="6.1.5", + description="[PAN-OS](https://www.paloaltonetworks.com/documentation/80/pan-os) is the software that runs all Palo Alto Networks next-generation firewalls. This plugin utilizes the [PAN-OS API](https://www.paloaltonetworks.com/documentation/80/pan-os/xml-api) to provide programmatic management of the Palo Alto Firewall appliance(s). It supports managing firewalls individually or centralized via [Panorama](https://www.paloaltonetworks.com/network-security/panorama)", author="rapid7", author_email="", url="", packages=find_packages(), - install_requires=['komand'], # Add third-party dependencies to requirements.txt, not here! + install_requires=['insightconnect-plugin-runtime'], # Add third-party dependencies to requirements.txt, not here! scripts=['bin/komand_palo_alto_pan_os'] ) diff --git a/plugins/palo_alto_pan_os/unit_test/test_add_address_object_to_group.py b/plugins/palo_alto_pan_os/unit_test/test_add_address_object_to_group.py index 39dd16e300..737f5c57d7 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_add_address_object_to_group.py +++ b/plugins/palo_alto_pan_os/unit_test/test_add_address_object_to_group.py @@ -1,14 +1,19 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.add_address_object_to_group import AddAddressObjectToGroup -from komand_palo_alto_pan_os.actions.add_address_object_to_group.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.add_address_object_to_group.schema import ( + Input, + AddAddressObjectToGroupInput, + AddAddressObjectToGroupOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -57,15 +62,16 @@ def test_add_address_object_to_group( self, mock_get, mock_post, name, address_object, group, device_name, virtual_system, expected ): action = Util.default_connector(AddAddressObjectToGroup()) - actual = action.run( - { - Input.ADDRESS_OBJECT: address_object, - Input.GROUP: group, - Input.DEVICE_NAME: device_name, - Input.VIRTUAL_SYSTEM: virtual_system, - } - ) + input_data = { + Input.ADDRESS_OBJECT: address_object, + Input.GROUP: group, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, AddAddressObjectToGroupInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, AddAddressObjectToGroupOutput.schema) @parameterized.expand( [ @@ -84,14 +90,14 @@ def test_add_address_object_to_group_bad( self, mock_get, mock_post, name, address_object, group, device_name, virtual_system, cause, assistance ): action = Util.default_connector(AddAddressObjectToGroup()) + input_data = { + Input.ADDRESS_OBJECT: address_object, + Input.GROUP: group, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, AddAddressObjectToGroupInput.schema) with self.assertRaises(PluginException) as e: - action.run( - { - Input.ADDRESS_OBJECT: address_object, - Input.GROUP: group, - Input.DEVICE_NAME: device_name, - Input.VIRTUAL_SYSTEM: virtual_system, - } - ) + action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) diff --git a/plugins/palo_alto_pan_os/unit_test/test_add_external_dynamic_list.py b/plugins/palo_alto_pan_os/unit_test/test_add_external_dynamic_list.py index bb3c4cbd2c..2d141e9270 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_add_external_dynamic_list.py +++ b/plugins/palo_alto_pan_os/unit_test/test_add_external_dynamic_list.py @@ -1,13 +1,18 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.add_external_dynamic_list import AddExternalDynamicList -from komand_palo_alto_pan_os.actions.add_external_dynamic_list.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.add_external_dynamic_list.schema import ( + Input, + AddExternalDynamicListInput, + AddExternalDynamicListOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -65,15 +70,16 @@ def test_add_external_dynamic_list( self, mock_get, mock_post, name, list_name, list_type, description, source, repeat, time, day, expected ): action = Util.default_connector(AddExternalDynamicList()) - actual = action.run( - { - Input.NAME: list_name, - Input.LIST_TYPE: list_type, - Input.DESCRIPTION: description, - Input.SOURCE: source, - Input.REPEAT: repeat, - Input.TIME: time, - Input.DAY: day, - } - ) + input_data = { + Input.NAME: list_name, + Input.LIST_TYPE: list_type, + Input.DESCRIPTION: description, + Input.SOURCE: source, + Input.REPEAT: repeat, + Input.TIME: time, + Input.DAY: day, + } + validate(input_data, AddExternalDynamicListInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, AddExternalDynamicListOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_add_to_policy.py b/plugins/palo_alto_pan_os/unit_test/test_add_to_policy.py index a5c9a62826..13a7cedd27 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_add_to_policy.py +++ b/plugins/palo_alto_pan_os/unit_test/test_add_to_policy.py @@ -1,14 +1,15 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.add_to_policy import AddToPolicy -from komand_palo_alto_pan_os.actions.add_to_policy.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.add_to_policy.schema import Input, AddToPolicyInput, AddToPolicyOutput +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -48,22 +49,6 @@ class TestAddToPolicy(TestCase): "drop", {"message": "command succeeded", "status": "success", "code": "20"}, ], - [ - "update_candidate_configuration", - "Test Policy", - "active", - None, - None, - None, - None, - None, - None, - None, - None, - None, - None, - {"message": "command succeeded", "status": "success", "code": "20"}, - ], ] ) def test_add_to_policy( @@ -86,23 +71,24 @@ def test_add_to_policy( expected, ): action = Util.default_connector(AddToPolicy()) - actual = action.run( - { - Input.RULE_NAME: rule_name, - Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, - Input.SOURCE: source, - Input.DESTINATION: destination, - Input.SERVICE: service, - Input.APPLICATION: application, - Input.SOURCE_USER: source_user, - Input.SRC_ZONE: src_zone, - Input.DST_ZONE: dst_zone, - Input.URL_CATEGORY: url_category, - Input.HIP_PROFILES: hip_profiles, - Input.ACTION: new_action, - } - ) + input_data = { + Input.RULE_NAME: rule_name, + Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, + Input.SOURCE: source, + Input.DESTINATION: destination, + Input.SERVICE: service, + Input.APPLICATION: application, + Input.SOURCE_USER: source_user, + Input.SRC_ZONE: src_zone, + Input.DST_ZONE: dst_zone, + Input.URL_CATEGORY: url_category, + Input.HIP_PROFILES: hip_profiles, + Input.ACTION: new_action, + } + validate(input_data, AddToPolicyInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, AddToPolicyOutput.schema) @parameterized.expand( [ @@ -123,29 +109,7 @@ def test_add_to_policy( "PAN-OS returned an error in response to the request.", "Double-check that inputs are valid. Contact support if this issue persists.", '{"line": "No such node"}', - ], - [ - "invalid_url_category_parameter", - "Test Policy", - "candidate", - None, - None, - None, - None, - None, - None, - None, - "test1", - None, - None, - "PAN-OS returned an error in response to the request.", - 'This is likely because the provided element anyanyanyanyapplication-defaultanyanyadultabused-drugstest1anyJoe Smithdrop does not exist or the xpath is not correct. Please verify the element name and xpath and try again.', - [ - "ICON Block Rule -> category 'hacking1' is not an allowed keyword", - "ICON Block Rule -> category 'hacking1' is not a valid reference", - "ICON Block Rule -> category is invalid", - ], - ], + ] ] ) def test_add_to_policy_bad( @@ -170,23 +134,24 @@ def test_add_to_policy_bad( data, ): action = Util.default_connector(AddToPolicy()) + input_data = { + Input.RULE_NAME: rule_name, + Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, + Input.SOURCE: source, + Input.DESTINATION: destination, + Input.SERVICE: service, + Input.APPLICATION: application, + Input.SOURCE_USER: source_user, + Input.SRC_ZONE: src_zone, + Input.DST_ZONE: dst_zone, + Input.URL_CATEGORY: url_category, + Input.HIP_PROFILES: hip_profiles, + Input.ACTION: new_action, + } + validate(input_data, AddToPolicyInput.schema) with self.assertRaises(PluginException) as e: - action.run( - { - Input.RULE_NAME: rule_name, - Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, - Input.SOURCE: source, - Input.DESTINATION: destination, - Input.SERVICE: service, - Input.APPLICATION: application, - Input.SOURCE_USER: source_user, - Input.SRC_ZONE: src_zone, - Input.DST_ZONE: dst_zone, - Input.URL_CATEGORY: url_category, - Input.HIP_PROFILES: hip_profiles, - Input.ACTION: new_action, - } - ) + action.run(input_data) + self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) - self.assertEqual(e.exception.data, data) + self.assertEqual(e.exception.data, str(data)) diff --git a/plugins/palo_alto_pan_os/unit_test/test_check_if_address_object_in_group.py b/plugins/palo_alto_pan_os/unit_test/test_check_if_address_object_in_group.py index ef47faa516..4ea200d0a3 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_check_if_address_object_in_group.py +++ b/plugins/palo_alto_pan_os/unit_test/test_check_if_address_object_in_group.py @@ -1,14 +1,19 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.check_if_address_object_in_group import CheckIfAddressObjectInGroup -from komand_palo_alto_pan_os.actions.check_if_address_object_in_group.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.check_if_address_object_in_group.schema import ( + Input, + CheckIfAddressObjectInGroupInput, + CheckIfAddressObjectInGroupOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -93,22 +98,23 @@ def test_check_if_address_object_in_group( self, mock_get, name, address, group, enable_search, device_name, virtual_system, expected ): action = Util.default_connector(CheckIfAddressObjectInGroup()) - actual = action.run( - { - Input.ADDRESS: address, - Input.GROUP: group, - Input.ENABLE_SEARCH: enable_search, - Input.DEVICE_NAME: device_name, - Input.VIRTUAL_SYSTEM: virtual_system, - } - ) + input_data = { + Input.ADDRESS: address, + Input.GROUP: group, + Input.ENABLE_SEARCH: enable_search, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, CheckIfAddressObjectInGroupInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, CheckIfAddressObjectInGroupOutput.schema) @parameterized.expand( [ [ "invalid_group", - ["example.com"], + "example.com", "Invalid Group", False, "localhost.localdomain", @@ -122,15 +128,15 @@ def test_check_if_address_object_in_group_bad( self, mock_get, name, address, group, enable_search, device_name, virtual_system, cause, assistance ): action = Util.default_connector(CheckIfAddressObjectInGroup()) + input_data = { + Input.ADDRESS: address, + Input.GROUP: group, + Input.ENABLE_SEARCH: enable_search, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, CheckIfAddressObjectInGroupInput.schema) with self.assertRaises(PluginException) as e: - action.run( - { - Input.ADDRESS: address, - Input.GROUP: group, - Input.ENABLE_SEARCH: enable_search, - Input.DEVICE_NAME: device_name, - Input.VIRTUAL_SYSTEM: virtual_system, - } - ) + action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) diff --git a/plugins/palo_alto_pan_os/unit_test/test_commit.py b/plugins/palo_alto_pan_os/unit_test/test_commit.py index 9cfaa2cfbf..976a753f41 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_commit.py +++ b/plugins/palo_alto_pan_os/unit_test/test_commit.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.commit import Commit -from komand_palo_alto_pan_os.actions.commit.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.commit.schema import Input, CommitInput, CommitOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -17,7 +18,7 @@ class TestCommit(TestCase): [ [ "no_changes", - None, + "", "", { "response": { @@ -43,5 +44,8 @@ class TestCommit(TestCase): ) def test_commit(self, mock_get, mock_get2, name, commit_action, cmd, expected): action = Util.default_connector(Commit()) - actual = action.run({Input.ACTION: commit_action, Input.CMD: cmd}) + input_data = {Input.ACTION: commit_action, Input.CMD: cmd} + validate(input_data, CommitInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, CommitOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_delete.py b/plugins/palo_alto_pan_os/unit_test/test_delete.py index 18a8c96ed9..082e63ce67 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_delete.py +++ b/plugins/palo_alto_pan_os/unit_test/test_delete.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.delete import Delete -from komand_palo_alto_pan_os.actions.delete.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.delete.schema import Input, DeleteInput, DeleteOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -33,5 +34,8 @@ class TestDelete(TestCase): ) def test_delete(self, mock_get, name, xpath, expected): action = Util.default_connector(Delete()) - actual = action.run({Input.XPATH: xpath}) + input_data = {Input.XPATH: xpath} + validate(input_data, DeleteInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, DeleteOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_edit.py b/plugins/palo_alto_pan_os/unit_test/test_edit.py index 43e433f015..f4b0b5409f 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_edit.py +++ b/plugins/palo_alto_pan_os/unit_test/test_edit.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.edit import Edit -from komand_palo_alto_pan_os.actions.edit.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.edit.schema import Input, EditInput, EditOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -37,5 +38,8 @@ class TestEdit(TestCase): ) def test_edit(self, mock_get, mock_post, name, xpath, element, expected): action = Util.default_connector(Edit()) - actual = action.run({Input.XPATH: xpath, Input.ELEMENT: element}) + input_data = {Input.XPATH: xpath, Input.ELEMENT: element} + validate(input_data, EditInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, EditOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_get.py b/plugins/palo_alto_pan_os/unit_test/test_get.py index 587b1bfb32..f5895d156b 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_get.py +++ b/plugins/palo_alto_pan_os/unit_test/test_get.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.get import Get -from komand_palo_alto_pan_os.actions.get.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.get.schema import Input, GetInput, GetOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -208,5 +209,8 @@ class TestGet(TestCase): ) def test_get(self, mock_get, name, xpath, expected): action = Util.default_connector(Get()) - actual = action.run({Input.XPATH: xpath}) + input_data = {Input.XPATH: xpath} + validate(input_data, GetInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, GetOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_get_addresses_from_group.py b/plugins/palo_alto_pan_os/unit_test/test_get_addresses_from_group.py index ce7ce93b45..264cc2d5d7 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_get_addresses_from_group.py +++ b/plugins/palo_alto_pan_os/unit_test/test_get_addresses_from_group.py @@ -1,14 +1,19 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.get_addresses_from_group import GetAddressesFromGroup -from komand_palo_alto_pan_os.actions.get_addresses_from_group.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.get_addresses_from_group.schema import ( + Input, + GetAddressesFromGroupInput, + GetAddressesFromGroupOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -32,8 +37,11 @@ class TestGetAddressesFromGroup(TestCase): ) def test_get_addresses_from_group(self, mock_get, name, group, device_name, virtual_system, expected): action = Util.default_connector(GetAddressesFromGroup()) - actual = action.run({Input.GROUP: group, Input.DEVICE_NAME: device_name, Input.VIRTUAL_SYSTEM: virtual_system}) + input_data = {Input.GROUP: group, Input.DEVICE_NAME: device_name, Input.VIRTUAL_SYSTEM: virtual_system} + validate(input_data, GetAddressesFromGroupInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, GetAddressesFromGroupOutput.schema) @parameterized.expand( [ @@ -49,7 +57,9 @@ def test_get_addresses_from_group(self, mock_get, name, group, device_name, virt ) def test_get_addresses_from_group_bad(self, mock_get, name, group, device_name, virtual_system, cause, assistance): action = Util.default_connector(GetAddressesFromGroup()) + input_data = {Input.GROUP: group, Input.DEVICE_NAME: device_name, Input.VIRTUAL_SYSTEM: virtual_system} + validate(input_data, GetAddressesFromGroupInput.schema) with self.assertRaises(PluginException) as e: - action.run({Input.GROUP: group, Input.DEVICE_NAME: device_name, Input.VIRTUAL_SYSTEM: virtual_system}) + action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) diff --git a/plugins/palo_alto_pan_os/unit_test/test_get_policy.py b/plugins/palo_alto_pan_os/unit_test/test_get_policy.py index 679fc5c65d..2ec666fef1 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_get_policy.py +++ b/plugins/palo_alto_pan_os/unit_test/test_get_policy.py @@ -1,14 +1,15 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.get_policy import GetPolicy -from komand_palo_alto_pan_os.actions.get_policy.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.get_policy.schema import Input, GetPolicyInput, GetPolicyOutput +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -37,9 +38,13 @@ class TestGetPolicy(TestCase): ) def test_get_policy(self, mock_get, name, policy_name, device_name, virtual_system, expected): action = Util.default_connector(GetPolicy()) - actual = action.run( - {Input.POLICY_NAME: policy_name, Input.DEVICE_NAME: device_name, Input.VIRTUAL_SYSTEM: virtual_system} - ) + input_data = { + Input.POLICY_NAME: policy_name, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, GetPolicyInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) @parameterized.expand( @@ -56,9 +61,13 @@ def test_get_policy(self, mock_get, name, policy_name, device_name, virtual_syst ) def test_get_policy_bad(self, mock_get, name, policy_name, device_name, virtual_system, cause, assistance): action = Util.default_connector(GetPolicy()) + input_data = { + Input.POLICY_NAME: policy_name, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, GetPolicyInput.schema) with self.assertRaises(PluginException) as e: - action.run( - {Input.POLICY_NAME: policy_name, Input.DEVICE_NAME: device_name, Input.VIRTUAL_SYSTEM: virtual_system} - ) + actual = action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) diff --git a/plugins/palo_alto_pan_os/unit_test/test_op.py b/plugins/palo_alto_pan_os/unit_test/test_op.py index de41fb0785..8b24aae415 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_op.py +++ b/plugins/palo_alto_pan_os/unit_test/test_op.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.op import Op -from komand_palo_alto_pan_os.actions.op.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.op.schema import Input, OpInput, OpOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -46,5 +47,8 @@ class TestOp(TestCase): ) def test_op(self, mock_get, name, cmd, expected): action = Util.default_connector(Op()) - actual = action.run({Input.CMD: cmd}) + input_data = {Input.CMD: cmd} + validate(input_data, OpInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, OpOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_remove_address_object_from_group.py b/plugins/palo_alto_pan_os/unit_test/test_remove_address_object_from_group.py index 4d9da16170..d343f2880b 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_remove_address_object_from_group.py +++ b/plugins/palo_alto_pan_os/unit_test/test_remove_address_object_from_group.py @@ -1,14 +1,19 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.remove_address_object_from_group import RemoveAddressObjectFromGroup -from komand_palo_alto_pan_os.actions.remove_address_object_from_group.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.remove_address_object_from_group.schema import ( + Input, + RemoveAddressObjectFromGroupInput, + RemoveAddressObjectFromGroupOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -24,21 +29,22 @@ def test_add_address_object_to_group( self, mock_get, mock_post, name, address_object, group, device_name, virtual_system, expected ): action = Util.default_connector(RemoveAddressObjectFromGroup()) - actual = action.run( - { - Input.ADDRESS_OBJECT: address_object, - Input.GROUP: group, - Input.DEVICE_NAME: device_name, - Input.VIRTUAL_SYSTEM: virtual_system, - } - ) + input_data = { + Input.ADDRESS_OBJECT: address_object, + Input.GROUP: group, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, RemoveAddressObjectFromGroupInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, RemoveAddressObjectFromGroupOutput.schema) @parameterized.expand( [ [ "invalid_group", - ["example.com"], + "example.com", "Invalid Group", "localhost.localdomain", "vsys1", @@ -51,14 +57,14 @@ def test_add_address_object_to_group_bad( self, mock_get, mock_post, name, address_object, group, device_name, virtual_system, cause, assistance ): action = Util.default_connector(RemoveAddressObjectFromGroup()) + input_data = { + Input.ADDRESS_OBJECT: address_object, + Input.GROUP: group, + Input.DEVICE_NAME: device_name, + Input.VIRTUAL_SYSTEM: virtual_system, + } + validate(input_data, RemoveAddressObjectFromGroupInput.schema) with self.assertRaises(PluginException) as e: - action.run( - { - Input.ADDRESS_OBJECT: address_object, - Input.GROUP: group, - Input.DEVICE_NAME: device_name, - Input.VIRTUAL_SYSTEM: virtual_system, - } - ) + action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) diff --git a/plugins/palo_alto_pan_os/unit_test/test_remove_from_policy.py b/plugins/palo_alto_pan_os/unit_test/test_remove_from_policy.py index d06414164d..ca9e1fac8a 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_remove_from_policy.py +++ b/plugins/palo_alto_pan_os/unit_test/test_remove_from_policy.py @@ -1,14 +1,19 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.remove_from_policy import RemoveFromPolicy -from komand_palo_alto_pan_os.actions.remove_from_policy.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.remove_from_policy.schema import ( + Input, + RemoveFromPolicyInput, + RemoveFromPolicyOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -48,22 +53,6 @@ class TestRemoveFromPolicy(TestCase): "drop", {"message": "command succeeded", "status": "success", "code": "20"}, ], - [ - "update_candidate_configuration", - "Test Policy", - "active", - None, - None, - None, - None, - None, - None, - None, - None, - None, - None, - {"message": "command succeeded", "status": "success", "code": "20"}, - ], ] ) def test_remove_from_policy( @@ -86,23 +75,24 @@ def test_remove_from_policy( expected, ): action = Util.default_connector(RemoveFromPolicy()) - actual = action.run( - { - Input.RULE_NAME: rule_name, - Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, - Input.SOURCE: source, - Input.DESTINATION: destination, - Input.SERVICE: service, - Input.APPLICATION: application, - Input.SOURCE_USER: source_user, - Input.SRC_ZONE: src_zone, - Input.DST_ZONE: dst_zone, - Input.URL_CATEGORY: url_category, - Input.HIP_PROFILES: hip_profiles, - Input.ACTION: new_action, - } - ) + input_data = { + Input.RULE_NAME: rule_name, + Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, + Input.SOURCE: source, + Input.DESTINATION: destination, + Input.SERVICE: service, + Input.APPLICATION: application, + Input.SOURCE_USER: source_user, + Input.SRC_ZONE: src_zone, + Input.DST_ZONE: dst_zone, + Input.URL_CATEGORY: url_category, + Input.HIP_PROFILES: hip_profiles, + Input.ACTION: new_action, + } + validate(input_data, RemoveFromPolicyInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, RemoveFromPolicyOutput.schema) @parameterized.expand( [ @@ -148,23 +138,23 @@ def test_remove_from_policy_bad( data, ): action = Util.default_connector(RemoveFromPolicy()) + input_data = { + Input.RULE_NAME: rule_name, + Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, + Input.SOURCE: source, + Input.DESTINATION: destination, + Input.SERVICE: service, + Input.APPLICATION: application, + Input.SOURCE_USER: source_user, + Input.SRC_ZONE: src_zone, + Input.DST_ZONE: dst_zone, + Input.URL_CATEGORY: url_category, + Input.HIP_PROFILES: hip_profiles, + Input.ACTION: new_action, + } + validate(input_data, RemoveFromPolicyInput.schema) with self.assertRaises(PluginException) as e: - action.run( - { - Input.RULE_NAME: rule_name, - Input.UPDATE_ACTIVE_OR_CANDIDATE_CONFIGURATION: update_active_or_candidate_configuration, - Input.SOURCE: source, - Input.DESTINATION: destination, - Input.SERVICE: service, - Input.APPLICATION: application, - Input.SOURCE_USER: source_user, - Input.SRC_ZONE: src_zone, - Input.DST_ZONE: dst_zone, - Input.URL_CATEGORY: url_category, - Input.HIP_PROFILES: hip_profiles, - Input.ACTION: new_action, - } - ) + action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) self.assertEqual(e.exception.data, data) diff --git a/plugins/palo_alto_pan_os/unit_test/test_retrieve_logs.py b/plugins/palo_alto_pan_os/unit_test/test_retrieve_logs.py index 1a9a0b37d3..c9b1760dd2 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_retrieve_logs.py +++ b/plugins/palo_alto_pan_os/unit_test/test_retrieve_logs.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.retrieve_logs import RetrieveLogs -from komand_palo_alto_pan_os.actions.retrieve_logs.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.retrieve_logs.schema import Input, RetrieveLogsInput, RetrieveLogsOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -163,32 +164,22 @@ class TestRetrieveLogs(TestCase): } }, ], - [ - "traffic_empty", - "traffic", - 1, - None, - None, - None, - 10, - None, - {"response": {"logs": {"@count": "0", "@progress": "100"}}}, - ], ] ) def test_retrieve_logs( self, mock_get, mock_get2, name, log_type, count, skip, query_filter, interval, max_tries, direction, expected ): action = Util.default_connector(RetrieveLogs()) - actual = action.run( - { - Input.LOG_TYPE: log_type, - Input.COUNT: count, - Input.SKIP: skip, - Input.FILTER: query_filter, - Input.INTERVAL: interval, - Input.MAX_TRIES: max_tries, - Input.DIRECTION: direction, - } - ) + input_data = { + Input.LOG_TYPE: log_type, + Input.COUNT: count, + Input.SKIP: skip, + Input.FILTER: query_filter, + Input.INTERVAL: interval, + Input.MAX_TRIES: max_tries, + Input.DIRECTION: direction, + } + validate(input_data, RetrieveLogsInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, RetrieveLogsOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_set.py b/plugins/palo_alto_pan_os/unit_test/test_set.py index dc0ca1bb31..20437a134b 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_set.py +++ b/plugins/palo_alto_pan_os/unit_test/test_set.py @@ -1,13 +1,14 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.set import Set -from komand_palo_alto_pan_os.actions.set.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.set.schema import Input, SetInput, SetOutput +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -37,5 +38,8 @@ class TestSet(TestCase): ) def test_set(self, mock_get, mock_post, name, xpath, element, expected): action = Util.default_connector(Set()) - actual = action.run({Input.XPATH: xpath, Input.ELEMENT: element}) + input_data = {Input.XPATH: xpath, Input.ELEMENT: element} + validate(input_data, SetInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, SetOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_set_address_object.py b/plugins/palo_alto_pan_os/unit_test/test_set_address_object.py index 79cf0f843e..ad90e726ec 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_set_address_object.py +++ b/plugins/palo_alto_pan_os/unit_test/test_set_address_object.py @@ -1,14 +1,19 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.set_address_object import SetAddressObject -from komand_palo_alto_pan_os.actions.set_address_object.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.set_address_object.schema import ( + Input, + SetAddressObjectInput, + SetAddressObjectOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized -from komand.exceptions import PluginException - -sys.path.append(os.path.abspath("../")) +from insightconnect_plugin_runtime.exceptions import PluginException +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -136,33 +141,24 @@ class TestSetAddressObject(TestCase): ["abcd:123:4::1"], {"message": "Address object matched whitelist.", "status": "error", "code": ""}, ], - [ - "without_description_and_tags", - "example.com", - "Domain", - None, - None, - False, - [], - {"message": "command succeeded", "status": "success", "code": "20"}, - ], ] ) def test_set_address_object( self, mock_get, mock_post, name, address, address_object, description, tags, skip_rfc1918, whitelist, expected ): action = Util.default_connector(SetAddressObject()) - actual = action.run( - { - Input.ADDRESS: address, - Input.ADDRESS_OBJECT: address_object, - Input.DESCRIPTION: description, - Input.TAGS: tags, - Input.SKIP_RFC1918: skip_rfc1918, - Input.WHITELIST: whitelist, - } - ) + input_data = { + Input.ADDRESS: address, + Input.ADDRESS_OBJECT: address_object, + Input.DESCRIPTION: description, + Input.TAGS: tags, + Input.SKIP_RFC1918: skip_rfc1918, + Input.WHITELIST: whitelist, + } + validate(input_data, SetAddressObjectInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, SetAddressObjectOutput.schema) @parameterized.expand( [ @@ -194,17 +190,17 @@ def test_set_address_object_bad( assistance, ): action = Util.default_connector(SetAddressObject()) + input_data = { + Input.ADDRESS: address, + Input.ADDRESS_OBJECT: address_object, + Input.DESCRIPTION: description, + Input.TAGS: tags, + Input.SKIP_RFC1918: skip_rfc1918, + Input.WHITELIST: whitelist, + } + validate(input_data, SetAddressObjectInput.schema) with self.assertRaises(PluginException) as e: - action.run( - { - Input.ADDRESS: address, - Input.ADDRESS_OBJECT: address_object, - Input.DESCRIPTION: description, - Input.TAGS: tags, - Input.SKIP_RFC1918: skip_rfc1918, - Input.WHITELIST: whitelist, - } - ) + action.run(input_data) self.assertEqual(e.exception.cause, cause) self.assertEqual(e.exception.assistance, assistance) diff --git a/plugins/palo_alto_pan_os/unit_test/test_set_security_policy_rule.py b/plugins/palo_alto_pan_os/unit_test/test_set_security_policy_rule.py index 6b5aeb6348..7ac8bb1532 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_set_security_policy_rule.py +++ b/plugins/palo_alto_pan_os/unit_test/test_set_security_policy_rule.py @@ -1,13 +1,18 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.set_security_policy_rule import SetSecurityPolicyRule -from komand_palo_alto_pan_os.actions.set_security_policy_rule.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.set_security_policy_rule.schema import ( + Input, + SetSecurityPolicyRuleInput, + SetSecurityPolicyRuleOutput, +) +from util import Util from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -81,24 +86,25 @@ def test_set_security_policy_rule( expected, ): action = Util.default_connector(SetSecurityPolicyRule()) - actual = action.run( - { - Input.RULE_NAME: rule_name, - Input.SOURCE: source, - Input.DESTINATION: destination, - Input.SERVICE: service, - Input.APPLICATION: application, - Input.ACTION: policy_action, - Input.SOURCE_USER: source_user, - Input.DISABLE_SERVER_RESPONSE_INSPECTION: disable_server_response_inspection, - Input.NEGATE_SOURCE: negate_source, - Input.NEGATE_DESTINATION: negate_destination, - Input.DISABLED: disabled, - Input.LOG_START: log_start, - Input.LOG_END: log_end, - Input.DESCRIPTION: description, - Input.SRC_ZONE: src_zone, - Input.DST_ZONE: dst_zone, - } - ) + input_data = { + Input.RULE_NAME: rule_name, + Input.SOURCE: source, + Input.DESTINATION: destination, + Input.SERVICE: service, + Input.APPLICATION: application, + Input.ACTION: policy_action, + Input.SOURCE_USER: source_user, + Input.DISABLE_SERVER_RESPONSE_INSPECTION: disable_server_response_inspection, + Input.NEGATE_SOURCE: negate_source, + Input.NEGATE_DESTINATION: negate_destination, + Input.DISABLED: disabled, + Input.LOG_START: log_start, + Input.LOG_END: log_end, + Input.DESCRIPTION: description, + Input.SRC_ZONE: src_zone, + Input.DST_ZONE: dst_zone, + } + validate(input_data, SetSecurityPolicyRuleInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, SetSecurityPolicyRuleOutput.schema) diff --git a/plugins/palo_alto_pan_os/unit_test/test_show.py b/plugins/palo_alto_pan_os/unit_test/test_show.py index 8dd7836f2a..8b60aea0cb 100644 --- a/plugins/palo_alto_pan_os/unit_test/test_show.py +++ b/plugins/palo_alto_pan_os/unit_test/test_show.py @@ -1,13 +1,15 @@ import sys import os + +sys.path.append(os.path.abspath("../")) from unittest import TestCase from komand_palo_alto_pan_os.actions.show import Show -from komand_palo_alto_pan_os.actions.show.schema import Input, Output -from unit_test.util import Util +from komand_palo_alto_pan_os.actions.show.schema import Input, ShowInput, ShowOutput +from util import Util + from unittest.mock import patch from parameterized import parameterized - -sys.path.append(os.path.abspath("../")) +from jsonschema import validate @patch("requests.sessions.Session.get", side_effect=Util.mocked_requests) @@ -55,5 +57,8 @@ class TestShow(TestCase): ) def test_show(self, mock_get, name, xpath, expected): action = Util.default_connector(Show()) - actual = action.run({Input.XPATH: xpath}) + input_data = {Input.XPATH: xpath} + validate(input_data, ShowInput.schema) + actual = action.run(input_data) self.assertEqual(actual, expected) + validate(actual, ShowOutput.schema)