adding logging and timeout params to client.Device.Certificate.import…

…/export
michalbil · Nov 24, 2021 · 39e8b79 · 39e8b79
1 parent a812cd7
commit 39e8b79
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 15 deletions.
diff --git a/dev/certificate/fw.go b/dev/certificate/fw.go
@@ -2,6 +2,7 @@ package certificate
 
 import (
 	"net/url"
+	"time"
 
 	"github.com/PaloAltoNetworks/pango/namespace"
 	"github.com/PaloAltoNetworks/pango/util"
@@ -85,33 +86,37 @@ func (c *Firewall) AllFromPanosConfig(vsys string) ([]Entry, error) {
 }
 
 // ImportPem imports a PEM certificate.
-func (c *Firewall) ImportPem(vsys string, cert Pem) error {
+func (c *Firewall) ImportPem(vsys string, timeout time.Duration, cert Pem) error {
 	var err error
 
+	c.ns.Client.LogImport("(import) pem %s: %s", singular, cert.Name)
+
 	ex := url.Values{}
 	ex.Set("certificate-name", cert.Name)
 	ex.Set("format", "pem")
 	if vsys != "" && vsys != "shared" {
 		ex.Set("vsys", vsys)
 	}
 
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", ex, nil)
+	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
 
 	if err != nil || cert.PrivateKey == "" {
 		return err
 	}
 
 	ex.Set("passphrase", cert.Passphrase)
 
-	_, err = c.ns.Client.Import("private-key", cert.PrivateKey, cert.PrivateKeyFilename, "file", ex, nil)
+	_, err = c.ns.Client.Import("private-key", cert.PrivateKey, cert.PrivateKeyFilename, "file", timeout, ex, nil)
 
 	return err
 }
 
 // ImportPkcs12 imports a PKCS12 certificate.
-func (c *Firewall) ImportPkcs12(vsys string, cert Pkcs12) error {
+func (c *Firewall) ImportPkcs12(vsys string, timeout time.Duration, cert Pkcs12) error {
 	var err error
 
+	c.ns.Client.LogImport("(import) pkcs12 %s: %s", singular, cert.Name)
+
 	ex := url.Values{}
 	ex.Set("certificate-name", cert.Name)
 	ex.Set("format", "pkcs12")
@@ -120,7 +125,7 @@ func (c *Firewall) ImportPkcs12(vsys string, cert Pkcs12) error {
 		ex.Set("vsys", vsys)
 	}
 
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", ex, nil)
+	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
 
 	return err
 }
@@ -134,7 +139,9 @@ func (c *Firewall) ImportPkcs12(vsys string, cert Pkcs12) error {
 // Attempting to export a PKCS12 cert as a PEM cert will result in an error.
 //
 // Return values are the filename, file contents, and an error.
-func (c *Firewall) Export(format, vsys, name, passphrase string, includeKey bool) (string, []byte, error) {
+func (c *Firewall) Export(format, vsys, name, passphrase string, includeKey bool, timeout time.Duration) (string, []byte, error) {
+	c.ns.Client.LogExport("(export) %s %s: %s", format, singular, name)
+
 	ex := url.Values{}
 	ex.Set("certificate-name", name)
 	ex.Set("format", format)
@@ -146,7 +153,7 @@ func (c *Firewall) Export(format, vsys, name, passphrase string, includeKey bool
 		ex.Set("vsys", vsys)
 	}
 
-	return c.ns.Client.Export("certificate", ex, nil)
+	return c.ns.Client.Export("certificate", timeout, ex, nil)
 }
 
 func (c *Firewall) pather(vsys string) namespace.Pather {

diff --git a/dev/certificate/pano.go b/dev/certificate/pano.go
@@ -2,6 +2,7 @@ package certificate
 
 import (
 	"net/url"
+	"time"
 
 	"github.com/PaloAltoNetworks/pango/namespace"
 	"github.com/PaloAltoNetworks/pango/util"
@@ -85,9 +86,11 @@ func (c *Panorama) AllFromPanosConfig(shared bool, tmpl, vsys string) ([]Entry,
 }
 
 // ImportPem imports a PEM certificate.
-func (c *Panorama) ImportPem(tmpl, vsys string, cert Pem) error {
+func (c *Panorama) ImportPem(tmpl, vsys string, timeout time.Duration, cert Pem) error {
 	var err error
 
+	c.ns.Client.LogImport("(import) pem %s: %s", singular, cert.Name)
+
 	ex := url.Values{}
 	ex.Set("certificate-name", cert.Name)
 	ex.Set("format", "pem")
@@ -100,21 +103,23 @@ func (c *Panorama) ImportPem(tmpl, vsys string, cert Pem) error {
 		ex.Set("target-tpl-vsys", vsys)
 	}
 
-	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", ex, nil)
+	_, err = c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
 
 	if err != nil || cert.PrivateKey == "" {
 		return err
 	}
 
 	ex.Set("passphrase", cert.Passphrase)
 
-	_, err = c.ns.Client.Import("certificate", cert.PrivateKey, cert.PrivateKeyFilename, "file", ex, nil)
+	_, err = c.ns.Client.Import("certificate", cert.PrivateKey, cert.PrivateKeyFilename, "file", timeout, ex, nil)
 
 	return err
 }
 
 // ImportPkcs12 imports a PKCS12 certificate.
-func (c *Panorama) ImportPkcs12(tmpl, vsys string, cert Pkcs12) error {
+func (c *Panorama) ImportPkcs12(tmpl, vsys string, timeout time.Duration, cert Pkcs12) error {
+	c.ns.Client.LogImport("(import) pkcs12 %s: %s", singular, cert.Name)
+
 	ex := url.Values{}
 	ex.Set("certificate-name", cert.Name)
 	ex.Set("format", "pkcs12")
@@ -128,7 +133,7 @@ func (c *Panorama) ImportPkcs12(tmpl, vsys string, cert Pkcs12) error {
 		ex.Set("target-tpl-vsys", vsys)
 	}
 
-	_, err := c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", ex, nil)
+	_, err := c.ns.Client.Import("certificate", cert.Certificate, cert.CertificateFilename, "file", timeout, ex, nil)
 
 	return err
 }
@@ -142,7 +147,9 @@ func (c *Panorama) ImportPkcs12(tmpl, vsys string, cert Pkcs12) error {
 // Attempting to export a PKCS12 cert as a PEM cert will result in an error.
 //
 // Return values are the filename, file contents, and an error.
-func (c *Panorama) Export(format, tmpl, vsys, name, passphrase string, includeKey bool) (string, []byte, error) {
+func (c *Panorama) Export(format, tmpl, vsys, name, passphrase string, includeKey bool, timeout time.Duration) (string, []byte, error) {
+	c.ns.Client.LogExport("(export) %s %s: %s", format, singular, name)
+
 	ex := url.Values{}
 	ex.Set("certificate-name", name)
 	ex.Set("format", format)
@@ -153,11 +160,12 @@ func (c *Panorama) Export(format, tmpl, vsys, name, passphrase string, includeKe
 	if tmpl != "" {
 		ex.Set("target-tpl", tmpl)
 		if vsys != "" && vsys != "shared" {
-			ex.Set("vsys", vsys)
+			// TODO: This doesn't seem to work, but it's what the docs say.
+			ex.Set("target-tpl-vsys", vsys)
 		}
 	}
 
-	return c.ns.Client.Export("certificate", ex, nil)
+	return c.ns.Client.Export("certificate", timeout, ex, nil)
 }
 
 func (c *Panorama) pather(shared bool, tmpl, vsys string) namespace.Pather {