Adding Objects namespace to Panorama and Panorama namespace with devi…

…ce group support - PaloAltoNetworks#1; adding pango.Connect; adding Panorama.CommitAll(); restructuring directory a bit

pango_test.go → client_test.go

@@ -161,7 +161,7 @@ func TestLogUidEnabled(t *testing.T) {
 }
 
 func TestRetrieveApiKey(t *testing.T) {
-    c := &Firewall{}
+    c := &Client{}
     c.rb = [][]byte{
         []byte(testdata.ApiKeyXml),
     }

connect.go

@@ -0,0 +1,36 @@
+package pango
+
+/*
+Connect opens a connection to the PAN-OS client, then uses the "model" info
+to return a pointer to either a Firewall or Panorama struct.
+
+The Initialize function is invoked as part of this discovery, so there is no
+need to Initialize() the Client connection prior to invoking this.
+*/
+func Connect(c Client) (interface{}, error) {
+    var err error
+
+    logg := c.Logging
+    c.Logging = LogQuiet
+
+    if err = c.Initialize(); err != nil {
+        return nil, err
+    }
+
+    model := c.SystemInfo["model"]
+    if model == "Panorama" || model[:2] == "M-" {
+        pano := &Panorama{Client: c}
+        pano.Logging = logg
+        if err = pano.Initialize(); err != nil {
+            return nil, err
+        }
+        return pano, nil
+    } else {
+        fw := &Firewall{Client: c}
+        fw.Logging = logg
+        if err = fw.Initialize(); err != nil {
+            return nil, err
+        }
+        return fw, nil
+    }
+}

dev/general/general.go

@@ -34,6 +34,9 @@ type Config struct {
     Domain string
     UpdateServer string
     VerifyUpdateServer bool
+    LoginBanner string
+    PanoramaPrimary string
+    PanoramaSecondary string
     DnsPrimary string
     DnsSecondary string
     NtpPrimaryAddress string
@@ -85,6 +88,18 @@ func (o *Config) Merge(s Config) {
 
     o.VerifyUpdateServer = s.VerifyUpdateServer
 
+    if s.LoginBanner != "" {
+        o.LoginBanner = s.LoginBanner
+    }
+
+    if s.PanoramaPrimary != "" {
+        o.PanoramaPrimary = s.PanoramaPrimary
+    }
+
+    if s.PanoramaSecondary != "" {
+        o.PanoramaSecondary = s.PanoramaSecondary
+    }
+
     if s.DnsPrimary != "" {
         o.DnsPrimary = s.DnsPrimary
     }
@@ -228,6 +243,9 @@ func (o *container_v1) Normalize() Config {
         Domain: o.Answer.Domain,
         UpdateServer: o.Answer.UpdateServer,
         VerifyUpdateServer: util.AsBool(o.Answer.VerifyUpdateServer),
+        LoginBanner: o.Answer.LoginBanner,
+        PanoramaPrimary: o.Answer.PanoramaPrimary,
+        PanoramaSecondary: o.Answer.PanoramaSecondary,
     }
     if o.Answer.Dns != nil {
         ans.DnsPrimary = o.Answer.Dns.Primary
@@ -319,21 +337,12 @@ func (o *container_v1) Normalize() Config {
     if o.Answer.LogLink != nil {
         ans.raw["ll"] = util.CleanRawXml(o.Answer.LogLink.Text)
     }
-    if o.Answer.LoginBanner != nil {
-        ans.raw["lb"] = util.CleanRawXml(o.Answer.LoginBanner.Text)
-    }
     if o.Answer.MotdAndBanner != nil {
         ans.raw["mab"] = util.CleanRawXml(o.Answer.MotdAndBanner.Text)
     }
     if o.Answer.Mtu != nil {
         ans.raw["mtu"] = util.CleanRawXml(o.Answer.Mtu.Text)
     }
-    if o.Answer.PanoramaServer != nil {
-        ans.raw["ps"] = util.CleanRawXml(o.Answer.PanoramaServer.Text)
-    }
-    if o.Answer.PanoramaServer2 != nil {
-        ans.raw["ps2"] = util.CleanRawXml(o.Answer.PanoramaServer2.Text)
-    }
     if o.Answer.PermittedIp != nil {
         ans.raw["pi"] = util.CleanRawXml(o.Answer.PermittedIp.Text)
     }
@@ -383,13 +392,16 @@ func (o *container_v1) Normalize() Config {
 type config_v1 struct {
     XMLName xml.Name `xml:"system"`
     Hostname string `xml:"hostname"`
-    IpAddress string `xml:"ip-address"`
-    Netmask string `xml:"netmask"`
-    Gateway string `xml:"default-gateway"`
+    IpAddress string `xml:"ip-address,omitempty"`
+    Netmask string `xml:"netmask,omitempty"`
+    Gateway string `xml:"default-gateway,omitempty"`
     Timezone string `xml:"timezone"`
     Domain string `xml:"domain,omitempty"`
     UpdateServer string `xml:"update-server,omitempty"`
     VerifyUpdateServer string `xml:"server-verification"`
+    LoginBanner string `xml:"login-banner,omitempty"`
+    PanoramaPrimary string `xml:"panorama-server,omitempty"`
+    PanoramaSecondary string `xml:"panorama-server-2,omitempty"`
     Dns *deviceDns `xml:"dns-setting"`
     Ntp *deviceNtp `xml:"ntp-servers"`
     AckLoginBanner *util.RawXml `xml:"ack-login-banner"`
@@ -406,11 +418,8 @@ type config_v1 struct {
     Locale *util.RawXml `xml:"locale"`
     LogExportSchedule *util.RawXml `xml:"log-export-schedule"`
     LogLink *util.RawXml `xml:"log-link"`
-    LoginBanner *util.RawXml `xml:"login-banner"`
     MotdAndBanner *util.RawXml `xml:"motd-and-banner"`
     Mtu *util.RawXml `xml:"mtu"`
-    PanoramaServer *util.RawXml `xml:"panorama-server"`
-    PanoramaServer2 *util.RawXml `xml:"panorama-server-2"`
     PermittedIp *util.RawXml `xml:"permitted-ip"`
     Route *util.RawXml `xml:"route"`
     SecureProxyPassword *util.RawXml `xml:"secure-proxy-password"`
@@ -427,8 +436,8 @@ type config_v1 struct {
 }
 
 type deviceDns struct {
-    Primary string `xml:"servers>primary"`
-    Secondary string `xml:"servers>secondary"`
+    Primary string `xml:"servers>primary,omitempty"`
+    Secondary string `xml:"servers>secondary,omitempty"`
 }
 
 type deviceNtp struct {
@@ -471,6 +480,9 @@ func specify_v1(c Config) interface{} {
         Domain: c.Domain,
         UpdateServer: c.UpdateServer,
         VerifyUpdateServer: util.YesNo(c.VerifyUpdateServer),
+        LoginBanner: c.LoginBanner,
+        PanoramaPrimary: c.PanoramaPrimary,
+        PanoramaSecondary: c.PanoramaSecondary,
     }
     if c.DnsPrimary != "" || c.DnsSecondary != "" {
         ans.Dns = &deviceDns{
@@ -570,21 +582,12 @@ func specify_v1(c Config) interface{} {
     if text, present := c.raw["ll"]; present {
         ans.LogLink = &util.RawXml{text}
     }
-    if text, present := c.raw["lb"]; present {
-        ans.LoginBanner = &util.RawXml{text}
-    }
     if text, present := c.raw["mab"]; present {
         ans.MotdAndBanner = &util.RawXml{text}
     }
     if text, present := c.raw["mtu"]; present {
         ans.Mtu = &util.RawXml{text}
     }
-    if text, present := c.raw["ps"]; present {
-        ans.PanoramaServer = &util.RawXml{text}
-    }
-    if text, present := c.raw["ps2"]; present {
-        ans.PanoramaServer2 = &util.RawXml{text}
-    }
     if text, present := c.raw["pi"]; present {
         ans.PermittedIp = &util.RawXml{text}
     }

dev/general/general_test.go

@@ -20,6 +20,9 @@ func TestNormalization(t *testing.T) {
             Gateway: "10.1.1.1",
             Timezone: "US/Pacific",
             Domain: "example.com",
+            LoginBanner: "this is my banner",
+            PanoramaPrimary: "pano1",
+            PanoramaSecondary: "pano2",
             DnsPrimary: "10.1.1.1",
             DnsSecondary: "10.1.1.50",
             NtpPrimaryAddress: "10.1.1.1",
@@ -44,11 +47,8 @@ func TestNormalization(t *testing.T) {
                 "locale": "my locale",
                 "les": "log export schedule",
                 "ll": "log link",
-                "lb": "login banner",
                 "mab": "motd and banner",
                 "mtu": "mtu",
-                "ps": "panorama server",
-                "ps2": "panorama server 2",
                 "pi": "permitted ip",
                 "route": "route",
                 "sppassword": "secure proxy password",
@@ -70,6 +70,9 @@ func TestNormalization(t *testing.T) {
             Timezone: "UTC",
             UpdateServer: "updates.paloaltonetworks.com",
             VerifyUpdateServer: true,
+            LoginBanner: "This is a secure system",
+            PanoramaPrimary: "192.168.55.2",
+            PanoramaSecondary: "192.168.55.3",
             DnsPrimary: "10.2.1.5",
             NtpPrimaryAddress: "10.2.5.7",
             NtpPrimaryAuthType: SymmetricKeyAuth,

doc.go

@@ -0,0 +1,132 @@
+/*
+Package pango is a golang cross version mechanism for interacting with Palo Alto
+Networks devices (including physical and virtualized Next-generation Firewalls
+and Panorama).  Versioning support is in place for PAN-OS 6.1 to 8.1.
+
+To start, create a client connection with the desired parameters and then
+initialize the connection:
+
+    package main
+    
+    import (
+        "log"
+        "github.com/PaloAltoNetworks/pango"
+    )
+    
+    func main() {
+        var err error
+        c := pango.Firewall{Client: pango.Client{
+            Hostname: "127.0.0.1",
+            Username: "admin",
+            Password: "admin",
+            Logging: pango.LogAction | pango.LogOp,
+        }}
+        if err = c.Initialize(); err != nil {
+            log.Printf("Failed to initialize client: %s", err)
+            return
+        }
+        log.Printf("Initialize ok")
+    }
+
+Initializing the connection creates the API key (if it was not already
+specified), then performs "show system info" to get the PAN-OS version.  Once
+the firewall client is created, you can query and configure the Palo
+Alto Networks device from the functions inside the various namespaces of the
+client connection.  Namespaces correspond to the various configuration areas
+available in the GUI.  For example:
+
+    err = c.Network.EthernetInterface.Set(...)
+    myPolicies, err := c.Policies.Security.GetList(...)
+
+Generally speaking, there are the following functions inside each namespace:
+
+    * GetList
+    * ShowList
+    * Get
+    * Show
+    * Set
+    * Edit
+    * Delete
+
+These functions correspond with PAN-OS Get, Show, Set, Edit, and
+Delete API calls.  Get(), Set(), and Edit() take and return normalized,
+version independent objects.  These version safe objects are typically named
+Entry, which corresponds to how the object is placed in the PAN-OS XPATH.
+
+Some Entry objects have a special function, Defaults().  Invoking this
+function will initialize the object with some default values.  Each Entry
+that implements Defaults() calls out in its documentation what parameters
+are affected by this, and what the defaults are.
+
+For any version safe object, attempting to configure a parameter that your
+PAN-OS doesn't support will be safely ignored in the resultant XML sent to the
+firewall / Panorama.
+
+Using Edit Functions
+
+The PAN-OS XML API Edit command can be used to both create as well as update
+existing config, however it can also truncate config for the given XPATH.  Due
+to this, if you want to use Edit(), you need to make sure that you perform
+either a Get() or a Show() first, make your modification, then invoke
+Edit() using that object.  If you don't do this, you will truncate any sub
+config.
+
+To learn more about PAN-OS XML API, please refer to the Palo Alto Netowrks
+API documentation.
+
+Examples
+
+The following program will create ethernet1/7 as a DHCP interface and import
+it into vsys1 if it isn't already present:
+
+    package main
+    
+    import (
+        "log"
+        "github.com/PaloAltoNetworks/pango"
+        "github.com/PaloAltoNetworks/pango/netw/eth"
+    )
+    
+    func main() {
+        var err error
+    
+        c := &pango.Firewall{Client: pango.Client{
+            Hostname: "127.0.0.1",
+            Username: "admin",
+            Password: "admin",
+            Logging: pango.LogAction | pango.LogOp,
+        }}
+        if err = c.Initialize(); err != nil {
+            log.Printf("Failed to initialize client: %s", err)
+            return
+        }
+    
+        e := eth.Entry{
+            Name: "ethernet1/7",
+            Mode: "layer3",
+            EnableDhcp: true,
+            CreateDhcpDefaultRoute: true,
+        }
+    
+        interfaces, err := c.Network.EthernetInterface.GetList()
+        if err != nil {
+            log.Printf("Failed to get data interfaces: %s", err)
+            return
+        }
+        for i := range interfaces {
+            if e.Name == interfaces[i] {
+                log.Printf("%s already exists", e.Name)
+                return
+            }
+        }
+    
+        err = c.Network.EthernetInterface.Set("vsys1", e)
+        if err != nil {
+            log.Printf("Failed to create %s: %s", e.Name, err)
+            return
+        }
+        log.Printf("Created %s ok", e.Name)
+    }
+
+*/
+package pango