From 648502c80f92d016142c65257efd34069303cd8f Mon Sep 17 00:00:00 2001 From: Garfield Lee Freeman Date: Tue, 11 Jun 2019 16:02:31 -0700 Subject: [PATCH] merge 2.2.0 to master (#396) * Declare module encoding * adding function to turn pandevice objects to dicts * adding panos_zone_facts * Module ipv4 proxyid for ipsec tunnel (#380) * Added module panos_ipsec_ipv4_proxyid * Fixed test build problem * Applied changes requested by @shinmog * Fix build problem * Additionally requested changes by @shinmog * adding panos_virtual_router_facts (#383) * fixing RETURNS section * adding panos_l3_subinterface (#384) * Correcting example documentation * adding panos_l2_subinterface (#385) * Policy facts details (#376) * Updated documentation for security_rule_facts * Documentation re-built * Get full details when querying all rules using 'all_details: yes' argument * Small fixes to panos_security_rule_facts * Bug fixes panos_security_rule_facts.py * Fixup for hyphens/dashes with extra bytes (#387) * Adding param: 'vsys_shared' (#388) * adding support for log forwarding profiles (#391) * adding support for log forwarding profiles * fixing code style issue * adding support for email profiles (#389) * adding support for snmp profiles (#392) * adding support for syslog profiles (#393) * adding support for syslog profiles * fixing code style issue * adding support for http profiles (#390) * correcting arg to vsys_shared * adding panos_type_cmd (#394) * Updating to 2.2.0 (#395) --- docs/history.md | 37 + docs/modules/index.rst | 20 + docs/modules/panos_address_group_module.rst | 9 +- docs/modules/panos_address_object_module.rst | 9 +- docs/modules/panos_admin_module.rst | 8 +- docs/modules/panos_administrator_module.rst | 8 +- docs/modules/panos_admpwd_module.rst | 2 +- docs/modules/panos_api_key_module.rst | 5 +- docs/modules/panos_bgp_aggregate_module.rst | 11 +- docs/modules/panos_bgp_auth_module.rst | 7 +- ...s_bgp_conditional_advertisement_module.rst | 7 +- docs/modules/panos_bgp_dampening_module.rst | 7 +- docs/modules/panos_bgp_module.rst | 29 +- docs/modules/panos_bgp_peer_group_module.rst | 7 +- docs/modules/panos_bgp_peer_module.rst | 9 +- .../panos_bgp_policy_filter_module.rst | 7 +- docs/modules/panos_bgp_policy_rule_module.rst | 7 +- .../modules/panos_bgp_redistribute_module.rst | 7 +- docs/modules/panos_cert_gen_ssh_module.rst | 16 +- docs/modules/panos_check_module.rst | 8 +- docs/modules/panos_commit_module.rst | 7 +- docs/modules/panos_dag_module.rst | 18 +- docs/modules/panos_dag_tags_module.rst | 4 +- docs/modules/panos_email_profile_module.rst | 533 +++++++++++ docs/modules/panos_email_server_module.rst | 398 ++++++++ docs/modules/panos_facts_module.rst | 7 +- .../panos_http_profile_header_module.rst | 374 ++++++++ docs/modules/panos_http_profile_module.rst | 887 ++++++++++++++++++ .../panos_http_profile_param_module.rst | 374 ++++++++ docs/modules/panos_http_server_module.rst | 451 +++++++++ .../panos_ike_crypto_profile_module.rst | 8 +- docs/modules/panos_ike_gateway_module.rst | 44 +- docs/modules/panos_import_module.rst | 8 +- docs/modules/panos_interface_module.rst | 10 +- .../panos_ipsec_ipv4_proxyid_module.rst | 471 ++++++++++ docs/modules/panos_ipsec_profile_module.rst | 8 +- docs/modules/panos_ipsec_tunnel_module.rst | 56 +- docs/modules/panos_l2_subinterface_module.rst | 432 +++++++++ docs/modules/panos_l3_subinterface_module.rst | 558 +++++++++++ docs/modules/panos_lic_module.rst | 4 +- docs/modules/panos_loadcfg_module.rst | 6 +- ...rding_profile_match_list_action_module.rst | 459 +++++++++ ...g_forwarding_profile_match_list_module.rst | 453 +++++++++ .../panos_log_forwarding_profile_module.rst | 348 +++++++ .../panos_loopback_interface_module.rst | 7 +- .../panos_management_profile_module.rst | 6 +- docs/modules/panos_match_rule_module.rst | 6 +- docs/modules/panos_mgtconfig_module.rst | 6 +- docs/modules/panos_nat_rule_module.rst | 24 +- docs/modules/panos_object_facts_module.rst | 4 +- docs/modules/panos_object_module.rst | 8 +- docs/modules/panos_op_module.rst | 5 +- docs/modules/panos_pg_module.rst | 8 +- docs/modules/panos_query_rules_module.rst | 22 +- docs/modules/panos_redistribution_module.rst | 7 +- .../panos_registered_ip_facts_module.rst | 6 +- docs/modules/panos_registered_ip_module.rst | 6 +- docs/modules/panos_restart_module.rst | 8 +- docs/modules/panos_sag_module.rst | 20 +- .../panos_security_rule_facts_module.rst | 411 +++++++- docs/modules/panos_security_rule_module.rst | 31 +- docs/modules/panos_service_group_module.rst | 8 +- docs/modules/panos_service_object_module.rst | 8 +- docs/modules/panos_snmp_profile_module.rst | 333 +++++++ docs/modules/panos_snmp_v2c_server_module.rst | 358 +++++++ docs/modules/panos_snmp_v3_server_module.rst | 399 ++++++++ docs/modules/panos_software_module.rst | 6 +- docs/modules/panos_static_route_module.rst | 9 +- docs/modules/panos_syslog_profile_module.rst | 533 +++++++++++ docs/modules/panos_syslog_server_module.rst | 415 ++++++++ docs/modules/panos_tag_object_module.rst | 8 +- docs/modules/panos_tunnel_module.rst | 4 +- docs/modules/panos_type_cmd_module.rst | 416 ++++++++ docs/modules/panos_userid_module.rst | 4 +- .../panos_virtual_router_facts_module.rst | 492 ++++++++++ docs/modules/panos_virtual_router_module.rst | 7 +- docs/modules/panos_vlan_interface_module.rst | 4 +- docs/modules/panos_vlan_module.rst | 4 +- docs/modules/panos_zone_facts_module.rst | 470 ++++++++++ docs/modules/panos_zone_module.rst | 7 +- library/panos_address_group.py | 5 +- library/panos_address_object.py | 5 +- library/panos_admin.py | 1 + library/panos_administrator.py | 3 +- library/panos_admpwd.py | 1 + library/panos_api_key.py | 5 +- library/panos_bgp.py | 5 +- library/panos_bgp_aggregate.py | 5 +- library/panos_bgp_auth.py | 5 +- .../panos_bgp_conditional_advertisement.py | 5 +- library/panos_bgp_dampening.py | 5 +- library/panos_bgp_peer.py | 5 +- library/panos_bgp_peer_group.py | 5 +- library/panos_bgp_policy_filter.py | 5 +- library/panos_bgp_policy_rule.py | 5 +- library/panos_bgp_redistribute.py | 5 +- library/panos_cert_gen_ssh.py | 1 + library/panos_check.py | 6 +- library/panos_commit.py | 5 +- library/panos_dag.py | 1 + library/panos_dag_tags.py | 1 + library/panos_email_profile.py | 199 ++++ library/panos_email_server.py | 149 +++ library/panos_facts.py | 1 + library/panos_http_profile.py | 335 +++++++ library/panos_http_profile_header.py | 180 ++++ library/panos_http_profile_param.py | 180 ++++ library/panos_http_server.py | 179 ++++ library/panos_ike_crypto_profile.py | 1 + library/panos_ike_gateway.py | 1 + library/panos_import.py | 1 + library/panos_interface.py | 6 +- library/panos_ipsec_ipv4_proxyid.py | 211 +++++ library/panos_ipsec_profile.py | 1 + library/panos_ipsec_tunnel.py | 35 +- library/panos_l2_subinterface.py | 226 +++++ library/panos_l3_subinterface.py | 284 ++++++ library/panos_lic.py | 1 + library/panos_loadcfg.py | 1 + library/panos_log_forwarding_profile.py | 123 +++ ...panos_log_forwarding_profile_match_list.py | 183 ++++ ...og_forwarding_profile_match_list_action.py | 191 ++++ library/panos_loopback_interface.py | 7 +- library/panos_management_profile.py | 2 + library/panos_match_rule.py | 1 + library/panos_mgtconfig.py | 1 + library/panos_nat_rule.py | 8 +- library/panos_object.py | 1 + library/panos_object_facts.py | 1 + library/panos_op.py | 5 +- library/panos_pg.py | 1 + library/panos_query_rules.py | 1 + library/panos_redistribution.py | 5 +- library/panos_registered_ip.py | 1 + library/panos_registered_ip_facts.py | 1 + library/panos_restart.py | 6 +- library/panos_sag.py | 1 + library/panos_security_rule.py | 7 +- library/panos_security_rule_facts.py | 147 ++- library/panos_service_group.py | 1 + library/panos_service_object.py | 1 + library/panos_snmp_profile.py | 119 +++ library/panos_snmp_v2c_server.py | 133 +++ library/panos_snmp_v3_server.py | 150 +++ library/panos_software.py | 1 + library/panos_static_route.py | 5 +- library/panos_syslog_profile.py | 199 ++++ library/panos_syslog_server.py | 171 ++++ library/panos_tag_object.py | 1 + library/panos_tunnel.py | 1 + library/panos_type_cmd.py | 185 ++++ library/panos_userid.py | 1 + library/panos_virtual_router.py | 5 +- library/panos_virtual_router_facts.py | 158 ++++ library/panos_vlan.py | 1 + library/panos_vlan_interface.py | 1 + library/panos_zone.py | 5 +- library/panos_zone_facts.py | 153 +++ module_utils/network/panos/panos.py | 52 +- setup.py | 2 +- 160 files changed, 13977 insertions(+), 344 deletions(-) create mode 100644 docs/modules/panos_email_profile_module.rst create mode 100644 docs/modules/panos_email_server_module.rst create mode 100644 docs/modules/panos_http_profile_header_module.rst create mode 100644 docs/modules/panos_http_profile_module.rst create mode 100644 docs/modules/panos_http_profile_param_module.rst create mode 100644 docs/modules/panos_http_server_module.rst create mode 100644 docs/modules/panos_ipsec_ipv4_proxyid_module.rst create mode 100644 docs/modules/panos_l2_subinterface_module.rst create mode 100644 docs/modules/panos_l3_subinterface_module.rst create mode 100644 docs/modules/panos_log_forwarding_profile_match_list_action_module.rst create mode 100644 docs/modules/panos_log_forwarding_profile_match_list_module.rst create mode 100644 docs/modules/panos_log_forwarding_profile_module.rst create mode 100644 docs/modules/panos_snmp_profile_module.rst create mode 100644 docs/modules/panos_snmp_v2c_server_module.rst create mode 100644 docs/modules/panos_snmp_v3_server_module.rst create mode 100644 docs/modules/panos_syslog_profile_module.rst create mode 100644 docs/modules/panos_syslog_server_module.rst create mode 100644 docs/modules/panos_type_cmd_module.rst create mode 100644 docs/modules/panos_virtual_router_facts_module.rst create mode 100644 docs/modules/panos_zone_facts_module.rst create mode 100644 library/panos_email_profile.py create mode 100644 library/panos_email_server.py create mode 100644 library/panos_http_profile.py create mode 100644 library/panos_http_profile_header.py create mode 100644 library/panos_http_profile_param.py create mode 100644 library/panos_http_server.py create mode 100644 library/panos_ipsec_ipv4_proxyid.py create mode 100644 library/panos_l2_subinterface.py create mode 100644 library/panos_l3_subinterface.py create mode 100644 library/panos_log_forwarding_profile.py create mode 100644 library/panos_log_forwarding_profile_match_list.py create mode 100644 library/panos_log_forwarding_profile_match_list_action.py create mode 100644 library/panos_snmp_profile.py create mode 100644 library/panos_snmp_v2c_server.py create mode 100644 library/panos_snmp_v3_server.py create mode 100644 library/panos_syslog_profile.py create mode 100644 library/panos_syslog_server.py create mode 100644 library/panos_type_cmd.py create mode 100644 library/panos_virtual_router_facts.py create mode 100644 library/panos_zone_facts.py diff --git a/docs/history.md b/docs/history.md index e0d27be3..4c9e12c0 100644 --- a/docs/history.md +++ b/docs/history.md @@ -1,6 +1,43 @@ Release History =============== +V2.2.0 +------ + +- *Released*: 2019-06-11 + +New modules: + +* `panos_zone_facts` +* `panos_ipsec_ipv4_proxyid` +* `panos_virtual_router_facts` +* `panos_l3_subinterface` +* `panos_l2_subinterface` +* `panos_log_forwarding_profile` +* `panos_log_forwarding_profile_match_list` +* `panos_log_forwarding_profile_match_list_action` +* `panos_email_profile` +* `panos_email_server` +* `panos_snmp_profile` +* `panos_snmp_v2c_server` +* `panos_snmp_v3_server` +* `panos_syslog_profile` +* `panos_syslog_server` +* `panos_http_profile` +* `panos_http_profile_header` +* `panos_http_profile_param` +* `panos_http_server` +* `panos_type_cmd` + +Enhancements: + +* `panos_security_rule_facts` can now return full policy info. + +Bug fixes: + +* Added module encoding to all modules. +* Various documentation fixes. + V2.1.2 ------ diff --git a/docs/modules/index.rst b/docs/modules/index.rst index 76ffea47..848d12f5 100644 --- a/docs/modules/index.rst +++ b/docs/modules/index.rst @@ -28,15 +28,27 @@ Module Reference panos_commit_module panos_dag_module panos_dag_tags_module + panos_email_profile_module + panos_email_server_module panos_facts_module + panos_http_profile_header_module + panos_http_profile_module + panos_http_profile_param_module + panos_http_server_module panos_ike_crypto_profile_module panos_ike_gateway_module panos_import_module panos_interface_module + panos_ipsec_ipv4_proxyid_module panos_ipsec_profile_module panos_ipsec_tunnel_module + panos_l2_subinterface_module + panos_l3_subinterface_module panos_lic_module panos_loadcfg_module + panos_log_forwarding_profile_match_list_action_module + panos_log_forwarding_profile_match_list_module + panos_log_forwarding_profile_module panos_loopback_interface_module panos_management_profile_module panos_match_rule_module @@ -56,12 +68,20 @@ Module Reference panos_security_rule_module panos_service_group_module panos_service_object_module + panos_snmp_profile_module + panos_snmp_v2c_server_module + panos_snmp_v3_server_module panos_software_module panos_static_route_module + panos_syslog_profile_module + panos_syslog_server_module panos_tag_object_module panos_tunnel_module + panos_type_cmd_module panos_userid_module + panos_virtual_router_facts_module panos_virtual_router_module panos_vlan_interface_module panos_vlan_module + panos_zone_facts_module panos_zone_module diff --git a/docs/modules/panos_address_group_module.rst b/docs/modules/panos_address_group_module.rst index 727f71bd..3ee39022 100644 --- a/docs/modules/panos_address_group_module.rst +++ b/docs/modules/panos_address_group_module.rst @@ -94,7 +94,7 @@ Parameters - Default:
shared
+ Default:
"shared"
(Panorama only) The device group the operation should target.
@@ -268,7 +268,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -326,7 +326,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -343,7 +343,7 @@ Parameters - Default:
vsys1
+ Default:
"vsys1"
The vsys this object belongs to.
@@ -412,5 +412,6 @@ Authors ~~~~~~~ - Michael Richardson (@mrichardson03) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_address_object_module.rst b/docs/modules/panos_address_object_module.rst index 59919ed9..f3cbc709 100644 --- a/docs/modules/panos_address_object_module.rst +++ b/docs/modules/panos_address_object_module.rst @@ -112,7 +112,7 @@ Parameters - Default:
shared
+ Default:
"shared"
(Panorama only) The device group the operation should target.
@@ -273,7 +273,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -318,7 +318,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -348,7 +348,7 @@ Parameters - Default:
vsys1
+ Default:
"vsys1"
The vsys this object belongs to.
@@ -428,5 +428,6 @@ Authors ~~~~~~~ - Michael Richardson (@mrichardson03) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_admin_module.rst b/docs/modules/panos_admin_module.rst index 2a152d1a..f70ec3cb 100644 --- a/docs/modules/panos_admin_module.rst +++ b/docs/modules/panos_admin_module.rst @@ -67,7 +67,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Username that needs password change.
@@ -94,7 +94,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Commit configuration if changed.
@@ -148,7 +148,7 @@ Parameters - Default:
None
+ Default:
null
role for admin user
@@ -162,7 +162,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Username credentials to use for auth unless api_key is set.
diff --git a/docs/modules/panos_administrator_module.rst b/docs/modules/panos_administrator_module.rst index baf740d7..1f9845bc 100644 --- a/docs/modules/panos_administrator_module.rst +++ b/docs/modules/panos_administrator_module.rst @@ -77,7 +77,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Admin name.
@@ -336,7 +336,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -454,7 +454,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -590,6 +590,6 @@ Status Authors ~~~~~~~ -- Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_admpwd_module.rst b/docs/modules/panos_admpwd_module.rst index dad3c595..6b5ea2c3 100644 --- a/docs/modules/panos_admpwd_module.rst +++ b/docs/modules/panos_admpwd_module.rst @@ -87,7 +87,7 @@ Parameters - Default:
admin
+ Default:
"admin"
username for initial authentication
diff --git a/docs/modules/panos_api_key_module.rst b/docs/modules/panos_api_key_module.rst index 5328e42c..c30eb979 100644 --- a/docs/modules/panos_api_key_module.rst +++ b/docs/modules/panos_api_key_module.rst @@ -198,7 +198,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -213,7 +213,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -304,5 +304,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_aggregate_module.rst b/docs/modules/panos_bgp_aggregate_module.rst index c988fe84..d1b09f02 100644 --- a/docs/modules/panos_bgp_aggregate_module.rst +++ b/docs/modules/panos_bgp_aggregate_module.rst @@ -64,7 +64,7 @@ Parameters - Default:
no
+ Default:
"no"
Generate AS-set attribute.
@@ -259,7 +259,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Commit configuration if changed.
@@ -450,7 +450,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -521,7 +521,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -538,7 +538,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist; see panos_virtual_router.
@@ -604,5 +604,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_auth_module.rst b/docs/modules/panos_bgp_auth_module.rst index 60cea839..b950d243 100644 --- a/docs/modules/panos_bgp_auth_module.rst +++ b/docs/modules/panos_bgp_auth_module.rst @@ -228,7 +228,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -320,7 +320,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -337,7 +337,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist; see panos_virtual_router.
@@ -395,5 +395,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_conditional_advertisement_module.rst b/docs/modules/panos_bgp_conditional_advertisement_module.rst index 589cb35e..b47caab3 100644 --- a/docs/modules/panos_bgp_conditional_advertisement_module.rst +++ b/docs/modules/panos_bgp_conditional_advertisement_module.rst @@ -280,7 +280,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -351,7 +351,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -368,7 +368,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist and have BGP configured.
@@ -427,5 +427,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_dampening_module.rst b/docs/modules/panos_bgp_dampening_module.rst index 46a87b25..0fa95e51 100644 --- a/docs/modules/panos_bgp_dampening_module.rst +++ b/docs/modules/panos_bgp_dampening_module.rst @@ -297,7 +297,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -368,7 +368,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -385,7 +385,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist.
@@ -442,5 +442,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_module.rst b/docs/modules/panos_bgp_module.rst index 6cc796e1..3d26587c 100644 --- a/docs/modules/panos_bgp_module.rst +++ b/docs/modules/panos_bgp_module.rst @@ -61,7 +61,7 @@ Parameters - Default:
no
+ Default:
"no"
Allow redistribute default route to BGP.
@@ -75,7 +75,7 @@ Parameters - Default:
no
+ Default:
"no"
Always compare MEDs.
@@ -105,7 +105,7 @@ Parameters - Default:
2-byte
+ Default:
"2-byte"
AS format '2-byte'/'4-byte'.
@@ -119,7 +119,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Commit configuration if changed.
@@ -160,7 +160,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Deterministic MEDs comparison.
@@ -174,7 +174,7 @@ Parameters - Default:
no
+ Default:
"no"
Support multiple AS in ECMP.
@@ -188,7 +188,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Enable BGP.
@@ -202,7 +202,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Enforce First AS for EBGP.
@@ -255,7 +255,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Enable graceful restart.
@@ -269,7 +269,7 @@ Parameters - Default:
no
+ Default:
"no"
Populate BGP learned route to global route table.
@@ -430,7 +430,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -458,7 +458,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Reject default route.
@@ -528,7 +528,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -545,7 +545,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist.
@@ -602,5 +602,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_peer_group_module.rst b/docs/modules/panos_bgp_peer_group_module.rst index 3652ed40..1334a844 100644 --- a/docs/modules/panos_bgp_peer_group_module.rst +++ b/docs/modules/panos_bgp_peer_group_module.rst @@ -296,7 +296,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -407,7 +407,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -424,7 +424,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist; see panos_virtual_router.
@@ -483,5 +483,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_peer_module.rst b/docs/modules/panos_bgp_peer_module.rst index 8bcb8641..3503b046 100644 --- a/docs/modules/panos_bgp_peer_module.rst +++ b/docs/modules/panos_bgp_peer_module.rst @@ -94,7 +94,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Commit configuration if changed.
@@ -552,7 +552,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -662,7 +662,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -679,7 +679,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist; see panos_virtual_router.
@@ -741,5 +741,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_policy_filter_module.rst b/docs/modules/panos_bgp_policy_filter_module.rst index d863580b..64743044 100644 --- a/docs/modules/panos_bgp_policy_filter_module.rst +++ b/docs/modules/panos_bgp_policy_filter_module.rst @@ -437,7 +437,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -497,7 +497,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -514,7 +514,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist and have BGP configured.
@@ -595,5 +595,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_policy_rule_module.rst b/docs/modules/panos_bgp_policy_rule_module.rst index e4888db2..83b0429f 100644 --- a/docs/modules/panos_bgp_policy_rule_module.rst +++ b/docs/modules/panos_bgp_policy_rule_module.rst @@ -593,7 +593,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -681,7 +681,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -698,7 +698,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist; see panos_virtual_router.
@@ -782,5 +782,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_bgp_redistribute_module.rst b/docs/modules/panos_bgp_redistribute_module.rst index 89320e84..d2fd6bf3 100644 --- a/docs/modules/panos_bgp_redistribute_module.rst +++ b/docs/modules/panos_bgp_redistribute_module.rst @@ -275,7 +275,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -434,7 +434,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -451,7 +451,7 @@ Parameters - Default:
default
+ Default:
"default"
Name of the virtual router; it must already exist.
@@ -512,5 +512,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_cert_gen_ssh_module.rst b/docs/modules/panos_cert_gen_ssh_module.rst index 1d67e400..46428a53 100644 --- a/docs/modules/panos_cert_gen_ssh_module.rst +++ b/docs/modules/panos_cert_gen_ssh_module.rst @@ -48,7 +48,7 @@ Parameters / required - Default:
None
+ Default:
null
Certificate CN (common name) embedded in the certificate signature.
@@ -62,7 +62,7 @@ Parameters / required - Default:
None
+ Default:
null
Human friendly certificate name (not CN but just a friendly name).
@@ -76,7 +76,7 @@ Parameters / required - Default:
None
+ Default:
null
IP address (or hostname) of PAN-OS device being configured.
@@ -90,7 +90,7 @@ Parameters / required - Default:
None
+ Default:
null
Location of the filename that is used for the auth. Either key_filename or password is required.
@@ -104,7 +104,7 @@ Parameters / required - Default:
None
+ Default:
null
Password credentials to use for auth. Either key_filename or password is required.
@@ -118,7 +118,7 @@ Parameters - Default:
2048
+ Default:
"2048"
Number of bits used by the RSA algorithm for the certificate generation.
@@ -132,7 +132,7 @@ Parameters / required - Default:
None
+ Default:
null
Undersigning authority (CA) that MUST already be presents on the device.
@@ -146,7 +146,7 @@ Parameters - Default:
admin
+ Default:
"admin"
User name to use for auth. Default is admin.
diff --git a/docs/modules/panos_check_module.rst b/docs/modules/panos_check_module.rst index ad97607c..f66bd58f 100644 --- a/docs/modules/panos_check_module.rst +++ b/docs/modules/panos_check_module.rst @@ -227,7 +227,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -256,7 +256,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -321,6 +321,8 @@ Status Authors ~~~~~~~ -- Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer) +- Luigi Mori (@jtschichold) +- Ivan Bojer (@ivanbojer) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_commit_module.rst b/docs/modules/panos_commit_module.rst index 5ae8cc0b..bdd6a717 100644 --- a/docs/modules/panos_commit_module.rst +++ b/docs/modules/panos_commit_module.rst @@ -65,7 +65,7 @@ Parameters - Default:
shared
+ Default:
"shared"
(Panorama only) The device group the operation should target.
@@ -246,7 +246,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -261,7 +261,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -320,5 +320,6 @@ Authors ~~~~~~~ - Michael Richardson (@mrichardson03) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_dag_module.rst b/docs/modules/panos_dag_module.rst index 144e860c..e0b97a95 100644 --- a/docs/modules/panos_dag_module.rst +++ b/docs/modules/panos_dag_module.rst @@ -68,7 +68,7 @@ Parameters - Default:
yes
+ Default:
"yes"
commit if changed
@@ -82,7 +82,7 @@ Parameters / required - Default:
None
+ Default:
null
dynamic filter user by the dynamic address group
@@ -96,7 +96,7 @@ Parameters / required - Default:
None
+ Default:
null
name of the dynamic address group
@@ -123,7 +123,7 @@ Parameters - Default:
None
+ Default:
"None"
The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
@@ -137,7 +137,7 @@ Parameters / required - Default:
None
+ Default:
null
IP address (or hostname) of PAN-OS device
@@ -151,7 +151,7 @@ Parameters / required - Default:
None
+ Default:
null
The operation to perform Supported values are add/list/delete.
@@ -165,7 +165,7 @@ Parameters / required - Default:
None
+ Default:
null
password for authentication
@@ -179,7 +179,7 @@ Parameters - Default:
None
+ Default:
null
Add administrative tags to the DAG
@@ -193,7 +193,7 @@ Parameters - Default:
admin
+ Default:
"admin"
username for authentication
diff --git a/docs/modules/panos_dag_tags_module.rst b/docs/modules/panos_dag_tags_module.rst index 2a3e792e..4d3ba95d 100644 --- a/docs/modules/panos_dag_tags_module.rst +++ b/docs/modules/panos_dag_tags_module.rst @@ -68,7 +68,7 @@ Parameters - Default:
yes
+ Default:
"yes"
commit if changed
@@ -173,7 +173,7 @@ Parameters - Default:
admin
+ Default:
"admin"
username for authentication
diff --git a/docs/modules/panos_email_profile_module.rst b/docs/modules/panos_email_profile_module.rst new file mode 100644 index 00000000..2dd46d3d --- /dev/null +++ b/docs/modules/panos_email_profile_module.rst @@ -0,0 +1,533 @@ +:source: panos_email_profile.py + +:orphan: + +.. _panos_email_profile_module: + + +panos_email_profile -- Manage email server profiles ++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages email server profiles. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+ api_key +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The API key to use instead of generating it using username / password.
+
+ auth +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom auth log format.
+
+ config +
+ - +
+ 		+ +
Custom config log format.
+
+ data +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom data log format.
+
+ device_group +
+ string +
+ 		+ Default:
"shared"
+ 		+
(Panorama only) The device group the operation should target.
+
+ escape_character +
+ - +
+ 		+ +
Escape character
+
+ escaped_characters +
+ - +
+ 		+ +
Characters to be escaped.
+
+ gtp +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom GTP log format.
+
+ hip_match +
+ - +
+ 		+ +
Custom HIP match log format.
+
+ ip_address +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The IP address or hostname of the PAN-OS device being configured.
+
+ iptag +
+ - +
+ 		+ +
PAN-OS 9.0+
+
Custom Iptag log format.
+
+ name +
+ - + / required
+ 		+ +
Name of the profile.
+
+ password +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The port number to connect to the PAN-OS device on.
+
+ provider +
+ - +
+
added in 2.8
 + +
A dict object containing connection details.
+
+ api_key +
+ string +
+ 		+ +
The API key to use instead of generating it using username / password.
+
+ ip_address +
+ string +
+ 		+ +
The IP address or hostname of the PAN-OS device being configured.
+
+ password +
+ string +
+ 		+ +
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
The port number to connect to the PAN-OS device on.
+
+ serial_number +
+ string +
+ 		+ +
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
The username to use for authentication. This is ignored if api_key is specified.
+
+ sctp +
+ - +
+ 		+ +
PAN-OS 8.1+
+
Custom SCTP log format.
+
+ system +
+ - +
+ 		+ +
Custom system log format.
+
+ threat +
+ - +
+ 		+ +
Custom threat log format.
+
+ traffic +
+ - +
+ 		+ +
Custom traffic log format.
+
+ tunnel +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom tunnel log format.
+
+ url +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom url log format.
+
+ user_id +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom user-ID log format.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The username to use for authentication. This is ignored if api_key is specified.
+
+ vsys +
+ string +
+ 		+ Default:
"shared"
+ 		+
The vsys this object belongs to.
+
+ wildfire +
+ - +
+ 		+ +
PAN-OS 8.0+
+
Custom wildfire log format.
+
+
+ + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a profile + - name: Create email profile + panos_email_profile: + provider: '{{ provider }}' + name: 'my-profile' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_email_server_module.rst b/docs/modules/panos_email_server_module.rst new file mode 100644 index 00000000..f757bdad --- /dev/null +++ b/docs/modules/panos_email_server_module.rst @@ -0,0 +1,398 @@ +:source: panos_email_server.py + +:orphan: + +.. _panos_email_server_module: + + +panos_email_server -- Manage email servers in an email profile +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages email servers in an email server profile. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+ also_to_email +
+ - +
+ 		+ +
Additional destination email address
+
+ api_key +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The API key to use instead of generating it using username / password.
+
+ device_group +
+ string +
+ 		+ Default:
"shared"
+ 		+
(Panorama only) The device group the operation should target.
+
+ display_name +
+ - +
+ 		+ +
Display name
+
+ email_gateway +
+ - +
+ 		+ +
IP address or FQDN of email gateway to use.
+
+ email_profile +
+ - + / required
+ 		+ +
Name of the email server profile.
+
+ from_email +
+ - +
+ 		+ +
From email address
+
+ ip_address +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The IP address or hostname of the PAN-OS device being configured.
+
+ name +
+ - + / required
+ 		+ +
Server name.
+
+ password +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The port number to connect to the PAN-OS device on.
+
+ provider +
+ - +
+
added in 2.8
 + +
A dict object containing connection details.
+
+ api_key +
+ string +
+ 		+ +
The API key to use instead of generating it using username / password.
+
+ ip_address +
+ string +
+ 		+ +
The IP address or hostname of the PAN-OS device being configured.
+
+ password +
+ string +
+ 		+ +
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
The port number to connect to the PAN-OS device on.
+
+ serial_number +
+ string +
+ 		+ +
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
The username to use for authentication. This is ignored if api_key is specified.
+
+ to_email +
+ - +
+ 		+ +
Destination email address.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The username to use for authentication. This is ignored if api_key is specified.
+
+ vsys +
+ string +
+ 		+ Default:
"shared"
+ 		+
The vsys this object belongs to.
+
+
+ + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a profile + - name: Create email server in an email profile + panos_email_server: + provider: '{{ provider }}' + email_profile: 'my-profile' + name: 'my-email-server' + from_email: 'alerts@example.com' + to_email: 'notify@example.com' + email_gateway: 'smtp.example.com' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_facts_module.rst b/docs/modules/panos_facts_module.rst index e2480379..487f5f0c 100644 --- a/docs/modules/panos_facts_module.rst +++ b/docs/modules/panos_facts_module.rst @@ -63,7 +63,7 @@ Parameters - Default:
['!config']
+ Default:
["!config"]
Scopes what information is gathered from the device. Possible values for this argument include all, system, session, interfaces, ha, routing, vr, vsys and config. You can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Certain subsets might be supported by Panorama.
@@ -225,7 +225,7 @@ Parameters - Default:
admin
+ Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
@@ -240,7 +240,7 @@ Parameters - Default:
admin
+ Default:
"admin"
Deprecated
@@ -862,5 +862,6 @@ Authors ~~~~~~~ - Tomi Raittinen (@traittinen) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_http_profile_header_module.rst b/docs/modules/panos_http_profile_header_module.rst new file mode 100644 index 00000000..cc0c3399 --- /dev/null +++ b/docs/modules/panos_http_profile_header_module.rst @@ -0,0 +1,374 @@ +:source: panos_http_profile_header.py + +:orphan: + +.. _panos_http_profile_header_module: + + +panos_http_profile_header -- Manage HTTP headers for a HTTP profile ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages HTTP headers for a HTTP profile. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 +- PAN-OS >= 8.0 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+ api_key +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The API key to use instead of generating it using username / password.
+
+ device_group +
+ string +
+ 		+ Default:
"shared"
+ 		+
(Panorama only) The device group the operation should target.
+
+ header +
+ - + / required
+ 		+ +
The header name.
+
+ http_profile +
+ - + / required
+ 		+ +
Name of the http server profile.
+
+ ip_address +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The IP address or hostname of the PAN-OS device being configured.
+
+ log_type +
+ - + / required
+ 		+
    Choices: +
  • config
    • +
  • system
    • +
  • threat
    • +
  • traffic
    • +
  • hip match
    • +
  • url
    • +
  • data
    • +
  • wildfire
    • +
  • tunnel
    • +
  • user id
    • +
  • gtp
    • +
  • auth
    • +
  • sctp
    • +
  • iptag
    • +
+ 		+
The log type for this header.
+
+ password +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The port number to connect to the PAN-OS device on.
+
+ provider +
+ - +
+
added in 2.8
 + +
A dict object containing connection details.
+
+ api_key +
+ string +
+ 		+ +
The API key to use instead of generating it using username / password.
+
+ ip_address +
+ string +
+ 		+ +
The IP address or hostname of the PAN-OS device being configured.
+
+ password +
+ string +
+ 		+ +
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
The port number to connect to the PAN-OS device on.
+
+ serial_number +
+ string +
+ 		+ +
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
The username to use for authentication. This is ignored if api_key is specified.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The username to use for authentication. This is ignored if api_key is specified.
+
+ value +
+ - +
+ 		+ +
The value to assign the header.
+
+ vsys +
+ string +
+ 		+ Default:
"shared"
+ 		+
The vsys this object belongs to.
+
+
+ + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + - name: Add a header to the config log type + panos_http_profile_header: + provider: '{{ provider }}' + http_profile: 'my-profile' + log_type: 'user id' + header: 'Content-Type' + value: 'application/json' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_http_profile_module.rst b/docs/modules/panos_http_profile_module.rst new file mode 100644 index 00000000..0f21676e --- /dev/null +++ b/docs/modules/panos_http_profile_module.rst @@ -0,0 +1,887 @@ +:source: panos_http_profile.py + +:orphan: + +.. _panos_http_profile_module: + + +panos_http_profile -- Manage http server profiles ++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages http server profiles. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 +- PAN-OS >= 8.0 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+ api_key +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The API key to use instead of generating it using username / password.
+
+ auth_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ auth_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ auth_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ config_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ config_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ config_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ data_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ data_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ data_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ device_group +
+ string +
+ 		+ Default:
"shared"
+ 		+
(Panorama only) The device group the operation should target.
+
+ gtp_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ gtp_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ gtp_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ hip_match_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ hip_match_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ hip_match_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ ip_address +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The IP address or hostname of the PAN-OS device being configured.
+
+ iptag_name +
+ - +
+ 		+ +
PAN-OS 9.0+.
+
Name for custom config format.
+
+ iptag_payload +
+ - +
+ 		+ +
PAN-OS 9.0+.
+
Payload for custom config format.
+
+ iptag_uri_format +
+ - +
+ 		+ +
PAN-OS 9.0+.
+
URI format for custom config format.
+
+ name +
+ - + / required
+ 		+ +
Name of the profile.
+
+ password +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The port number to connect to the PAN-OS device on.
+
+ provider +
+ - +
+
added in 2.8
 + +
A dict object containing connection details.
+
+ api_key +
+ string +
+ 		+ +
The API key to use instead of generating it using username / password.
+
+ ip_address +
+ string +
+ 		+ +
The IP address or hostname of the PAN-OS device being configured.
+
+ password +
+ string +
+ 		+ +
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
The port number to connect to the PAN-OS device on.
+
+ serial_number +
+ string +
+ 		+ +
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
The username to use for authentication. This is ignored if api_key is specified.
+
+ sctp_name +
+ - +
+ 		+ +
PAN-OS 8.1+.
+
Name for custom config format.
+
+ sctp_payload +
+ - +
+ 		+ +
PAN-OS 8.1+.
+
Payload for custom config format.
+
+ sctp_uri_format +
+ - +
+ 		+ +
PAN-OS 8.1+.
+
URI format for custom config format.
+
+ system_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ system_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ system_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ tag_registration +
+ boolean +
+ 		+
    Choices: +
  • no
    • +
  • yes
    • +
+ 		+
The server should have user-ID agent running in order for tag registration to work.
+
+ threat_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ threat_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ threat_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ traffic_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ traffic_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ traffic_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ tunnel_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ tunnel_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ tunnel_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ url_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ url_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ url_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ user_id_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ user_id_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ user_id_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The username to use for authentication. This is ignored if api_key is specified.
+
+ vsys +
+ string +
+ 		+ Default:
"shared"
+ 		+
The vsys this object belongs to.
+
+ wildfire_name +
+ - +
+ 		+ +
Name for custom config format.
+
+ wildfire_payload +
+ - +
+ 		+ +
Payload for custom config format.
+
+ wildfire_uri_format +
+ - +
+ 		+ +
URI format for custom config format.
+
+
+ + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a profile + - name: Create http profile + panos_http_profile: + provider: '{{ provider }}' + name: 'my-profile' + tag_registration: true + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_http_profile_param_module.rst b/docs/modules/panos_http_profile_param_module.rst new file mode 100644 index 00000000..8121f669 --- /dev/null +++ b/docs/modules/panos_http_profile_param_module.rst @@ -0,0 +1,374 @@ +:source: panos_http_profile_param.py + +:orphan: + +.. _panos_http_profile_param_module: + + +panos_http_profile_param -- Manage HTTP params for a HTTP profile ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages HTTP params for a HTTP profile. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 +- PAN-OS >= 8.0 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+ api_key +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The API key to use instead of generating it using username / password.
+
+ device_group +
+ string +
+ 		+ Default:
"shared"
+ 		+
(Panorama only) The device group the operation should target.
+
+ http_profile +
+ - + / required
+ 		+ +
Name of the http server profile.
+
+ ip_address +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The IP address or hostname of the PAN-OS device being configured.
+
+ log_type +
+ - + / required
+ 		+
    Choices: +
  • config
    • +
  • system
    • +
  • threat
    • +
  • traffic
    • +
  • hip match
    • +
  • url
    • +
  • data
    • +
  • wildfire
    • +
  • tunnel
    • +
  • user id
    • +
  • gtp
    • +
  • auth
    • +
  • sctp
    • +
  • iptag
    • +
+ 		+
The log type for this parameter.
+
+ param +
+ - + / required
+ 		+ +
The param name.
+
+ password +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The port number to connect to the PAN-OS device on.
+
+ provider +
+ - +
+
added in 2.8
 + +
A dict object containing connection details.
+
+ api_key +
+ string +
+ 		+ +
The API key to use instead of generating it using username / password.
+
+ ip_address +
+ string +
+ 		+ +
The IP address or hostname of the PAN-OS device being configured.
+
+ password +
+ string +
+ 		+ +
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
The port number to connect to the PAN-OS device on.
+
+ serial_number +
+ string +
+ 		+ +
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
The username to use for authentication. This is ignored if api_key is specified.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The username to use for authentication. This is ignored if api_key is specified.
+
+ value +
+ - +
+ 		+ +
The value to assign the param.
+
+ vsys +
+ string +
+ 		+ Default:
"shared"
+ 		+
The vsys this object belongs to.
+
+
+ + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + - name: Add a param to the config log type + panos_http_profile_param: + provider: '{{ provider }}' + http_profile: 'my-profile' + log_type: 'user id' + param: 'serial' + value: '$serial' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_http_server_module.rst b/docs/modules/panos_http_server_module.rst new file mode 100644 index 00000000..a244aa16 --- /dev/null +++ b/docs/modules/panos_http_server_module.rst @@ -0,0 +1,451 @@ +:source: panos_http_server.py + +:orphan: + +.. _panos_http_server_module: + + +panos_http_server -- Manage HTTP servers in a HTTP server profile ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages HTTP servers in a HTTP server profile. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 +- PAN-OS >= 8.0 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+ address +
+ - + / required
+ 		+ +
IP address or FQDN of the HTTP server
+
+ api_key +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The API key to use instead of generating it using username / password.
+
+ certificate_profile +
+ - +
+ 		+ +
PAN-OS 9.0+
+
Certificate profile for validating server cert.
+
+ device_group +
+ string +
+ 		+ Default:
"shared"
+ 		+
(Panorama only) The device group the operation should target.
+
+ http_method +
+ - +
+ 		+ Default:
"POST"
+ 		+
HTTP method to use.
+
+ http_password +
+ - +
+ 		+ +
Password for basic HTTP auth.
+
+ http_port +
+ integer +
+ 		+ Default:
443
+ 		+
Port number.
+
+ http_profile +
+ - + / required
+ 		+ +
Name of the http server profile.
+
+ http_username +
+ - +
+ 		+ +
Username for basic HTTP auth.
+
+ ip_address +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The IP address or hostname of the PAN-OS device being configured.
+
+ name +
+ - + / required
+ 		+ +
Server name.
+
+ password +
+ string +
+ 		+ +
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The port number to connect to the PAN-OS device on.
+
+ protocol +
+ - +
+ 		+
    Choices: +
  • HTTP
    • +
  • HTTPS ←
    • +
+ 		+
The protocol.
+
+ provider +
+ - +
+
added in 2.8
 + +
A dict object containing connection details.
+
+ api_key +
+ string +
+ 		+ +
The API key to use instead of generating it using username / password.
+
+ ip_address +
+ string +
+ 		+ +
The IP address or hostname of the PAN-OS device being configured.
+
+ password +
+ string +
+ 		+ +
The password to use for authentication. This is ignored if api_key is specified.
+
+ port +
+ integer +
+ 		+ Default:
443
+ 		+
The port number to connect to the PAN-OS device on.
+
+ serial_number +
+ string +
+ 		+ +
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
The username to use for authentication. This is ignored if api_key is specified.
+
+ tls_version +
+ - +
+ 		+
    Choices: +
  • 1.0
    • +
  • 1.1
    • +
  • 1.2
    • +
+ 		+
PAN-OS 9.0+
+
TLS handshake protocol version
+
+ username +
+ string +
+ 		+ Default:
"admin"
+ 		+
Deprecated
+
Use provider to specify PAN-OS connectivity instead.
+
+
The username to use for authentication. This is ignored if api_key is specified.
+
+ vsys +
+ string +
+ 		+ Default:
"shared"
+ 		+
The vsys this object belongs to.
+
+
+ + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + - name: Create http server + panos_http_server: + provider: '{{ provider }}' + http_profile: 'my-profile' + name: 'my-http-server' + address: '192.168.1.5' + http_method: 'GET' + http_username: 'jack' + http_password: 'burton' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_ike_crypto_profile_module.rst b/docs/modules/panos_ike_crypto_profile_module.rst index d53ec7f8..f0dbcf4d 100644 --- a/docs/modules/panos_ike_crypto_profile_module.rst +++ b/docs/modules/panos_ike_crypto_profile_module.rst @@ -85,7 +85,7 @@ Parameters - Default:
yes
+ Default:
"yes"
Commit configuration if changed.
@@ -128,7 +128,7 @@ Parameters
  • aes-192-cbc
  • aes-256-cbc ←
    • - Default:
    ['aes-256-cbc', '3des']
    + Default:
    ["aes-256-cbc", "3des"]
    Encryption algorithms used for IKE phase 1 proposal.
    @@ -342,7 +342,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -400,7 +400,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_ike_gateway_module.rst b/docs/modules/panos_ike_gateway_module.rst index 9b043c4e..5ab0b5c6 100644 --- a/docs/modules/panos_ike_gateway_module.rst +++ b/docs/modules/panos_ike_gateway_module.rst @@ -64,7 +64,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    Commit configuration if changed.
    @@ -106,7 +106,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    True to enable Dead Peer Detection on the gateway.
    @@ -121,7 +121,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    True to enable IKE fragmentation
    @@ -137,7 +137,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    Enable sending empty information liveness check message.
    @@ -151,7 +151,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    True to NAT Traversal mode
    @@ -166,7 +166,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    True to have the firewall only respond to IKE connections and never initiate them.
    @@ -181,7 +181,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Crypto profile for IKEv1.
    @@ -201,7 +201,7 @@ Parameters
  • main
  • aggressive
    • - Default:
    None
    + Default:
    "None"
    The IKE exchange mode to use
    @@ -215,7 +215,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Crypto profile for IKEv2.
    @@ -230,7 +230,7 @@ Parameters - Default:
    ethernet1/1
    + Default:
    "ethernet1/1"
    Specify the outgoing firewall interface to the VPN tunnel.
    @@ -282,7 +282,7 @@ Parameters
  • keyid
  • dn
    • - Default:
    None
    + Default:
    "None"
    Specify the type of local ID.
    @@ -296,7 +296,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The value for the local_id. (See also local_id_type, above.)
    @@ -310,7 +310,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Bind IKE gateway to the specified interface IP address
    @@ -329,7 +329,7 @@ Parameters
  • ip
  • floating-ip
    • - Default:
    None
    + Default:
    "None"
    The address type of the bound interface IP address
    @@ -376,7 +376,7 @@ Parameters
  • exact
  • wildcard
    • - Default:
    None
    + Default:
    "None"
    Type of checking to do on peer_id.
    @@ -397,7 +397,7 @@ Parameters
  • keyid
  • dn
    • - Default:
    None
    + Default:
    "None"
    Specify the type of peer ID.
    @@ -411,7 +411,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The value for the peer_id. (See also peer_id_type, above.)
    @@ -425,7 +425,7 @@ Parameters - Default:
    127.0.0.1
    + Default:
    "127.0.0.1"
    IPv4 address of the peer gateway.
    @@ -456,7 +456,7 @@ Parameters - Default:
    CHANGEME
    + Default:
    "CHANGEME"
    Specify pre-shared key.
    @@ -556,7 +556,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -614,7 +614,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -631,7 +631,7 @@ Parameters - Default:
    ike2
    + Default:
    "ike2"
    Specify the priority for Diffie-Hellman (DH) groups.
    diff --git a/docs/modules/panos_import_module.rst b/docs/modules/panos_import_module.rst index e450ada7..327edc66 100644 --- a/docs/modules/panos_import_module.rst +++ b/docs/modules/panos_import_module.rst @@ -49,7 +49,7 @@ Parameters - Default:
    software
    + Default:
    "software"
    Category of file uploaded. The default is software.
    @@ -63,7 +63,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Location of the file to import into device.
    @@ -103,7 +103,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    URL of the file that will be imported to device.
    @@ -117,7 +117,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Username for device authentication.
    diff --git a/docs/modules/panos_interface_module.rst b/docs/modules/panos_interface_module.rst index 214c7fd8..b4926300 100644 --- a/docs/modules/panos_interface_module.rst +++ b/docs/modules/panos_interface_module.rst @@ -544,7 +544,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -589,7 +589,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -621,7 +621,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Name of the virtual router; it must already exist.
    @@ -731,6 +731,8 @@ Status Authors ~~~~~~~ -- Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer) +- Luigi Mori (@jtschichold) +- Ivan Bojer (@ivanbojer) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_ipsec_ipv4_proxyid_module.rst b/docs/modules/panos_ipsec_ipv4_proxyid_module.rst new file mode 100644 index 00000000..183d07b7 --- /dev/null +++ b/docs/modules/panos_ipsec_ipv4_proxyid_module.rst @@ -0,0 +1,471 @@ +:source: panos_ipsec_ipv4_proxyid.py + +:orphan: + +.. _panos_ipsec_ipv4_proxyid_module: + + +panos_ipsec_ipv4_proxyid -- Configures IPv4 Proxy Id on an IPSec Tunnel ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python +- pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + any_protocol +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes ←
      • +
    +     		+
    Any protocol boolean
    +
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + commit +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes ←
      • +
    +     		+
    Commit configuration if changed.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + local +
    + - + / required
    +     		+ +
    IP subnet or IP address represents the local network
    +
    + name +
    + - + / required
    +     		+ +
    The Proxy ID
    +
    + number_proto +
    + integer +
    +     		+ +
    {'Numbered Protocol': 'protocol number (1-254)'}
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + remote +
    + - + / required
    +     		+ +
    IP subnet or IP address represents the remote network
    +
    + state +
    + string +
    +     		+
      Choices: +
    • present ←
      • +
    • absent
      • +
    +     		+
    The state.
    +
    + tcp_local_port +
    + integer +
    +     		+ +
    {'Protocol TCP': 'local port'}
    +
    + tcp_remote_port +
    + integer +
    +     		+ +
    {'Protocol TCP': 'remote port'}
    +
    + template +
    + string +
    +     		+ +
    (Panorama only) The template this operation should target. Mutually exclusive with template_stack.
    +
    + template_stack +
    + string +
    +     		+ +
    (Panorama only) The template stack this operation should target. Mutually exclusive with template.
    +
    + tunnel_name +
    + - + / required
    +     		+ +
    IPSec Tunnel Name
    +
    + udp_local_port +
    + integer +
    +     		+ +
    {'Protocol UDP': 'local port'}
    +
    + udp_remote_port +
    + integer +
    +     		+ +
    {'Protocol UDP': 'remote port'}
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + - If the PAN-OS to be configured is Panorama, either *template* or *template_stack* must be specified. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + - name: Add IPSec IPv4 Proxy ID + panos_ipsec_ipv4_proxyid: + provider: '{{ provider }}' + name: 'IPSec-ProxyId' + tunnel_name: 'Default_Tunnel' + local: '192.168.2.0/24' + remote: '192.168.1.0/24' + commit: False + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Heiko Burghardt (@odysseus107) + + diff --git a/docs/modules/panos_ipsec_profile_module.rst b/docs/modules/panos_ipsec_profile_module.rst index d38c3a90..b676b28c 100644 --- a/docs/modules/panos_ipsec_profile_module.rst +++ b/docs/modules/panos_ipsec_profile_module.rst @@ -84,7 +84,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    Commit configuration if changed.
    @@ -153,7 +153,7 @@ Parameters
  • aes-128-gcm
  • aes-256-gcm
    • - Default:
    ['aes-256-cbc', '3des']
    + Default:
    ["aes-256-cbc", "3des"]
    Encryption algorithms for ESP mode.
    @@ -420,7 +420,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -478,7 +478,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_ipsec_tunnel_module.rst b/docs/modules/panos_ipsec_tunnel_module.rst index fb5d2d99..aafbc962 100644 --- a/docs/modules/panos_ipsec_tunnel_module.rst +++ b/docs/modules/panos_ipsec_tunnel_module.rst @@ -49,7 +49,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Name of the existing IKE gateway (auto-key).
    @@ -64,7 +64,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Name of the existing IPsec profile or use default (auto-key).
    @@ -79,7 +79,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    Enable anti-replay check on this tunnel.
    @@ -109,7 +109,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    Commit configuration if changed.
    @@ -129,7 +129,7 @@ Parameters -
    – Copy IPv6 flow label for 6in6 tunnel from inner packet to IPSec packet (not recommended) (7.0+).
    +
    Copy IPv6 flow label for 6in6 tunnel from inner packet to IPSec packet (not recommended) (7.0+).
    @@ -157,7 +157,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    Disable the IPsec tunnel.
    @@ -171,7 +171,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    Enable tunnel monitoring on this tunnel.
    @@ -187,7 +187,7 @@ Parameters -
    – Profile for authenticating GlobalProtect gateway certificates (global-protect-satellite).
    +
    Profile for authenticating GlobalProtect gateway certificates (global-protect-satellite).
    @@ -200,7 +200,7 @@ Parameters -
    – Interface to communicate with portal (global-protect-satellite).
    +
    Interface to communicate with portal (global-protect-satellite).
    @@ -213,7 +213,7 @@ Parameters -
    – Floating IPv4 IP address in HA Active-Active configuration (7.0+) (global-protect-satellite).
    +
    Floating IPv4 IP address in HA Active-Active configuration (7.0+) (global-protect-satellite).
    @@ -226,7 +226,7 @@ Parameters -
    – Exact IPv4 IP address if interface has multiple IP addresses (global-protect-satellite).
    +
    Exact IPv4 IP address if interface has multiple IP addresses (global-protect-satellite).
    @@ -239,7 +239,7 @@ Parameters -
    – Floating IPv6 IP address in HA Active-Active configuration (8.0+) (global-protect-satellite).
    +
    Floating IPv6 IP address in HA Active-Active configuration (8.0+) (global-protect-satellite).
    @@ -252,7 +252,7 @@ Parameters -
    – Exact IPv6 IP address if interface has multiple IP addresses (8.0+) (global-protect-satellite).
    +
    Exact IPv6 IP address if interface has multiple IP addresses (8.0+) (global-protect-satellite).
    @@ -278,7 +278,7 @@ Parameters -
    – GlobalProtect portal address (global-protect-satellite).
    +
    GlobalProtect portal address (global-protect-satellite).
    @@ -295,7 +295,7 @@ Parameters -
    – Prefer to register portal in IPv6 (8.0+) (global-protect-satellite).
    +
    Prefer to register portal in IPv6 (8.0+) (global-protect-satellite).
    @@ -312,7 +312,7 @@ Parameters -
    – Enable publishing of connected and static routes (global-protect-satellite).
    +
    Enable publishing of connected and static routes (global-protect-satellite).
    @@ -371,7 +371,7 @@ Parameters -
    – Authentication key (manual-key).
    +
    Authentication key (manual-key).
    @@ -438,7 +438,7 @@ Parameters -
    – Interface to terminate tunnel (manual-key).
    +
    Interface to terminate tunnel (manual-key).
    @@ -451,7 +451,7 @@ Parameters -
    – Floating IP address in HA Active-Active configuration (manual-key).
    +
    Floating IP address in HA Active-Active configuration (manual-key).
    @@ -464,7 +464,7 @@ Parameters -
    – Exact IP address if interface has multiple IP addresses (manual-key).
    +
    Exact IP address if interface has multiple IP addresses (manual-key).
    @@ -494,7 +494,7 @@ Parameters -
    – Protocol for traffic through the tunnel (manual-key).
    +
    Protocol for traffic through the tunnel (manual-key).
    @@ -507,7 +507,7 @@ Parameters -
    – Tunnel peer IP address (manual-key).
    +
    Tunnel peer IP address (manual-key).
    @@ -520,7 +520,7 @@ Parameters -
    – Inbound SPI in hex (manual-key).
    +
    Inbound SPI in hex (manual-key).
    @@ -662,7 +662,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -720,7 +720,7 @@ Parameters - Default:
    tunnel.1
    + Default:
    "tunnel.1"
    Specify existing tunnel interface that will be used.
    @@ -747,7 +747,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Monitoring action.
    @@ -761,7 +761,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Which proxy-id (or proxy-id-v6) the monitoring traffic will use.
    @@ -793,7 +793,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_l2_subinterface_module.rst b/docs/modules/panos_l2_subinterface_module.rst new file mode 100644 index 00000000..37f0e4d4 --- /dev/null +++ b/docs/modules/panos_l2_subinterface_module.rst @@ -0,0 +1,432 @@ +:source: panos_l2_subinterface.py + +:orphan: + +.. _panos_l2_subinterface_module: + + +panos_l2_subinterface -- configure layer2 subinterface +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Configure a layer2 subinterface. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.8.0 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + comment +
    + - +
    +     		+ +
    Interface comment.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + lldp_enabled +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Enable LLDP
    +
    + lldp_profile +
    + - +
    +     		+ +
    Reference to an LLDP profile
    +
    + name +
    + - + / required
    +     		+ +
    Name of the interface to configure.
    +
    + netflow_profile +
    + - +
    +     		+ +
    Reference to a netflow profile.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + state +
    + string +
    +     		+
      Choices: +
    • present ←
      • +
    • absent
      • +
    +     		+
    The state.
    +
    + tag +
    + integer + / required
    +     		+ +
    Tag (vlan id) for the interface
    +
    + template +
    + string +
    +     		+ +
    (Panorama only) The template this operation should target. This param is required if the PAN-OS device is Panorama.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vlan_name +
    + - +
    +     		+ +
    The VLAN to put this interface in.
    +
    If the VLAN does not exist it is created.
    +
    + vsys +
    + string +
    +     		+ +
    The vsys this object should be imported into. Objects that are imported include interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically imported into vsys1 if no vsys is specified.
    +
    + zone_name +
    + - +
    +     		+ +
    Name of the zone for the interface.
    +
    If the zone does not exist it is created.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Checkmode is supported. + - If the PAN-OS device is a firewall and *vsys* is not specified, then the vsys will default to *vsys=vsys1*. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create ethernet1/1.5 + - name: ethernet1/1.5 in zone sales + panos_l2_subinterface: + provider: '{{ provider }}' + name: "ethernet1/1.5" + tag: 5 + zone_name: "sales" + vlan_name: "myVlan" + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_l3_subinterface_module.rst b/docs/modules/panos_l3_subinterface_module.rst new file mode 100644 index 00000000..cd6231c1 --- /dev/null +++ b/docs/modules/panos_l3_subinterface_module.rst @@ -0,0 +1,558 @@ +:source: panos_l3_subinterface.py + +:orphan: + +.. _panos_l3_subinterface_module: + + +panos_l3_subinterface -- configure layer3 subinterface +++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Configure a layer3 subinterface. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.8.0 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + adjust_tcp_mss +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Adjust TCP MSS for layer3 interface.
    +
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + comment +
    + - +
    +     		+ +
    Interface comment.
    +
    + create_default_route +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Whether or not to add default route with router learned via DHCP.
    +
    + dhcp_default_route_metric +
    + integer +
    +     		+ +
    Metric for the DHCP default route.
    +
    + enable_dhcp +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Enable DHCP on this interface.
    +
    + ip +
    + list +
    +     		+ +
    List of static IP addresses.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + ipv4_mss_adjust +
    + integer +
    +     		+ +
    (7.1+) TCP MSS adjustment for IPv4.
    +
    + ipv6_enabled +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Enable IPv6.
    +
    + ipv6_mss_adjust +
    + integer +
    +     		+ +
    (7.1+) TCP MSS adjustment for IPv6.
    +
    + management_profile +
    + - +
    +     		+ +
    Interface management profile name.
    +
    + mtu +
    + integer +
    +     		+ +
    MTU for layer3 interface.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the interface to configure.
    +
    + netflow_profile +
    + - +
    +     		+ +
    Netflow profile for layer3 interface.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + state +
    + string +
    +     		+
      Choices: +
    • present ←
      • +
    • absent
      • +
    +     		+
    The state.
    +
    + tag +
    + integer + / required
    +     		+ +
    Tag (vlan id) for the interface
    +
    + template +
    + string +
    +     		+ +
    (Panorama only) The template this operation should target. This param is required if the PAN-OS device is Panorama.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vr_name +
    + - +
    +     		+ +
    Virtual router to add this interface to.
    +
    + vsys +
    + string +
    +     		+ +
    The vsys this object should be imported into. Objects that are imported include interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically imported into vsys1 if no vsys is specified.
    +
    + zone_name +
    + - +
    +     		+ +
    Name of the zone for the interface.
    +
    If the zone does not exist it is created.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Checkmode is supported. + - If the PAN-OS device is a firewall and *vsys* is not specified, then the vsys will default to *vsys=vsys1*. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create ethernet1/1.5 as DHCP. + - name: enable DHCP client on ethernet1/1.5 in zone public + panos_l3_subinterface: + provider: '{{ provider }}' + name: "ethernet1/1.5" + tag: 1 + create_default_route: True + zone_name: "public" + create_default_route: "yes" + + # Update ethernet1/2.7 with a static IP address in zone dmz. + - name: ethernet1/2.7 as static in zone dmz + panos_l3_subinterface: + provider: '{{ provider }}' + name: "ethernet1/2.7" + tag: 7 + enable_dhcp: false + ip: ["10.1.1.1/24"] + zone_name: "dmz" + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_lic_module.rst b/docs/modules/panos_lic_module.rst index 67d06585..b20c3d4b 100644 --- a/docs/modules/panos_lic_module.rst +++ b/docs/modules/panos_lic_module.rst @@ -231,7 +231,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -246,7 +246,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_loadcfg_module.rst b/docs/modules/panos_loadcfg_module.rst index 658f1036..0d4a4618 100644 --- a/docs/modules/panos_loadcfg_module.rst +++ b/docs/modules/panos_loadcfg_module.rst @@ -47,7 +47,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    commit if changed
    @@ -61,7 +61,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    configuration file to load
    @@ -101,7 +101,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    username for authentication
    diff --git a/docs/modules/panos_log_forwarding_profile_match_list_action_module.rst b/docs/modules/panos_log_forwarding_profile_match_list_action_module.rst new file mode 100644 index 00000000..b18fa751 --- /dev/null +++ b/docs/modules/panos_log_forwarding_profile_match_list_action_module.rst @@ -0,0 +1,459 @@ +:source: panos_log_forwarding_profile_match_list_action.py + +:orphan: + +.. _panos_log_forwarding_profile_match_list_action_module: + + +panos_log_forwarding_profile_match_list_action -- Manage log forwarding profile match list actions +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages log forwarding profile match list actions. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + action +
    + - +
    +     		+
      Choices: +
    • add-tag
      • +
    • remove-tag
      • +
    • Azure-Security-Center-Integration
      • +
    +     		+
    The action.
    +
    + action_type +
    + - +
    +     		+
      Choices: +
    • tagging ←
      • +
    • integration
      • +
    +     		+
    Action type.
    +
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + http_profile +
    + - +
    +     		+ +
    The HTTP profile when registration=remote.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + log_forwarding_profile +
    + - + / required
    +     		+ +
    Name of the log forwarding profile to add this action to.
    +
    + log_forwarding_profile_match_list +
    + - + / required
    +     		+ +
    Name of the log forwarding profile match list to add this action to.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the profile.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + registration +
    + - +
    +     		+
      Choices: +
    • localhost
      • +
    • panorama
      • +
    • remote
      • +
    +     		+
    Registration.
    +
    + tags +
    + list +
    +     		+ +
    List of tags.
    +
    + target +
    + - +
    +     		+
      Choices: +
    • source-address
      • +
    • destination-address
      • +
    +     		+
    The target.
    +
    + timeout +
    + integer +
    +     		+ +
    Valid for PAN-OS 9.0+
    +
    Timeout in minutes
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a log forwarding server match list action + - name: Create the action + panos_log_forwarding_profile_match_list_action: + provider: '{{ provider }}' + log_forwarding_profile: 'my-profile' + log_forwarding_profile_match_list: 'ml-1' + name: 'my-action' + action: 'add-tag' + target: 'source-address' + registration: 'localhost' + tags: ['foo', 'bar'] + timeout: 2 + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_log_forwarding_profile_match_list_module.rst b/docs/modules/panos_log_forwarding_profile_match_list_module.rst new file mode 100644 index 00000000..fe573fd9 --- /dev/null +++ b/docs/modules/panos_log_forwarding_profile_match_list_module.rst @@ -0,0 +1,453 @@ +:source: panos_log_forwarding_profile_match_list.py + +:orphan: + +.. _panos_log_forwarding_profile_match_list_module: + + +panos_log_forwarding_profile_match_list -- Manage log forwarding profile match lists +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages log forwarding profile match lists. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + description +
    + - +
    +     		+ +
    Profile description
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + email_profiles +
    + list +
    +     		+ +
    List of email server profiles.
    +
    + filter +
    + - +
    +     		+ +
    The filter. Leaving this empty means "All logs".
    +
    + http_profiles +
    + list +
    +     		+ +
    List of HTTP server profiles.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + log_forwarding_profile +
    + - + / required
    +     		+ +
    Name of the log forwarding profile to add this match list to.
    +
    + log_type +
    + - +
    +     		+
      Choices: +
    • traffic ←
      • +
    • threat
      • +
    • wildfire
      • +
    • url
      • +
    • data
      • +
    • gtp
      • +
    • tunnel
      • +
    • auth
      • +
    • sctp
      • +
    +     		+
    Log type.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the profile.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + send_to_panorama +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Send to panorama or not
    +
    + snmp_profiles +
    + list +
    +     		+ +
    List of SNMP server profiles.
    +
    + syslog_profiles +
    + list +
    +     		+ +
    List of syslog server profiles.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a server match list + - name: Create log forwarding profile match list + panos_log_forwarding_profile_match_list: + provider: '{{ provider }}' + log_forwarding_profile: 'my-profile' + name: 'ml-1' + description: 'created by Ansible' + log_type: 'threat' + filter: '(action eq allow) and (zone eq DMZ)' + syslog_profiles: ['syslog-prof1'] + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_log_forwarding_profile_module.rst b/docs/modules/panos_log_forwarding_profile_module.rst new file mode 100644 index 00000000..952a26c8 --- /dev/null +++ b/docs/modules/panos_log_forwarding_profile_module.rst @@ -0,0 +1,348 @@ +:source: panos_log_forwarding_profile.py + +:orphan: + +.. _panos_log_forwarding_profile_module: + + +panos_log_forwarding_profile -- Manage log forwarding profiles +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages log forwarding profiles. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + description +
    + - +
    +     		+ +
    Profile description
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + enhanced_logging +
    + boolean +
    +     		+
      Choices: +
    • no
      • +
    • yes
      • +
    +     		+
    Valid for PAN-OS 8.1+
    +
    Enabling enhanced application logging.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the profile.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a profile + - name: Create log forwarding profile + panos_log_forwarding_profile + provider: '{{ provider }}' + name: 'my-profile' + enhanced_logging: true + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_loopback_interface_module.rst b/docs/modules/panos_loopback_interface_module.rst index 9d292d8c..b3ea852a 100644 --- a/docs/modules/panos_loopback_interface_module.rst +++ b/docs/modules/panos_loopback_interface_module.rst @@ -353,7 +353,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -398,7 +398,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -415,7 +415,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Name of the virtual router; it must already exist.
    @@ -522,5 +522,6 @@ Authors ~~~~~~~ - Geraint Jones (@nexus_moneky_nz) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_management_profile_module.rst b/docs/modules/panos_management_profile_module.rst index cf7891d8..f9f06f87 100644 --- a/docs/modules/panos_management_profile_module.rst +++ b/docs/modules/panos_management_profile_module.rst @@ -325,7 +325,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -502,7 +502,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -568,6 +568,6 @@ Status Authors ~~~~~~~ -- UNKNOWN +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_match_rule_module.rst b/docs/modules/panos_match_rule_module.rst index 6c55229c..439adce2 100644 --- a/docs/modules/panos_match_rule_module.rst +++ b/docs/modules/panos_match_rule_module.rst @@ -277,7 +277,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -392,7 +392,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -409,7 +409,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_mgtconfig_module.rst b/docs/modules/panos_mgtconfig_module.rst index be34aa43..150d3819 100644 --- a/docs/modules/panos_mgtconfig_module.rst +++ b/docs/modules/panos_mgtconfig_module.rst @@ -64,7 +64,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    Commit configuration if changed.
    @@ -342,7 +342,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -383,7 +383,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_nat_rule_module.rst b/docs/modules/panos_nat_rule_module.rst index c6a11d01..5b245c76 100644 --- a/docs/modules/panos_nat_rule_module.rst +++ b/docs/modules/panos_nat_rule_module.rst @@ -95,7 +95,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    list of destination addresses
    @@ -122,7 +122,7 @@ Parameters - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -378,7 +378,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -424,7 +424,7 @@ Parameters - Default:
    any
    + Default:
    "any"
    service
    @@ -530,7 +530,7 @@ Parameters
  • dynamic-ip
  • dynamic-ip-and-port
    • - Default:
    None
    + Default:
    "None"
    type of source translation
    @@ -544,7 +544,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    list of source addresses
    @@ -619,7 +619,7 @@ Parameters - Default:
    any
    + Default:
    "any"
    Original packet's destination interface.
    @@ -633,7 +633,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -650,7 +650,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    @@ -719,6 +719,10 @@ Status Authors ~~~~~~~ -- Luigi Mori (@jtschichold),Ivan Bojer (@ivanbojer),Robert Hagen (@rnh556),Michael Richardson (@mrichardson03) +- Luigi Mori (@jtschichold) +- Ivan Bojer (@ivanbojer) +- Robert Hagen (@rnh556) +- Michael Richardson (@mrichardson03) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_object_facts_module.rst b/docs/modules/panos_object_facts_module.rst index 0e139fe2..34615964 100644 --- a/docs/modules/panos_object_facts_module.rst +++ b/docs/modules/panos_object_facts_module.rst @@ -246,7 +246,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -261,7 +261,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_object_module.rst b/docs/modules/panos_object_module.rst index 92867a8b..f4afeff0 100644 --- a/docs/modules/panos_object_module.rst +++ b/docs/modules/panos_object_module.rst @@ -135,7 +135,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    Commit the config change.
    @@ -175,7 +175,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The name of the (preexisting) Panorama device group.
    @@ -333,7 +333,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Username credentials to use for authentication.
    @@ -347,7 +347,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys to put the object into.
    diff --git a/docs/modules/panos_op_module.rst b/docs/modules/panos_op_module.rst index d83cca6c..5d9e5a47 100644 --- a/docs/modules/panos_op_module.rst +++ b/docs/modules/panos_op_module.rst @@ -228,7 +228,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -243,7 +243,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -352,5 +352,6 @@ Authors ~~~~~~~ - Ivan Bojer (@ivanbojer) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_pg_module.rst b/docs/modules/panos_pg_module.rst index 8e20bad4..dc253b08 100644 --- a/docs/modules/panos_pg_module.rst +++ b/docs/modules/panos_pg_module.rst @@ -94,7 +94,7 @@ Parameters - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -268,7 +268,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -326,7 +326,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -356,7 +356,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_query_rules_module.rst b/docs/modules/panos_query_rules_module.rst index aeefd0a8..ad5a45ad 100644 --- a/docs/modules/panos_query_rules_module.rst +++ b/docs/modules/panos_query_rules_module.rst @@ -71,7 +71,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Name of the application or application group to be queried.
    @@ -85,7 +85,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The destination IP address to be queried.
    @@ -99,7 +99,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The destination port to be queried.
    @@ -113,7 +113,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Name of the destination security zone to be queried.
    @@ -127,7 +127,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The Panorama device group in which to conduct the query.
    @@ -167,7 +167,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The protocol used to be queried. Must be either tcp or udp.
    @@ -181,7 +181,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The source IP address to be queried.
    @@ -195,7 +195,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    The source port to be queried.
    @@ -209,7 +209,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Name of the source security zone to be queried.
    @@ -223,7 +223,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    Name of the rule tag to be queried.
    @@ -237,7 +237,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Username credentials to use for authentication.
    diff --git a/docs/modules/panos_redistribution_module.rst b/docs/modules/panos_redistribution_module.rst index f24cb062..10146057 100644 --- a/docs/modules/panos_redistribution_module.rst +++ b/docs/modules/panos_redistribution_module.rst @@ -375,7 +375,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -450,7 +450,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -467,7 +467,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Name of the virtual router; it must already exist; see panos_virtual_router.
    @@ -523,5 +523,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_registered_ip_facts_module.rst b/docs/modules/panos_registered_ip_facts_module.rst index e93812c7..e595b3c9 100644 --- a/docs/modules/panos_registered_ip_facts_module.rst +++ b/docs/modules/panos_registered_ip_facts_module.rst @@ -211,7 +211,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -239,7 +239,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -256,7 +256,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_registered_ip_module.rst b/docs/modules/panos_registered_ip_module.rst index bd553bd9..5e3d2de8 100644 --- a/docs/modules/panos_registered_ip_module.rst +++ b/docs/modules/panos_registered_ip_module.rst @@ -211,7 +211,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -256,7 +256,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -273,7 +273,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_restart_module.rst b/docs/modules/panos_restart_module.rst index 92aa1580..bcfb04b6 100644 --- a/docs/modules/panos_restart_module.rst +++ b/docs/modules/panos_restart_module.rst @@ -198,7 +198,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -213,7 +213,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -268,6 +268,8 @@ Status Authors ~~~~~~~ -- Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer) +- Luigi Mori (@jtschichold) +- Ivan Bojer (@ivanbojer) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_sag_module.rst b/docs/modules/panos_sag_module.rst index 6dcb6b50..91df97d6 100644 --- a/docs/modules/panos_sag_module.rst +++ b/docs/modules/panos_sag_module.rst @@ -69,7 +69,7 @@ Parameters - Default:
    yes
    + Default:
    "yes"
    commit if changed
    @@ -83,7 +83,7 @@ Parameters - Default:
    None
    + Default:
    null
    The purpose / objective of the static Address Group
    @@ -97,7 +97,7 @@ Parameters - Default:
    None
    + Default:
    "None"
    - The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
    @@ -111,7 +111,7 @@ Parameters / required - Default:
    None
    + Default:
    null
    IP address (or hostname) of PAN-OS device
    @@ -125,7 +125,7 @@ Parameters / required - Default:
    None
    + Default:
    null
    The operation to perform Supported values are add/list/delete.
    @@ -139,7 +139,7 @@ Parameters / required - Default:
    None
    + Default:
    null
    password for authentication
    @@ -153,7 +153,7 @@ Parameters / required - Default:
    None
    + Default:
    null
    name of the dynamic address group
    @@ -167,7 +167,7 @@ Parameters / required - Default:
    None
    + Default:
    null
    Static filter used by the address group
    @@ -181,7 +181,7 @@ Parameters - Default:
    None
    + Default:
    null
    Tags to be associated with the address group
    @@ -195,7 +195,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    username for authentication
    diff --git a/docs/modules/panos_security_rule_facts_module.rst b/docs/modules/panos_security_rule_facts_module.rst index c1a4da04..ff0b56c6 100644 --- a/docs/modules/panos_security_rule_facts_module.rst +++ b/docs/modules/panos_security_rule_facts_module.rst @@ -42,6 +42,23 @@ Parameters + all_details +
    + boolean +
    + + +
      Choices: +
    • no
      • +
    • yes
      • +
    + + +
    Get full-policy details when name is not set.
    + + + + api_key
    string @@ -64,7 +81,7 @@ Parameters
    - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -212,7 +229,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -258,7 +275,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -275,7 +292,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    @@ -335,10 +352,394 @@ Common return values are `documented here + policy +
    complex
    + + When rule_name is not specified and all_details is True + +
    List of security rules present with details
    +
    + + + +   + + action +
    string
    + + + +
    The rule action.
    +
    + + + +   + + antivirus +
    string
    + + + +
    Name of the already defined antivirus profile.
    +
    + + + +   + + application +
    list
    + + + +
    List of applications, application groups, and/or application filters.
    +
    + + + +   + + category +
    list
    + + + +
    List of destination URL categories.
    +
    + + + +   + + data_filtering +
    string
    + + + +
    Name of the already defined data_filtering profile.
    +
    + + + +   + + description +
    string
    + + + +
    Description of the security rule.
    +
    + + + +   + + destination_ip +
    list
    + + + +
    List of destination addresses.
    +
    + + + +   + + destination_zone +
    list
    + + + +
    List of destination zones.
    +
    + + + +   + + disable_server_response_inspection +
    boolean
    + + + +
    Disables packet inspection from the server to the client.
    +
    + + + +   + + disabled +
    boolean
    + + + +
    Disable this rule.
    +
    + + + +   + + file_blocking +
    string
    + + + +
    Name of the already defined file_blocking profile.
    +
    + + + +   + + group_profile +
    string
    + + + +
    Security profile group setting.
    +
    + + + +   + + hip_profiles +
    list
    + + + +
    GlobalProtect host information profile list.
    +
    + + + +   + + icmp_unreachable +
    boolean
    + + + +
    Send 'ICMP Unreachable'.
    +
    + + + +   + + log_end +
    boolean
    + + + +
    Whether to log at session end.
    +
    + + + +   + + log_setting +
    string
    + + + +
    Log forwarding profile.
    +
    + + + +   + + log_start +
    boolean
    + + + +
    Whether to log at session start.
    +
    + + + +   + + negate_destination +
    boolean
    + + + +
    Match on the reverse of the 'destination_ip' attribute
    +
    + + + +   + + negate_source +
    boolean
    + + + +
    Match on the reverse of the 'source_ip' attribute
    +
    + + + +   + + rule_name +
    string
    + + + +
    Name of the security rule.
    +
    + + + +   + + rule_type +
    string
    + + + +
    Type of security rule (version 6.1 of PanOS and above).
    +
    + + + +   + + schedule +
    string
    + + + +
    Schedule in which this rule is active.
    +
    + + + +   + + service +
    list
    + + + +
    List of services and/or service groups.
    +
    + + + +   + + source_ip +
    list
    + + + +
    List of source addresses.
    +
    + + + +   + + source_user +
    list
    + + + +
    List of source users.
    +
    + + + +   + + source_zone +
    list
    + + + +
    List of source zones.
    +
    + + + +   + + spyware +
    string
    + + + +
    Name of the already defined spyware profile.
    +
    + + + +   + + tag_name +
    list
    + + + +
    List of tags associated with the rule.
    +
    + + + +   + + url_filtering +
    string
    + + + +
    Name of the already defined url_filtering profile.
    +
    + + + +   + + vulnerability +
    string
    + + + +
    Name of the already defined vulnerability profile.
    +
    + + + +   + + wildfire_analysis +
    string
    + + + +
    Name of the already defined wildfire_analysis profile.
    +
    + + + + + rules
    list
    - When rule_name is not specified + When rule_name is not specified and all_details is False
    List of security rules present

    diff --git a/docs/modules/panos_security_rule_module.rst b/docs/modules/panos_security_rule_module.rst index a20beec9..9e154045 100644 --- a/docs/modules/panos_security_rule_module.rst +++ b/docs/modules/panos_security_rule_module.rst @@ -99,7 +99,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    List of applications, application groups, and/or application filters.
    @@ -113,7 +113,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    List of destination URL categories.
    @@ -170,7 +170,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    List of destination addresses.
    @@ -184,7 +184,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    List of destination zones.
    @@ -198,7 +198,7 @@ Parameters - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -301,7 +301,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    - If you are using GlobalProtect with host information profile (HIP) enabled, you can also base the policy on information collected by GlobalProtect. For example, the user access level can be determined HIP that notifies the firewall about the user's local configuration.
    @@ -597,7 +597,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -674,7 +674,7 @@ Parameters - Default:
    ['application-default']
    + Default:
    ["application-default"]
    List of services and/or service groups.
    @@ -688,7 +688,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    List of source addresses.
    @@ -702,7 +702,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    Use users to enforce policy for individual users or a group of users.
    @@ -716,7 +716,7 @@ Parameters - Default:
    ['any']
    + Default:
    ["any"]
    List of source zones.
    @@ -799,7 +799,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -816,7 +816,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    @@ -969,6 +969,9 @@ Status Authors ~~~~~~~ -- Ivan Bojer (@ivanbojer), Robert Hagen (@stealthllama), Michael Richardson (@mrichardson03) +- Ivan Bojer (@ivanbojer) +- Robert Hagen (@stealthllama) +- Michael Richardson (@mrichardson03) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_service_group_module.rst b/docs/modules/panos_service_group_module.rst index 29bad759..baf51c41 100644 --- a/docs/modules/panos_service_group_module.rst +++ b/docs/modules/panos_service_group_module.rst @@ -81,7 +81,7 @@ Parameters - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -242,7 +242,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -287,7 +287,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -317,7 +317,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_service_object_module.rst b/docs/modules/panos_service_object_module.rst index 7e2ffbd6..f353ae5c 100644 --- a/docs/modules/panos_service_object_module.rst +++ b/docs/modules/panos_service_object_module.rst @@ -107,7 +107,7 @@ Parameters - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -285,7 +285,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -343,7 +343,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -360,7 +360,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_snmp_profile_module.rst b/docs/modules/panos_snmp_profile_module.rst new file mode 100644 index 00000000..39cf3f91 --- /dev/null +++ b/docs/modules/panos_snmp_profile_module.rst @@ -0,0 +1,333 @@ +:source: panos_snmp_profile.py + +:orphan: + +.. _panos_snmp_profile_module: + + +panos_snmp_profile -- Manage SNMP server profiles ++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages SNMP server profiles. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the profile.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + version +
    + - +
    +     		+
      Choices: +
    • v2c ←
      • +
    • v3
      • +
    +     		+
    SNMP version.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create snmp profile + - name: Create snmp profile + panos_snmp_profile: + provider: '{{ provider }}' + name: 'my-profile' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_snmp_v2c_server_module.rst b/docs/modules/panos_snmp_v2c_server_module.rst new file mode 100644 index 00000000..d7c1e1c3 --- /dev/null +++ b/docs/modules/panos_snmp_v2c_server_module.rst @@ -0,0 +1,358 @@ +:source: panos_snmp_v2c_server.py + +:orphan: + +.. _panos_snmp_v2c_server_module: + + +panos_snmp_v2c_server -- Manage SNMP v2c servers +++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages SNMP v2c servers. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + community +
    + - +
    +     		+ +
    SNMP community
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + manager +
    + - +
    +     		+ +
    IP address or FQDN of SNMP manager to use.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the server.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + snmp_profile +
    + - + / required
    +     		+ +
    Name of the SNMP server profile.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a snmp v2 server + - name: Create snmp v2 server + panos_snmp_v2c_server: + provider: '{{ provider }}' + snmp_profile: 'my-profile' + name: 'my-v2c-server' + manager: '192.168.55.10' + community: 'foobar' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_snmp_v3_server_module.rst b/docs/modules/panos_snmp_v3_server_module.rst new file mode 100644 index 00000000..6ebb5e07 --- /dev/null +++ b/docs/modules/panos_snmp_v3_server_module.rst @@ -0,0 +1,399 @@ +:source: panos_snmp_v3_server.py + +:orphan: + +.. _panos_snmp_v3_server_module: + + +panos_snmp_v3_server -- Manage SNMP v3 servers +++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages SNMP v3 servers. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + auth_password +
    + - +
    +     		+ +
    Authentiation protocol password.
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + engine_id +
    + - +
    +     		+ +
    A hex number
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + manager +
    + - +
    +     		+ +
    IP address or FQDN of SNMP manager to use.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the server.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + priv_password +
    + - +
    +     		+ +
    Privacy protocol password.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + snmp_profile +
    + - + / required
    +     		+ +
    Name of the SNMP server profile.
    +
    + user +
    + - +
    +     		+ +
    User
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create snmp v3 server + - name: Create snmp v3 server + panos_snmp_v3_server: + provider: '{{ provider }}' + snmp_profile: 'my-profile' + name: 'my-v3-server' + manager: '192.168.55.10' + user: 'jdoe' + auth_password: 'password' + priv_password: 'drowssap' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_software_module.rst b/docs/modules/panos_software_module.rst index c5720ffb..15128274 100644 --- a/docs/modules/panos_software_module.rst +++ b/docs/modules/panos_software_module.rst @@ -198,7 +198,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -213,7 +213,7 @@ Parameters - Default:
    no
    + Default:
    "no"
    Restart device after installing desired version. Use in conjunction with panos_check to determine when firewall is ready again.
    @@ -227,7 +227,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_static_route_module.rst b/docs/modules/panos_static_route_module.rst index 2eddfc57..58949293 100644 --- a/docs/modules/panos_static_route_module.rst +++ b/docs/modules/panos_static_route_module.rst @@ -119,7 +119,7 @@ Parameters - Default:
    10
    + Default:
    "10"
    Metric for route.
    @@ -296,7 +296,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -354,7 +354,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -371,7 +371,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Virtual router to use.
    @@ -464,5 +464,6 @@ Authors ~~~~~~~ - Michael Richardson (@mrichardson03) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_syslog_profile_module.rst b/docs/modules/panos_syslog_profile_module.rst new file mode 100644 index 00000000..2c921b49 --- /dev/null +++ b/docs/modules/panos_syslog_profile_module.rst @@ -0,0 +1,533 @@ +:source: panos_syslog_profile.py + +:orphan: + +.. _panos_syslog_profile_module: + + +panos_syslog_profile -- Manage syslog server profiles ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages syslog server profiles. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + auth +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom auth log format.
    +
    + config +
    + - +
    +     		+ +
    Custom config log format.
    +
    + data +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom data log format.
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + escape_character +
    + - +
    +     		+ +
    Escape character
    +
    + escaped_characters +
    + - +
    +     		+ +
    Characters to be escaped.
    +
    + gtp +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom GTP log format.
    +
    + hip_match +
    + - +
    +     		+ +
    Custom HIP match log format.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + iptag +
    + - +
    +     		+ +
    PAN-OS 9.0+
    +
    Custom Iptag log format.
    +
    + name +
    + - + / required
    +     		+ +
    Name of the profile.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + sctp +
    + - +
    +     		+ +
    PAN-OS 8.1+
    +
    Custom SCTP log format.
    +
    + system +
    + - +
    +     		+ +
    Custom system log format.
    +
    + threat +
    + - +
    +     		+ +
    Custom threat log format.
    +
    + traffic +
    + - +
    +     		+ +
    Custom traffic log format.
    +
    + tunnel +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom tunnel log format.
    +
    + url +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom url log format.
    +
    + user_id +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom user-ID log format.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    + wildfire +
    + - +
    +     		+ +
    PAN-OS 8.0+
    +
    Custom wildfire log format.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Create a profile + - name: Create syslog profile + panos_syslog_profile: + provider: '{{ provider }}' + name: 'my-profile' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_syslog_server_module.rst b/docs/modules/panos_syslog_server_module.rst new file mode 100644 index 00000000..caa38340 --- /dev/null +++ b/docs/modules/panos_syslog_server_module.rst @@ -0,0 +1,415 @@ +:source: panos_syslog_server.py + +:orphan: + +.. _panos_syslog_server_module: + + +panos_syslog_server -- Manage syslog server profile syslog servers +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Manages syslog servers in an syslog server profile. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice >= 0.11.1 + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + device_group +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    (Panorama only) The device group the operation should target.
    +
    + facility +
    + - +
    +     		+
      Choices: +
    • LOG_USER ←
      • +
    • LOG_LOCAL0
      • +
    • LOG_LOCAL1
      • +
    • LOG_LOCAL2
      • +
    • LOG_LOCAL3
      • +
    • LOG_LOCAL4
      • +
    • LOG_LOCAL5
      • +
    • LOG_LOCAL6
      • +
    • LOG_LOCAL7
      • +
    +     		+
    Syslog facility.
    +
    + format +
    + - +
    +     		+
      Choices: +
    • BSD ←
      • +
    • IETF
      • +
    +     		+
    Format of the syslog message.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + name +
    + - + / required
    +     		+ +
    Server name.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + server +
    + - + / required
    +     		+ +
    IP address or FQDN of the syslog server
    +
    + syslog_port +
    + integer +
    +     		+ +
    Syslog port number
    +
    + syslog_profile +
    + - + / required
    +     		+ +
    Name of the syslog server profile.
    +
    + transport +
    + - +
    +     		+
      Choices: +
    • UDP ←
      • +
    • TCP
      • +
    • SSL
      • +
    +     		+
    Syslog transport.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "shared"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + - name: Create syslog server + panos_syslog_server: + provider: '{{ provider }}' + syslog_profile: 'my-profile' + name: 'my-syslog-server' + port: 514 + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_tag_object_module.rst b/docs/modules/panos_tag_object_module.rst index 223d535a..b010ee2c 100644 --- a/docs/modules/panos_tag_object_module.rst +++ b/docs/modules/panos_tag_object_module.rst @@ -125,7 +125,7 @@ Parameters - Default:
    shared
    + Default:
    "shared"
    (Panorama only) The device group the operation should target.
    @@ -286,7 +286,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -318,7 +318,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -335,7 +335,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    diff --git a/docs/modules/panos_tunnel_module.rst b/docs/modules/panos_tunnel_module.rst index d7c13203..17d9b2a9 100644 --- a/docs/modules/panos_tunnel_module.rst +++ b/docs/modules/panos_tunnel_module.rst @@ -310,7 +310,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -355,7 +355,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_type_cmd_module.rst b/docs/modules/panos_type_cmd_module.rst new file mode 100644 index 00000000..25d61fc4 --- /dev/null +++ b/docs/modules/panos_type_cmd_module.rst @@ -0,0 +1,416 @@ +:source: panos_type_cmd.py + +:orphan: + +.. _panos_type_cmd_module: + + +panos_type_cmd -- Execute arbitrary TYPE commands on PAN-OS ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module allows you to execute arbitrary TYPE commands on PAN-OS. +- This module does not provide guards of any sort, so USE AT YOUR OWN RISK. +- Refer to the PAN-OS and Panorama API guide for more info. +- https://docs.paloaltonetworks.com/pan-os.html + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + cmd +
    + - +
    +     		+
      Choices: +
    • show
      • +
    • get
      • +
    • delete
      • +
    • set ←
      • +
    • edit
      • +
    • move
      • +
    • rename
      • +
    • clone
      • +
    • override
      • +
    +     		+
    The command to run.
    +
    + dst +
    + - +
    +     		+ +
    Used in cmd=move.
    +
    The reference object.
    +
    + element +
    + - +
    +     		+ +
    Used in cmd=set, cmd=edit, and cmd=override.
    +
    The element payload.
    +
    + extra_qs +
    + complex +
    +     		+ +
    A dict of extra params to pass in.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + new_name +
    + - +
    +     		+ +
    Used in cmd=rename and cmd=clone.
    +
    The new name.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + where +
    + - +
    +     		+ +
    Used in cmd=move.
    +
    The movement keyword.
    +
    + xpath +
    + - + / required
    +     		+ +
    The XPATH.
    +
    All newlines are removed from the XPATH to allow for shorter lines.
    +
    + xpath_from +
    + - +
    +     		+ +
    Used in cmd=clone.
    +
    The from xpath.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is not supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + - name: Create an address object using set. + panos_type_cmd: + provider: '{{ provider }}' + xpath: | + /config/devices/entry[@name='localhost.localdomain'] + /vsys/entry[@name='vsys1'] + /address + element: | + + 192.168.55.0/24 + Address CIDR for sales org + + + - name: Then rename it. + panos_type_cmd: + provider: '{{ provider }}' + cmd: 'rename' + xpath: | + /config/devices/entry[@name='localhost.localdomain'] + /vsys/entry[@name='vsys1'] + /address/entry[@name='sales-block'] + new_name: 'dmz-block' + + + + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_userid_module.rst b/docs/modules/panos_userid_module.rst index 1d924921..1c19e8b1 100644 --- a/docs/modules/panos_userid_module.rst +++ b/docs/modules/panos_userid_module.rst @@ -212,7 +212,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -270,7 +270,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_virtual_router_facts_module.rst b/docs/modules/panos_virtual_router_facts_module.rst new file mode 100644 index 00000000..310b4c9d --- /dev/null +++ b/docs/modules/panos_virtual_router_facts_module.rst @@ -0,0 +1,492 @@ +:source: panos_virtual_router_facts.py + +:orphan: + +.. _panos_virtual_router_facts_module: + + +panos_virtual_router_facts -- Retrieves virtual router information +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Retrieves information on virtual routers from a firewall or Panorama. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + name +
    + - +
    +     		+ +
    Name of the virtual router.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + template +
    + string +
    +     		+ +
    (Panorama only) The template this operation should target. Mutually exclusive with template_stack.
    +
    + template_stack +
    + string +
    +     		+ +
    (Panorama only) The template stack this operation should target. Mutually exclusive with template.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is not supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + - If the PAN-OS to be configured is Panorama, either *template* or *template_stack* must be specified. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Get information on a specific virtual router + - name: Get vr3 info + panos_virtual_router_facts: + provider: '{{ provider }}' + name: 'vr3' + register: ans + + # Get the config of all virtual routers + - name: Get all virtual routers + panos_virtual_router_facts: + provider: '{{ provider }}' + register: vrlist + + + + +Return Values +------------- +Common return values are `documented here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    KeyReturnedDescription
    + spec +
    complex
    +     		When name is specified. +
    The spec of the specified virtual router.
    +
    +
      + ad_ebgp +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_ibgp +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_ospf_ext +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_ospf_int +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_ospfv3_ext +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_ospfv3_int +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_rip +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_static +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + ad_static_ipv6 +
    integer
    +     		+
    Admin distance for this protocol.
    +
    +
      + interface +
    list
    +     		+
    List of interfaces
    +
    +
      + name +
    -
    +     		+
    Virtual router name.
    +
    +
    + vrlist +
    list
    +     		When name is not specified. +
    List of virtual router specs.
    +
    +
    +

    + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_virtual_router_module.rst b/docs/modules/panos_virtual_router_module.rst index 158ae6d9..cdb65ae3 100644 --- a/docs/modules/panos_virtual_router_module.rst +++ b/docs/modules/panos_virtual_router_module.rst @@ -227,7 +227,7 @@ Parameters - Default:
    default
    + Default:
    "default"
    Name of virtual router
    @@ -359,7 +359,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -417,7 +417,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -489,5 +489,6 @@ Authors ~~~~~~~ - Joshua Colson (@freakinhippie) +- Garfield Lee Freeman (@shinmog) diff --git a/docs/modules/panos_vlan_interface_module.rst b/docs/modules/panos_vlan_interface_module.rst index a05c470d..467b07f3 100644 --- a/docs/modules/panos_vlan_interface_module.rst +++ b/docs/modules/panos_vlan_interface_module.rst @@ -384,7 +384,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -429,7 +429,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_vlan_module.rst b/docs/modules/panos_vlan_module.rst index ebfb8a56..27b6deac 100644 --- a/docs/modules/panos_vlan_module.rst +++ b/docs/modules/panos_vlan_module.rst @@ -224,7 +224,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -282,7 +282,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    diff --git a/docs/modules/panos_zone_facts_module.rst b/docs/modules/panos_zone_facts_module.rst new file mode 100644 index 00000000..3ee2b497 --- /dev/null +++ b/docs/modules/panos_zone_facts_module.rst @@ -0,0 +1,470 @@ +:source: panos_zone_facts.py + +:orphan: + +.. _panos_zone_facts_module: + + +panos_zone_facts -- Retrieves zone information +++++++++++++++++++++++++++++++++++++++++++++++ + +.. versionadded:: 2.8 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- Retrieves information on zones from a firewall or Panorama. + + + +Requirements +------------ +The below requirements are needed on the host that executes this module. + +- pan-python +- pandevice + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    ParameterChoices/DefaultsComments
    + api_key +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + name +
    + - +
    +     		+ +
    Name of the security zone.
    +
    + password +
    + string +
    +     		+ +
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The port number to connect to the PAN-OS device on.
    +
    + provider +
    + - +
    +
    added in 2.8
    		 + +
    A dict object containing connection details.
    +
    + api_key +
    + string +
    +     		+ +
    The API key to use instead of generating it using username / password.
    +
    + ip_address +
    + string +
    +     		+ +
    The IP address or hostname of the PAN-OS device being configured.
    +
    + password +
    + string +
    +     		+ +
    The password to use for authentication. This is ignored if api_key is specified.
    +
    + port +
    + integer +
    +     		+ Default:
    443
    +     		+
    The port number to connect to the PAN-OS device on.
    +
    + serial_number +
    + string +
    +     		+ +
    The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + template +
    + string +
    +     		+ +
    (Panorama only) The template this operation should target. Mutually exclusive with template_stack.
    +
    + template_stack +
    + string +
    +     		+ +
    (Panorama only) The template stack this operation should target. Mutually exclusive with template.
    +
    + username +
    + string +
    +     		+ Default:
    "admin"
    +     		+
    Deprecated
    +
    Use provider to specify PAN-OS connectivity instead.
    +
    +
    The username to use for authentication. This is ignored if api_key is specified.
    +
    + vsys +
    + string +
    +     		+ Default:
    "vsys1"
    +     		+
    The vsys this object belongs to.
    +
    +
    + + +Notes +----- + +.. note:: + - Panorama is supported. + - Check mode is not supported. + - PAN-OS connectivity should be specified using *provider* or the classic PAN-OS connectivity params (*ip_address*, *username*, *password*, *api_key*, and *port*). If both are present, then the classic params are ignored. + - If the PAN-OS to be configured is Panorama, either *template* or *template_stack* must be specified. + + + +Examples +-------- + +.. code-block:: yaml+jinja + + + # Get information on a specific zone + - name: Get zone3 info + panos_zone_facts: + provider: '{{ provider }}' + name: 'zone3' + register: ans + + # Get the config of all zones + - name: Get all zones + panos_zone_facts: + provider: '{{ provider }}' + register: zones + + + + +Return Values +------------- +Common return values are `documented here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    KeyReturnedDescription
    + spec +
    complex
    +     		When name is specified. +
    The spec of the specified virtual router.
    +
    +
      + enable_userid +
    boolean
    +     		+
    Enable user identification.
    +
    +
      + exclude_acl +
    list
    +     		+
    User identification ACL exclude list.
    +
    +
      + include_acl +
    list
    +     		+
    User identification ACL include list.
    +
    +
      + interface +
    list
    +     		+
    List of interfaces.
    +
    +
      + log_setting +
    -
    +     		+
    Log forwarding setting.
    +
    +
      + mode +
    -
    +     		+
    The mode of the zone.
    +
    +
      + zone +
    -
    +     		+
    The name.
    +
    +
      + zone_profile +
    -
    +     		+
    Zone protection profile.
    +
    +
    + zones +
    list
    +     		When name is not specified. +
    List of zone specs.
    +
    +
    +

    + + +Status +------ + + + + +- This module is not guaranteed to have a backwards compatible interface. *[preview]* + + +- This module is `maintained by the Ansible Community `_. + + + + + +Authors +~~~~~~~ + +- Garfield Lee Freeman (@shinmog) + + diff --git a/docs/modules/panos_zone_module.rst b/docs/modules/panos_zone_module.rst index 53d06289..5f813b26 100644 --- a/docs/modules/panos_zone_module.rst +++ b/docs/modules/panos_zone_module.rst @@ -288,7 +288,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    The username to use for authentication. This is ignored if api_key is specified.
    @@ -346,7 +346,7 @@ Parameters - Default:
    admin
    + Default:
    "admin"
    Deprecated
    @@ -363,7 +363,7 @@ Parameters - Default:
    vsys1
    + Default:
    "vsys1"
    The vsys this object belongs to.
    @@ -474,5 +474,6 @@ Authors ~~~~~~~ - Robert Hagen (@stealthllama) +- Garfield Lee Freeman (@shinmog) diff --git a/library/panos_address_group.py b/library/panos_address_group.py index 7eda1d73..21b5d90b 100644 --- a/library/panos_address_group.py +++ b/library/panos_address_group.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # @@ -27,7 +28,9 @@ short_description: Create address group objects on PAN-OS devices. description: - Create address group objects on PAN-OS devices. -author: "Michael Richardson (@mrichardson03)" +author: + - Michael Richardson (@mrichardson03) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_address_object.py b/library/panos_address_object.py index 1da8db0a..9fdd261f 100644 --- a/library/panos_address_object.py +++ b/library/panos_address_object.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # @@ -27,7 +28,9 @@ short_description: Create address objects on PAN-OS devices. description: - Create address objects on PAN-OS devices. -author: "Michael Richardson (@mrichardson03)" +author: + - Michael Richardson (@mrichardson03) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_admin.py b/library/panos_admin.py index e1965cbc..2b045672 100755 --- a/library/panos_admin.py +++ b/library/panos_admin.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_administrator.py b/library/panos_administrator.py index 99ecd605..a3377053 100755 --- a/library/panos_administrator.py +++ b/library/panos_administrator.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -27,7 +28,7 @@ short_description: Manage PAN-OS administrator user accounts. description: - Manages PAN-OS administrator user accounts. -author: "Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)" +author: "Garfield Lee Freeman (@shinmog)" version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_admpwd.py b/library/panos_admpwd.py index cd3046bf..547a0aa8 100755 --- a/library/panos_admpwd.py +++ b/library/panos_admpwd.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_api_key.py b/library/panos_api_key.py index 128affc5..a50870ef 100644 --- a/library/panos_api_key.py +++ b/library/panos_api_key.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # @@ -27,7 +28,9 @@ short_description: retrieve api_key for username/password combination description: - This module will allow retrieval of the api_key for a given username/password -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp.py b/library/panos_bgp.py index 02e54384..52fb8c38 100644 --- a/library/panos_bgp.py +++ b/library/panos_bgp.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures Border Gateway Protocol (BGP) description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.9" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_aggregate.py b/library/panos_bgp_aggregate.py index b1b3adae..5840e7d4 100644 --- a/library/panos_bgp_aggregate.py +++ b/library/panos_bgp_aggregate.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Aggregation Prefix Policy description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_auth.py b/library/panos_bgp_auth.py index 5345d668..b427c48e 100644 --- a/library/panos_bgp_auth.py +++ b/library/panos_bgp_auth.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Authentication Profile description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_conditional_advertisement.py b/library/panos_bgp_conditional_advertisement.py index 3d1f71f2..982726c4 100644 --- a/library/panos_bgp_conditional_advertisement.py +++ b/library/panos_bgp_conditional_advertisement.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -37,7 +38,9 @@ non-exist and one advertise filter. - When modifying a BGP conditional advertisement, any filters attached are left as-is, unless I(advertise_filter) or I(non_exist_filter) are specified. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_dampening.py b/library/panos_bgp_dampening.py index 96d628b2..7f6d0605 100644 --- a/library/panos_bgp_dampening.py +++ b/library/panos_bgp_dampening.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Dampening Profile description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_peer.py b/library/panos_bgp_peer.py index df92b3e2..6e5e8cea 100644 --- a/library/panos_bgp_peer.py +++ b/library/panos_bgp_peer.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Peer description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_peer_group.py b/library/panos_bgp_peer_group.py index 6aac3ddb..88fe7523 100644 --- a/library/panos_bgp_peer_group.py +++ b/library/panos_bgp_peer_group.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Peer Group description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.9" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_policy_filter.py b/library/panos_bgp_policy_filter.py index 4a2a215e..33cb235d 100644 --- a/library/panos_bgp_policy_filter.py +++ b/library/panos_bgp_policy_filter.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Policy Import/Export Rule description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.9" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_policy_rule.py b/library/panos_bgp_policy_rule.py index 182be886..48b096ff 100644 --- a/library/panos_bgp_policy_rule.py +++ b/library/panos_bgp_policy_rule.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Policy Import/Export Rule description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_bgp_redistribute.py b/library/panos_bgp_redistribute.py index 2ae9dc0b..acad648d 100644 --- a/library/panos_bgp_redistribute.py +++ b/library/panos_bgp_redistribute.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a BGP Redistribution Rule description: - Use BGP to publish and consume routes from disparate networks. -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_cert_gen_ssh.py b/library/panos_cert_gen_ssh.py index 8b10b801..a52badad 100755 --- a/library/panos_cert_gen_ssh.py +++ b/library/panos_cert_gen_ssh.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_check.py b/library/panos_check.py index 2768a1ce..ca326b64 100755 --- a/library/panos_check.py +++ b/library/panos_check.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # @@ -21,7 +22,10 @@ description: - Check if PAN-OS device is ready for being configured (no pending jobs). - The check could be done once or multiple times until the device is ready. -author: "Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)" +author: + - Luigi Mori (@jtschichold) + - Ivan Bojer (@ivanbojer) + - Garfield Lee Freeman (@shinmog) version_added: "2.3" requirements: - pan-python diff --git a/library/panos_commit.py b/library/panos_commit.py index 61fafad2..dc13d080 100644 --- a/library/panos_commit.py +++ b/library/panos_commit.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # @@ -28,7 +29,9 @@ description: - Module that will commit the candidate configuration of a PAN-OS device. - The new configuration will become active immediately. -author: "Michael Richardson (@mrichardson03)" +author: + - Michael Richardson (@mrichardson03) + - Garfield Lee Freeman (@shinmog) version_added: "2.3" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_dag.py b/library/panos_dag.py index 9e6e22b7..077d0da6 100755 --- a/library/panos_dag.py +++ b/library/panos_dag.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_dag_tags.py b/library/panos_dag_tags.py index 0be6ae27..2b4c98a1 100644 --- a/library/panos_dag_tags.py +++ b/library/panos_dag_tags.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_email_profile.py b/library/panos_email_profile.py new file mode 100644 index 00000000..8b34947e --- /dev/null +++ b/library/panos_email_profile.py @@ -0,0 +1,199 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_email_profile +short_description: Manage email server profiles. +description: + - Manages email server profiles. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + name: + description: + - Name of the profile. + required: true + config: + description: + - Custom config log format. + system: + description: + - Custom system log format. + threat: + description: + - Custom threat log format. + traffic: + description: + - Custom traffic log format. + hip_match: + description: + - Custom HIP match log format. + url: + description: + - PAN-OS 8.0+ + - Custom url log format. + data: + description: + - PAN-OS 8.0+ + - Custom data log format. + wildfire: + description: + - PAN-OS 8.0+ + - Custom wildfire log format. + tunnel: + description: + - PAN-OS 8.0+ + - Custom tunnel log format. + user_id: + description: + - PAN-OS 8.0+ + - Custom user-ID log format. + gtp: + description: + - PAN-OS 8.0+ + - Custom GTP log format. + auth: + description: + - PAN-OS 8.0+ + - Custom auth log format. + sctp: + description: + - PAN-OS 8.1+ + - Custom SCTP log format. + iptag: + description: + - PAN-OS 9.0+ + - Custom Iptag log format. + escaped_characters: + description: + - Characters to be escaped. + escape_character: + description: + - Escape character +''' + +EXAMPLES = ''' +# Create a profile +- name: Create email profile + panos_email_profile: + provider: '{{ provider }}' + name: 'my-profile' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import EmailServerProfile + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + name=dict(required=True), + config=dict(), + system=dict(), + threat=dict(), + traffic=dict(), + hip_match=dict(), + url=dict(), + data=dict(), + wildfire=dict(), + tunnel=dict(), + user_id=dict(), + gtp=dict(), + auth=dict(), + sctp=dict(), + iptag=dict(), + escaped_characters=dict(), + escape_character=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + try: + listing = EmailServerProfile.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = { + 'name': module.params['name'], + 'config': module.params['config'], + 'system': module.params['system'], + 'threat': module.params['threat'], + 'traffic': module.params['traffic'], + 'hip_match': module.params['hip_match'], + 'url': module.params['url'], + 'data': module.params['data'], + 'wildfire': module.params['wildfire'], + 'tunnel': module.params['tunnel'], + 'user_id': module.params['user_id'], + 'gtp': module.params['gtp'], + 'auth': module.params['auth'], + 'sctp': module.params['sctp'], + 'iptag': module.params['iptag'], + 'escaped_characters': module.params['escaped_characters'], + 'escape_character': module.params['escape_character'], + } + obj = EmailServerProfile(**spec) + parent.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_email_server.py b/library/panos_email_server.py new file mode 100644 index 00000000..cb46eb67 --- /dev/null +++ b/library/panos_email_server.py @@ -0,0 +1,149 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_email_server +short_description: Manage email servers in an email profile. +description: + - Manages email servers in an email server profile. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + email_profile: + description: + - Name of the email server profile. + required: True + name: + description: + - Server name. + required: True + display_name: + description: + - Display name + from_email: + description: + - From email address + to_email: + description: + - Destination email address. + also_to_email: + description: + - Additional destination email address + email_gateway: + description: + - IP address or FQDN of email gateway to use. +''' + +EXAMPLES = ''' +# Create a profile +- name: Create email server in an email profile + panos_email_server: + provider: '{{ provider }}' + email_profile: 'my-profile' + name: 'my-email-server' + from_email: 'alerts@example.com' + to_email: 'notify@example.com' + email_gateway: 'smtp.example.com' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import EmailServerProfile + from pandevice.device import EmailServer + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + email_profile=dict(required=True), + name=dict(required=True), + display_name=dict(), + from_email=dict(), + to_email=dict(), + also_to_email=dict(), + email_gateway=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = EmailServerProfile(module.params['email_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + listing = sp.findall(EmailServer) + + spec = { + 'name': module.params['name'], + 'display_name': module.params['display_name'], + 'from': module.params['from_email'], + 'to': module.params['to_email'], + 'also_to': module.params['also_to_email'], + 'email_gateway': module.params['email_gateway'], + } + obj = EmailServer(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_facts.py b/library/panos_facts.py index ca54acc7..ab1f551c 100644 --- a/library/panos_facts.py +++ b/library/panos_facts.py @@ -21,6 +21,7 @@ - Collects fact information from Palo Alto Networks firewall running PanOS. author: - Tomi Raittinen (@traittinen) + - Garfield Lee Freeman (@shinmog) notes: - Tested on PanOS 8.0.5 - Checkmode is not supported. diff --git a/library/panos_http_profile.py b/library/panos_http_profile.py new file mode 100644 index 00000000..b496bb00 --- /dev/null +++ b/library/panos_http_profile.py @@ -0,0 +1,335 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_http_profile +short_description: Manage http server profiles. +description: + - Manages http server profiles. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 + - PAN-OS >= 8.0 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + name: + description: + - Name of the profile. + required: true + tag_registration: + description: + - The server should have user-ID agent running in order for tag + registration to work. + type: bool + config_name: + description: + - Name for custom config format. + config_uri_format: + description: + - URI format for custom config format. + config_payload: + description: + - Payload for custom config format. + system_name: + description: + - Name for custom config format. + system_uri_format: + description: + - URI format for custom config format. + system_payload: + description: + - Payload for custom config format. + threat_name: + description: + - Name for custom config format. + threat_uri_format: + description: + - URI format for custom config format. + threat_payload: + description: + - Payload for custom config format. + traffic_name: + description: + - Name for custom config format. + traffic_uri_format: + description: + - URI format for custom config format. + traffic_payload: + description: + - Payload for custom config format. + hip_match_name: + description: + - Name for custom config format. + hip_match_uri_format: + description: + - URI format for custom config format. + hip_match_payload: + description: + - Payload for custom config format. + url_name: + description: + - Name for custom config format. + url_uri_format: + description: + - URI format for custom config format. + url_payload: + description: + - Payload for custom config format. + data_name: + description: + - Name for custom config format. + data_uri_format: + description: + - URI format for custom config format. + data_payload: + description: + - Payload for custom config format. + wildfire_name: + description: + - Name for custom config format. + wildfire_uri_format: + description: + - URI format for custom config format. + wildfire_payload: + description: + - Payload for custom config format. + tunnel_name: + description: + - Name for custom config format. + tunnel_uri_format: + description: + - URI format for custom config format. + tunnel_payload: + description: + - Payload for custom config format. + user_id_name: + description: + - Name for custom config format. + user_id_uri_format: + description: + - URI format for custom config format. + user_id_payload: + description: + - Payload for custom config format. + gtp_name: + description: + - Name for custom config format. + gtp_uri_format: + description: + - URI format for custom config format. + gtp_payload: + description: + - Payload for custom config format. + auth_name: + description: + - Name for custom config format. + auth_uri_format: + description: + - URI format for custom config format. + auth_payload: + description: + - Payload for custom config format. + sctp_name: + description: + - PAN-OS 8.1+. + - Name for custom config format. + sctp_uri_format: + description: + - PAN-OS 8.1+. + - URI format for custom config format. + sctp_payload: + description: + - PAN-OS 8.1+. + - Payload for custom config format. + iptag_name: + description: + - PAN-OS 9.0+. + - Name for custom config format. + iptag_uri_format: + description: + - PAN-OS 9.0+. + - URI format for custom config format. + iptag_payload: + description: + - PAN-OS 9.0+. + - Payload for custom config format. +''' + +EXAMPLES = ''' +# Create a profile +- name: Create http profile + panos_http_profile: + provider: '{{ provider }}' + name: 'my-profile' + tag_registration: true +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import HttpServerProfile + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + name=dict(required=True), + tag_registration=dict(type='bool'), + config_name=dict(), + config_uri_format=dict(), + config_payload=dict(), + system_name=dict(), + system_uri_format=dict(), + system_payload=dict(), + threat_name=dict(), + threat_uri_format=dict(), + threat_payload=dict(), + traffic_name=dict(), + traffic_uri_format=dict(), + traffic_payload=dict(), + hip_match_name=dict(), + hip_match_uri_format=dict(), + hip_match_payload=dict(), + url_name=dict(), + url_uri_format=dict(), + url_payload=dict(), + data_name=dict(), + data_uri_format=dict(), + data_payload=dict(), + wildfire_name=dict(), + wildfire_uri_format=dict(), + wildfire_payload=dict(), + tunnel_name=dict(), + tunnel_uri_format=dict(), + tunnel_payload=dict(), + user_id_name=dict(), + user_id_uri_format=dict(), + user_id_payload=dict(), + gtp_name=dict(), + gtp_uri_format=dict(), + gtp_payload=dict(), + auth_name=dict(), + auth_uri_format=dict(), + auth_payload=dict(), + sctp_name=dict(), + sctp_uri_format=dict(), + sctp_payload=dict(), + iptag_name=dict(), + iptag_uri_format=dict(), + iptag_payload=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + try: + listing = HttpServerProfile.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = { + 'name': module.params['name'], + 'tag_registration': module.params['tag_registration'], + 'config_name': module.params['config_name'], + 'config_uri_format': module.params['config_uri_format'], + 'config_payload': module.params['config_payload'], + 'system_name': module.params['system_name'], + 'system_uri_format': module.params['system_uri_format'], + 'system_payload': module.params['system_payload'], + 'threat_name': module.params['threat_name'], + 'threat_uri_format': module.params['threat_uri_format'], + 'threat_payload': module.params['threat_payload'], + 'traffic_name': module.params['traffic_name'], + 'traffic_uri_format': module.params['traffic_uri_format'], + 'traffic_payload': module.params['traffic_payload'], + 'hip_match_name': module.params['hip_match_name'], + 'hip_match_uri_format': module.params['hip_match_uri_format'], + 'hip_match_payload': module.params['hip_match_payload'], + 'url_name': module.params['url_name'], + 'url_uri_format': module.params['url_uri_format'], + 'url_payload': module.params['url_payload'], + 'data_name': module.params['data_name'], + 'data_uri_format': module.params['data_uri_format'], + 'data_payload': module.params['data_payload'], + 'wildfire_name': module.params['wildfire_name'], + 'wildfire_uri_format': module.params['wildfire_uri_format'], + 'wildfire_payload': module.params['wildfire_payload'], + 'tunnel_name': module.params['tunnel_name'], + 'tunnel_uri_format': module.params['tunnel_uri_format'], + 'tunnel_payload': module.params['tunnel_payload'], + 'user_id_name': module.params['user_id_name'], + 'user_id_uri_format': module.params['user_id_uri_format'], + 'user_id_payload': module.params['user_id_payload'], + 'gtp_name': module.params['gtp_name'], + 'gtp_uri_format': module.params['gtp_uri_format'], + 'gtp_payload': module.params['gtp_payload'], + 'auth_name': module.params['auth_name'], + 'auth_uri_format': module.params['auth_uri_format'], + 'auth_payload': module.params['auth_payload'], + 'sctp_name': module.params['sctp_name'], + 'sctp_uri_format': module.params['sctp_uri_format'], + 'sctp_payload': module.params['sctp_payload'], + 'iptag_name': module.params['iptag_name'], + 'iptag_uri_format': module.params['iptag_uri_format'], + 'iptag_payload': module.params['iptag_payload'], + } + obj = HttpServerProfile(**spec) + parent.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_http_profile_header.py b/library/panos_http_profile_header.py new file mode 100644 index 00000000..f2d18ca8 --- /dev/null +++ b/library/panos_http_profile_header.py @@ -0,0 +1,180 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_http_profile_header +short_description: Manage HTTP headers for a HTTP profile. +description: + - Manages HTTP headers for a HTTP profile. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 + - PAN-OS >= 8.0 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + http_profile: + description: + - Name of the http server profile. + required: True + log_type: + description: + - The log type for this header. + choices: + - config + - system + - threat + - traffic + - hip match + - url + - data + - wildfire + - tunnel + - user id + - gtp + - auth + - sctp + - iptag + required: True + header: + description: + - The header name. + required: True + value: + description: + - The value to assign the header. +''' + +EXAMPLES = ''' +- name: Add a header to the config log type + panos_http_profile_header: + provider: '{{ provider }}' + http_profile: 'my-profile' + log_type: 'user id' + header: 'Content-Type' + value: 'application/json' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import HttpServerProfile + from pandevice.device import HttpConfigHeader + from pandevice.device import HttpSystemHeader + from pandevice.device import HttpThreatHeader + from pandevice.device import HttpTrafficHeader + from pandevice.device import HttpHipMatchHeader + from pandevice.device import HttpUrlHeader + from pandevice.device import HttpDataHeader + from pandevice.device import HttpWildfireHeader + from pandevice.device import HttpTunnelHeader + from pandevice.device import HttpUserIdHeader + from pandevice.device import HttpGtpHeader + from pandevice.device import HttpAuthHeader + from pandevice.device import HttpSctpHeader + from pandevice.device import HttpIpTagHeader + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + cls_map = { + 'config': HttpConfigHeader, + 'system': HttpSystemHeader, + 'threat': HttpThreatHeader, + 'traffic': HttpTrafficHeader, + 'hip match': HttpHipMatchHeader, + 'url': HttpUrlHeader, + 'data': HttpDataHeader, + 'wildfire': HttpWildfireHeader, + 'tunnel': HttpTunnelHeader, + 'user id': HttpUserIdHeader, + 'gtp': HttpGtpHeader, + 'auth': HttpAuthHeader, + 'sctp': HttpSctpHeader, + 'iptag': HttpIpTagHeader, + } + + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + http_profile=dict(required=True), + log_type=dict(required=True, choices=sorted(cls_map.keys())), + header=dict(required=True), + value=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = HttpServerProfile(module.params['http_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + cls = cls_map[module.params['log_type']] + + listing = sp.findall(cls) + + spec = { + 'name': module.params['header'], + 'value': module.params['value'], + } + obj = cls(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_http_profile_param.py b/library/panos_http_profile_param.py new file mode 100644 index 00000000..4c42ad45 --- /dev/null +++ b/library/panos_http_profile_param.py @@ -0,0 +1,180 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_http_profile_param +short_description: Manage HTTP params for a HTTP profile. +description: + - Manages HTTP params for a HTTP profile. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 + - PAN-OS >= 8.0 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + http_profile: + description: + - Name of the http server profile. + required: True + log_type: + description: + - The log type for this parameter. + choices: + - config + - system + - threat + - traffic + - hip match + - url + - data + - wildfire + - tunnel + - user id + - gtp + - auth + - sctp + - iptag + required: True + param: + description: + - The param name. + required: True + value: + description: + - The value to assign the param. +''' + +EXAMPLES = ''' +- name: Add a param to the config log type + panos_http_profile_param: + provider: '{{ provider }}' + http_profile: 'my-profile' + log_type: 'user id' + param: 'serial' + value: '$serial' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import HttpServerProfile + from pandevice.device import HttpConfigParam + from pandevice.device import HttpSystemParam + from pandevice.device import HttpThreatParam + from pandevice.device import HttpTrafficParam + from pandevice.device import HttpHipMatchParam + from pandevice.device import HttpUrlParam + from pandevice.device import HttpDataParam + from pandevice.device import HttpWildfireParam + from pandevice.device import HttpTunnelParam + from pandevice.device import HttpUserIdParam + from pandevice.device import HttpGtpParam + from pandevice.device import HttpAuthParam + from pandevice.device import HttpSctpParam + from pandevice.device import HttpIpTagParam + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + cls_map = { + 'config': HttpConfigParam, + 'system': HttpSystemParam, + 'threat': HttpThreatParam, + 'traffic': HttpTrafficParam, + 'hip match': HttpHipMatchParam, + 'url': HttpUrlParam, + 'data': HttpDataParam, + 'wildfire': HttpWildfireParam, + 'tunnel': HttpTunnelParam, + 'user id': HttpUserIdParam, + 'gtp': HttpGtpParam, + 'auth': HttpAuthParam, + 'sctp': HttpSctpParam, + 'iptag': HttpIpTagParam, + } + + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + http_profile=dict(required=True), + log_type=dict(required=True, choices=sorted(cls_map.keys())), + param=dict(required=True), + value=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = HttpServerProfile(module.params['http_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + cls = cls_map[module.params['log_type']] + + listing = sp.findall(cls) + + spec = { + 'name': module.params['param'], + 'value': module.params['value'], + } + obj = cls(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_http_server.py b/library/panos_http_server.py new file mode 100644 index 00000000..2ef3d634 --- /dev/null +++ b/library/panos_http_server.py @@ -0,0 +1,179 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_http_server +short_description: Manage HTTP servers in a HTTP server profile. +description: + - Manages HTTP servers in a HTTP server profile. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 + - PAN-OS >= 8.0 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + http_profile: + description: + - Name of the http server profile. + required: True + name: + description: + - Server name. + required: True + address: + description: + - IP address or FQDN of the HTTP server + required: True + protocol: + description: + - The protocol. + choices: + - HTTP + - HTTPS + default: 'HTTPS' + http_port: + description: + - Port number. + type: int + default: 443 + tls_version: + description: + - PAN-OS 9.0+ + - TLS handshake protocol version + choices: + - 1.0 + - 1.1 + - 1.2 + certificate_profile: + description: + - PAN-OS 9.0+ + - Certificate profile for validating server cert. + http_method: + description: + - HTTP method to use. + default: 'POST' + http_username: + description: + - Username for basic HTTP auth. + http_password: + description: + - Password for basic HTTP auth. +''' + +EXAMPLES = ''' +- name: Create http server + panos_http_server: + provider: '{{ provider }}' + http_profile: 'my-profile' + name: 'my-http-server' + address: '192.168.1.5' + http_method: 'GET' + http_username: 'jack' + http_password: 'burton' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import HttpServerProfile + from pandevice.device import HttpServer + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + http_profile=dict(required=True), + name=dict(required=True), + address=dict(required=True), + protocol=dict(default='HTTPS', choices=['HTTP', 'HTTPS']), + http_port=dict(type='int', default=443), + tls_version=dict(choices=['1.0', '1.1', '1.2']), + certificate_profile=dict(), + http_method=dict(default='POST'), + http_username=dict(), + http_password=dict(no_log=True), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = HttpServerProfile(module.params['http_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + listing = sp.findall(HttpServer) + + spec = { + 'name': module.params['name'], + 'address': module.params['address'], + 'protocol': module.params['protocol'], + 'port': module.params['http_port'], + 'tls_version': module.params['tls_version'], + 'certificate_profile': module.params['certificate_profile'], + 'http_method': module.params['http_method'], + 'username': module.params['http_username'], + 'password': module.params['http_password'], + } + obj = HttpServer(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_ike_crypto_profile.py b/library/panos_ike_crypto_profile.py index 36565e78..ef960c3e 100644 --- a/library/panos_ike_crypto_profile.py +++ b/library/panos_ike_crypto_profile.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type diff --git a/library/panos_ike_gateway.py b/library/panos_ike_gateway.py index 605ee1c8..f836448e 100644 --- a/library/panos_ike_gateway.py +++ b/library/panos_ike_gateway.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type diff --git a/library/panos_import.py b/library/panos_import.py index 045ccc4d..95336c7c 100755 --- a/library/panos_import.py +++ b/library/panos_import.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_interface.py b/library/panos_interface.py index c26c8fc6..1a8ea35d 100644 --- a/library/panos_interface.py +++ b/library/panos_interface.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # @@ -20,7 +21,10 @@ short_description: configure data-port network interfaces description: - Configure data-port (DP) network interface. By default DP interfaces are static. -author: "Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)" +author: + - Luigi Mori (@jtschichold) + - Ivan Bojer (@ivanbojer) + - Garfield Lee Freeman (@shinmog) version_added: "2.3" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_ipsec_ipv4_proxyid.py b/library/panos_ipsec_ipv4_proxyid.py new file mode 100644 index 00000000..7b50d063 --- /dev/null +++ b/library/panos_ipsec_ipv4_proxyid.py @@ -0,0 +1,211 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + + +DOCUMENTATION = ''' +--- +module: panos_ipsec_ipv4_proxyid +short_description: Configures IPv4 Proxy Id on an IPSec Tunnel +author: "Heiko Burghardt (@odysseus107)" +version_added: "2.8" +requirements: + - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) + - pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice) +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.state + - panos.full_template_support +options: + name: + description: + - The Proxy ID + required: true + tunnel_name: + description: + - IPSec Tunnel Name + required: true + local: + description: + - IP subnet or IP address represents the local network + required: true + remote: + description: + - IP subnet or IP address represents the remote network + required: true + any_protocol: + description: + - Any protocol boolean + default: True + type: bool + number_proto: + description: + - Numbered Protocol: protocol number (1-254) + type: int + tcp_local_port: + description: + - Protocol TCP: local port + type: int + tcp_remote_port: + description: + - Protocol TCP: remote port + type: int + udp_local_port: + description: + Protocol UDP: local port + type: int + udp_remote_port: + description: + - Protocol UDP: remote port + type: int + commit: + description: + - Commit configuration if changed. + default: True + type: bool +''' + +EXAMPLES = ''' +- name: Add IPSec IPv4 Proxy ID + panos_ipsec_ipv4_proxyid: + provider: '{{ provider }}' + name: 'IPSec-ProxyId' + tunnel_name: 'Default_Tunnel' + local: '192.168.2.0/24' + remote: '192.168.1.0/24' + commit: False +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + +try: + from pandevice.network import IpsecTunnel + from pandevice.network import IpsecTunnelIpv4ProxyId + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + template=True, + template_stack=True, + with_classic_provider_spec=True, + with_state=True, + argument_spec=dict( + name=dict( + type='str', required=True, + help='The Proxy ID'), + tunnel_name=dict( + default='default', + help='The IPSec Tunnel Name'), + local=dict( + default='192.168.2.0/24', + help='IP subnet or IP address represents the local network'), + remote=dict( + default='192.168.1.0/24', + help='IP subnet or IP address represents the remote network'), + any_protocol=dict( + type='bool', default=True, + help='Any protocol boolean'), + number_proto=dict( + type='int', + help='Numbered Protocol: protocol number (1-254)'), + tcp_local_port=dict( + type='int', + help='Protocol TCP: local port'), + tcp_remote_port=dict( + type='int', + help='Protocol TCP: remote port'), + udp_local_port=dict( + type='int', + help='Protocol UDP: local port'), + udp_remote_port=dict( + type='int', + help='Protocol UDP: remote port'), + commit=dict( + type='bool', default=True, + help='Commit configuration if changed'), + ) + ) + + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of + ) + + # Object specifications + spec = { + 'name': module.params['name'], + 'local': module.params['local'], + 'remote': module.params['remote'], + 'any_protocol': module.params['any_protocol'], + 'number_protocol': module.params['number_proto'], + 'tcp_local_port': module.params['tcp_local_port'], + 'tcp_remote_port': module.params['tcp_remote_port'], + 'udp_local_port': module.params['udp_local_port'], + 'udp_remote_port': module.params['udp_remote_port'], + } + + # Additional infos + commit = module.params['commit'] + + # Verify libs are present, get parent object. + parent = helper.get_pandevice_parent(module) + tunnel_name = module.params['tunnel_name'] + + # get the tunnel object + tunnel = IpsecTunnel(tunnel_name) + parent.add(tunnel) + try: + tunnel.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + # get the listing + listing = tunnel.findall(IpsecTunnelIpv4ProxyId) + obj = IpsecTunnelIpv4ProxyId(**spec) + tunnel.add(obj) + + # Apply the state. + changed = helper.apply_state(obj, listing, module) + + # Commit. + if commit and changed: + helper.commit(module) + + # Done. + module.exit_json(changed=changed) + + +if __name__ == '__main__': + main() diff --git a/library/panos_ipsec_profile.py b/library/panos_ipsec_profile.py index c5858621..51698f18 100644 --- a/library/panos_ipsec_profile.py +++ b/library/panos_ipsec_profile.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type diff --git a/library/panos_ipsec_tunnel.py b/library/panos_ipsec_tunnel.py index 9990a2b1..3c793cd6 100644 --- a/library/panos_ipsec_tunnel.py +++ b/library/panos_ipsec_tunnel.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -79,22 +80,22 @@ - Outbound SPI in hex (manual-key). mk_interface: description: - – Interface to terminate tunnel (manual-key). + - Interface to terminate tunnel (manual-key). mk_remote_spi: description: - – Inbound SPI in hex (manual-key). + - Inbound SPI in hex (manual-key). mk_remote_address: description: - – Tunnel peer IP address (manual-key). + - Tunnel peer IP address (manual-key). mk_local_address_ip: description: - – Exact IP address if interface has multiple IP addresses (manual-key). + - Exact IP address if interface has multiple IP addresses (manual-key). mk_local_address_floating_ip: description: - – Floating IP address in HA Active-Active configuration (manual-key). + - Floating IP address in HA Active-Active configuration (manual-key). mk_protocol: description: - – Protocol for traffic through the tunnel (manual-key). + - Protocol for traffic through the tunnel (manual-key). choices: ['esp', 'ah'] mk_auth_type: description: @@ -102,7 +103,7 @@ choices: ['md5', 'sha1', 'sha256', 'sha384', 'sha512'] mk_auth_key: description: - – Authentication key (manual-key). + - Authentication key (manual-key). mk_esp_encryption: description: - Encryption algorithm for tunnel traffic (manual-key). @@ -112,30 +113,30 @@ - Encryption key (manual-key). gps_portal_address: description: - – GlobalProtect portal address (global-protect-satellite). + - GlobalProtect portal address (global-protect-satellite). gps_prefer_ipv6: description: - – Prefer to register portal in IPv6 (8.0+) (global-protect-satellite). + - Prefer to register portal in IPv6 (8.0+) (global-protect-satellite). type: bool default: False gps_interface: description: - – Interface to communicate with portal (global-protect-satellite). + - Interface to communicate with portal (global-protect-satellite). gps_interface_ipv4_ip: description: - – Exact IPv4 IP address if interface has multiple IP addresses (global-protect-satellite). + - Exact IPv4 IP address if interface has multiple IP addresses (global-protect-satellite). gps_interface_ipv6_ip: description: - – Exact IPv6 IP address if interface has multiple IP addresses (8.0+) (global-protect-satellite). + - Exact IPv6 IP address if interface has multiple IP addresses (8.0+) (global-protect-satellite). gps_interface_ipv4_floating_ip: description: - – Floating IPv4 IP address in HA Active-Active configuration (7.0+) (global-protect-satellite). + - Floating IPv4 IP address in HA Active-Active configuration (7.0+) (global-protect-satellite). gps_interface_ipv6_floating_ip: description: - – Floating IPv6 IP address in HA Active-Active configuration (8.0+) (global-protect-satellite). + - Floating IPv6 IP address in HA Active-Active configuration (8.0+) (global-protect-satellite). gps_publish_connected_routes: description: - – Enable publishing of connected and static routes (global-protect-satellite). + - Enable publishing of connected and static routes (global-protect-satellite). type: bool default: False gps_publish_routes: @@ -147,7 +148,7 @@ - GlobalProtect satellite certificate file name (global-protect-satellite). gps_certificate_profile: description: - – Profile for authenticating GlobalProtect gateway certificates (global-protect-satellite). + - Profile for authenticating GlobalProtect gateway certificates (global-protect-satellite). copy_tos: description: - Copy IP TOS bits from inner packet to IPSec packet (not recommended). @@ -155,7 +156,7 @@ default: False copy_flow_label: description: - – Copy IPv6 flow label for 6in6 tunnel from inner packet to IPSec packet (not recommended) (7.0+). + - Copy IPv6 flow label for 6in6 tunnel from inner packet to IPSec packet (not recommended) (7.0+). type: bool default: False enable_tunnel_monitor: diff --git a/library/panos_l2_subinterface.py b/library/panos_l2_subinterface.py new file mode 100644 index 00000000..a086bc8f --- /dev/null +++ b/library/panos_l2_subinterface.py @@ -0,0 +1,226 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DOCUMENTATION = ''' +--- +module: panos_l2_subinterface +short_description: configure layer2 subinterface +description: + - Configure a layer2 subinterface. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.8.0 +notes: + - Panorama is supported. + - Checkmode is supported. + - If the PAN-OS device is a firewall and I(vsys) is not specified, then + the vsys will default to I(vsys=vsys1). +extends_documentation_fragment: + - panos.transitional_provider + - panos.state + - panos.vsys_import + - panos.template_only +options: + name: + description: + - Name of the interface to configure. + required: true + tag: + description: + - Tag (vlan id) for the interface + required: true + type: int + lldp_enabled: + description: + - Enable LLDP + type: bool + lldp_profile: + description: + - Reference to an LLDP profile + netflow_profile: + description: + - Reference to a netflow profile. + comment: + description: + - Interface comment. + zone_name: + description: + - Name of the zone for the interface. + - If the zone does not exist it is created. + vlan_name: + description: + - The VLAN to put this interface in. + - If the VLAN does not exist it is created. +''' + +EXAMPLES = ''' +# Create ethernet1/1.5 +- name: ethernet1/1.5 in zone sales + panos_l2_subinterface: + provider: '{{ provider }}' + name: "ethernet1/1.5" + tag: 5 + zone_name: "sales" + vlan_name: "myVlan" +''' + +RETURN = ''' +# Default return values +''' + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.network import EthernetInterface + from pandevice.network import Layer2Subinterface + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_importable=True, + template=True, + with_classic_provider_spec=True, + with_state=True, + min_pandevice_version=(0, 8, 0), + argument_spec=dict( + name=dict(required=True), + tag=dict(required=True, type='int'), + lldp_enabled=dict(type='bool'), + lldp_profile=dict(), + netflow_profile=dict(), + comment=dict(), + zone_name=dict(), + vlan_name=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify libs are present, get the parent object. + parent = helper.get_pandevice_parent(module) + + # Get the object params. + spec = { + 'name': module.params['name'], + 'tag': module.params['tag'], + 'lldp_enabled': module.params['lldp_enabled'], + 'lldp_profile': module.params['lldp_profile'], + 'netflow_profile_l2': module.params['netflow_profile'], + 'comment': module.params['comment'], + } + + # Get other info. + state = module.params['state'] + zone_name = module.params['zone_name'] + vlan_name = module.params['vlan_name'] + vsys = module.params['vsys'] + + # Sanity check. + if '.' not in spec['name']: + module.fail_json(msg='Interface name does not have "." in it') + + # Retrieve the current config. + parent_eth = EthernetInterface(spec['name'].split('.')[0]) + parent.add(parent_eth) + try: + parent_eth.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + if parent_eth.mode != 'layer2': + module.fail_json(msg='{0} mode is {1}, not layer2'.format(parent_eth.name, parent_eth.mode)) + + interfaces = parent_eth.findall(Layer2Subinterface) + + # Build the object based on the user spec. + eth = Layer2Subinterface(**spec) + parent_eth.add(eth) + + # Which action should we take on the interface? + changed = False + reference_params = { + 'refresh': True, + 'update': not module.check_mode, + 'return_type': 'bool', + } + if state == 'present': + for item in interfaces: + if item.name != eth.name: + continue + # Interfaces have children, so don't compare them. + if not item.equal(eth, compare_children=False): + changed = True + eth.extend(item.children) + if not module.check_mode: + try: + eth.apply() + except PanDeviceError as e: + module.fail_json(msg='Failed apply: {0}'.format(e)) + break + else: + changed = True + if not module.check_mode: + try: + eth.create() + except PanDeviceError as e: + module.fail_json(msg='Failed create: {0}'.format(e)) + + # Set references. + try: + changed |= eth.set_vsys(vsys, **reference_params) + changed |= eth.set_zone(zone_name, mode=parent_eth.mode, **reference_params) + changed |= eth.set_vlan(vlan_name, **reference_params) + except PanDeviceError as e: + module.fail_json(msg='Failed setref: {0}'.format(e)) + elif state == 'absent': + # Remove references. + try: + changed |= eth.set_vlan(None, **reference_params) + changed |= eth.set_zone(None, mode=parent_eth.mode, **reference_params) + changed |= eth.set_vsys(None, **reference_params) + except PanDeviceError as e: + module.fail_json(msg='Failed setref: {0}'.format(e)) + + # Remove the interface. + if eth.name in [x.name for x in interfaces]: + changed = True + if not module.check_mode: + try: + eth.delete() + except PanDeviceError as e: + module.fail_json(msg='Failed delete: {0}'.format(e)) + + # Done! + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_l3_subinterface.py b/library/panos_l3_subinterface.py new file mode 100644 index 00000000..2482e7e2 --- /dev/null +++ b/library/panos_l3_subinterface.py @@ -0,0 +1,284 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DOCUMENTATION = ''' +--- +module: panos_l3_subinterface +short_description: configure layer3 subinterface +description: + - Configure a layer3 subinterface. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.8.0 +notes: + - Panorama is supported. + - Checkmode is supported. + - If the PAN-OS device is a firewall and I(vsys) is not specified, then + the vsys will default to I(vsys=vsys1). +extends_documentation_fragment: + - panos.transitional_provider + - panos.state + - panos.vsys_import + - panos.template_only +options: + name: + description: + - Name of the interface to configure. + required: true + tag: + description: + - Tag (vlan id) for the interface + required: true + type: int + ip: + description: + - List of static IP addresses. + type: list + ipv6_enabled: + description: + - Enable IPv6. + type: bool + management_profile: + description: + - Interface management profile name. + mtu: + description: + - MTU for layer3 interface. + type: int + adjust_tcp_mss: + description: + - Adjust TCP MSS for layer3 interface. + type: bool + netflow_profile: + description: + - Netflow profile for layer3 interface. + comment: + description: + - Interface comment. + ipv4_mss_adjust: + description: + - (7.1+) TCP MSS adjustment for IPv4. + type: int + ipv6_mss_adjust: + description: + - (7.1+) TCP MSS adjustment for IPv6. + type: int + enable_dhcp: + description: + - Enable DHCP on this interface. + type: bool + create_default_route: + description: + - Whether or not to add default route with router learned via DHCP. + type: bool + dhcp_default_route_metric: + description: + - Metric for the DHCP default route. + type: int + zone_name: + description: + - Name of the zone for the interface. + - If the zone does not exist it is created. + vr_name: + description: + - Virtual router to add this interface to. +''' + +EXAMPLES = ''' +# Create ethernet1/1.5 as DHCP. +- name: enable DHCP client on ethernet1/1.5 in zone public + panos_l3_subinterface: + provider: '{{ provider }}' + name: "ethernet1/1.5" + tag: 1 + create_default_route: True + zone_name: "public" + create_default_route: "yes" + +# Update ethernet1/2.7 with a static IP address in zone dmz. +- name: ethernet1/2.7 as static in zone dmz + panos_l3_subinterface: + provider: '{{ provider }}' + name: "ethernet1/2.7" + tag: 7 + enable_dhcp: false + ip: ["10.1.1.1/24"] + zone_name: "dmz" +''' + +RETURN = ''' +# Default return values +''' + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.network import EthernetInterface + from pandevice.network import Layer3Subinterface + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_importable=True, + template=True, + with_classic_provider_spec=True, + with_state=True, + min_pandevice_version=(0, 8, 0), + argument_spec=dict( + name=dict(required=True), + tag=dict(required=True, type='int'), + ip=dict(type='list'), + ipv6_enabled=dict(type='bool'), + management_profile=dict(), + mtu=dict(type='int'), + adjust_tcp_mss=dict(type='bool'), + netflow_profile=dict(), + comment=dict(), + ipv4_mss_adjust=dict(type='int'), + ipv6_mss_adjust=dict(type='int'), + enable_dhcp=dict(type='bool', default=True), + create_default_route=dict(type='bool', default=False), + dhcp_default_route_metric=dict(type='int'), + zone_name=dict(), + vr_name=dict(default='default'), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify libs are present, get the parent object. + parent = helper.get_pandevice_parent(module) + + # Get the object params. + spec = { + 'name': module.params['name'], + 'tag': module.params['tag'], + 'ip': module.params['ip'], + 'ipv6_enabled': module.params['ipv6_enabled'], + 'management_profile': module.params['management_profile'], + 'mtu': module.params['mtu'], + 'adjust_tcp_mss': module.params['adjust_tcp_mss'], + 'netflow_profile': module.params['netflow_profile'], + 'comment': module.params['comment'], + 'ipv4_mss_adjust': module.params['ipv4_mss_adjust'], + 'ipv6_mss_adjust': module.params['ipv6_mss_adjust'], + 'enable_dhcp': module.params['enable_dhcp'], + 'create_dhcp_default_route': module.params['create_default_route'], + 'dhcp_default_route_metric': module.params['dhcp_default_route_metric'], + } + + # Get other info. + state = module.params['state'] + zone_name = module.params['zone_name'] + vr_name = module.params['vr_name'] + vsys = module.params['vsys'] + + # Sanity check. + if '.' not in spec['name']: + module.fail_json(msg='Interface name does not have "." in it') + + # Retrieve the current config. + parent_eth = EthernetInterface(spec['name'].split('.')[0]) + parent.add(parent_eth) + try: + parent_eth.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + if parent_eth.mode != 'layer3': + module.fail_json(msg='{0} mode is {1}, not layer3'.format(parent_eth.name, parent_eth.mode)) + + interfaces = parent_eth.findall(Layer3Subinterface) + + # Build the object based on the user spec. + eth = Layer3Subinterface(**spec) + parent_eth.add(eth) + + # Which action should we take on the interface? + changed = False + reference_params = { + 'refresh': True, + 'update': not module.check_mode, + 'return_type': 'bool', + } + if state == 'present': + for item in interfaces: + if item.name != eth.name: + continue + # Interfaces have children, so don't compare them. + if not item.equal(eth, compare_children=False): + changed = True + eth.extend(item.children) + if not module.check_mode: + try: + eth.apply() + except PanDeviceError as e: + module.fail_json(msg='Failed apply: {0}'.format(e)) + break + else: + changed = True + if not module.check_mode: + try: + eth.create() + except PanDeviceError as e: + module.fail_json(msg='Failed create: {0}'.format(e)) + + # Set references. + try: + changed |= eth.set_vsys(vsys, **reference_params) + changed |= eth.set_zone(zone_name, mode=parent_eth.mode, **reference_params) + changed |= eth.set_virtual_router(vr_name, **reference_params) + except PanDeviceError as e: + module.fail_json(msg='Failed setref: {0}'.format(e)) + elif state == 'absent': + # Remove references. + try: + changed |= eth.set_virtual_router(None, **reference_params) + changed |= eth.set_zone(None, mode=parent_eth.mode, **reference_params) + changed |= eth.set_vsys(None, **reference_params) + except PanDeviceError as e: + module.fail_json(msg='Failed setref: {0}'.format(e)) + + # Remove the interface. + if eth.name in [x.name for x in interfaces]: + changed = True + if not module.check_mode: + try: + eth.delete() + except PanDeviceError as e: + module.fail_json(msg='Failed delete: {0}'.format(e)) + + # Done! + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_lic.py b/library/panos_lic.py index 4cc0e78b..c092f527 100755 --- a/library/panos_lic.py +++ b/library/panos_lic.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_loadcfg.py b/library/panos_loadcfg.py index 0387e25e..1857c2ef 100755 --- a/library/panos_loadcfg.py +++ b/library/panos_loadcfg.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_log_forwarding_profile.py b/library/panos_log_forwarding_profile.py new file mode 100644 index 00000000..d7397604 --- /dev/null +++ b/library/panos_log_forwarding_profile.py @@ -0,0 +1,123 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_log_forwarding_profile +short_description: Manage log forwarding profiles. +description: + - Manages log forwarding profiles. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + name: + description: + - Name of the profile. + required: true + description: + description: + - Profile description + enhanced_logging: + description: + - Valid for PAN-OS 8.1+ + - Enabling enhanced application logging. + type: 'bool' +''' + +EXAMPLES = ''' +# Create a profile +- name: Create log forwarding profile + panos_log_forwarding_profile + provider: '{{ provider }}' + name: 'my-profile' + enhanced_logging: true +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.objects import LogForwardingProfile + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + name=dict(required=True), + description=dict(), + enhanced_logging=dict(type='bool'), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + try: + listing = LogForwardingProfile.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = { + 'name': module.params['name'], + 'description': module.params['description'], + 'enhanced_logging': module.params['enhanced_logging'], + } + obj = LogForwardingProfile(**spec) + parent.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_log_forwarding_profile_match_list.py b/library/panos_log_forwarding_profile_match_list.py new file mode 100644 index 00000000..25fea56d --- /dev/null +++ b/library/panos_log_forwarding_profile_match_list.py @@ -0,0 +1,183 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_log_forwarding_profile_match_list +short_description: Manage log forwarding profile match lists. +description: + - Manages log forwarding profile match lists. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + log_forwarding_profile: + description: + - Name of the log forwarding profile to add this match list to. + required: True + name: + description: + - Name of the profile. + required: true + description: + description: + - Profile description + log_type: + description: + - Log type. + choices: + - traffic + - threat + - wildfire + - url + - data + - gtp + - tunnel + - auth + - sctp + default: 'traffic' + filter: + description: + - The filter. Leaving this empty means "All logs". + send_to_panorama: + description: + - Send to panorama or not + type: bool + snmp_profiles: + description: + - List of SNMP server profiles. + type: list + email_profiles: + description: + - List of email server profiles. + type: list + syslog_profiles: + description: + - List of syslog server profiles. + type: list + http_profiles: + description: + - List of HTTP server profiles. + type: list +''' + +EXAMPLES = ''' +# Create a server match list +- name: Create log forwarding profile match list + panos_log_forwarding_profile_match_list: + provider: '{{ provider }}' + log_forwarding_profile: 'my-profile' + name: 'ml-1' + description: 'created by Ansible' + log_type: 'threat' + filter: '(action eq allow) and (zone eq DMZ)' + syslog_profiles: ['syslog-prof1'] +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.objects import LogForwardingProfile + from pandevice.objects import LogForwardingProfileMatchList + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + log_forwarding_profile=dict(required=True), + name=dict(required=True), + description=dict(), + log_type=dict(default='traffic', choices=[ + 'traffic', 'threat', 'wildfire', + 'url', 'data', 'gtp', 'tunnel', 'auth', 'sctp']), + filter=dict(), + send_to_panorama=dict(type='bool'), + snmp_profiles=dict(type='list'), + email_profiles=dict(type='list'), + syslog_profiles=dict(type='list'), + http_profiles=dict(type='list'), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + lfp = LogForwardingProfile(module.params['log_forwarding_profile']) + parent.add(lfp) + try: + lfp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + listing = lfp.findall(LogForwardingProfileMatchList) + + spec = { + 'name': module.params['name'], + 'description': module.params['description'], + 'log_type': module.params['log_type'], + 'filter': module.params['filter'], + 'send_to_panorama': module.params['send_to_panorama'], + 'snmp_profiles': module.params['snmp_profiles'], + 'email_profiles': module.params['email_profiles'], + 'syslog_profiles': module.params['syslog_profiles'], + 'http_profiles': module.params['http_profiles'], + } + obj = LogForwardingProfileMatchList(**spec) + lfp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_log_forwarding_profile_match_list_action.py b/library/panos_log_forwarding_profile_match_list_action.py new file mode 100644 index 00000000..4acdd0fe --- /dev/null +++ b/library/panos_log_forwarding_profile_match_list_action.py @@ -0,0 +1,191 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_log_forwarding_profile_match_list_action +short_description: Manage log forwarding profile match list actions. +description: + - Manages log forwarding profile match list actions. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + log_forwarding_profile: + description: + - Name of the log forwarding profile to add this action to. + required: True + log_forwarding_profile_match_list: + description: + - Name of the log forwarding profile match list to add this action to. + required: True + name: + description: + - Name of the profile. + required: true + action_type: + description: + - Action type. + choices: + - tagging + - integration + default: 'tagging' + action: + description: + - The action. + choices: + - add-tag + - remove-tag + - Azure-Security-Center-Integration + target: + description: + - The target. + choices: + - source-address + - destination-address + registration: + description: + - Registration. + choices: + - localhost + - panorama + - remote + http_profile: + description: + - The HTTP profile when I(registration=remote). + tags: + description: + - List of tags. + type: list + timeout: + description: + - Valid for PAN-OS 9.0+ + - Timeout in minutes + type: int +''' + +EXAMPLES = ''' +# Create a log forwarding server match list action +- name: Create the action + panos_log_forwarding_profile_match_list_action: + provider: '{{ provider }}' + log_forwarding_profile: 'my-profile' + log_forwarding_profile_match_list: 'ml-1' + name: 'my-action' + action: 'add-tag' + target: 'source-address' + registration: 'localhost' + tags: ['foo', 'bar'] + timeout: 2 +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.objects import LogForwardingProfile + from pandevice.objects import LogForwardingProfileMatchList + from pandevice.objects import LogForwardingProfileMatchListAction + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(8, 0, 0), + argument_spec=dict( + log_forwarding_profile=dict(required=True), + log_forwarding_profile_match_list=dict(required=True), + name=dict(required=True), + action_type=dict(default='tagging', choices=['tagging', 'integration']), + action=dict(choices=['add-tag', 'remove-tag', 'Azure-Security-Center-Integration']), + target=dict(choices=['source-address', 'destination-address']), + registration=dict(choices=['localhost', 'panorama', 'remote']), + http_profile=dict(), + tags=dict(type='list'), + timeout=dict(type='int'), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + lfp = LogForwardingProfile(module.params['log_forwarding_profile']) + parent.add(lfp) + try: + lfp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + ml = lfp.find(module.params['log_forwarding_profile_match_list'], LogForwardingProfileMatchList) + if ml is None: + module.fail_json(msg='Log forwarding profile match list "{0}" does not exist'.format( + module.params['log_forwarding_profile_match_list'])) + + listing = ml.findall(LogForwardingProfileMatchListAction) + + spec = { + 'name': module.params['name'], + 'action_type': module.params['action_type'], + 'action': module.params['action'], + 'target': module.params['target'], + 'registration': module.params['registration'], + 'http_profile': module.params['http_profile'], + 'tags': module.params['tags'], + 'timeout': module.params['timeout'], + } + obj = LogForwardingProfileMatchListAction(**spec) + ml.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_loopback_interface.py b/library/panos_loopback_interface.py index ca6848a1..7cb4d3f3 100644 --- a/library/panos_loopback_interface.py +++ b/library/panos_loopback_interface.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2019 Palo Alto Networks, Inc # @@ -20,9 +21,9 @@ short_description: configure network loopback interfaces description: - Configure loopback interfaces on PanOS - - -author: "Geraint Jones (@nexus_moneky_nz)" +author: + - Geraint Jones (@nexus_moneky_nz) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPi U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_management_profile.py b/library/panos_management_profile.py index 2c837e50..32050a4b 100644 --- a/library/panos_management_profile.py +++ b/library/panos_management_profile.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # @@ -27,6 +28,7 @@ short_description: Manage interface management profiles. description: - This module will allow you to manage interface management profiles on PAN-OS. +author: "Garfield Lee Freeman (@shinmog)" version_added: "2.6" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_match_rule.py b/library/panos_match_rule.py index 71bc4af3..58e65258 100644 --- a/library/panos_match_rule.py +++ b/library/panos_match_rule.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # diff --git a/library/panos_mgtconfig.py b/library/panos_mgtconfig.py index 5e6d8df0..3a93830c 100755 --- a/library/panos_mgtconfig.py +++ b/library/panos_mgtconfig.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_nat_rule.py b/library/panos_nat_rule.py index 4d738ad2..7cb812b9 100644 --- a/library/panos_nat_rule.py +++ b/library/panos_nat_rule.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # @@ -21,7 +22,12 @@ description: - Create a policy nat rule. Keep in mind that we can either end up configuring source NAT, destination NAT, or both. - Instead of splitting it into two we will make a fair attempt to determine which one the user wants. -author: "Luigi Mori (@jtschichold),Ivan Bojer (@ivanbojer),Robert Hagen (@rnh556),Michael Richardson (@mrichardson03)" +author: + - Luigi Mori (@jtschichold) + - Ivan Bojer (@ivanbojer) + - Robert Hagen (@rnh556) + - Michael Richardson (@mrichardson03) + - Garfield Lee Freeman (@shinmog) version_added: "2.4" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_object.py b/library/panos_object.py index 808dc3b3..c0656b4c 100644 --- a/library/panos_object.py +++ b/library/panos_object.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # diff --git a/library/panos_object_facts.py b/library/panos_object_facts.py index 1abad047..c148cc1d 100644 --- a/library/panos_object_facts.py +++ b/library/panos_object_facts.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_op.py b/library/panos_op.py index ae452e93..da3fed1c 100644 --- a/library/panos_op.py +++ b/library/panos_op.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # @@ -27,7 +28,9 @@ short_description: execute arbitrary OP commands on PANW devices (e.g. show interface all) description: - This module will allow user to pass and execute any supported OP command on the PANW device. -author: "Ivan Bojer (@ivanbojer)" +author: + - Ivan Bojer (@ivanbojer) + - Garfield Lee Freeman (@shinmog) version_added: "2.5" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_pg.py b/library/panos_pg.py index dc43fe72..0ed60895 100755 --- a/library/panos_pg.py +++ b/library/panos_pg.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_query_rules.py b/library/panos_query_rules.py index 651d4e80..10bca203 100644 --- a/library/panos_query_rules.py +++ b/library/panos_query_rules.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # diff --git a/library/panos_redistribution.py b/library/panos_redistribution.py index e11056e1..0bf0a9b2 100644 --- a/library/panos_redistribution.py +++ b/library/panos_redistribution.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a Redistribution Profile on a virtual router description: - Configures a Redistribution Profile on a virtual router -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_registered_ip.py b/library/panos_registered_ip.py index c6e347e3..000b690f 100644 --- a/library/panos_registered_ip.py +++ b/library/panos_registered_ip.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_registered_ip_facts.py b/library/panos_registered_ip_facts.py index 08bc4ab3..d3f95af4 100644 --- a/library/panos_registered_ip_facts.py +++ b/library/panos_registered_ip_facts.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_restart.py b/library/panos_restart.py index d34a8b6b..8e1c5add 100755 --- a/library/panos_restart.py +++ b/library/panos_restart.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # @@ -20,7 +21,10 @@ short_description: Restart a device description: - Restart a PAN-OS device. -author: "Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)" +author: + - Luigi Mori (@jtschichold) + - Ivan Bojer (@ivanbojer) + - Garfield Lee Freeman (@shinmog) version_added: "2.3" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_sag.py b/library/panos_sag.py index 13d62e4a..e7993706 100755 --- a/library/panos_sag.py +++ b/library/panos_sag.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2016 Palo Alto Networks, Inc # diff --git a/library/panos_security_rule.py b/library/panos_security_rule.py index e8af2b70..e978ed0b 100644 --- a/library/panos_security_rule.py +++ b/library/panos_security_rule.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # @@ -27,7 +28,11 @@ - Security policies allow you to enforce rules and take action, and can be as general or specific as needed. - The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches - the traffic is applied, the more specific rules must precede the more general ones. -author: "Ivan Bojer (@ivanbojer), Robert Hagen (@stealthllama), Michael Richardson (@mrichardson03)" +author: + - Ivan Bojer (@ivanbojer) + - Robert Hagen (@stealthllama) + - Michael Richardson (@mrichardson03) + - Garfield Lee Freeman (@shinmog) version_added: "2.4" requirements: - pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice) diff --git a/library/panos_security_rule_facts.py b/library/panos_security_rule_facts.py index 03a30814..0b688400 100644 --- a/library/panos_security_rule_facts.py +++ b/library/panos_security_rule_facts.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -45,6 +46,10 @@ rule_name: description: - Name of the security rule. + all_details: + description: + - Get full-policy details when name is not set. + type: bool ''' EXAMPLES = ''' @@ -69,9 +74,107 @@ RETURN = ''' rules: description: List of security rules present - returned: When I(rule_name) is not specified + returned: When I(rule_name) is not specified and I(all_details) is False type: list sample: ['rule1', 'rule2', 'rule3'] +policy: + description: List of security rules present with details + returned: When I(rule_name) is not specified and I(all_details) is True + type: complex + contains: + rule_name: + description: Name of the security rule. + type: str + source_zone: + description: List of source zones. + type: list + source_ip: + description: List of source addresses. + type: list + source_user: + description: List of source users. + type: list + hip_profiles: + description: GlobalProtect host information profile list. + type: list + destination_zone: + description: List of destination zones. + type: list + destination_ip: + description: List of destination addresses. + type: list + application: + description: List of applications, application groups, and/or application filters. + type: list + service: + description: List of services and/or service groups. + type: list + category: + description: List of destination URL categories. + type: list + action: + description: The rule action. + type: str + log_setting: + description: Log forwarding profile. + type: str + log_start: + description: Whether to log at session start. + type: bool + log_end: + description: Whether to log at session end. + type: bool + description: + description: Description of the security rule. + type: str + rule_type: + description: Type of security rule (version 6.1 of PanOS and above). + type: str + tag_name: + description: List of tags associated with the rule. + type: list + negate_source: + description: Match on the reverse of the 'source_ip' attribute + type: bool + negate_destination: + description: Match on the reverse of the 'destination_ip' attribute + type: bool + disabled: + description: Disable this rule. + type: bool + schedule: + description: Schedule in which this rule is active. + type: str + icmp_unreachable: + description: Send 'ICMP Unreachable'. + type: bool + disable_server_response_inspection: + description: Disables packet inspection from the server to the client. + type: bool + group_profile: + description: Security profile group setting. + type: str + antivirus: + description: Name of the already defined antivirus profile. + type: str + vulnerability: + description: Name of the already defined vulnerability profile. + type: str + spyware: + description: Name of the already defined spyware profile. + type: str + url_filtering: + description: Name of the already defined url_filtering profile. + type: str + file_blocking: + description: Name of the already defined file_blocking profile. + type: str + data_filtering: + description: Name of the already defined data_filtering profile. + type: str + wildfire_analysis: + description: Name of the already defined wildfire_analysis profile. + type: str spec: description: The security rule definition returned: When I(rule_name) is specified @@ -193,6 +296,7 @@ def main(): error_on_shared=True, argument_spec=dict( rule_name=dict(), + all_details=dict(default=False, type='bool'), ), ) @@ -204,8 +308,36 @@ def main(): parent = helper.get_pandevice_parent(module) + renames = ( + ('name', 'rule_name'), + ('fromzone', 'source_zone'), + ('tozone', 'destination_zone'), + ('source', 'source_ip'), + ('destination', 'destination_ip'), + ('type', 'rule_type'), + ('tag', 'tag_name'), + ('group', 'group_profile'), + ('virus', 'antivirus'), + ) + name = module.params['rule_name'] - if name is None: + all_details = module.params['all_details'] + if all_details and name is None: + try: + listing = SecurityRule.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refreshall: {0}'.format(e)) + rules = [rule.about() for rule in listing] + for rule in rules: + for pandevice_param, ansible_param in renames: + rule[ansible_param] = rule[pandevice_param] + del rule[pandevice_param] + + module.exit_json( + changed=False, + policy=rules, + ) + elif name is None: try: listing = SecurityRule.refreshall(parent, name_only=True) except PanDeviceError as e: @@ -221,17 +353,6 @@ def main(): spec = rule.about() - renames = ( - ('name', 'rule_name'), - ('fromzone', 'source_zone'), - ('tozone', 'destination_zone'), - ('source', 'source_ip'), - ('destination', 'destination_ip'), - ('type', 'rule_type'), - ('tag', 'tag_name'), - ('group', 'group_profile'), - ('virus', 'antivirus'), - ) for pandevice_param, ansible_param in renames: spec[ansible_param] = spec[pandevice_param] del(spec[pandevice_param]) diff --git a/library/panos_service_group.py b/library/panos_service_group.py index 6037be70..5f09075f 100644 --- a/library/panos_service_group.py +++ b/library/panos_service_group.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_service_object.py b/library/panos_service_object.py index 25e4b42d..224cc45e 100644 --- a/library/panos_service_object.py +++ b/library/panos_service_object.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_snmp_profile.py b/library/panos_snmp_profile.py new file mode 100644 index 00000000..b2d5a5cb --- /dev/null +++ b/library/panos_snmp_profile.py @@ -0,0 +1,119 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_snmp_profile +short_description: Manage SNMP server profiles. +description: + - Manages SNMP server profiles. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + name: + description: + - Name of the profile. + required: true + version: + description: + - SNMP version. + choices: + - v2c + - v3 + default: "v2c" +''' + +EXAMPLES = ''' +# Create snmp profile +- name: Create snmp profile + panos_snmp_profile: + provider: '{{ provider }}' + name: 'my-profile' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import SnmpServerProfile + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + name=dict(required=True), + version=dict(default='v2c', choices=['v2c', 'v3']), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + try: + listing = SnmpServerProfile.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = { + 'name': module.params['name'], + 'version': module.params['version'], + } + obj = SnmpServerProfile(**spec) + parent.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_snmp_v2c_server.py b/library/panos_snmp_v2c_server.py new file mode 100644 index 00000000..e208496b --- /dev/null +++ b/library/panos_snmp_v2c_server.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_snmp_v2c_server +short_description: Manage SNMP v2c servers. +description: + - Manages SNMP v2c servers. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + snmp_profile: + description: + - Name of the SNMP server profile. + required: true + name: + description: + - Name of the server. + required: true + manager: + description: + - IP address or FQDN of SNMP manager to use. + community: + description: + - SNMP community +''' + +EXAMPLES = ''' +# Create a snmp v2 server +- name: Create snmp v2 server + panos_snmp_v2c_server: + provider: '{{ provider }}' + snmp_profile: 'my-profile' + name: 'my-v2c-server' + manager: '192.168.55.10' + community: 'foobar' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import SnmpServerProfile + from pandevice.device import SnmpV2cServer + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + snmp_profile=dict(required=True), + name=dict(required=True), + manager=dict(), + community=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = SnmpServerProfile(module.params['snmp_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + listing = sp.findall(SnmpV2cServer) + + spec = { + 'name': module.params['name'], + 'manager': module.params['manager'], + 'community': module.params['community'], + } + obj = SnmpV2cServer(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_snmp_v3_server.py b/library/panos_snmp_v3_server.py new file mode 100644 index 00000000..a3dada60 --- /dev/null +++ b/library/panos_snmp_v3_server.py @@ -0,0 +1,150 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_snmp_v3_server +short_description: Manage SNMP v3 servers. +description: + - Manages SNMP v3 servers. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + snmp_profile: + description: + - Name of the SNMP server profile. + required: true + name: + description: + - Name of the server. + required: true + manager: + description: + - IP address or FQDN of SNMP manager to use. + user: + description: + - User + engine_id: + description: + - A hex number + auth_password: + description: + - Authentiation protocol password. + priv_password: + description: + - Privacy protocol password. +''' + +EXAMPLES = ''' +# Create snmp v3 server +- name: Create snmp v3 server + panos_snmp_v3_server: + provider: '{{ provider }}' + snmp_profile: 'my-profile' + name: 'my-v3-server' + manager: '192.168.55.10' + user: 'jdoe' + auth_password: 'password' + priv_password: 'drowssap' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import SnmpServerProfile + from pandevice.device import SnmpV3Server + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + snmp_profile=dict(required=True), + name=dict(required=True), + manager=dict(), + user=dict(), + engine_id=dict(), + auth_password=dict(no_log=True), + priv_password=dict(no_log=True), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = SnmpServerProfile(module.params['snmp_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + listing = sp.findall(SnmpV3Server) + + spec = { + 'name': module.params['name'], + 'manager': module.params['manager'], + 'user': module.params['user'], + 'engine_id': module.params['engine_id'], + 'auth_password': module.params['auth_password'], + 'priv_password': module.params['priv_password'], + } + obj = SnmpV3Server(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_software.py b/library/panos_software.py index 5e4cd4d1..8a5f6d78 100644 --- a/library/panos_software.py +++ b/library/panos_software.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_static_route.py b/library/panos_static_route.py index 1e27ca41..f78cd278 100644 --- a/library/panos_static_route.py +++ b/library/panos_static_route.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # @@ -24,7 +25,9 @@ short_description: Create static routes on PAN-OS devices. description: - Create static routes on PAN-OS devices. -author: "Michael Richardson (@mrichardson03)" +author: + - Michael Richardson (@mrichardson03) + - Garfield Lee Freeman (@shinmog) version_added: "2.6" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_syslog_profile.py b/library/panos_syslog_profile.py new file mode 100644 index 00000000..8c674a32 --- /dev/null +++ b/library/panos_syslog_profile.py @@ -0,0 +1,199 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_syslog_profile +short_description: Manage syslog server profiles. +description: + - Manages syslog server profiles. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + name: + description: + - Name of the profile. + required: true + config: + description: + - Custom config log format. + system: + description: + - Custom system log format. + threat: + description: + - Custom threat log format. + traffic: + description: + - Custom traffic log format. + hip_match: + description: + - Custom HIP match log format. + url: + description: + - PAN-OS 8.0+ + - Custom url log format. + data: + description: + - PAN-OS 8.0+ + - Custom data log format. + wildfire: + description: + - PAN-OS 8.0+ + - Custom wildfire log format. + tunnel: + description: + - PAN-OS 8.0+ + - Custom tunnel log format. + user_id: + description: + - PAN-OS 8.0+ + - Custom user-ID log format. + gtp: + description: + - PAN-OS 8.0+ + - Custom GTP log format. + auth: + description: + - PAN-OS 8.0+ + - Custom auth log format. + sctp: + description: + - PAN-OS 8.1+ + - Custom SCTP log format. + iptag: + description: + - PAN-OS 9.0+ + - Custom Iptag log format. + escaped_characters: + description: + - Characters to be escaped. + escape_character: + description: + - Escape character +''' + +EXAMPLES = ''' +# Create a profile +- name: Create syslog profile + panos_syslog_profile: + provider: '{{ provider }}' + name: 'my-profile' +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import SyslogServerProfile + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + name=dict(required=True), + config=dict(), + system=dict(), + threat=dict(), + traffic=dict(), + hip_match=dict(), + url=dict(), + data=dict(), + wildfire=dict(), + tunnel=dict(), + user_id=dict(), + gtp=dict(), + auth=dict(), + sctp=dict(), + iptag=dict(), + escaped_characters=dict(), + escape_character=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + try: + listing = SyslogServerProfile.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = { + 'name': module.params['name'], + 'config': module.params['config'], + 'system': module.params['system'], + 'threat': module.params['threat'], + 'traffic': module.params['traffic'], + 'hip_match': module.params['hip_match'], + 'url': module.params['url'], + 'data': module.params['data'], + 'wildfire': module.params['wildfire'], + 'tunnel': module.params['tunnel'], + 'user_id': module.params['user_id'], + 'gtp': module.params['gtp'], + 'auth': module.params['auth'], + 'sctp': module.params['sctp'], + 'iptag': module.params['iptag'], + 'escaped_characters': module.params['escaped_characters'], + 'escape_character': module.params['escape_character'], + } + obj = SyslogServerProfile(**spec) + parent.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_syslog_server.py b/library/panos_syslog_server.py new file mode 100644 index 00000000..bfc72fa4 --- /dev/null +++ b/library/panos_syslog_server.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_syslog_server +short_description: Manage syslog server profile syslog servers. +description: + - Manages syslog servers in an syslog server profile. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice >= 0.11.1 +notes: + - Panorama is supported. + - Check mode is supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.vsys_shared + - panos.device_group +options: + syslog_profile: + description: + - Name of the syslog server profile. + required: True + name: + description: + - Server name. + required: True + server: + description: + - IP address or FQDN of the syslog server + required: True + transport: + description: + - Syslog transport. + choices: + - UDP + - TCP + - SSL + default: "UDP" + syslog_port: + description: + - Syslog port number + type: int + format: + description: + Format of the syslog message. + choices: + - BSD + - IETF + default: "BSD" + facility: + description: + - Syslog facility. + choices: + - LOG_USER + - LOG_LOCAL0 + - LOG_LOCAL1 + - LOG_LOCAL2 + - LOG_LOCAL3 + - LOG_LOCAL4 + - LOG_LOCAL5 + - LOG_LOCAL6 + - LOG_LOCAL7 + default: "LOG_USER" +''' + +EXAMPLES = ''' +- name: Create syslog server + panos_syslog_server: + provider: '{{ provider }}' + syslog_profile: 'my-profile' + name: 'my-syslog-server' + port: 514 +''' + +RETURN = ''' +# Default return values +''' + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.device import SyslogServerProfile + from pandevice.device import SyslogServer + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys_shared=True, + device_group=True, + with_state=True, + with_classic_provider_spec=True, + min_pandevice_version=(0, 11, 1), + min_panos_version=(7, 1, 0), + argument_spec=dict( + syslog_profile=dict(required=True), + name=dict(required=True), + server=dict(required=True), + transport=dict(default='UDP', choices=['UDP', 'TCP', 'SSL']), + syslog_port=dict(type='int'), + format=dict(default='BSD', choices=['BSD', 'IETF']), + facility=dict(default='LOG_USER', choices=[ + 'LOG_USER', + 'LOG_LOCAL0', 'LOG_LOCAL1', 'LOG_LOCAL2', 'LOG_LOCAL3', + 'LOG_LOCAL4', 'LOG_LOCAL5', 'LOG_LOCAL6', 'LOG_LOCAL7']), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=True, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + sp = SyslogServerProfile(module.params['syslog_profile']) + parent.add(sp) + try: + sp.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + listing = sp.findall(SyslogServer) + + spec = { + 'name': module.params['name'], + 'server': module.params['server'], + 'transport': module.params['transport'], + 'port': module.params['syslog_port'], + 'format': module.params['format'], + 'facility': module.params['facility'], + } + obj = SyslogServer(**spec) + sp.add(obj) + + changed = helper.apply_state(obj, listing, module) + module.exit_json(changed=changed, msg='Done') + + +if __name__ == '__main__': + main() diff --git a/library/panos_tag_object.py b/library/panos_tag_object.py index 9736494c..59417570 100644 --- a/library/panos_tag_object.py +++ b/library/panos_tag_object.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_tunnel.py b/library/panos_tunnel.py index 824d12ff..d195bc79 100644 --- a/library/panos_tunnel.py +++ b/library/panos_tunnel.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2018 Palo Alto Networks, Inc # diff --git a/library/panos_type_cmd.py b/library/panos_type_cmd.py new file mode 100644 index 00000000..9186e791 --- /dev/null +++ b/library/panos_type_cmd.py @@ -0,0 +1,185 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = ''' +--- +module: panos_type_cmd +short_description: Execute arbitrary TYPE commands on PAN-OS +description: + - This module allows you to execute arbitrary TYPE commands on PAN-OS. + - This module does not provide guards of any sort, so USE AT YOUR OWN RISK. + - Refer to the PAN-OS and Panorama API guide for more info. + - https://docs.paloaltonetworks.com/pan-os.html +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice +notes: + - Panorama is supported. + - Check mode is not supported. +extends_documentation_fragment: + - panos.transitional_provider +options: + cmd: + description: + - The command to run. + choices: + - show + - get + - delete + - set + - edit + - move + - rename + - clone + - override + default: 'set' + xpath: + description: + - The XPATH. + - All newlines are removed from the XPATH to allow for shorter lines. + required: True + element: + description: + - Used in I(cmd=set), I(cmd=edit), and I(cmd=override). + - The element payload. + where: + description: + - Used in I(cmd=move). + - The movement keyword. + dst: + description: + - Used in I(cmd=move). + - The reference object. + new_name: + description: + - Used in I(cmd=rename) and I(cmd=clone). + - The new name. + xpath_from: + description: + - Used in I(cmd=clone). + - The from xpath. + extra_qs: + description: + - A dict of extra params to pass in. + type: complex +''' + +EXAMPLES = ''' +- name: Create an address object using set. + panos_type_cmd: + provider: '{{ provider }}' + xpath: | + /config/devices/entry[@name='localhost.localdomain'] + /vsys/entry[@name='vsys1'] + /address + element: | + + 192.168.55.0/24 + Address CIDR for sales org + + +- name: Then rename it. + panos_type_cmd: + provider: '{{ provider }}' + cmd: 'rename' + xpath: | + /config/devices/entry[@name='localhost.localdomain'] + /vsys/entry[@name='vsys1'] + /address/entry[@name='sales-block'] + new_name: 'dmz-block' +''' + +RETURN = ''' +# Default return values +''' + + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + with_classic_provider_spec=True, + argument_spec=dict( + cmd=dict(default='set', choices=[ + 'show', 'get', 'delete', 'set', 'edit', + 'move', 'rename', 'clone', 'override']), + xpath=dict(required=True), + element=dict(), + where=dict(), + dst=dict(), + new_name=dict(), + xpath_from=dict(), + extra_qs=dict(), + ), + ) + + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=False, + required_one_of=helper.required_one_of, + ) + + parent = helper.get_pandevice_parent(module) + + cmd = module.params['cmd'] + func = getattr(parent.xapi, cmd) + + kwargs = { + 'xpath': ''.join(module.params['xpath'].strip().split('\n')), + 'extra_qs': module.params['extra_qs'], + } + + if cmd in ('set', 'edit', 'override'): + kwargs['element'] = module.params['element'].strip() + + if cmd in ('move', ): + kwargs['where'] = module.params['where'] + kwargs['dst'] = module.params['dst'] + + if cmd in ('rename', 'clone'): + kwargs['newname'] = module.params['new_name'] + + if cmd in ('clone', ): + kwargs['xpath_from'] = module.params['xpath_from'] + + try: + func(**kwargs) + except PanDeviceError as e: + module.fail_json(msg='{0}'.format(e)) + + module.exit_json(changed=True) + + +if __name__ == '__main__': + main() diff --git a/library/panos_userid.py b/library/panos_userid.py index 0049fefb..77b37ddb 100644 --- a/library/panos_userid.py +++ b/library/panos_userid.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- # Copyright 2017 Palo Alto Networks, Inc # diff --git a/library/panos_virtual_router.py b/library/panos_virtual_router.py index fc1775bf..8b2e0ec9 100644 --- a/library/panos_virtual_router.py +++ b/library/panos_virtual_router.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -28,7 +29,9 @@ short_description: Configures a Virtual Router description: - Manage PANOS Virtual Router -author: "Joshua Colson (@freakinhippie)" +author: + - Joshua Colson (@freakinhippie) + - Garfield Lee Freeman (@shinmog) version_added: "2.9" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_virtual_router_facts.py b/library/panos_virtual_router_facts.py new file mode 100644 index 00000000..128d3c83 --- /dev/null +++ b/library/panos_virtual_router_facts.py @@ -0,0 +1,158 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DOCUMENTATION = ''' +--- +module: panos_virtual_router_facts +short_description: Retrieves virtual router information +description: + - Retrieves information on virtual routers from a firewall or Panorama. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice +notes: + - Panorama is supported. + - Check mode is not supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.full_template_support +options: + name: + description: + - Name of the virtual router. +''' + +EXAMPLES = ''' +# Get information on a specific virtual router +- name: Get vr3 info + panos_virtual_router_facts: + provider: '{{ provider }}' + name: 'vr3' + register: ans + +# Get the config of all virtual routers +- name: Get all virtual routers + panos_virtual_router_facts: + provider: '{{ provider }}' + register: vrlist +''' + +RETURN = ''' +spec: + description: The spec of the specified virtual router. + returned: When I(name) is specified. + type: complex + contains: + name: + description: Virtual router name. + interface: + description: List of interfaces + type: list + ad_static: + description: Admin distance for this protocol. + type: int + ad_static_ipv6: + description: Admin distance for this protocol. + type: int + ad_ospf_int: + description: Admin distance for this protocol. + type: int + ad_ospf_ext: + description: Admin distance for this protocol. + type: int + ad_ospfv3_int: + description: Admin distance for this protocol. + type: int + ad_ospfv3_ext: + description: Admin distance for this protocol. + type: int + ad_ibgp: + description: Admin distance for this protocol. + type: int + ad_ebgp: + description: Admin distance for this protocol. + type: int + ad_rip: + description: Admin distance for this protocol. + type: int +vrlist: + description: List of virtual router specs. + returned: When I(name) is not specified. + type: list +''' + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.network import VirtualRouter + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + template=True, + template_stack=True, + with_classic_provider_spec=True, + argument_spec=dict( + name=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=False, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + name = module.params['name'] + if name is None: + try: + listing = VirtualRouter.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refreshall: {0}'.format(e)) + + vrlist = helper.to_module_dict(listing) + module.exit_json(changed=False, vrlist=vrlist) + + vr = VirtualRouter(name) + parent.add(vr) + try: + vr.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = helper.to_module_dict(vr) + module.exit_json(changed=False, spec=spec) + + +if __name__ == '__main__': + main() diff --git a/library/panos_vlan.py b/library/panos_vlan.py index 98940110..2692dbf7 100644 --- a/library/panos_vlan.py +++ b/library/panos_vlan.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type diff --git a/library/panos_vlan_interface.py b/library/panos_vlan_interface.py index ac745442..df656c14 100644 --- a/library/panos_vlan_interface.py +++ b/library/panos_vlan_interface.py @@ -1,4 +1,5 @@ #!/usr/bin/python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type diff --git a/library/panos_zone.py b/library/panos_zone.py index 4a12b3e1..d88c8921 100644 --- a/library/panos_zone.py +++ b/library/panos_zone.py @@ -1,4 +1,5 @@ #!/usr/bin/env python +# -*- coding: utf-8 -*- from __future__ import absolute_import, division, print_function __metaclass__ = type @@ -23,7 +24,9 @@ short_description: configure security zone description: - Configure security zones on PAN-OS firewall or in Panorama template. -author: "Robert Hagen (@stealthllama)" +author: + - Robert Hagen (@stealthllama) + - Garfield Lee Freeman (@shinmog) version_added: "2.8" requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) diff --git a/library/panos_zone_facts.py b/library/panos_zone_facts.py new file mode 100644 index 00000000..79edddbc --- /dev/null +++ b/library/panos_zone_facts.py @@ -0,0 +1,153 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +# Copyright 2019 Palo Alto Networks, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +DOCUMENTATION = ''' +--- +module: panos_zone_facts +short_description: Retrieves zone information +description: + - Retrieves information on zones from a firewall or Panorama. +author: "Garfield Lee Freeman (@shinmog)" +version_added: "2.8" +requirements: + - pan-python + - pandevice +notes: + - Panorama is supported. + - Check mode is not supported. +extends_documentation_fragment: + - panos.transitional_provider + - panos.full_template_support + - panos.vsys +options: + name: + description: + - Name of the security zone. +''' + +EXAMPLES = ''' +# Get information on a specific zone +- name: Get zone3 info + panos_zone_facts: + provider: '{{ provider }}' + name: 'zone3' + register: ans + +# Get the config of all zones +- name: Get all zones + panos_zone_facts: + provider: '{{ provider }}' + register: zones +''' + +RETURN = ''' +spec: + description: The spec of the specified virtual router. + returned: When I(name) is specified. + type: complex + contains: + zone: + description: The name. + mode: + description: The mode of the zone. + interface: + description: List of interfaces. + type: list + zone_profile: + description: Zone protection profile. + log_setting: + description: Log forwarding setting. + enable_userid: + description: Enable user identification. + type: bool + include_acl: + description: User identification ACL include list. + type: list + exclude_acl: + description: User identification ACL exclude list. + type: list +zones: + description: List of zone specs. + returned: When I(name) is not specified. + type: list +''' + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.network.panos.panos import get_connection + + +try: + from pandevice.network import Zone + from pandevice.errors import PanDeviceError +except ImportError: + pass + + +def main(): + helper = get_connection( + vsys=True, + template=True, + template_stack=True, + with_classic_provider_spec=True, + argument_spec=dict( + name=dict(), + ), + ) + module = AnsibleModule( + argument_spec=helper.argument_spec, + supports_check_mode=False, + required_one_of=helper.required_one_of, + ) + + # Verify imports, build pandevice object tree. + parent = helper.get_pandevice_parent(module) + + renames = ( + ('name', 'zone'), + ('enable_user_identification', 'enable_userid'), + ) + + name = module.params['name'] + if name is None: + try: + listing = Zone.refreshall(parent) + except PanDeviceError as e: + module.fail_json(msg='Failed refreshall: {0}'.format(e)) + + zones = helper.to_module_dict(listing, renames) + module.exit_json(changed=False, zones=zones) + + zone = Zone(name) + parent.add(zone) + try: + zone.refresh() + except PanDeviceError as e: + module.fail_json(msg='Failed refresh: {0}'.format(e)) + + spec = helper.to_module_dict(zone, renames) + module.exit_json(changed=False, spec=spec) + + +if __name__ == '__main__': + main() diff --git a/module_utils/network/panos/panos.py b/module_utils/network/panos/panos.py index 70a51848..160010fe 100644 --- a/module_utils/network/panos/panos.py +++ b/module_utils/network/panos/panos.py @@ -67,6 +67,7 @@ def __init__(self, min_pandevice_version, min_panos_version, self.template = None self.template_stack = None self.vsys_importable = None + self.vsys_shared = None self.min_pandevice_version = min_pandevice_version self.min_panos_version = min_panos_version self.error_on_shared = error_on_shared @@ -229,7 +230,7 @@ def get_pandevice_parent(self, module, timeout=0): module.fail_json(msg=no_shared) # Spec: vsys importable. - vsys_name = self.vsys_importable or self.vsys + vsys_name = self.vsys_importable or self.vsys or self.vsys_shared if dg_name is None and templated and vsys_name is not None: name = module.params[vsys_name] if name not in (None, 'shared'): @@ -261,7 +262,7 @@ def get_pandevice_parent(self, module, timeout=0): module.fail_json(msg=self.firewall_error) # Spec: vsys or vsys_dg or vsys_importable. - vsys_name = self.vsys_dg or self.vsys or self.vsys_importable + vsys_name = self.vsys_dg or self.vsys or self.vsys_importable or self.vsys_shared if vsys_name is not None: parent.vsys = module.params[vsys_name] if parent.vsys == 'shared' and self.error_on_shared: @@ -470,8 +471,39 @@ def commit(self, module, include_template=False): except PanDeviceError as e: module.fail_json(msg='Failed commit-all: {0}'.format(e)) + def to_module_dict(self, element, renames=None): + """Changes a pandevice object or list of objects into a dict / list of dicts. -def get_connection(vsys=None, device_group=None, + Args: + element: Either a single pandevice object or a list of pandevice objects + renames: If the names of the pandevice object is different from the + Ansible param names, this is a iterable of two element tuples where + the first element is the pandevice object name, and the second is + the Ansible name. + + Returns: + A dict if "element" was a single pandevice object, or a list of dicts + if "element" was a list of pandevice objects. + + """ + if isinstance(element, list): + ans = [] + for elm in element: + spec = elm.about() + if renames is not None: + for pandevice_param, ansible_param in renames: + spec[ansible_param] = spec.pop(pandevice_param) + ans.append(spec) + else: + ans = element.about() + if renames is not None: + for pandevice_param, ansible_param in renames: + ans[ansible_param] = ans.pop(pandevice_param) + + return ans + + +def get_connection(vsys=None, vsys_shared=None, device_group=None, vsys_dg=None, vsys_importable=None, rulebase=None, template=None, template_stack=None, with_classic_provider_spec=False, with_state=False, @@ -481,7 +513,7 @@ def get_connection(vsys=None, device_group=None, panorama_error=None, firewall_error=None): """Returns a helper object that handles pandevice object tree init. - The `vsys`, `device_group`, `vsys_dg`, `vsys_importable`, `rulebase`, + The `vsys`, `vsys_shared`, `device_group`, `vsys_dg`, `vsys_importable`, `rulebase`, `template`, and `template_stack` params can be any of the following types: * None - do not include this in the spec @@ -498,6 +530,7 @@ def get_connection(vsys=None, device_group=None, Arguments: vsys: The vsys (default: 'vsys1'). + vsys_shared: The vsys (default: 'shared'). device_group: Panorama only - The device group (default: 'shared'). vsys_dg: The param name if vsys and device_group are a shared param. vsys_importable: Either this or `vsys` should be specified. For: @@ -597,6 +630,17 @@ def get_connection(vsys=None, device_group=None, param = vsys_importable spec[param] = {} helper.vsys_importable = param + if vsys_shared is not None: + if vsys is not None: + raise KeyError('Define "vsys" or "vsys_shared", not both.') + elif vsys_importable is not None: + raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + if isinstance(vsys_shared, bool): + param = 'vsys' + else: + param = vsys_shared + spec[param] = {'default': 'shared'} + helper.vsys_shared = param if rulebase is not None: if isinstance(rulebase, bool): diff --git a/setup.py b/setup.py index 811bac4d..821a3b96 100644 --- a/setup.py +++ b/setup.py @@ -10,7 +10,7 @@ setup( name='ansible-pan', - version='2.1.2', + version='2.2.0', packages=['library'], # The project's main homepage. url='https://github.com/PaloAltoNetworks/ansible-pan',