btorresgil
4/13/2016 - 8:40 PM

create_dag.py

#!/usr/bin/env python

# Copyright (c) 2016, Palo Alto Networks
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

# Author: Brian Torres-Gil <btorres-gil@paloaltonetworks.com>

"""
create_dag.py
=========

Create a dynamic address group on Panorama

"""

__author__ = 'btorres-gil'

HOSTNAME = ""
APIKEY = ""

import logging
import argparse

from pandevice import panorama
from pandevice import objects


def get_cli_arguments():
    # Get command line arguments
    parser = argparse.ArgumentParser(description="Add dynamic address group to a Palo Alto Networks Panorama")
    parser.add_argument('-v', '--verbose', action='count', help="Verbose (-vv for extra verbose)")
    parser.add_argument('-d', '--devicegroup', help="Configure in device-group  (omit for 'shared')")
    parser.add_argument('-c', '--commit', action='store_true', help="Perform Panorama commit after configuration change")
    parser.add_argument('-a', '--commitall', action='store_true', help="Commit change to firewalls (implies -c)")
    # Palo Alto Networks related arguments
    dag_group = parser.add_argument_group('Dynamic Address Group')
    dag_group.add_argument('name', help="Name of Dynamic Address Group")
    dag_group.add_argument('match', help="Match string (eg. \"'tag1' and 'tag2'\")")
    dag_group.add_argument('description', help="Description of the dynamic address group")
    return parser.parse_args()


def setup_logging(args):
    ### Set up logger
    # Logging Levels
    # WARNING is 30
    # INFO is 20
    # DEBUG is 10
    if args.verbose is None:
        return
    logging_level = 20 - (args.verbose * 10)
    if logging_level <= logging.DEBUG:
        logging_format = '%(levelname)s:%(name)s:%(message)s'
    else:
        logging_format = '%(message)s'
    logging.basicConfig(format=logging_format, level=logging_level)


def main():

    args = get_cli_arguments()
    setup_logging(args)

    # The Panorama object. This is the root object of the config tree.
    pano = panorama.Panorama(hostname=HOSTNAME,
                             api_key=APIKEY,
                             )

    # Add the devicegroup as a child of the Panorama
    if args.devicegroup is not None:
        scope = pano.add(panorama.DeviceGroup(args.devicegroup))
    else:
        scope = pano

    # Create a dynamic address group in the required scope
    addressgroup = scope.add(objects.AddressGroup(name=args.name,
                                                  dynamic_value=args.match,
                                                  description=args.description,
                                                  ))
    # Push the new dynamic address group to the live Panorama device
    addressgroup.create()

    # Perform a commit if requested
    if args.commit or args.commitall:
            pano.commit(sync=True)
    if args.commitall:
            pano.commit_all(sync=True, sync_all=True, devicegroup=args.devicegroup)


# Call the main() function to begin the program if not
# loaded as a module.
if __name__ == '__main__':
    main()