module PaloAlto::V6::SecurityRuleApi
Public Instance Methods
create_security_rule(rule_hash:)
click to toggle source
Create a security rule (firewall rule)
Returns¶ ↑
* +Hash+ - Hash of a Model::Rulebase instance
Raises¶ ↑
* +Exception+ - Raises an exception if the request is unsuccessful
# File lib/palo_alto/v6/security_rule_api.rb, line 65 def create_security_rule(rule_hash:) # construct the XML elements for the request element_xpath = "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='#{rule_hash[:name]}']" element_value = "<action>" + rule_hash[:action] + "</action>" element_value += "<from>" + rule_hash[:from_zones].split(',').map{ |e| "<member>#{e}</member>" }.join + "</from>" element_value += "<to>" + rule_hash[:to_zones].split(',').map{ |e| "<member>#{e}</member>" }.join + "</to>" element_value += "<source>" + rule_hash[:sources].split(',').map{ |e| "<member>#{e}</member>" }.join + "</source>" if rule_hash[:sources] element_value += "<destination>" + rule_hash[:destinations].split(',').map{ |e| "<member>#{e}</member>" }.join + "</destination>" if rule_hash[:destinations] element_value += "<source-user>" + rule_hash[:source_users].split(',').map{ |e| "<member>#{e}</member>" }.join + "</source-user>" if rule_hash[:source_users] element_value += "<service>" + rule_hash[:services].split(',').map{ |e| "<member>#{e}</member>" }.join + "</service>" if rule_hash[:services] element_value += "<category>" + rule_hash[:categories].split(',').map{ |e| "<member>#{e}</member>" }.join + "</category>" if rule_hash[:categories] element_value += "<application>" + rule_hash[:applications].split(',').map{ |e| "<member>#{e}</member>" }.join + "</application>" if rule_hash[:applications] element_value += "<hip-profiles>" + rule_hash[:hip_profiles].split(',').map{ |e| "<member>#{e}</member>" }.join + "</hip-profiles>" if rule_hash[:hip_profiles] element_value += "<log-start>" + rule_hash[:log_session_start] + "</log-start>" if rule_hash[:log_session_start] element_value += "<log-end>" + rule_hash[:log_session_end] + "</log-end>" if rule_hash[:log_session_end] # configure options for the request options = {} options[:url] = self.endpoint options[:method] = :post options[:payload] = { type: "config", action: "set", key: self.auth_key, xpath: element_xpath, element: element_value } html_result = Helpers::Rest.make_request(options) raise "Error during security rule create" if html_result.nil? # parse the XML data data = Nokogiri::XML(html_result) # check that the operation was successful if data.xpath('//response/@status').to_s == "success" # commit the change to be operational # TODO: Should probably do partial commit once device IDs are built in options = {} options[:url] = self.endpoint options[:method] = :post options[:payload] = { type: "commit", key: self.auth_key, cmd: "<commit></commit>" } html_result = Helpers::Rest.make_request(options) raise "Error during security rule commit" if html_result.nil? # parse the XML data data = Nokogiri::XML(html_result) # check that the operation was successful and return the job ID if data.xpath('//response/@status').to_s == "success" return data.xpath('//response/result/job')[0].content.to_s else raise "#{Crack::XML.parse(data.to_xml)}" end else raise "#{Crack::XML.parse(data.to_xml)}" end end
get_security_rule(name:)
click to toggle source
Get a security rule with the given name (if exists)
Inputs¶ ↑
-
name
- Name of the rule to query for
Returns¶ ↑
-
JSON
- JSON data containing the rule found
Raises¶ ↑
-
Exception
- Exception if there is a communication/other issue
TODO¶ ↑
-
Eventually this function should be changed to return an actual
PaloAlto::Models::Rulebase
object instance rather than JSON to be more consistent with library function.
# File lib/palo_alto/v6/security_rule_api.rb, line 25 def get_security_rule(name:) xpath_search = "/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@name='#{name}']" options = {} options[:url] = self.endpoint options[:method] = :post options[:payload] = { type: "config", action: "show", key: self.auth_key, xpath: xpath_search } # attempt to perform the query html_result = Helpers::Rest.make_request(options) raise "Error obtaining XML" if html_result.nil? # parse the XML data data = Nokogiri::XML(html_result) response_code = data.xpath('//response/@status').to_s if response_code == "success" if (rule_elements = data.xpath('//response/result/entry')).length > 0 return Crack::XML.parse(rule_elements[0].to_xml) else return nil end else return nil end end