10-16-2015 10:47 AM
I have a question about the XML API config REST requests.
First, do I need to explicitly request the commit lock in the API before making
calls to edit or delete elements in a request (or is this done automatically by the API ?)
Second, I am trying to delete a user from a rule set. Can I use the edit config to
a blank member (like <member></member>) using XPath ?
Third, if I use the delete action on the config call, do I need to first get the element ?
Thanks for any help on actually using the XPath - I figured out how to position to the
element using [@name='some name ...']. I am looking for a real world example on
how the API works.
Thanks for any help!
10-21-2015 11:42 AM
To delete a single member object in a configuration use type=config&action=delete. I don't think you can edit a member to blank.
Then use the object name in the xpath as member[text()=’name’]. For example, to delete a source-user object named 'acme\bob' in a group of source users, use the below xpath:
xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='<vsysname>']/rulebase/security/rules/entry[@name='<rulename>']/source-user/member[text()='acme\bob']
An example using curl.
curl -k "https://<source_ip>/api/?type=config&action=delete&xpath=/config/devices/entry\[@name='localhost.localdomain'\]/vsys/entry\[@name='<vsys name>'\]/rulebase/security/rules/entry\[@name='<rule name>'\]/source-user/member\[text()='acme\bob'\]&key=<API-KEY>"
If you want to use a scripting language like python, use pan-python. https://github.com/kevinsteves/pan-python
10-21-2015 11:42 AM
To delete a single member object in a configuration use type=config&action=delete. I don't think you can edit a member to blank.
Then use the object name in the xpath as member[text()=’name’]. For example, to delete a source-user object named 'acme\bob' in a group of source users, use the below xpath:
xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='<vsysname>']/rulebase/security/rules/entry[@name='<rulename>']/source-user/member[text()='acme\bob']
An example using curl.
curl -k "https://<source_ip>/api/?type=config&action=delete&xpath=/config/devices/entry\[@name='localhost.localdomain'\]/vsys/entry\[@name='<vsys name>'\]/rulebase/security/rules/entry\[@name='<rule name>'\]/source-user/member\[text()='acme\bob'\]&key=<API-KEY>"
If you want to use a scripting language like python, use pan-python. https://github.com/kevinsteves/pan-python
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
