Im confused how to get the member list of a dynamic address group from a specific device-group using my rest api from panorama.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Im confused how to get the member list of a dynamic address group from a specific device-group using my rest api from panorama.

L2 Linker

I have the following working code.. which gives me the specific dynamic address groups which match my use case, and tells me the snippet of tag info i want to display to the consumers of my script. now i want to include the member list for each of these DAG as well and I cant seem to formulate the proper api call.. 

 

import requests
import json
from sys import argv
from requests.exceptions import HTTPError
import urllib3


#disable SSL warnings
urllib3.disable_warnings()

#This function is intended to clean up the data in the key,value fields of the DAG and provide a clean format of just the POD number in a list. This only provide the output necessary for the
#consumer to determine if their tag is present and in use to fill this DAG.
def parse_tag_input(input_string):
# Remove surrounding brackets and quotes
input_string = input_string.strip("[']").strip()

# Split the input string based on "or" separator
items = input_string.split(" or ")

parsed_items = []
for item in items:
# Find the position of "Name."
start_index = item.find("Name.") + len("Name.")
# Find the position of the first underscore after "Name."
end_index = item.find("_", start_index)

# Extract the desired information from each item
parsed_item = item[start_index:end_index]
parsed_items.append(parsed_item)

return parsed_items
api_key = argv[1]
# this is the API call to make to retrieve the current list of all Dynamic Address Groups from the transit firewall
get_AddressGroups_url = 'https://my.panorama.com/restapi/v10.0/Objects/AddressGroups'
podparams = {'location' : 'device-group', 'device-group' : 'Transit' }
podheaders = {'X-PAN-KEY' : api_key}

#this is what it will take to query the PaloAlto and get the dictionary which contains a list of address groups
#which we will loop through and print out the Dynamic Address Groups for POD's only
try:
get_address_groups_response = requests.get(get_AddressGroups_url, params= podparams, headers=podheaders, verify=False)
# if the response was successful, no Exception will be raised
get_address_groups_response.raise_for_status()
except HTTPError as http_err :
print(f'HTTP error occurred: {http_err}')
except Exception as err :
print(f'Other error occurred: {err}')
else :
pod_address_group_dict = json.loads(get_address_groups_response.text)

#the code block below will loop through the dictionary of address group object entries, and filter for only Dynamic Address Groups include the name "DAG-POD", then it will
#take that subset of list and read the key value pairs and search for the tags associated to this DAG.
for entry in pod_address_group_dict['result']['entry']:
current_list_of_DAG = []
if 'DAG-POD' in entry['@name']:
current_list_of_DAG.append(entry['@name'])
for DAG in current_list_of_DAG:
print("The following Dynamic Address Group already exist in the Palo Alto Firewalls: " + DAG + " and this group contains servers from the following PODS: ")
#print(DAG)
#print()
address_group_tags = list(entry['dynamic'].values())
tags_list = list(address_group_tags)
#this code below is what really takes the values from the dynamic attribute of the entry and makes it readable as well as removing duplicates.
#print(parse_tag_input(str(tags_list)))
clean_pod_list = list(set(parse_tag_input(str(tags_list))))
print(clean_pod_list)
print("\n\n")

 

 

this variable  above ( DAG )  will have the exact pod name that i want to use in my loop through the list of names. then i want to insert this name into an api call similar to below and get the members list or whatever it may be called. 

Ive been trying different flavors of this 

 

https://my.panorama.com/restapi/v10.0/Objects/AddressGroups?location=device-group&device-group=Transit&name=DAG&key="mykey"

 

it sort of matches the xml api path...sort of.. 😞

XML API Url

1 REPLY 1

L0 Member

Before making any API requests, you need to authenticate and obtain an access token. This token will be used to authorize subsequent API calls. You can refer to the Panorama API documentation or your specific API client documentation for details on how to authenticate. 

Use the API endpoint to retrieve the details of the specific device group you're interested in. You'll need the device group's name or ID for this step. The endpoint may look something like this: /device-group/<device-group-id>. Make sure to replace <device-group-id> with the actual ID or name of your device group. Target Card Balance Now

From the device group details, find the section that contains the dynamic address group you want to retrieve the member list from. Note the name or ID of the dynamic address group.

  • 1789 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!