Schema Node for xpath

shanjing · ‎06-19-2024

For PANOS Firewall, I am using ansible to configure the firewall settings.

The YMAL code i used to set the login banner is:
- name: Set login banner
panos_type_cmd:
provider: '{{ provider }}'
xpath: /config/devices/entry[@name='localhost.localdomain']/deviceconfig/system

element: '<login-banner>hi</login-banner>

Command in terminal: set deviceconfig system login-banner hi

So this works, so now I will apply the same to minimum length for password complexity.

The YMAL code I used isnt working:

- name: Configure password
panos_type_cmd:
provider: '{{ provider }}'
xpath: /config/devices/entry[@name='localhost.localdomain']/mgt-config/password-complexity

element: '<minimum-length>14</minimum-length>

Command is terminal: set mgt-config password-complexity minimum-length 14

Why does this not work? Isnt this following based on the sequence of command or am I wrong? Any help is appreciated thank you. Oh and the error i got is that the schema node for xpath could not be found. I do not know anything about schema nodes, just started learning.

BPry · ‎06-22-2024

@shanjing,

Any time that you're questioning XPath just try to type the exact same command in the CLI and see what the result is. With what you're trying to do, the command being issued isn't valid. The minimum needed would be 'set mgt-config password-complexity enabled yes minimum-length 14'.

shanjing · ‎06-22-2024

I tried using cmd: 'set mgt-config password-complexity enabled yes minimum-length 14' before, but it always says value of cmd must be one of: show, get, delete...etc. So i never used cmd instead i used xpath and element to change the values and besides that xpath is required as well. Sometimes the xpath needs vsys[@name=vsys1] sometiems it doesnt, it is just trail and error at this point. I followed the command used for the xpath and sometimes it just doesnt work. If what you meant is xpath: set mgt-config password-complexity enabled yes minimum-length 14, then that brings a longer set of error.

This is why I use xpath and element instead of cmd since the cmd is not working as intended or I am using it wrongly. But the downside of element is its incapability to set an id. For instance, when setting URL-Filtering for example. The profile of the Url-filter is 'Block', and I enabled referer. Burp suite will capture: Id: Block, data: <log-http-hdr-referer>yes</log-http-hdr-referer>. But within the element, I can only put those with the '<></>' and not the Id, so when creating profiles, it is impossible to create a profile if it needs an Id. Which is why I have to know why cmd isnt working as intended. I cant possibly put element: <id>Block</id><log-http-hdr-referer>yes</log-http-hdr-referer> in my elements, because its incorrect.

shanjing · ‎06-23-2024

Ok I think i firgured it out. 'cmd' is only used like this, cmd: 'set', or other options. set is default so I do not even need to include it in my code. When trying to create a profile that has an id, we use xpath: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1]/profiles/virus/entry[@name='AntivirusProfile]
As for the element, we can submit a request and use burpsuite to capture what we need, and copy the entire data section and place it under element.
This is how I managed to solve what I had difficulty with from the start.

hastia · ‎06-25-2024

XML Document:
This is the actual data file with content represented by elements (tags) and attributes. XPath expressions are used to navigate and select specific elements and their attributes within this document. camzap chatstep

XML Schema (XSD): An XSD defines the structure and rules for a valid XML document. It specifies the elements, attributes, data types, and relationships that make up a valid document of a specific type.

Unlock your full community experience!

Schema Node for xpath

Schema Node for xpath

Show your appreciation!