panconf.py

command line program for managing PAN-OS XML configurations

NAME

panconf.py - command line program for managing PAN-OS XML configurations

SYNOPSIS

panconf.py [options] [pseudo-xpath]
--config path path to XML config or '-' for stdin
--xml print XML
--py print XML in Python
--json print XML in JSON
--compact print compactly
--debug level enable debug level up to 3
--help display usage

DESCRIPTION

panconf.py is used to manage PAN-OS XML configurations. It can be used to query nodes in an XML configuration by XPath (currently a pseudo-xpath, see below) and convert the configuration to Python and JSON objects for reporting and further manipulation.

It uses the pan.config module which is currently a private interface (it is subject to change and not yet documented).

The options are:

--config path
Specify path to PAN-OS XML configuration or '-' to read from stdin. This can be a complete (e.g., running-config.xml) or partial (rulebase security rules) XML configuration.
--xml
Print configuration in XML.
--py
Print configuration as a Python object.
--json
Print configuration as a JSON object.
--compact
Print output compactly. This currently applies to JSON output only, and can be used to eliminate spaces in the JSON object.
--debug level
Enable debugging in panconf.py and the pan.config module. level is an integer in the range 0-3; 0 specifies no debugging and 3 specifies maximum debugging.
--help
Display panconf.py command options.
pseudo-xpath

pseudo-xpath is currently the XPath as supported by the xml.etree.ElementTree module, which provides limited support for XPath expressions for locating elements in a tree. For more information see the examples below and the documentation at: http://docs.python.org/dev/library/xml.etree.elementtree.html#elementtree-xpath.

XXX comment on issues with an XPath matching a node-set.

FILES

None.

EXIT STATUS

panconf.py exits with 0 on success and 1 if an error occurs.

EXAMPLES

config.xml in the examples below is a running-config.xml exported from a PAN-OS device.

Print XML node for adminr user.

$ panconf.py --config config.xml --xml "./mgt-config/users/entry[@name='adminr']"
<entry name="adminr">
      <permissions>
        <role-based>
          <superreader>yes</superreader>
        </role-based>
      </permissions>
      <phash>$1$panetwrx$xQpDOQuAP3v8bFzJz.l7j0</phash>
    </entry>

Print JSON object for adminr user.

$ panconf.py --config config.xml --json "./mgt-config/users/entry[@name='adminr']"
{
  "entry": {
    "name": "adminr",
    "permissions": {
      "role-based": {
        "superreader": true
      }
    },
    "phash": "$1$panetwrx$xQpDOQuAP3v8bFzJz.l7j0"
  }
}

SEE ALSO

panxapi, panjsont.py

AUTHORS

Kevin Steves <kevin.steves@pobox.com>