Palo Alto Networks

The Git Gallery

The Open Source Gallery presented by Palo Alto Networks.
Circa 2005-Present
userid.py
=========
Update User-ID by adding or removing a user-to-ip mapping on the firewall
**Usage**::
    userid.py [-h] [-v] [-q] hostname username password action user ip
**Examples**:
Send a User-ID login event to a firewall at 10.0.0.1::
    $ python userid.py 10.0.0.1 admin password login exampledomain/user1 4.4.4.4
Send a User-ID logout event to a firewall at 172.16.4.4::
    $ python userid.py 172.16.4.4 admin password logout user2 5.1.2.2
"""
import sys
import os
import argparse
import logging

curpath = os.path.dirname(os.path.abspath(__file__))
sys.path[:0] = [os.path.join(curpath, os.pardir)]

from pandevice.base import PanDevice
from pandevice.panorama import Panorama


def main():

    # Get command line arguments
    parser = argparse.ArgumentParser(
        description="Update User-ID by adding or removing a user-to-ip mapping"
    )
    parser.add_argument(
        "-v", "--verbose", action="count", help="Verbose (-vv for extra verbose)"
    )
    parser.add_argument("-q", "--quiet", action="store_true", help="No output")
    # Palo Alto Networks related arguments
    fw_group = parser.add_argument_group("Palo Alto Networks Device")
    fw_group.add_argument("hostname", help="Hostname of Firewall")
    fw_group.add_argument("username", help="Username for Firewall")
    fw_group.add_argument("password", help="Password for Firewall")
    fw_group.add_argument(
        "action", help="The action of the user. Must be 'login' or 'logout'."
    )
    fw_group.add_argument("user", help="The username of the user")
    fw_group.add_argument("ip", help="The IP address of the user")
    args = parser.parse_args()

    ### Set up logger
    # Logging Levels
    # WARNING is 30
    # INFO is 20
    # DEBUG is 10
    if args.verbose is None:
        args.verbose = 0
    if not args.quiet:
        logging_level = 20 - (args.verbose * 10)
        if logging_level <= logging.DEBUG:
            logging_format = "%(levelname)s:%(name)s:%(message)s"
        else:
            logging_format = "%(message)s"
        logging.basicConfig(format=logging_format, level=logging_level)

    # Connect to the device and determine its type (Firewall or Panorama).
    device = PanDevice.create_from_device(args.hostname, args.username, args.password,)

    logging.debug("Detecting type of device")

    # Panorama does not have a userid API, so exit.
    # You can use the userid API on a firewall with the Panorama 'target'
    # parameter by creating a Panorama object first, then create a
    # Firewall object with the 'panorama' and 'serial' variables populated.
    if issubclass(type(device), Panorama):
        logging.error(
            "Connected to a Panorama, but user-id API is not possible on Panorama.  Exiting."
        )
        sys.exit(1)

    if args.action == "login":
        logging.debug("Login user %s at IP %s" % (args.user, args.ip))
        device.userid.login(args.user, args.ip)
    elif args.action == "logout":
        logging.debug("Logout user %s at IP %s" % (args.user, args.ip))
        device.userid.logout(args.user, args.ip)
    else:
        raise ValueError(
            "Unknown action: %s.  Must be 'login' or 'logout'." % args.action
        )

    logging.debug("Done")


# Call the main() function to begin the program if not
# loaded as a module.
if __name__ == "__main__":
    main()

Featured

Most Starred