cft_code.lib.pan package¶
Submodules¶
cft_code.lib.pan.asglib module¶
- /*************************************************************************
- Copyright (c) 2016, Palo Alto Networks. All rights reserved. *
- This Software is the property of Palo Alto Networks. The Software and all *
- accompanying documentation are copyrighted. *
*************************************************************************/
Copyright 2016 Palo Alto Networks
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
-
cft_code.lib.pan.asglib.
choose_subnet
(subnet, AvailabilityZone)¶ Method to identify the subnet id based upon the availability zone.
Parameters: - subnet –
- AvailabilityZone –
Returns:
-
cft_code.lib.pan.asglib.
common_alarm_func_del
(alarmname)¶ Parameters: alarmname – Returns:
-
cft_code.lib.pan.asglib.
config_firewall_add_nat_rule
(gcontext, gwMgmtIp, api_key, untrust_ip, nlb_port, nlb_ip, static_route, default_gw, commit)¶ Parameters: - gcontext –
- gwMgmtIp –
- api_key –
- untrust_ip –
- nlb_port –
- nlb_ip –
- static_route –
- default_gw –
- commit –
Returns:
-
cft_code.lib.pan.asglib.
config_firewall_commit
(gcontext, gwMgmtIp, api_key)¶ Parameters: - gcontext –
- gwMgmtIp –
- api_key –
Returns:
-
cft_code.lib.pan.asglib.
config_firewall_delete_nat_rule
(gcontext, gwMgmtIp, api_key, nlb_port, static_route, commit)¶ Parameters: - gcontext –
- gwMgmtIp –
- api_key –
- nlb_port –
- static_route –
- commit –
Returns:
-
cft_code.lib.pan.asglib.
config_firewall_init_setting
(gcontext, gwMgmtIp, api_key, asg_name, untrust_ip)¶ Parameters: - gcontext –
- gwMgmtIp –
- api_key –
- asg_name –
Returns:
-
cft_code.lib.pan.asglib.
create_firewall_table
(stack_name, region)¶ Parameters: - stack_name –
- region –
Returns:
-
cft_code.lib.pan.asglib.
create_nlb_table
(stack_name, region)¶ Parameters: - stack_name –
- region –
Returns:
-
cft_code.lib.pan.asglib.
deactivate_fw_license
(gcontext, instanceId, gwMgmtIp, fwApiKey)¶ Call the FW to deactivate the license from the licensing server
Parameters: - gcontext – ssl context
- instanceId – instance Id
- gwMgmtIP – The IP address of the FW
- fwApiKey – Api key of the FW
Returns: Api call status
Return type: bool
-
cft_code.lib.pan.asglib.
delete_asg_stack
(stackname, elbtg, bsS3Bucket, ScalingParameter, keyPanoramam, force, subnet_ids)¶ Parameters: - stackname –
- elbtg –
- bsS3Bucket –
- ScalingParameter –
- KeyPANWPanorama –
- force –
- subnet_ids –
Returns:
-
cft_code.lib.pan.asglib.
delete_asg_stacks
(stackname, elbtg, vpc_sg, bsS3Bucket, ScalingParameter, KeyPANWPanorama, subnet_ids)¶ Parameters: - stackname –
- elbtg –
- vpc_sg –
- bsS3Bucket –
- ScalingParameter –
- KeyPANWPanorama –
- subnet_ids –
Returns:
-
cft_code.lib.pan.asglib.
delete_eni_lambda
(vpc_sg)¶ Parameters: vpc_sg – Returns:
-
cft_code.lib.pan.asglib.
delete_message_from_queue
(queue_url, receipt_handle)¶ Delete a message from the SQS queue.
Parameters: - queue_url – The URL of the queue
- receipt_handle – The receipt handle of the message
Returns: None
-
cft_code.lib.pan.asglib.
delete_table
(tablename)¶ Parameters: tablename – Returns:
-
cft_code.lib.pan.asglib.
execute_api_request
(gwMgmtIp, port, cmd)¶ Execute API requests against the FW. :param gwMgmtIp: :param port: :param cmd: :return:
-
cft_code.lib.pan.asglib.
firewall_table_add_instance
(stack_name, region, avail_zone, instance_id, state, term_state, asg_name, ip, pip, untrust_ip)¶ Parameters: - stack_name –
- region –
- avail_zone –
- instance_id –
- state –
- term_state –
- asg_name –
- ip –
- pip –
- untrust_ip –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_delete_instance
(stack_name, region, instance_id)¶ Parameters: - stack_name –
- region –
- instance_id –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_delete_instance1
(stack_name, region, instance_id)¶ Parameters: - stack_name –
- region –
- instance_id –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_get_all_in_az_state
(stack_name, region, state, avail_zone)¶ Parameters: - stack_name –
- region –
- state –
- avail_zone –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_get_all_in_state
(stack_name, region, state)¶ Parameters: - stack_name –
- region –
- state –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_get_from_db
(stack_name, region, instance_id)¶ Parameters: - stack_name –
- region –
- instance_id –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_update_rule_mask
(stack_name, region, instance_id, rule_mask)¶ Parameters: - stack_name –
- region –
- instance_id –
- rule_mask –
Returns:
-
cft_code.lib.pan.asglib.
firewall_table_update_state
(stack_name, region, instance_id, state)¶ Parameters: - stack_name –
- region –
- instance_id –
- state –
Returns:
-
cft_code.lib.pan.asglib.
fix_subnets
(data1)¶ Parameters: data1 – Returns:
-
cft_code.lib.pan.asglib.
fix_unicode
(data)¶ Method to convert opaque data from unicode to utf-8 :param data: Opaque data :return: utf-8 encoded data
-
cft_code.lib.pan.asglib.
getASGTag
(rid, key)¶ Set tags on a specified auto scale group.
Note
This method is important from the perspective that it allows the lambda function code to distinguish
`PAN-FW`
deployed ASG’s from other ASG’s that might already exist in the customer VPC.Parameters: - rid – The name of the ASG
- key – The tag to retrieve
Returns: None or str
-
cft_code.lib.pan.asglib.
getAccountId
(rid)¶ Parameters: rid – Returns:
-
cft_code.lib.pan.asglib.
getAzs
(subnet_ids)¶ Parameters: subnet_ids – Returns:
-
cft_code.lib.pan.asglib.
getChassisReady
(response)¶ Parameters: response – Returns:
-
cft_code.lib.pan.asglib.
getDebugLevel
(stackname, region, account)¶ Parameters: - stackname –
- region –
- account –
Returns:
-
cft_code.lib.pan.asglib.
getDebugLevelFromMsg
(msg)¶ Parameters: msg – Returns:
-
cft_code.lib.pan.asglib.
getJobProgress
(response)¶ Parameters: response – Returns:
-
cft_code.lib.pan.asglib.
getJobResult
(response)¶ Parameters: response – Returns:
-
cft_code.lib.pan.asglib.
getJobStatus
(response)¶ Parameters: response – Returns:
-
cft_code.lib.pan.asglib.
getJobTfin
(response)¶ Parameters: response – Returns:
-
cft_code.lib.pan.asglib.
getRegion
(rid)¶ Parameters: rid – Returns:
-
cft_code.lib.pan.asglib.
getScalingValue
(msg, ScalingParameter)¶ Parameters: - msg –
- ScalingParameter –
Returns:
-
cft_code.lib.pan.asglib.
getSqs
(stackname, region, account)¶ Parameters: - stackname –
- region –
- account –
Returns:
-
cft_code.lib.pan.asglib.
getSqsMessages
(stackname, account)¶ Parameters: - stackname –
- account –
Returns:
-
cft_code.lib.pan.asglib.
getUntrustIP
(instanceid, untrust)¶ Parameters: - instanceid –
- untrust –
Returns:
-
cft_code.lib.pan.asglib.
get_asg_name
(stackname, elbtg, az)¶ Construct asg name
Parameters: stackname – :param :elbtg :param az: :return: asg name
-
cft_code.lib.pan.asglib.
get_cw_name_space
(stackname, asg_name)¶ Parameters: - stackname –
- asg_name –
Returns:
-
cft_code.lib.pan.asglib.
get_device_serial_no
(gcontext, instanceId, gwMgmtIp, fwApiKey)¶ Retrieve the serial number from the FW.
Parameters: - gcontext – ssl context
- instanceId – instance Id
- gwMgmtIP – The IP address of the FW
- fwApiKey – Api key of the FW
Returns: The serial number of the FW
Return type: str
-
cft_code.lib.pan.asglib.
get_event_rule_name
(stackname, instanceId)¶ Generate the name of the event rule.
Parameters: - stackname –
- instanceId –
Returns: str
-
cft_code.lib.pan.asglib.
get_firewall_table_name
(stackname, region)¶ Parameters: - stackname –
- region –
Returns:
-
cft_code.lib.pan.asglib.
get_from_nlb_queue
(queue_url, visiblity_timeout=10, waittimes_seconds=0)¶ Retrieve a message from nlb queue
Parameters: - queue_url –
- visiblity_timeout –
- waittimes_seconds –
Returns: msg or None
-
cft_code.lib.pan.asglib.
get_from_sqs_queue
(queue_url, visiblity_timeout=10, waittimes_seconds=5)¶ Retrieve data from a queue
Parameters: - queue_url – URL of the queue
- visiblity_timeout – The duration during which the message will not be available to other consumers
- waittimes_seconds – Wait timeout
Returns: None
-
cft_code.lib.pan.asglib.
get_lambda_cloud_watch_func_name
(stackname, asg_name, instanceId)¶ Generate the name of the cloud watch metrics as a function of the ASG name and the instance id. :param stackname: :param asg_name: :param instanceId: :return: str
-
cft_code.lib.pan.asglib.
get_lambda_statement_id
(stackname, elbtg)¶ Parameters: - stackname –
- elbtg –
Returns:
-
cft_code.lib.pan.asglib.
get_lc_name
(stackname, elbtg, az)¶ Parameters: - stackname –
- elbtg –
- az –
Returns:
-
cft_code.lib.pan.asglib.
get_nlb_table_name
(stackname, region)¶ Parameters: - stackname –
- region –
Returns:
-
cft_code.lib.pan.asglib.
get_panorama_version
(gcontext, gwMgmtIp, apiKey)¶ Retrieve the software version of Panorama.
Parameters: - gcontext – ssl context
- gwMgmtIP – The IP address of the FW
- apiKey – Api key of the Panorama
Returns: The software version of the Panorama
Return type: str
-
cft_code.lib.pan.asglib.
get_s3_bucket_name
(stackname, ilbtag)¶ Parameters: - stackname –
- ilbtag –
Returns:
-
cft_code.lib.pan.asglib.
get_s3_bucket_name1
(stackname, ilbtag, ip_address)¶
-
cft_code.lib.pan.asglib.
get_sched_func_name
(stackname, elbtg)¶ Parameters: - stackname –
- elbtg –
Returns:
-
cft_code.lib.pan.asglib.
get_ssl_context
()¶ Create default ssl context
-
cft_code.lib.pan.asglib.
get_statement_id
(stackname, instanceId)¶ Parameters: - stackname –
- instanceId –
Returns:
-
cft_code.lib.pan.asglib.
get_subnet_and_gw
(ip_cidr)¶ Extract subnet and gateway from subnet cidr in AWS
Parameters: ip_cidr – Returns:
-
cft_code.lib.pan.asglib.
get_target_id_name
(stackname, instanceId)¶ Parameters: - stackname –
- instanceId –
Returns:
-
cft_code.lib.pan.asglib.
get_values_from_init_cfg
(contents)¶ Retrieve the keys from the init-cfg file :param contents: :return: dict
-
cft_code.lib.pan.asglib.
int2ip
(addr)¶ Parameters: addr – Returns:
-
cft_code.lib.pan.asglib.
ip2int
(addr)¶ Parameters: addr – Returns:
-
cft_code.lib.pan.asglib.
is_firewall_auto_commit_done
(gcontext, gwMgmtIp, api_key)¶ Parameters: - gcontext –
- gwMgmtIp –
- api_key –
Returns:
-
cft_code.lib.pan.asglib.
is_firewall_ready
(gcontext, gwMgmtIp, api_key)¶ Parameters: - gcontext –
- gwMgmtIp –
- api_key –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_add_entry
(stack_name, region, nlb_ip, port, nlb_state, nlb_zone_name, nlb_subnet_id, total_avail_zones, avail_zone_index, dns_name, nlb_name)¶ Parameters: - stack_name –
- region –
- nlb_ip –
- port –
- nlb_state –
- nlb_zone_name –
- nlb_subnet_id –
- total_avail_zones –
- avail_zone_index –
- dns_name –
- nlb_name –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_delete_entry
(stack_name, region, nlb_ip)¶ Parameters: - stack_name –
- region –
- nlb_ip –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_delete_entry_by_dnsname
(stack_name, region, dns_name)¶ Parameters: - stack_name –
- region –
- dns_name –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_get_all_in_state
(stack_name, region, state)¶ Parameters: - stack_name –
- region –
- state –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_get_entry_by_dnsname
(stack_name, region, dns_name)¶ Parameters: - stack_name –
- region –
- dns_name –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_get_from_db
(stack_name, region, nlb_ip)¶ Parameters: - stack_name –
- region –
- nlb_ip –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_get_next_avail_port
(stack_name, region)¶ Parameters: - stack_name –
- region –
Returns:
-
cft_code.lib.pan.asglib.
nlb_table_update_state
(stack_name, region, nlb_ip, nlb_state)¶ Parameters: - stack_name –
- region –
- nlb_ip –
- nlb_state –
Returns:
-
cft_code.lib.pan.asglib.
pan_print
(s)¶ Parameters: s – Returns:
-
cft_code.lib.pan.asglib.
panorama_delete_stack
(bsS3Bucket, asg_name, keyPanoramam)¶ Parameters: - bsS3Bucket –
- asg_name –
- keyPanoramam –
Returns:
-
cft_code.lib.pan.asglib.
panorama_remove_serial_and_ip
(stackname, r, pdict)¶ Parameters: - stackname –
- r –
- pdict –
Returns:
-
cft_code.lib.pan.asglib.
panorama_save_serial_and_ip
(stackname, r)¶ Parameters: - stackname –
- r –
Returns:
-
cft_code.lib.pan.asglib.
purge_stack_queue
(queue_url)¶ Delete all the messages in the queue
Parameters: queue_url – URL of the queue Returns: None
-
cft_code.lib.pan.asglib.
random_string
(string_length=10)¶ Parameters: string_length – Returns:
-
cft_code.lib.pan.asglib.
read_s3_object
(bucket, key)¶ Parameters: - bucket –
- key –
Returns:
-
cft_code.lib.pan.asglib.
release_eip
(stackname, instanceId)¶ Parameters: - stackname –
- instanceId –
Returns:
-
cft_code.lib.pan.asglib.
remove_alarm
(asg_name)¶ Parameters: asg_name – Returns:
-
cft_code.lib.pan.asglib.
remove_asg
(stackname, elbtg, az, ScalingParameter, KeyPANWPanorama, force, delete_stack)¶ Parameters: - stackname –
- elbtg –
- az –
- ScalingParameter –
- KeyPANWPanorama –
- force –
- delete_stack –
Returns:
-
cft_code.lib.pan.asglib.
remove_asg_life_cycle
(asg_name)¶ Parameters: asg_name – Returns:
-
cft_code.lib.pan.asglib.
remove_asg_vms
(stackname, asg_grp_name, KeyPANWPanorama, delete_stack)¶ Parameters: - stackname –
- :asg_grp_name –
- :KeyPANWPanorama –
- :delete_stack –
Returns:
-
cft_code.lib.pan.asglib.
remove_device
(stackname, remove, PanoramaIP, api_key, dev_group, tp_group, serial_no, gwMgmtIp)¶ Method to remove a device from Panorama.
Parameters: - stackname –
- remove –
- PanoramaIP –
- api_key –
- dev_group –
- tp_group –
- serial_no –
- gwMgmtIp –
Returns: None or str
-
cft_code.lib.pan.asglib.
remove_fw_from_panorama
(instanceId, KeyPANWPanorama, gwMgmtIp, PanoramaIP, PanoramaDG, PanoramaTPL)¶ Parameters: - instanceId –
- KeyPANWPanorama –
- gwMgmtIp –
- PanoramaIP –
- PanoramaDG –
- PanoramaTPL –
Returns:
-
cft_code.lib.pan.asglib.
remove_s3_bucket
(s3_bucket_name)¶ Parameters: s3_bucket_name – Returns:
-
cft_code.lib.pan.asglib.
retrieve_fw_ip
(instance_id)¶ Retrieve the IP of the Instance
Parameters: instance_id (str) – The id of the instance
-
cft_code.lib.pan.asglib.
runCommand
(gcontext, cmd, gwMgmtIp, api_key)¶ Method to run generic API commands against a PAN Firewall.
Note
This is a generic method to interact with PAN firewalls to execute api calls.
Parameters: - gcontext – SSL Context
- cmd – Command to execute
- gwMgmtIp – Management IP of the PAN FW
- api_key – API key of the Firewall
Returns: None or str
-
cft_code.lib.pan.asglib.
runShutdownCommand
(gcontext, cmd, gwMgmtIp, api_key)¶ Method to shutdown a device.
Parameters: - gcontext –
- cmd –
- gwMgmtIp –
- api_key –
Returns: bool
-
cft_code.lib.pan.asglib.
scalein_asg
(stackname, elbtg, az)¶
-
cft_code.lib.pan.asglib.
send_command
(conn, req_url)¶ An alternative interface to interact with the PAN FW’s
Parameters: - conn –
- req_url –
Returns: dict
-
cft_code.lib.pan.asglib.
send_message_to_nlb_queue
(queue_url, str_message)¶ Send a message on the Network Load Balancer queue.
Parameters: - queue_url – The URL of the queue
- str_message – Message to send to the queue
Returns: None
-
cft_code.lib.pan.asglib.
send_message_to_queue
(queue_url, str_message)¶ Send a message on the specified queue.
Parameters: - queue_url – The URL of the queue
- str_message – Message to send to the queue
Returns: None
-
cft_code.lib.pan.asglib.
setASGTag
(rid, key, value)¶ Set
`PAN-FW`
specific tags on an ASG.Note
This method is important from the perspective that it allows the lambda function code to distinguish
`PAN-FW`
deployed ASG’s from other ASG’s that might already exist in the customer VPC.Parameters: - rid – Name of the ASG
- key – Tag
- value – Tag Value
Returns: None
-
cft_code.lib.pan.asglib.
setDebugLevelFromMsg
(logger, lvl)¶ Parameters: - logger –
- lvl –
Returns:
-
cft_code.lib.pan.asglib.
setLoggerLevel
(logger, stackname, account)¶ Parameters: - logger –
- stackname –
- account –
Returns:
-
cft_code.lib.pan.asglib.
set_deactivate_api_key
(gcontext, instanceId, gwMgmtIp, fwApiKey, deactivateApiKey)¶ Setup the deactivate api key to allow the FW deactivate sequence :param instanceId: :param gwMgmtIp: :param fwApiKey: :param deactivateApiKey: :return: bool
-
cft_code.lib.pan.asglib.
set_queue_attributes
(queue_url, retention_period)¶ Set the queue attributes
Parameters: - queue_url – URL of the queue
- retention_period – Duration of time that the message will be retained for.
Returns: None
-
cft_code.lib.pan.asglib.
shutdown_fw_device
(gcontext, instanceId, gwMgmtIp, fwApiKey)¶ Shutdown the firewall device
Parameters: - gcontext – ssl context
- instanceId – instance Id
- gwMgmtIP – The IP address of the FW
- fwApiKey – Api key of the FW
Returns: Api call status
Return type: bool
-
cft_code.lib.pan.asglib.
substring_after
(s, delim)¶ Parameters: - s –
- delim –
Returns: