Skip to content

Instantly share code, notes, and snippets.

@Dapacruz

Dapacruz/panw-remove-tags.py

Last active January 27, 2021 16:25
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Removes tags from Panorama
Raw
panw-remove-tags.py
#!/usr/bin/env python3
'''Removes tags from Panorama
panw-remove-tags.py
Author: David Cruz (davidcruz72@gmail.com)
Python version >= 3.6
Required software:
PAN-Configurator (https://github.com/cpainchaud/pan-configurator)
Features:
Backs up Panorama running configuration
Appends tag name to object and security policy descriptions
Removes space separated list of tags from objects and security policies
'''
from datetime import datetime
import argparse
import signal
import sys
import subprocess
import time
panorama = 'PANORAMA'
base_dir = '/Users/USER/pan-configurator/pan-configurator'
utils_dir = f'{base_dir}/utils'
working_dir = f'/Users/USER/pan-configurator/working'
downloaded_config = f'{working_dir}/panorama-backup-{datetime.now().strftime("%Y.%m.%d-%H.%M.%S")}.xml'
pa_address_edit = ['php', '-r', f'require_once "{utils_dir}/address-edit.php";', f'in=api://{panorama}']
pa_service_edit = ['php', '-r', f'require_once "{utils_dir}/service-edit.php";', f'in=api://{panorama}']
pa_rule_edit = ['php', '-r', f'require_once "{utils_dir}/rules-edit.php";', f'in=api://{panorama}']
pa_tag_edit = ['php', '-r', f'require_once "{utils_dir}/tag-edit.php";', f'in=api://{panorama}']
pa_upload_config = ['php', '-r', f'require_once "{utils_dir}/upload-config.php";']
def sigint_handler(signum, frame):
sys.exit(1)
def parse_args():
parser = argparse.ArgumentParser(description='Removes tags from Panorama')
parser.add_argument('tags', type=str, nargs='+', help='Space separated list of tags to remove')
return parser.parse_args()
def main():
# Ctrl+C graceful exit
signal.signal(signal.SIGINT, sigint_handler)
tags = parse_args().tags
start_time = time.time()
# Back up Panorama running configuration
upload_args = [
f'in=api://{panorama}/running-config',
f'out={downloaded_config}'
]
print(
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Backing up Panorama running configuration ...\n')
result = subprocess.run(pa_upload_config + upload_args, check=True, capture_output=True)
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8"))
for tag in tags:
# Append tag name to address and service object descriptions and remove tag
object_args = [
'location=Shared',
f'actions=displayReferences/description-Append:[{tag}]/tag-Remove:{tag}',
f'filter=(tag has {tag})'
]
print(
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Appending tag "{tag}" name to address and address group object descriptions and removing tag ...')
result = subprocess.run(pa_address_edit + object_args, check=True, capture_output=True)
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8"))
print(
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Appending tag name "{tag}" to service object descriptions and removing tag ...')
result = subprocess.run(pa_service_edit + object_args, check=True, capture_output=True)
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8"))
# Append tag name to security policy descriptions and remove tag
rule_args = [
'location=all',
f'actions=display/description-Append:[{tag}]/tag-Remove:{tag}',
f'filter=(tag has {tag})'
]
print(
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Appending tag "{tag}" name to security policy descriptions ...')
result = subprocess.run(pa_rule_edit + rule_args, check=True, capture_output=True)
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8"))
# Remove tag
tag_args = [
'location=Shared',
'actions=displayReferences/delete',
f'filter=(name eq {tag})'
]
print(
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Removing tag "{tag}" from security policies ...')
result = subprocess.run(pa_tag_edit + tag_args, check=True, capture_output=True)
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8"))
print(
f'Removed {len(tags)} tags in {(time.time()-start_time)/60 :.3f} minutes')
sys.exit(0)
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment