Instantly share code, notes, and snippets.
Last active
January 27, 2021 16:25
-
Star
(0)
0
You must be signed in to star a gist -
Fork
(0)
0
You must be signed in to fork a gist
-
Save Dapacruz/3ac76274059ea1cd2e090ed7fe82a7a8 to your computer and use it in GitHub Desktop.
Removes tags from Panorama
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
'''Removes tags from Panorama | |
panw-remove-tags.py | |
Author: David Cruz (davidcruz72@gmail.com) | |
Python version >= 3.6 | |
Required software: | |
PAN-Configurator (https://github.com/cpainchaud/pan-configurator) | |
Features: | |
Backs up Panorama running configuration | |
Appends tag name to object and security policy descriptions | |
Removes space separated list of tags from objects and security policies | |
''' | |
from datetime import datetime | |
import argparse | |
import signal | |
import sys | |
import subprocess | |
import time | |
panorama = 'PANORAMA' | |
base_dir = '/Users/USER/pan-configurator/pan-configurator' | |
utils_dir = f'{base_dir}/utils' | |
working_dir = f'/Users/USER/pan-configurator/working' | |
downloaded_config = f'{working_dir}/panorama-backup-{datetime.now().strftime("%Y.%m.%d-%H.%M.%S")}.xml' | |
pa_address_edit = ['php', '-r', f'require_once "{utils_dir}/address-edit.php";', f'in=api://{panorama}'] | |
pa_service_edit = ['php', '-r', f'require_once "{utils_dir}/service-edit.php";', f'in=api://{panorama}'] | |
pa_rule_edit = ['php', '-r', f'require_once "{utils_dir}/rules-edit.php";', f'in=api://{panorama}'] | |
pa_tag_edit = ['php', '-r', f'require_once "{utils_dir}/tag-edit.php";', f'in=api://{panorama}'] | |
pa_upload_config = ['php', '-r', f'require_once "{utils_dir}/upload-config.php";'] | |
def sigint_handler(signum, frame): | |
sys.exit(1) | |
def parse_args(): | |
parser = argparse.ArgumentParser(description='Removes tags from Panorama') | |
parser.add_argument('tags', type=str, nargs='+', help='Space separated list of tags to remove') | |
return parser.parse_args() | |
def main(): | |
# Ctrl+C graceful exit | |
signal.signal(signal.SIGINT, sigint_handler) | |
tags = parse_args().tags | |
start_time = time.time() | |
# Back up Panorama running configuration | |
upload_args = [ | |
f'in=api://{panorama}/running-config', | |
f'out={downloaded_config}' | |
] | |
print( | |
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Backing up Panorama running configuration ...\n') | |
result = subprocess.run(pa_upload_config + upload_args, check=True, capture_output=True) | |
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8")) | |
for tag in tags: | |
# Append tag name to address and service object descriptions and remove tag | |
object_args = [ | |
'location=Shared', | |
f'actions=displayReferences/description-Append:[{tag}]/tag-Remove:{tag}', | |
f'filter=(tag has {tag})' | |
] | |
print( | |
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Appending tag "{tag}" name to address and address group object descriptions and removing tag ...') | |
result = subprocess.run(pa_address_edit + object_args, check=True, capture_output=True) | |
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8")) | |
print( | |
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Appending tag name "{tag}" to service object descriptions and removing tag ...') | |
result = subprocess.run(pa_service_edit + object_args, check=True, capture_output=True) | |
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8")) | |
# Append tag name to security policy descriptions and remove tag | |
rule_args = [ | |
'location=all', | |
f'actions=display/description-Append:[{tag}]/tag-Remove:{tag}', | |
f'filter=(tag has {tag})' | |
] | |
print( | |
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Appending tag "{tag}" name to security policy descriptions ...') | |
result = subprocess.run(pa_rule_edit + rule_args, check=True, capture_output=True) | |
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8")) | |
# Remove tag | |
tag_args = [ | |
'location=Shared', | |
'actions=displayReferences/delete', | |
f'filter=(name eq {tag})' | |
] | |
print( | |
f'PANW-REMOVE-TAGS-{datetime.now().strftime("%Y.%m.%d-%H:%M:%S")}: Removing tag "{tag}" from security policies ...') | |
result = subprocess.run(pa_tag_edit + tag_args, check=True, capture_output=True) | |
print(result.stdout.decode("utf-8"), result.stderr.decode("utf-8")) | |
print( | |
f'Removed {len(tags)} tags in {(time.time()-start_time)/60 :.3f} minutes') | |
sys.exit(0) | |
if __name__ == '__main__': | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment