diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a5e9ef..1b1fd59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +2.3.0 +* Added support for Template Only Commits +* Added support for Template Stack Commits +* Added support for ingoring Trusted Default Certs on inventory to speed up the inventory job + 2.2.1 * Fixed URL Encoding on Palo Username and Pwd that caused invalid credentials error diff --git a/PaloAlto.sln b/PaloAlto.sln index a0c394f..5ae5155 100644 --- a/PaloAlto.sln +++ b/PaloAlto.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.30717.126 +# Visual Studio Version 17 +VisualStudioVersion = 17.11.35222.181 MinimumVisualStudioVersion = 10.0.40219.1 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PaloAlto", "PaloAlto\PaloAlto.csproj", "{33FBC5A1-3466-4F10-B9A6-7186F804A65A}" EndProject diff --git a/PaloAlto/Client/PaloAltoClient.cs b/PaloAlto/Client/PaloAltoClient.cs index a509980..732d943 100644 --- a/PaloAlto/Client/PaloAltoClient.cs +++ b/PaloAlto/Client/PaloAltoClient.cs @@ -18,6 +18,7 @@ using System.Net.Http.Headers; using System.Reflection; using System.Text.RegularExpressions; +using System.Threading; using System.Threading.Tasks; using System.Xml; using System.Xml.Serialization; @@ -99,6 +100,22 @@ public async Task GetDeviceGroupList() _logger.LogError($"Error Occured in PaloAltoClient.GetDeviceGroupList: {e.Message}"); throw; } + } + + public async Task GetTemplateStackList() + { + try + { + var uri = + $"/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/template-stack/entry/@name&key={ApiKey}"; + var response = await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); + return response; + } + catch (Exception e) + { + _logger.LogError($"Error Occured in PaloAltoClient.GetDeviceGroupList: {e.Message}"); + throw; + } } public async Task GetCommitResponse() @@ -118,15 +135,31 @@ public async Task GetCommitResponse() } } - public async Task GetCommitAllResponse(string deviceGroup) + public async Task GetCommitAllResponse(string deviceGroup,string storePath,string templateStack) { try { //Palo alto claims this commented out line works for push to devices by userid but can't get this to work //var uri = $"/api/?&type=commit&action=all&cmd={ServerUserName}&key={ApiKey}"; - var uri = - $"/api/?&type=commit&action=all&cmd=&key={ApiKey}"; - var response = await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); + var uri = string.Empty; + if (!String.IsNullOrEmpty(deviceGroup)) + { + uri = + $"/api/?&type=commit&action=all&cmd=&key={ApiKey}"; + } + else + { + uri =$"/api/?&type=commit&action=all&cmd=&key={ApiKey}"; + } + + var response = await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); + + if (!String.IsNullOrEmpty(templateStack)) + { + uri = $"/api/?&type=commit&action=all&cmd={templateStack}&key={ApiKey}"; + Thread.Sleep(60000); //Some delay built in so pushes to devices work + response = await GetXmlResponseAsync(await HttpClient.GetAsync(uri)); + } return response; } catch (Exception e) diff --git a/PaloAlto/JobProperties.cs b/PaloAlto/JobProperties.cs index c421a17..9db8310 100644 --- a/PaloAlto/JobProperties.cs +++ b/PaloAlto/JobProperties.cs @@ -23,6 +23,12 @@ public class JobProperties [DefaultValue("")] public string DeviceGroup { get; set; } + [JsonProperty("TemplateStack")] + [DefaultValue("")] + public string TemplateStack { get; set; } + [JsonProperty("InventoryTrustedCerts")] + [DefaultValue(false)] + public bool InventoryTrustedCerts { get; set; } } } diff --git a/PaloAlto/Jobs/Inventory.cs b/PaloAlto/Jobs/Inventory.cs index 60a3206..19abe37 100644 --- a/PaloAlto/Jobs/Inventory.cs +++ b/PaloAlto/Jobs/Inventory.cs @@ -127,28 +127,29 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven } }).Where(acsii => acsii?.Certificates != null).ToList()); - - foreach (var trustedRootCert in trustedRootPayload.TrustedRootResult.TrustedRootCa.Entry) - try - { - _logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}"); - var certificatePem = client.GetCertificateByName(trustedRootCert.Name); - _logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}"); - var bytes = Encoding.ASCII.GetBytes(certificatePem.Result); - var cert = new X509Certificate2(bytes); - _logger.LogTrace( - $"Building Trusted Root Inventory Item Pem: {certificatePem.Result} Has Private Key: {cert.HasPrivateKey}"); - inventoryItems.Add(BuildInventoryItem(trustedRootCert.Name, certificatePem.Result, cert.HasPrivateKey, true)); - } - catch(Exception e) - { - _logger.LogWarning( - $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer} error {LogHandler.FlattenException(e)}."); - sb.Append( - $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}.{Environment.NewLine}"); - warningFlag = true; - } - + if (StoreProperties.InventoryTrustedCerts) + { + foreach (var trustedRootCert in trustedRootPayload.TrustedRootResult.TrustedRootCa.Entry) + try + { + _logger.LogTrace($"Building Trusted Root Inventory Item Alias: {trustedRootCert.Name}"); + var certificatePem = client.GetCertificateByName(trustedRootCert.Name); + _logger.LogTrace($"Certificate String Back From Palo Pem: {certificatePem.Result}"); + var bytes = Encoding.ASCII.GetBytes(certificatePem.Result); + var cert = new X509Certificate2(bytes); + _logger.LogTrace( + $"Building Trusted Root Inventory Item Pem: {certificatePem.Result} Has Private Key: {cert.HasPrivateKey}"); + inventoryItems.Add(BuildInventoryItem(trustedRootCert.Name, certificatePem.Result, cert.HasPrivateKey, true)); + } + catch (Exception e) + { + _logger.LogWarning( + $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer} error {LogHandler.FlattenException(e)}."); + sb.Append( + $"Could not fetch the certificate: {trustedRootCert.Name} associated with issuer {trustedRootCert.Issuer}.{Environment.NewLine}"); + warningFlag = true; + } + } _logger.LogTrace("Submitting Inventory To Keyfactor via submitInventory.Invoke"); submitInventory.Invoke(inventoryItems); _logger.LogTrace("Submitted Inventory To Keyfactor via submitInventory.Invoke"); diff --git a/PaloAlto/Jobs/Management.cs b/PaloAlto/Jobs/Management.cs index c5b0dc1..75ac686 100644 --- a/PaloAlto/Jobs/Management.cs +++ b/PaloAlto/Jobs/Management.cs @@ -615,13 +615,16 @@ private string CommitChanges(ManagementJobConfiguration config, PaloAltoClient c var deviceGroup = StoreProperties?.DeviceGroup; _logger.LogTrace($"Device Group {deviceGroup}"); + var templateStack = StoreProperties?.TemplateStack; + _logger.LogTrace($"Template Stack {templateStack}"); + //If there is a template and device group then push to all firewall devices because it is Panorama - if (IsPanoramaDevice(config) && deviceGroup?.Length > 0) + if (Validators.IsValidPanoramaVsysFormat(config.CertificateStoreDetails.StorePath) || Validators.IsValidPanoramaFormat(config.CertificateStoreDetails.StorePath)) { _logger.LogTrace("It is a panorama device, build some delay in there so it works, pan issue."); Thread.Sleep(120000); //Some delay built in so pushes to devices work _logger.LogTrace("Done sleeping"); - var commitAllResponse = client.GetCommitAllResponse(deviceGroup).Result; + var commitAllResponse = client.GetCommitAllResponse(deviceGroup,config.CertificateStoreDetails.StorePath,templateStack).Result; _logger.LogTrace("Logging commit response from panorama."); LogResponse(commitAllResponse); if (commitAllResponse.Status != "success") diff --git a/PaloAlto/Validators.cs b/PaloAlto/Validators.cs index 25523f7..33ee56d 100644 --- a/PaloAlto/Validators.cs +++ b/PaloAlto/Validators.cs @@ -50,14 +50,14 @@ private static string GetTemplateName(string storePath) return templateName; } - static bool IsValidPanoramaFormat(string input) + public static bool IsValidPanoramaFormat(string input) { string pattern = @"^/config/devices/entry\[@name='[^\]]+'\]/template/entry\[@name='[^']+'\]/config/shared$"; Regex regex = new Regex(pattern); return regex.IsMatch(input); } - static bool IsValidFirewallVsysFormat(string input) + public static bool IsValidFirewallVsysFormat(string input) { string pattern = @"^/config/devices/entry\[@name='localhost\.localdomain'\]/vsys/entry\[@name='[^']+'\]$"; return Regex.IsMatch(input, pattern); @@ -77,12 +77,20 @@ public static (bool valid, JobResult result) ValidateStoreProperties(JobProperti } // If it is a firewall (store path of /) then you don't need the Group Name - if (!storePath.Contains("template",System.StringComparison.CurrentCultureIgnoreCase)) + if (!storePath.Contains("template", System.StringComparison.CurrentCultureIgnoreCase)) + { if (!string.IsNullOrEmpty(storeProperties?.DeviceGroup)) { errors += "You do not need a device group with a Palo Alto Firewall. It is only required for Panorama."; - } + } + if (!string.IsNullOrEmpty(storeProperties?.TemplateStack)) + { + errors += + "You do not need a Template Stack with a Palo Alto Firewall. It is only required for Panorama."; + } + } + // Considered Panorama device if store path is not "/" and there is a valid value for store path if (storePath.Contains("template", System.StringComparison.CurrentCultureIgnoreCase)) @@ -91,10 +99,6 @@ public static (bool valid, JobResult result) ValidateStoreProperties(JobProperti new PaloAltoClient(clientMachine, serverUserName, serverPassword); //Api base URL Plus Key - if (string.IsNullOrEmpty(storeProperties?.DeviceGroup)) - { - errors += "You need to specify a device group when working with Panorama."; - } if (!string.IsNullOrEmpty(storeProperties?.DeviceGroup)) { @@ -105,8 +109,20 @@ public static (bool valid, JobResult result) ValidateStoreProperties(JobProperti errors += $"Could not find your Device Group In Panorama. Valid Device Groups are {string.Join(",", deviceList.Result.Result.Entry.Select(d => d.Name))}"; } + } + + if (!string.IsNullOrEmpty(storeProperties?.TemplateStack)) + { + var templateStackList = client.GetTemplateStackList(); + var templateStacks = templateStackList.Result.Result.Entry.Where(d => d.Name == storeProperties?.TemplateStack); + if (!templateStacks.Any()) + { + errors += + $"Could not find your Template Stacks In Panorama. Valid Device Groups are {string.Join(",", templateStackList.Result.Result.Entry.Select(d => d.Name))}"; + } } + //Validate Template Exists in Panorama, required for Panorama var templateList = client.GetTemplateList(); var templates = templateList.Result.Result.Entry.Where(d => d.Name == GetTemplateName(storePath)); diff --git a/PaloAltoTestConsole/FirewallInventory.json b/PaloAltoTestConsole/FirewallInventory.json index baf9ac9..a8a13df 100644 --- a/PaloAltoTestConsole/FirewallInventory.json +++ b/PaloAltoTestConsole/FirewallInventory.json @@ -4,7 +4,7 @@ "ClientMachine": "ClientMachineGoesHere", "StorePath": "/", "StorePassword": "", - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"\"}", + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"\",\"InventoryTrustedCerts\": false,\"TemplateStack\":\"TemplateStackGoesHere\"}", "Type": 105 }, "JobCancelled": false, diff --git a/PaloAltoTestConsole/KeyfactorClient.cs b/PaloAltoTestConsole/KeyfactorClient.cs index 5e2b9a5..47db9d5 100644 --- a/PaloAltoTestConsole/KeyfactorClient.cs +++ b/PaloAltoTestConsole/KeyfactorClient.cs @@ -29,7 +29,7 @@ public async Task EnrollCertificate(string commonName var request = new RestRequest("/KeyfactorAPI/Enrollment/PFX", Method.Post); request.AddHeader("X-Keyfactor-Requested-With", "APIClient"); request.AddHeader("x-certificateformat", "PFX"); - request.AddHeader("Authorization", "Basic Q29tbWFuZFxLRkFkbWluOldoNUcyVGM2VkJZalNNcEM="); + request.AddHeader("Authorization", "Basic Authtoken"); request.AddHeader("Content-Type", "application/json"); var enrollRequest = new KeyfactorEnrollmentRequest { diff --git a/PaloAltoTestConsole/ManagementRemove.json b/PaloAltoTestConsole/ManagementRemove.json index 3e5ea30..292a13e 100644 --- a/PaloAltoTestConsole/ManagementRemove.json +++ b/PaloAltoTestConsole/ManagementRemove.json @@ -4,7 +4,7 @@ "ClientMachine": "ClientMachineGoesHere", "StorePath": "TemplateNameGoesHere", "StorePassword": null, - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\",\"InventoryTrustedCerts\": false,\"TemplateStack\":\"TemplateStackGoesHere\"}", "Type": 105 }, "OperationType": 3, diff --git a/PaloAltoTestConsole/PanoramaInventory.json b/PaloAltoTestConsole/PanoramaInventory.json index 446f942..a74cd17 100644 --- a/PaloAltoTestConsole/PanoramaInventory.json +++ b/PaloAltoTestConsole/PanoramaInventory.json @@ -243,7 +243,7 @@ "ClientMachine": "ClientMachineGoesHere", "StorePath": "TemplateNameGoesHere", "StorePassword": "", - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\",\"InventoryTrustedCerts\": false,\"TemplateStack\":\"TemplateStackGoesHere\"}", "Type": 105 }, "JobCancelled": false, diff --git a/PaloAltoTestConsole/PanoramaMgmt.json b/PaloAltoTestConsole/PanoramaMgmt.json index e4f2ec9..508f120 100644 --- a/PaloAltoTestConsole/PanoramaMgmt.json +++ b/PaloAltoTestConsole/PanoramaMgmt.json @@ -4,7 +4,7 @@ "ClientMachine": "ClientMachineGoesHere", "StorePath": "TemplateNameGoesHere", "StorePassword": null, - "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\"}", + "Properties": "{\"ServerUsername\":\"UserNameGoesHere\",\"ServerPassword\":\"PasswordGoesHere\",\"ServerUseSsl\":\"true\",\"DeviceGroup\":\"DeviceGroupGoesHere\",\"InventoryTrustedCerts\": false,\"TemplateStack\":\"TemplateStackGoesHere\"}", "Type": 105 }, "OperationType": 2, diff --git a/PaloAltoTestConsole/Program.cs b/PaloAltoTestConsole/Program.cs index d83e589..f5d6dc3 100644 --- a/PaloAltoTestConsole/Program.cs +++ b/PaloAltoTestConsole/Program.cs @@ -22,6 +22,7 @@ using Keyfactor.Orchestrators.Extensions.Interfaces; using Moq; using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace PaloAltoTestConsole { @@ -33,6 +34,8 @@ internal class Program public static string CertAlias { get; set; } public static string ClientMachine { get; set; } public static string DeviceGroup { get; set; } + public static string InventoryTrusted { get; set; } + public static string TemplateStackName { get; set; } public static string StorePath { get; set; } public static string Overwrite { get; set; } public static string ManagementType { get; set; } @@ -59,6 +62,8 @@ private static async Task Main(string[] args) Password = arguments["-password"]; StorePath = arguments["-storepath"]; DeviceGroup = arguments["-devicegroup"]; + InventoryTrusted = arguments["-inventorytrusted"]; + TemplateStackName = arguments["-templatestackname"]; ClientMachine = arguments["-clientmachine"]; } else @@ -73,6 +78,10 @@ private static async Task Main(string[] args) StorePath = Console.ReadLine(); Console.WriteLine("Enter DeviceGroup"); DeviceGroup = Console.ReadLine(); + Console.WriteLine("Inventory Trusted"); + InventoryTrusted = Console.ReadLine(); + Console.WriteLine("Template Stack Name"); + TemplateStackName = Console.ReadLine(); Console.WriteLine("Enter ClientMachine"); ClientMachine = Console.ReadLine(); } @@ -184,20 +193,49 @@ public static bool GetItems(IEnumerable items) public static InventoryJobConfiguration GetInventoryJobConfiguration() { + var intentoryTrustedReplaceString = "\"InventoryTrustedCerts\": false"; + if (InventoryTrusted.ToUpper() == "TRUE") + { + intentoryTrustedReplaceString = "\"InventoryTrustedCerts\": true"; + } + var fileContent = File.ReadAllText("FirewallInventory.json").Replace("UserNameGoesHere", UserName) - .Replace("PasswordGoesHere", Password).Replace("ClientMachineGoesHere", ClientMachine); + .Replace("PasswordGoesHere", Password).Replace("ClientMachineGoesHere", ClientMachine) + .Replace("\"InventoryTrustedCerts\": false", intentoryTrustedReplaceString); + var jsonObject = JObject.Parse(fileContent); + + // Navigate to the InventoryTrustedCerts property and set it to true + jsonObject["CertificateStoreDetails"]["Properties"] = jsonObject["CertificateStoreDetails"]["Properties"].ToString().Replace("\"InventoryTrustedCerts\": false", intentoryTrustedReplaceString); + + var result = - JsonConvert.DeserializeObject(fileContent); + JsonConvert.DeserializeObject(jsonObject.ToString()); + return result; } public static InventoryJobConfiguration GetPanoramaInventoryJobConfiguration() { + var intentoryTrustedReplaceString = "\"InventoryTrustedCerts\": false"; + if (InventoryTrusted.ToUpper() == "TRUE") + { + intentoryTrustedReplaceString = "\"InventoryTrustedCerts\": true"; + } + var fileContent = File.ReadAllText("PanoramaInventory.json").Replace("UserNameGoesHere", UserName) .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) - .Replace("ClientMachineGoesHere", ClientMachine).Replace("DeviceGroupGoesHere", DeviceGroup); + .Replace("ClientMachineGoesHere", ClientMachine) + .Replace("DeviceGroupGoesHere", DeviceGroup); + + + var jsonObject = JObject.Parse(fileContent); + + // Navigate to the InventoryTrustedCerts property and set it to true + jsonObject["CertificateStoreDetails"]["Properties"] = jsonObject["CertificateStoreDetails"]["Properties"].ToString().Replace("\"InventoryTrustedCerts\": false", intentoryTrustedReplaceString); + + var result = - JsonConvert.DeserializeObject(fileContent); + JsonConvert.DeserializeObject(jsonObject.ToString()); return result; } @@ -209,15 +247,29 @@ public static ManagementJobConfiguration GetManagementJobConfiguration() { overWriteReplaceString = "\"Overwrite\": true"; } - + + var intentoryTrustedReplaceString = "\"InventoryTrustedCerts\": false"; + if (InventoryTrusted.ToUpper() == "TRUE") + { + intentoryTrustedReplaceString = "\"InventoryTrustedCerts\": true"; + } + var fileContent = File.ReadAllText("PanoramaMgmt.json").Replace("UserNameGoesHere", UserName) .Replace("PasswordGoesHere", Password).Replace("TemplateNameGoesHere", StorePath) .Replace("DeviceGroupGoesHere", DeviceGroup).Replace("AliasGoesHere", CertAlias) + .Replace("TemplateStackGoesHere", TemplateStackName) .Replace("ClientMachineGoesHere", ClientMachine) .Replace("\"Overwrite\": false",overWriteReplaceString) .Replace("CertificateContentGoesHere", CertificateContent); + + var jsonObject = JObject.Parse(fileContent); + + // Navigate to the InventoryTrustedCerts property and set it to true + jsonObject["CertificateStoreDetails"]["Properties"] = jsonObject["CertificateStoreDetails"]["Properties"].ToString().Replace("\"InventoryTrustedCerts\": false", intentoryTrustedReplaceString); + var result = - JsonConvert.DeserializeObject(fileContent); + JsonConvert.DeserializeObject(jsonObject.ToString()); + return result; } diff --git a/PaloAltoTestConsole/RunTest.bat b/PaloAltoTestConsole/RunTest.bat index 3528f46..f425aaf 100644 --- a/PaloAltoTestConsole/RunTest.bat +++ b/PaloAltoTestConsole/RunTest.bat @@ -8,7 +8,7 @@ set PAMachine=afsd set PAApiUser=bhisadfll set PAApiPassword=adfssadf -GOTO:PANTemplateVsys + echo *********************************** echo Starting Single Firewall Test Cases echo *********************************** @@ -28,6 +28,10 @@ set cert=%random% set casename=Management set mgt=add set overwrite=false +set inventorytrusted=false +set templatestackname="" + +REM goto :PANTemplates echo ************************************************************************************************************************ echo TC1 %mgt%. Should do the %mgt% and add anything in the chain @@ -35,12 +39,22 @@ echo *************************************************************************** echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% + + +echo ************************************************************************************************************************ +echo TC1a %mgt% with Template Stack. Should Error Template Stack not Valid for Firewall +echo ************************************************************************************************************************ +echo overwrite: %overwrite% +echo cert name: %cert% +set templatestackname="CertificatesStack" +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove set trusted=false set overwrite=false +set templatestackname="" echo: echo ******************************************************************************************************* @@ -50,7 +64,7 @@ echo overwrite: %overwrite% echo trusted: %trusted% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove @@ -64,7 +78,7 @@ echo overwrite: %overwrite% set /p cert=Please enter bound cert name: echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add set overwrite=false @@ -76,7 +90,7 @@ echo *************************************************************************** echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% echo: @@ -87,7 +101,7 @@ set storepath=/config echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add set overwrite=true @@ -101,9 +115,9 @@ set /p cert=Please enter bound cert name: set storepath=/config/shared echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% - +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% +:firewallinventory echo: echo: echo *********************************** @@ -113,20 +127,30 @@ set storepath=/config/shared set casename=Inventory echo: -echo *************************************************************************************** -echo TC6 Firewall Inventory against firewall should return job status of "2" with no errors -echo *************************************************************************************** +echo ************************************************************************************************* +echo TC6 Firewall Inventory against firewall should return job status of "2" with no errors no Trusted +echo ************************************************************************************************* +echo overwrite: %overwrite% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% + +set inventorytrusted=true +echo: +echo *************************************************************************************************** +echo TC6a Firewall Inventory against firewall should return job status of "2" with no errors with Trusted +echo *************************************************************************************************** echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% :firewallvsys echo *********************************** echo Starting Firewall Vsys Test Cases echo *********************************** - +set inventorytrusted=false set clientmachine=%FWMachine% set password=%FWApiPassword% set user=%FWApiUser% @@ -150,7 +174,7 @@ echo *************************************************************************** echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove @@ -165,7 +189,7 @@ echo overwrite: %overwrite% echo trusted: %trusted% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove @@ -179,7 +203,7 @@ echo overwrite: %overwrite% set /p cert=Please enter bound cert name: echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add set overwrite=false @@ -191,7 +215,7 @@ echo *************************************************************************** echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% echo: @@ -202,7 +226,7 @@ set storepath=/config echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add set overwrite=true @@ -216,7 +240,7 @@ set /p cert=Please enter bound cert name: set storepath=/config/shared echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% echo: @@ -234,7 +258,7 @@ echo *************************************************************************** echo overwrite: %overwrite% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% echo: echo ********************************************* @@ -254,7 +278,7 @@ set casename=Management set cert=%random% -set storepath=CertificatesTemplate1 +set storepath="/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate1']/config/shared" set casename=Management set mgt=add set overwrite=false @@ -268,13 +292,29 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% + + +echo: +echo ************************************************************************************************************* +echo TC14a Invalid Template Stack Test, should return a list of valid templates panorama templates to use, error +echo ************************************************************************************************************* +set storepath="/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared" +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% +set templatestackname="InvalidStack" + + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set casename=Management set mgt=add set overwrite=false set storepath="/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared" set devicegroup=Broup2 +set templatestackname="" echo: echo ********************************************************************************************** echo TC15 Invalid Group Name, should return a list of valid Groups in panorama to use and error out @@ -284,7 +324,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set cert=%random% set devicegroup=Group1 @@ -300,7 +340,33 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% + +echo: +echo ************************************************************************************ +echo TC16a %mgt% push to template only no device group or template stack +echo ************************************************************************************ +set overwrite=true +set devicegroup="" +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% + +echo: +echo ************************************************************************************ +echo TC16b %mgt% push to template and template stack only no device group +echo ************************************************************************************ +set templatestackname=CertificatesStack +echo overwrite: %templatestackname% +echo overwrite: %overwrite% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add set overwrite=true @@ -313,7 +379,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove set overwrite=false @@ -326,7 +392,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add @@ -341,7 +407,7 @@ echo group name: %devicegroup% set /p cert=Please enter bound cert name: echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove set overwrite=false @@ -354,8 +420,9 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% +:PANInventory echo: echo: echo *********************************** @@ -373,8 +440,23 @@ echo trusted: %trusted% echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% +set inventorytrusted=true + +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% + + +echo: +echo ************************************************************************* +echo TC21a Inventory Panorama Certificates from Cert Locations only no Trusted +echo ************************************************************************* +echo overwrite: %overwrite% +echo trusted: %trusted% +echo store path: %storepath% +echo group name: %devicegroup% +echo cert name: %cert% +set inventorytrusted=false -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% :PANTemplateVsys @@ -408,7 +490,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add set overwrite=true @@ -421,7 +503,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove set overwrite=false @@ -434,7 +516,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=add @@ -449,7 +531,7 @@ echo group name: %devicegroup% set /p cert=Please enter bound cert name: echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove set overwrite=false @@ -462,7 +544,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% echo: echo: @@ -482,7 +564,7 @@ echo store path: %storepath% echo group name: %devicegroup% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup=%devicegroup% -managementtype=%mgt% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% :PAN @@ -513,7 +595,7 @@ echo overwrite: %overwrite% echo store path: %storepath% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% echo: echo ************************************************************* @@ -523,7 +605,7 @@ echo overwrite: %overwrite% echo store path: %storepath% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set overwrite=true @@ -535,7 +617,7 @@ echo overwrite: %overwrite% echo store path: %storepath% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove @@ -548,7 +630,7 @@ echo overwrite: %overwrite% echo store path: %storepath% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set storepath=/config/panorama set casename=Management @@ -563,7 +645,7 @@ echo overwrite: %overwrite% echo store path: %storepath% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% set mgt=remove @@ -575,6 +657,6 @@ echo overwrite: %overwrite% echo store path: %storepath% echo cert name: %cert% -PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% +PaloAltoTestConsole.exe -clientmachine=%clientmachine% -casename=%casename% -user=%user% -password=%password% -storepath=%storepath% -devicegroup= -managementtype=%mgt% -certalias=%cert% -tlsminversion= -tlsmaxversion= -bindingname= -overwrite=%overwrite% -inventorytrusted=%inventorytrusted% -templatestackname=%templatestackname% @pause diff --git a/README.md b/README.md index 806d7a0..49a39c5 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,8 @@ ServerUsername|Server Username |Secret | |Unchecked |Yes ServerPassword|Server Password |Secret | |Unchecked |Yes |Palo Alto Api Password ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes |Requires SSL Connection DeviceGroup |Device Group |String | |Unchecked |No |Device Group on Panorama that changes will be pushed to. +InventoryTrustedCerts|Inventory Trusted Certs|Bool |False|Unchecked |No |If false, will not inventory default trusted certs, saves time. +TemplateStack |Template Stack |String | |Unchecked |No |Template stack used for device push of certificates via Template. #### ENTRY PARAMETERS FOR STORE TYPE The entry parameters for this version have been eliminated. It will not longer support new bindings but will just update existing bindings when the certificate is replaced. @@ -286,11 +288,13 @@ Rest Api |Objects/Devices,Panorama/Scheduled Config Push,Panorama/Templates Case Number|Case Name|Store Path|Enrollment Params|Expected Results|Passed|Screenshots -------|----------|------------------|--------------------|----------------------------|----|-------- TC1|Firewall Enroll No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
false|Cert and Chain Installed on Firewall|True|![](images/TC1.gif) +TC1a|Firewall Enroll Template Stack|/config/shared|**Alias**:
www.tc1a.com
**Overwrite**:
false|Error Stating Template Stacks Not Used for Firewall|True|![](images/TC1a.gif) TC2|Firewall Replace No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
true|Cert and Chain Installed on Firewall|True|![](images/TC2.gif) TC3|Firewall Remove Bound Certificate|/config/shared|**Alias**:
0.13757535891685202
**Overwrite**:
false|Cert will **not** be removed because bound|True|![](images/TC3.gif) TC4|Firewall Enroll Bindings|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
false|Will not replace cert since Overwrite=false|True|![](images/TC4.gif) TC5|Firewall Replace Bound Certificate|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
true|Will replace cert bindings get automatically updated since Overwrite=true|True|![](images/TC5.gif) TC6|Firewall Inventory|/config/shared|N/A|Inventory will finish and certs from shared location inventoried.|True|![](images/TC6.gif) +TC6a|Firewall Inventory No Trusted Certs|/config/shared|N/A|Inventory will finish no Trusted Certs and certs from shared location inventoried.|True|![](images/TC6.gif) TC7|Firewall Inventory With Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will Inventory all certificates from vsys1 on firewall|True|![](images/TC7.gif) TC8|Firewall Enroll cert and chain to Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
www.ejbcacertandchain.com|Cert is installed along with chain.|True|![](images/TC8.gif) TC9|Firewall Remove unbound cert from Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will remove cert from test case 8 from Firewall Virtual System|True|![](images/TC9.gif) @@ -299,13 +303,16 @@ TC11|Firewall Replace without Overwrite on Virtual System|/config/devices/entry[ TC12|Firewall Renew cert on Shared and Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] and /config/shared|**Alias**:
www.renewtester.com|Cert renewed on vsys and shared locations|True|![](images/TC12.gif) TC13|Firewall Replace bound cert on Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##
**Overwrite**:
true|Cert will be replaced and binding updated on vsys.|True|![](images/TC13.gif) TC14|Panorama Template Enroll Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is enrolled to shared location for template|True|![](images/TC14.gif) +TC14a|Panorama Invalid Template Stack|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.tc14a.com|Error Occurs with list of valid Template Stacks To Use|True|![](images/TC14a.gif) TC15|Panorama Template Replace Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com
**Overwrite**:
true|Certificate is replaced in shared location for template|True|![](images/TC15.gif) TC16|Panorama Template Remove unbound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is removed from shared location for template|True|![](images/TC16.gif) +TC16a|Panorama Template Stack Push|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.tc16a.com|Certificate pushed to Template and Template Stack|True|![](images/TC16a.gif) TC17|Panorama Template Replace bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest
**Overwrite**:
true|Certificate is replaced, binding updated in shared location for template|True|![](images/TC17.gif) TC18|Panorama Template Remove bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest|Certificate is not removed because it is bound|True|![](images/TC18.gif) TC19|Panorama Template Shared Inventory|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|N/A|Certificates are inventoried from this location|True|![](images/TC19.gif) TC20|Panorama Template Virtual System Inventory|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|N/A|Certificates are inventoried from this template vsys location|True|![](images/TC20.gif) TC21|Panorama Template Virtual System Enroll Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is enrolled to vsys2 location for template|True|![](images/TC21.gif) +TC21a|Panorama Level Inventory No Trusted Certs|/config/panorama|N/A|Certificates are inventoried from this location No Trusted Certs|True|![](images/TC21a.gif) TC22|Panorama Template Virtual System Replace unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is replaced in vsys2 location for template|True|![](images/TC22.gif) TC23|Panorama Template Virtual System Remove unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is removed in vsys2 location for template|True|![](images/TC23.gif) TC24|Panorama Template Virtual System Renew bound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is renewed, binding updated in vsys2 location for template|True|![](images/TC24.gif) diff --git a/images/TC14a.gif b/images/TC14a.gif new file mode 100644 index 0000000..1c1d651 Binary files /dev/null and b/images/TC14a.gif differ diff --git a/images/TC1a.gif b/images/TC1a.gif new file mode 100644 index 0000000..74f83b9 Binary files /dev/null and b/images/TC1a.gif differ diff --git a/images/TC21a.gif b/images/TC21a.gif new file mode 100644 index 0000000..d0c123a Binary files /dev/null and b/images/TC21a.gif differ diff --git a/images/TC6a.gif b/images/TC6a.gif new file mode 100644 index 0000000..0817b5f Binary files /dev/null and b/images/TC6a.gif differ diff --git a/images/tc16b.gif b/images/tc16b.gif new file mode 100644 index 0000000..d8534d4 Binary files /dev/null and b/images/tc16b.gif differ diff --git a/integration-manifest.json b/integration-manifest.json index b5aac9c..37b11e2 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -77,6 +77,22 @@ "DependsOn": null, "DefaultValue": null, "Required": false + }, + { + "Name": "InventoryTrustedCerts", + "DisplayName": "Inventory Trusted Certs", + "Type": "Bool", + "DependsOn": null, + "DefaultValue": "false", + "Required": true + }, + { + "Name": "TemplateStack", + "DisplayName": "Template Stack", + "Type": "String", + "DependsOn": null, + "DefaultValue": null, + "Required": false } ], "EntryParameters": [ @@ -99,4 +115,4 @@ ] } } -} \ No newline at end of file +} diff --git a/readme_source.md b/readme_source.md index 6c63cf5..f64b5b8 100644 --- a/readme_source.md +++ b/readme_source.md @@ -32,6 +32,8 @@ ServerUsername|Server Username |Secret | |Unchecked |Yes ServerPassword|Server Password |Secret | |Unchecked |Yes |Palo Alto Api Password ServerUseSsl |Use SSL |Bool |True |Unchecked |Yes |Requires SSL Connection DeviceGroup |Device Group |String | |Unchecked |No |Device Group on Panorama that changes will be pushed to. +InventoryTrustedCerts|Inventory Trusted Certs|Bool |False|Unchecked |No |If false, will not inventory default trusted certs, saves time. +TemplateStack |Template Stack |String | |Unchecked |No |Template stack used for device push of certificates via Template. #### ENTRY PARAMETERS FOR STORE TYPE The entry parameters for this version have been eliminated. It will not longer support new bindings but will just update existing bindings when the certificate is replaced. @@ -187,11 +189,13 @@ Rest Api |Objects/Devices,Panorama/Scheduled Config Push,Panorama/Templates Case Number|Case Name|Store Path|Enrollment Params|Expected Results|Passed|Screenshots -------|----------|------------------|--------------------|----------------------------|----|-------- TC1|Firewall Enroll No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
false|Cert and Chain Installed on Firewall|True|![](images/TC1.gif) +TC1a|Firewall Enroll Template Stack|/config/shared|**Alias**:
www.tc1a.com
**Overwrite**:
false|Error Stating Template Stacks Not Used for Firewall|True|![](images/TC1a.gif) TC2|Firewall Replace No Bindings|/config/shared|**Alias**:
www.certandchain.com
**Overwrite**:
true|Cert and Chain Installed on Firewall|True|![](images/TC2.gif) TC3|Firewall Remove Bound Certificate|/config/shared|**Alias**:
0.13757535891685202
**Overwrite**:
false|Cert will **not** be removed because bound|True|![](images/TC3.gif) TC4|Firewall Enroll Bindings|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
false|Will not replace cert since Overwrite=false|True|![](images/TC4.gif) TC5|Firewall Replace Bound Certificate|/config/shared|**Alias**:0.13757535891685202
**Overwrite**:
true|Will replace cert bindings get automatically updated since Overwrite=true|True|![](images/TC5.gif) TC6|Firewall Inventory|/config/shared|N/A|Inventory will finish and certs from shared location inventoried.|True|![](images/TC6.gif) +TC6a|Firewall Inventory No Trusted Certs|/config/shared|N/A|Inventory will finish no Trusted Certs and certs from shared location inventoried.|True|![](images/TC6.gif) TC7|Firewall Inventory With Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will Inventory all certificates from vsys1 on firewall|True|![](images/TC7.gif) TC8|Firewall Enroll cert and chain to Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
www.ejbcacertandchain.com|Cert is installed along with chain.|True|![](images/TC8.gif) TC9|Firewall Remove unbound cert from Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|N/A|Will remove cert from test case 8 from Firewall Virtual System|True|![](images/TC9.gif) @@ -200,13 +204,16 @@ TC11|Firewall Replace without Overwrite on Virtual System|/config/devices/entry[ TC12|Firewall Renew cert on Shared and Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1'] and /config/shared|**Alias**:
www.renewtester.com|Cert renewed on vsys and shared locations|True|![](images/TC12.gif) TC13|Firewall Replace bound cert on Virtual System|/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']|**Alias**:
0.8168##
**Overwrite**:
true|Cert will be replaced and binding updated on vsys.|True|![](images/TC13.gif) TC14|Panorama Template Enroll Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is enrolled to shared location for template|True|![](images/TC14.gif) +TC14a|Panorama Invalid Template Stack|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.tc14a.com|Error Occurs with list of valid Template Stacks To Use|True|![](images/TC14a.gif) TC15|Panorama Template Replace Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com
**Overwrite**:
true|Certificate is replaced in shared location for template|True|![](images/TC15.gif) TC16|Panorama Template Remove unbound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.pantemptc1.com|Certificate is removed from shared location for template|True|![](images/TC16.gif) +TC16a|Panorama Template Stack Push|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
www.tc16a.com|Certificate pushed to Template and Template Stack|True|![](images/TC16a.gif) TC17|Panorama Template Replace bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest
**Overwrite**:
true|Certificate is replaced, binding updated in shared location for template|True|![](images/TC17.gif) TC18|Panorama Template Remove bound Certificate|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|**Alias**:
LongNameTest|Certificate is not removed because it is bound|True|![](images/TC18.gif) TC19|Panorama Template Shared Inventory|/config/devices/entry[@name='localhost.localdomain']/template/entry[@name='CertificatesTemplate']/config/shared|N/A|Certificates are inventoried from this location|True|![](images/TC19.gif) TC20|Panorama Template Virtual System Inventory|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|N/A|Certificates are inventoried from this template vsys location|True|![](images/TC20.gif) TC21|Panorama Template Virtual System Enroll Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is enrolled to vsys2 location for template|True|![](images/TC21.gif) +TC21a|Panorama Level Inventory No Trusted Certs|/config/panorama|N/A|Certificates are inventoried from this location No Trusted Certs|True|![](images/TC21a.gif) TC22|Panorama Template Virtual System Replace unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is replaced in vsys2 location for template|True|![](images/TC22.gif) TC23|Panorama Template Virtual System Remove unbound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is removed in vsys2 location for template|True|![](images/TC23.gif) TC24|Panorama Template Virtual System Renew bound Certificate|/config/devices/entry/template/entry[@name='CertificatesTemplate']/config/devices/entry/vsys/entry[@name='vsys2']|**Alias**:
www.vsys2enroll.com|Certificate is renewed, binding updated in vsys2 location for template|True|![](images/TC24.gif) @@ -217,4 +224,4 @@ TC28|Panorama Level Replace Cert|/config/panorama|**Alias**:
www.panlevelcert TC29|Panorama Level Remove unbound Cert|/config/panorama|N/A|Cert is removed because not bound|True|![](images/TC28.gif) TC30|Panorama Level Replace bound Cert|/config/panorama|**Alias**:
PanoramaNoPK
**Overwrite**:
true|Cert is replaced, binding updated|True|![](images/TC30.gif) TC31|Firewall previous version cert store settings|/config/shared|**Alias**:
www.extraparams.com
**Overwrite**:
false|Cert is still installed because it ignores extra params|True|![](images/TC31.gif) - \ No newline at end of file +