# Firewall admin with superuser and IP address is required.
#
# REQURED:
-# export PANOS_HOST="" # required
-# export PANOS_USER="" # required
-#
-# AND one of the two authenticiation methods:
-#
-# Method 1: Password (RECOMMENDED)
+# export PANOS_HOST=""
+# export PANOS_USER="" #User *MUST* have Commit and Import Permissions in XML API for Admin Role
# export PANOS_PASS=""
#
-# Method 2: API KEY
-# export PANOS_KEY=""
-#
-#
-# The Password method will automatically generate a new API key if
+# The script will automatically generate a new API key if
# no key is found, or if a saved key has expired or is invalid.
-#
+
# This function is to parse the XML response from the firewall
parse_response() {
type=$1 # Types are keytest, keygen, cert, key, commit
panos_url="https://$_panos_host/api/"
- #Test API Key by performing an empty commit.
+ #Test API Key by performing a lookup
if [ "$type" = 'keytest' ]; then
_debug "**** Testing saved API Key ****"
_H1="Content-Type: application/x-www-form-urlencoded"
- #Exclude all scopes for the empty commit
- _exclude_scope="<policy-and-objects>exclude</policy-and-objects><device-and-network>exclude</device-and-network><shared-object>exclude</shared-object>"
- content="type=commit&action=partial&key=$_panos_key&cmd=<commit><partial>$_exclude_scope<admin><member>acmekeytest</member></admin></partial></commit>"
+ # Get Version Info to test key
+ content="type=version&key=$_panos_key"
+ ## Exclude all scopes for the empty commit
+ #_exclude_scope="<policy-and-objects>exclude</policy-and-objects><device-and-network>exclude</device-and-network><shared-object>exclude</shared-object>"
+ #content="type=commit&action=partial&key=$_panos_key&cmd=<commit><partial>$_exclude_scope<admin><member>acmekeytest</member></admin></partial></commit>"
fi
# Generate API Key
_getdeployconf PANOS_PASS
fi
- # PANOS_KEY
- if [ "$PANOS_KEY" ]; then
- _debug "Detected ENV variable PANOS_KEY. Saving to file."
- _savedeployconf PANOS_KEY "$PANOS_KEY" 1
- else
- _debug "Attempting to load variable PANOS_KEY from file."
- _getdeployconf PANOS_KEY
- fi
-
#Store variables
_panos_host=$PANOS_HOST
- _panos_key=$PANOS_KEY
_panos_user=$PANOS_USER
_panos_pass=$PANOS_PASS
- #Test API Key if found. If the key is invalid, the variable panos_key will be unset.
+ #Load saved keys
+ _getdeployconf PANOS_KEY
+ _panos_key=$PANOS_KEY
+
+
+ #Test API Key if found. If the key is invalid, the variable _panos_key will be unset.
if [ "$_panos_host" ] && [ "$_panos_key" ]; then
_debug "**** Testing API KEY ****"
deployer keytest
elif [ -z "$_panos_user" ]; then
_err "No user found. If this is your first time deploying, please set PANOS_USER in ENV variables. You can delete it after you have successfully deployed the certs."
return 1
- elif [ -z "$_panos_key" ] && { [ -z "$_panos_user" ] || [ -z "$_panos_pass" ]; }; then
- _err "No pass OR valid API key found. If this is your first time deploying please set PANOS_PASS and/or PANOS_KEY in ENV variables. You can delete them after you have succesfully deployed the certs."
+ elif [ -z "$_panos_pass" ]; then
+ _err "No password found. If this is your first time deploying, please set PANOS_PASS in ENV variables. You can delete it after you have successfully deployed the certs."
return 1
else
# Generate a new API key if no valid API key is found
projects / mirror_acme.sh.git / commitdiff