.. _terraform-commits:
=============================
Terraform and Commits
=============================
One thing to know when working with Terraform is that it does not have
support for committing your configuration. To commit your configuration, you
can use the following `Golang `_ code.
.. code-block:: go
package main
import (
"encoding/json"
"flag"
"log"
"os"
"github.com/PaloAltoNetworks/pango"
)
type Credentials struct {
Hostname string `json:"hostname"`
Username string `json:"username"`
Password string `json:"password"`
ApiKey string `json:"api_key"`
Protocol string `json:"protocol"`
Port uint `json:"port"`
Timeout int `json:"timeout"`
}
func getCredentials(configFile, hostname, username, password, apiKey string) (Credentials) {
var (
config Credentials
val string
ok bool
)
// Auth from the config file.
if configFile != "" {
fd, err := os.Open(configFile)
if err != nil {
log.Fatalf("ERROR: %s", err)
}
defer fd.Close()
dec := json.NewDecoder(fd)
err = dec.Decode(&config)
if err != nil {
log.Fatalf("ERROR: %s", err)
}
}
// Auth from env variables.
if val, ok = os.LookupEnv("PANOS_HOSTNAME"); ok {
config.Hostname = val
}
if val, ok = os.LookupEnv("PANOS_USERNAME"); ok {
config.Username = val
}
if val, ok = os.LookupEnv("PANOS_PASSWORD"); ok {
config.Password = val
}
if val, ok = os.LookupEnv("PANOS_API_KEY"); ok {
config.ApiKey = val
}
// Auth from CLI args.
if hostname != "" {
config.Hostname = hostname
}
if username != "" {
config.Username = username
}
if password != "" {
config.Password = password
}
if apiKey != "" {
config.ApiKey = apiKey
}
if config.Hostname == "" {
log.Fatalf("ERROR: No hostname specified")
} else if config.Username == "" && config.ApiKey == "" {
log.Fatalf("ERROR: No username specified")
} else if config.Password == "" && config.ApiKey == "" {
log.Fatalf("ERROR: No password specified")
}
return config
}
func main() {
var (
err error
configFile, hostname, username, password, apiKey string
job uint
)
log.SetFlags(log.Ldate | log.Ltime | log.Lmicroseconds)
flag.StringVar(&configFile, "config", "", "JSON config file with panos connection info")
flag.StringVar(&hostname, "host", "", "PAN-OS hostname")
flag.StringVar(&username, "user", "", "PAN-OS username")
flag.StringVar(&password, "pass", "", "PAN-OS password")
flag.StringVar(&apiKey, "key", "", "PAN-OS API key")
flag.Parse()
config := getCredentials(configFile, hostname, username, password, apiKey)
fw := &pango.Firewall{Client: pango.Client{
Hostname: config.Hostname,
Username: config.Username,
Password: config.Password,
ApiKey: config.ApiKey,
Protocol: config.Protocol,
Port: config.Port,
Timeout: config.Timeout,
Logging: pango.LogOp | pango.LogAction,
}}
if err = fw.Initialize(); err != nil {
log.Fatalf("Failed: %s", err)
}
job, err = fw.Commit(flag.Arg(0), true, true, false, true)
if err != nil {
log.Fatalf("Error in commit: %s", err)
} else if job == 0 {
log.Printf("No commit needed")
} else {
log.Printf("Committed config successfully")
}
}
This code reads the hostname, username, and password from the environment
variables we set earlier.
You will need to do the following to compile and run this code:
1. Open a text editor, add the code above to it and save the file as ``commit.go``.
2. Install the Go libraries for PAN-OS.
.. code-block:: bash
$ go get github.com/PaloAltoNetworks/pango
3. Compile the source code.
.. code-block:: bash
$ go build commit.go
4. Run the executable (using your existing environment variables).
.. code-block:: bash
$ ./commit