A CLI tool to generate device certificate reports from Palo Alto Networks PAN-OS devices.
This tool assists customers in navigating the information provided within this Knowledge Base article.
- Multiple Data Sources: Collect device information from CSV files, Panorama appliances, or individual firewalls.
- Comprehensive Reports: Generates detailed PDF reports including device certificate status, software versions, and upgrade requirements.
- Easy to Use: Provides a straightforward command-line interface powered by Typer.
- Data Validation: Utilizes Pydantic models for robust data handling.
- Flexible Workflows: Supports multiple workflows for different use cases and environments.
Requires Python 3.10 or higher.
Install the package using pip:
$ pip install device-certificate-report
---> 100%
Successfully installed device-certificate-reportThe device-certificate-report utility provides three subcommands:
csv: Generate a report from a CSV file containing device information.panorama: Connect to a Panorama appliance to retrieve connected firewalls and generate a report.firewall: Connect directly to a firewall appliance to generate a report.
Process a CSV file to generate the report.
$ device-certificate-report csv --csv-file <path_to_csv_file> --output-file <output_pdf>--csv-fileand--output-fileflags are optional*
Examples:
$ device-certificate-report csv ─╯
CSV file path: panorama.csv
Cleaned CSV file saved as: /Users/cdot/development/cdot65/device_certificate_report/cleaned.csv
Processing cleaned CSV file: /Users/cdot/development/cdot65/device_certificate_report/cleaned.csv
Report generated at device_certificate_report.pdf$ device-certificate-report csv --csv-file panorama.csv --output-file device_certificate_report.pdf ─╯
Cleaned CSV file saved as: /Users/cdot/development/cdot65/device_certificate_report/cleaned.csv
Processing cleaned CSV file: /Users/cdot/development/cdot65/device_certificate_report/cleaned.csv
Report generated at device_certificate_report.pdfConnect to a Panorama appliance and generate the report from connected firewalls.
$ device-certificate-report panorama --hostname <panorama_ip> --username <user> --password <password> --output-file <output_pdf>--hostname,--username,--password, and--output-fileflags are optional*
Examples:
$ device-certificate-report panorama ─╯
Panorama hostname or IP: panorama1.example.io
Panorama username: admin
Panorama password:
Connecting to Panorama at panorama1.example.io
INFO:device_certificate_report.components.data_collection:Sending operational command to Panorama to retrieve all devices.
INFO:device_certificate_report.components.data_collection:Parsing XML response from Panorama.
INFO:device_certificate_report.components.data_collection:Found 14 devices connected to Panorama.
Report generated at device_certificate_report.pdf$ device-certificate-report panorama --hostname panorama.example.io --username admin --password paloalto123 --output-file panorama_report.pdf ─╯
Connecting to Panorama at panorama1.example.io
INFO:device_certificate_report.components.data_collection:Sending operational command to Panorama to retrieve all devices.
INFO:device_certificate_report.components.data_collection:Parsing XML response from Panorama.
INFO:device_certificate_report.components.data_collection:Found 14 devices connected to Panorama.
Report generated at panorama_report.pdfConnect to a single Firewall appliance and generate the report.
$ device-certificate-report firewall --hostname <firewall_ip> --username <user> --password <password> --output-file <output_pdf>Examples:
$ device-certificate-report firewall ─╯
Firewall hostname or IP: austin-fw1.example.io
Firewall username: admin
Firewall password:
Connecting to Firewall at austin-fw1.example.io
INFO:device_certificate_report.components.data_collection:Sending operational command to Firewall to retrieve system info.
INFO:device_certificate_report.components.data_collection:Sending operational command to Firewall to retrieve device certificate status.
INFO:device_certificate_report.components.data_collection:Parsing XML response from Firewall system info.
INFO:device_certificate_report.components.data_collection:Parsing XML response from Firewall device certificate status.
Report generated at austin-fw1.example.io.pdf$ device-certificate-report firewall --hostname austin-fw1.example.io --username admin --password paloalto123 --output-file firewall.pdf ─╯
Connecting to Firewall at austin-fw1.example.io
INFO:device_certificate_report.components.data_collection:Sending operational command to Firewall to retrieve system info.
INFO:device_certificate_report.components.data_collection:Sending operational command to Firewall to retrieve device certificate status.
INFO:device_certificate_report.components.data_collection:Parsing XML response from Firewall system info.
INFO:device_certificate_report.components.data_collection:Parsing XML response from Firewall device certificate status.
Report generated at firewall.pdfNote: If --output-file is not specified, the report will be saved with a default name.
Contributions are welcome! Please follow these steps:
- Fork the repository.
- Create a new branch (
git checkout -b feature/your-feature). - Commit your changes (
git commit -am 'Add some feature'). - Push to the branch (
git push origin feature/your-feature). - Open a Pull Request.
Please ensure that your code adheres to the existing coding standards and includes appropriate test coverage.
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.
For details on the support provided by Palo Alto Networks for this project, please consult the SUPPORT.md file in the repository.
More extensive documentation will be available through our GitHub Pages site.