PaloAltoNetworks
Fix common.py get_firewall_credentials
Description
common.py was throwing several errors. The first was a local variable 'password' referenced before assignment. To resolve this, I defined the password variable before the get_firewall_credentials and added the global password statement.
Once this was resolved, I received the message that no user or password were defined for the searchcommand. This wasn't accurate, but I found that the function was looking for
'Firewallsplunk_cred_sep1'
but should have been looking for:
'firewallsplunk_cred_sep1'
Motivation and Context
Advanced features of the Palo Alto Networks App for Splunk will not work without these changes, as the features require authentication to the firewall with an API key. The current implementation cannot get that API.
How Has This Been Tested?
I tested this by running the commands found in the example for pantag and pancontentpack in our lab environment. This is on a Splunk 8.2.7.1 instance running on RHEL 7.9.
Types of changes
- Bug fix (non-breaking change which fixes an issue)
Checklist
- [ ] I have updated the documentation accordingly.
- [X ] I have read the CONTRIBUTING document.
- [ ] I have added tests to cover my changes if appropriate.
- [ ] All new and existing tests passed.
:tada: Thanks for opening this pull request! We really appreciate contributors like you! :raised_hands:
![welcome-to-palo-alto-networks[bot] avatar](https://avatars.githubusercontent.com/in/77985?v=4 "Published by a pub.dev verified publisher"){kind=small}
I ran into a similar issue. The problem turns out to be hardcoded assumptions. The script in common.py works IFF the "Account Name" in Splunk_TA_paloalto configuration page is set to "Firewall".
This is case sensitive, just using "firewall" will cause it to fail. The documentation should be updated to specify that the "Account Name" cannot be arbitrarily chosen, but must be "Firewall in all cases."
