pan.dev
pan.dev copied to clipboard
PaloAltoNetworks
Generate BPA Report via API does not work: Can not upload techsupport/config
Describe the bug
I am following the developer docs describing the initiation of a BPA report using the aiops api: https://pan.dev/aiops-ngfw-bpa/api/post-bpa-v-1-requests/
My target is to create an on-demand BPA report for my free AiOps instance. I was already able to initiate a new BPA report and received the signed URL which should be used to upload the configuration file. After an sucessful upload the BPA report should be generated.
I tried numerous ways starting by the curl-command mentioned in docs
curl -X PUT --upload-file ${path/to/file} '${signed-upload-url}'
or using methods like invoke web-request in powershell
$file = "path-to-file"
$uri='signed-url-i-recieved'*
$params = @{
UseBasicParsing = $true
Debug = $true
Uri = $uri
Method = "PUT"
InFile = $file
Headers = @{
ContentType = "application/octet-stream"
}
Verbose = $true
}
Invoke-WebRequest @params
as well using the request library in python. I tried it also with numerous different content-types. If i change the method from put to post i receive the error "SignatureDoesNotMatchAccess denied" from the google storage API. If i use the PUT method i got a http/200 response.
Unfortunately this does not have any effect. If i retrieve the current status of the report i initiated i still just got the following response
{"id":"81a65379-7eb7-4193-aba2-32769bad2966","status":"UPLOAD_INITIATED"}
Expected behavior
I would expect that using the curl command mentioned in the docs above should allow me to upload the config and initiate the report generation
Current behavior
The file upload does not work
Steps to reproduce
Below my code
import requests
import json
import os.path
url = 'https://auth.apps.paloaltonetworks.com/auth/v1/oauth2/access_token?grant_type=client_credentials&scope=tsg_id:<tsg-id-goes-here>'
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Accept': 'application/json',
'Authorization': 'secret'
}
response = requests.request("POST", url, headers=headers)
r = response.json()
url = "https://api.stratacloud.paloaltonetworks.com/aiops/bpa/v1/requests"
payload = json.dumps({
"requester-email": "mymail",
"requester-name": "my user",
"serial": "serial",
"family": "vm",
"version": "10.1.10-h2",
"model": "PA-VM"
})
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Authorization': 'Bearer '+r["access_token"]
}
response = requests.request("POST", url, headers=headers, data=payload)
report = response.json()
report["id"]`
afterwards i tried to upload a file without success. The following code is currently used to check the status of a report generation
`
url = "https://api.stratacloud.paloaltonetworks.com/aiops/bpa/v1/jobs/"+report["id"]
payload={}
headers = {
'Accept': 'application/json',
'Authorization': 'Bearer '+r["access_token"]
}
response_status = requests.request("GET", url, headers=headers, data=payload)
print(response_status.text)`
Context
My target is to create an on-demand BPA report for my free AiOps instance. I was already able to initiate a new BPA report and received the signed URL which should be used to upload the configuration file. After an successful upload the BPA report should be generated.
