Removed ability to specify API key to facilitate future multiple host functionality.

deploy/panos.sh

@@ -8,21 +8,13 @@
 # Firewall admin with superuser and IP address is required.
 #
 # REQURED:
-#     export PANOS_HOST=""  # required
+#     export PANOS_HOST=""
-#     export PANOS_USER=""  # required
+#     export PANOS_USER=""    #User *MUST* have Commit and Import Permissions in XML API for Admin Role
-#
-# AND one of the two authenticiation methods:
-#
-# Method 1:  Password  (RECOMMENDED)
 #     export PANOS_PASS=""
 #
-# Method 2: API KEY
+# The script will automatically generate a new API key if
-#     export PANOS_KEY=""
-#
-#
-# The Password method will automatically generate a new API key if
 # no key is found, or if a saved key has expired or is invalid.
-#
+
 
 # This function is to parse the XML response from the firewall
 parse_response() {
@@ -53,13 +45,15 @@ deployer() {
   type=$1 # Types are keytest, keygen, cert, key, commit
   panos_url="https://$_panos_host/api/"
 
-  #Test API Key by performing an empty commit.
+  #Test API Key by performing a lookup
   if [ "$type" = 'keytest' ]; then
     _debug "**** Testing saved API Key ****"
     _H1="Content-Type: application/x-www-form-urlencoded"
-    #Exclude all scopes for the empty commit
+    # Get Version Info to test key
-    _exclude_scope="<policy-and-objects>exclude</policy-and-objects><device-and-network>exclude</device-and-network><shared-object>exclude</shared-object>"
+    content="type=version&key=$_panos_key"
-    content="type=commit&action=partial&key=$_panos_key&cmd=<commit><partial>$_exclude_scope<admin><member>acmekeytest</member></admin></partial></commit>"
+    ## Exclude all scopes for the empty commit
+    #_exclude_scope="<policy-and-objects>exclude</policy-and-objects><device-and-network>exclude</device-and-network><shared-object>exclude</shared-object>"
+    #content="type=commit&action=partial&key=$_panos_key&cmd=<commit><partial>$_exclude_scope<admin><member>acmekeytest</member></admin></partial></commit>"
   fi
 
   # Generate API Key
@@ -170,22 +164,17 @@ panos_deploy() {
     _getdeployconf PANOS_PASS
   fi
 
-  # PANOS_KEY
-  if [ "$PANOS_KEY" ]; then
-    _debug "Detected ENV variable PANOS_KEY. Saving to file."
-    _savedeployconf PANOS_KEY "$PANOS_KEY" 1
-  else
-    _debug "Attempting to load variable PANOS_KEY from file."
-    _getdeployconf PANOS_KEY
-  fi
-
   #Store variables
   _panos_host=$PANOS_HOST
-  _panos_key=$PANOS_KEY
   _panos_user=$PANOS_USER
   _panos_pass=$PANOS_PASS
 
-  #Test API Key if found.  If the key is invalid, the variable panos_key will be unset.
+  #Load saved keys
+  _getdeployconf PANOS_KEY
+  _panos_key=$PANOS_KEY
+
+
+  #Test API Key if found.  If the key is invalid, the variable _panos_key will be unset.
   if [ "$_panos_host" ] && [ "$_panos_key" ]; then
     _debug "**** Testing API KEY ****"
     deployer keytest
@@ -198,8 +187,8 @@ panos_deploy() {
   elif [ -z "$_panos_user" ]; then
     _err "No user found. If this is your first time deploying, please set PANOS_USER in ENV variables. You can delete it after you have successfully deployed the certs."
     return 1
-  elif [ -z "$_panos_key" ] && { [ -z "$_panos_user" ] || [ -z "$_panos_pass" ]; }; then
+  elif [ -z "$_panos_pass" ]; then
-    _err "No pass OR valid API key found. If this is your first time deploying please set PANOS_PASS and/or PANOS_KEY in ENV variables. You can delete them after you have succesfully deployed the certs."
+    _err "No password found. If this is your first time deploying, please set PANOS_PASS in ENV variables. You can delete it after you have successfully deployed the certs."
     return 1
   else
     # Generate a new API key if no valid API key is found