Example REST Skillet with Output Capturing

Here is a basic skillet of type ‘rest’. This skillet will query the Palo Alto Networks Licensing API to track usage of a given authorization code. This skillet demonstrates several important aspects of the rest type. This example also demonstrates how to parse the output and capture variables for re-use in another skillet.

.meta-cnc.yaml

name: generate_api_key
label: Generate PAN-OS API Key
type: rest

description: |
  This skillet demonstrates a simple REST api call to a PAN-OS NGFW to generate a new API Key

labels:
  collection: Rest Skillets

variables:
  - name: TARGET_IP
    description: Host
    default: 127.0.0.1
    type_hint: fqdn_or_ip

  - name: TARGET_PORT
    description: Port
    default: 443
    type_hint: number

  - name: TARGET_USERNAME
    description: Username
    default: admin
    type_hint: text

  - name: TARGET_PASSWORD
    description: Password
    default: admin
    type_hint: password

snippets:
  - name: key_gen
    path: https://{{ TARGET_IP }}:{{ TARGET_PORT }}/api/?type=keygen&user={{ TARGET_USERNAME }}&password={{ TARGET_PASSWORD }}
    # this should output capturing which will set a variable called 'api_key' in the workflow, which can be referenced
    # in a skillet called after this one, any variable with a name called api_key will be prepopulated with the
    # value that is captured from the output of this xml api command
    operation: get
    output_type: xml
    outputs:
      - name: api_key
        capture_pattern: result/key

Section Details

The ‘snippets’ section contains all the type specific configuration. Here are the details of each attribute:

• name - name of the rest operation. This will group any captured outputs later

• path - this is the full URL to query - You may include variables in this if desired

  • for example: path: https://{{ host }}/api/query={{ query_value }}

• operation - the REST type operation to perform, in this case we need to perform a POST

• payload - the relative path to a file to load and parse. If your headers include a ‘Content-Type’ and that type is ‘application/x-www-form-urlencoded’ or ‘application/json’ this file will be parsed using the ‘json’ library and passed to the ‘requests.post’ method as a ‘data’ attribute. In most cases, this file will be a simple json dictionary of key value pairs. This is not required for an operation type of ‘get’.

• headers - this is a dictionary of attributes that will be added to the HTTP headers for the request. Each ‘value’ of the key value pair will be variable interpolated. In this case, we need to pass the ‘api_key’ variable captured from the user. This is not used in this example,

• outputs_type: This is the type of structured data that will be returned from this operation. Valid options are ‘xml’, ‘json’, and ‘base64’.

• outputs: A list of dictionaries, each with the following format:

  • name: variable name that will be placed in the jinja context

  • capture_pattern: The xpath or jsonpath expression that will be evaluated. In this case, the xpath ‘result/key’

    will return the text found at the XML Element found at this xpath.

Captured Outputs

Any skillet that is called after this one will have the variable ‘api_key’ pre-populated with the value returned from this skillet. This allows you to chain together skillets to gather information that can be used later anywhere jinja variable interpolation is used.