Metadata Attributes¶
Complete listing of all metadata attributes used in skillets.
Preamble Attributes¶
The preamble is the top section of the skillet providing identifying items, help text, and collection information.
name: sample_validation_skilletbuilder
label: Sample Validation Skillet
description: |
Short set of validations for skilletBuilder training tutorial with ntp check, password complexity,
URL filtering for malware, and security allow rules with profiles or groups
type: pan_validation
labels:
collection:
- Skillet Builder
- Validation
order: 10
help_link: https://skilletbuilder.readthedocs.io/en/latest/reference_examples/builder_tools.html#sample-validation-skillet
help_link_title: SkilletBuilder sample validation skillet
name¶
Globally unique identifier for the skillet referenced by skillet tools and workflows.
Note
The skillet name must not contain special characters such as ‘-‘ or ‘*’ or spaces. Variable names can be any length and can consist of uppercase and lowercase letters ( A-Z , a-z ), digits ( 0-9 ), and the underscore character ( _ ). An additional restriction is that, although a variable name can contain digits, the first character of a variable name cannot be a digit.
label¶
A short descriptive name identifying the skillet that is shown in PanHandler selection tiles.
description¶
A contextual description of the skillet presented to the user. This may include quick caveats, reminders, and skillet intent.
type¶
One of the predefined Skillet Types allowing tools to determine how to play the skillet.
labels¶
Optional key/value pairs adding complimentary parameters that may not be implemented by all tools. See Labels Attributes below for currently supported PanHandler labels.
Labels Attributes¶
Labels are key/value pairs attached to skillets. Labels are optional and allow adding additional parameters to Skillets that may not be implemented by all utilities. Labels can be used for grouping, searching, sorting, and identifying skillets beyond just a name attribute. Labels can be used to extend Skillet functionality in arbitrary ways going forward. This behavior is very much influenced by BGPv4 labels and Kubernetes labels.
PanHandler recognizes the following labels:
collection¶
The collection label is used to group like skillets. A skillet may belong to multiple collections. The collection label value is a list of collection to which the skillet belongs. Skillets with no collection label will be placed in the Unknown Collection.
labels: collection: - Example Skillets - Test Skillets - Validation Skillets
order¶
PanHandler uses the order label to sort the skillets. Skillets without an order label are sorted alphabetically by their label attribute. Skillets with a lower order tag will be display before those with a higher order tag.
labels: order: 10
help_link¶
The help_link label can be used to display a link to additional documentation about a skillet. This will be shown in the Help dialog from the ? icon in the top right hand corner of the skillet input form.
labels: help_link: https://panhandler.readthedocs.io/en/master/variables.htmlThe help_link_title will set the displayed title of the help_link in the Help dialog.
labels: help_link: https://panhandler.readthedocs.io/en/master/variables.html help_link_title: All available Variable Documentation
Variables Attributes¶
The variables section is used to define variables and web UI attributes.
variables:
- name: INTF_UNTRUST
description: internet Interface
default: ethernet1/1
type_hint: dropdown
source: interface_names
- name: INTF_TRUST
description: internal Interface
default: ethernet1/2
type_hint: dropdown
source: interface_names
- name: IP_12
description: internal interface ip address
default: 192.168.45.20/24
type_hint: text
- name: tag_color
description: tag color
default: red
type_hint: dropdown
dd_list:
- key: green
value: color2
- key: orange
value: color6
- key: red
value: color1
name¶
A name assigned to the variable.
Note
The variable name must not contain special characters such as ‘-‘ or ‘*’ or spaces. Variable names can be any length and can consist of uppercase and lowercase letters ( A-Z , a-z ), digits ( 0-9 ), and the underscore character ( _ ). An additional restriction is that, although a variable name can contain digits, the first character of a variable name cannot be a digit.
description¶
A description of the variable usage and can be displayed as part of a web form.
default¶
A default value of the variable, which is typically set to a recommended value.
type_hint¶
One of the predefined variable types and associates to web form validation. Some variable types, such as dropdown, will use additional key/value pairs or source options for user selection. See Variables for a complete list of type_hints and dynamic UI elements.
source¶
Used in lieu of static key/value pairs in type hints such as dropdown to dynamically create user selections. See source for details and examples.
toggle_hint¶
Shows a field based on a reference field value. See toggle_hint for details and examples.
Snippets Attributes¶
name¶
Name of the snippet. Specifically for workflow type skillets, name references the Preamble name of a skillet to play.
cmd¶
Command action to be performed. The default and values vary by skillet type. See cmd Options for additional details.
xpath¶
The XPath used for set, edit, and delete cmd options for panos/panorama.
element¶
The XML element used for set, edit, and delete cmd options for panos/panorama.
file¶
A skillet file to be read. This can either be a template file for template skillets, python file for python3 skillets, or an XML file for panos/panorama skillets.
path¶
The URI path for REST skillets.
operation¶
The REST operation, either POST or GET, for REST skillets.
headers¶
The headers used as part of a REST API call in REST skillets.
output_type¶
The data format for response outputs.
outputs¶
The outputs assigned to a variable. The format is defined using Capture Output options.
input_type¶
Used in python3 skillets to specify method for parsing arguments.
image¶
Docker image type, such as Alpine.
label¶
A descriptive text associated with a test in validation skillets.
severity¶
Indicates user-defined severity for a test in validation skillets.
fail_message¶
The output message when a test fails in validation skillets.
pass_message¶
The output message when a test passes in validation skillets.
test¶
A Boolean logic test that is evaluated for validation skillets.
documentation_link¶
A documentation reference associated to a test in validation skillets.
when¶
A conditional logic that only performs a test with when is True.
transform¶
A dictionary that maps the output from one sub-skillet to the input of another in workflow skillets. See the `skilletlib Workflow with Transform`_ example skillet for formatting help.
template
name - name of this snippet
file - path to the Jinja2 template to load and parse
template_title - (Optional) title to include in rendered output
when - (Optional) conditional logic for snippets execution
terraform
None - snippets are not used for terraform
See Example here: Example Terraform Skillet
workflow
name - name of this sub-skillet to play
when - (Optional) conditional logic for sub-skillet execution
transform - (Optional) mapping of another snippet’s output variable to this snippet’s input variable.
cmd Options¶
set¶
Merges element into the candidate configuration for panos/panorama skillets.
edit¶
Replaces configuration element with new element for panos/panorama skillets.
delete¶
Deletes part of the configuration for panos/panorama skillets.
get¶
Pulls information from a device for panos/panorama skillets.
move¶
Moves a configuration element for panos/panorama skillets.
parse¶
Parses an input file.
cli¶
Run an operations CLI commands such as
show system info
for panos/panorama/validation skillets.
validate¶
Run a validation test for validation skillets.
validate_xml¶
TBD; validation
noop¶
TBD; validation
custom inputs¶
In this case instead of a cmd option, the skillet includes a command line string, such as
ansible playbook command
.
rest
Snippet Attributes per Skillet Type¶
Below describes the fields for a snippet depending on the skillet type:
docker
name - name of this snippet
image - Docker image to run
cmd - the command to run inside of the Docker container
when - (Optional) conditional logic for snippets execution
panos, panorama, panorama-gpcs
name - name of this snippet
cmd - operation to perform. Default is
set
. See the cmd Options for all available options.xpath - XPath where this fragment belongs
file - path to the XML fragment to load and parse. Interchangeable with element
element - inline XML fragment to load and parse. Interchangeable with file
when - (Optional) conditional logic for snippets execution
See Example here: Example PAN-OS Skillet
pan_validation
name - name of the validation test to perform
cmd - validate, validate_xml, noop, or parse. Default is validate
test - Boolean test to perform using Jinja2 expressions
when - (Optional) conditional logic for snippets execution
See Example here: Example Validation Skillet
python3
name - name of the script to execute
file - relative path to the python script to execute
input_type - Optional type of input required for this script. Valid options are ‘cli’ or ‘env’. This will determine how user input variables will be passed into into the script. The default is cli and will pass variables as long form arguments to the script in the form of
--username=user_input
whereusername
is the name of the variable defined in the variables section anduser_input
is the value entered for that variable from the user. The other option, env, requires all defined variables to be set in the environment of the python process.when - (Optional) conditional logic for snippets execution
See Example here: Example Python Skillet
rest
name - unique name for this rest operation
path - REST URL path component
path: http://host/api/?type=keygen&user={{ username }}&password={{ password }}
operation - type of REST operation (GET, POST, DELETE, etc)
payload - path to a Jinja2 template to load and parse to be send as POSTed payload. For
x-www-form-urlencded
, this must be a json dictionaryheaders - a dict of key value pairs to add to the http headers. For example,
Content-Type: application/json
.when - (Optional) conditional logic for snippets execution
See Example here: Example REST Skillet and here: Example REST Skillet with Output Capturing
template
name - name of this snippet
file - path to the Jinja2 template to load and parse
template_title - (Optional) title to include in rendered output
when - (Optional) conditional logic for snippets execution
terraform
None - snippets are not used for terraform
See Example here: Example Terraform Skillet
workflow
name - name of this sub-skillet to play
when - (Optional) conditional logic for sub-skillet execution
transform - (Optional) mapping of another snippet’s output variable to this snippet’s input variable.
name - unique name for this rest operation
path - REST URL path component
path: http://host/api/?type=keygen&user={{ username }}&password={{ password }}
operation - type of REST operation (GET, POST, DELETE, etc)
payload - path to a Jinja2 template to load and parse to be send as POSTed payload. For
x-www-form-urlencded
, this must be a json dictionaryheaders - a dict of key value pairs to add to the http headers. For example,
Content-Type: application/json
.when - (Optional) conditional logic for snippets execution