diff --git a/bin/panxapi.py b/bin/panxapi.py
index e1c22cb..436c280 100755
--- a/bin/panxapi.py
+++ b/bin/panxapi.py
@@ -171,6 +171,8 @@ def main():
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
+ if len(options['admin']):
+ kwargs['admin'] = options['admin'][0]
xapi.user_id(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
@@ -276,6 +278,8 @@ def main():
kwargs['extra_qs'] = options['ad_hoc']
if len(options['vsys']):
kwargs['vsys'] = options['vsys'][0]
+ if len(options['admin']):
+ kwargs['admin'] = options['admin'][0]
xapi.op(**kwargs)
print_status(xapi, action)
print_response(xapi, options)
@@ -303,6 +307,8 @@ def main():
c.no_vsys()
elif part == 'vsys':
c.vsys(options['vsys'])
+ elif part == 'admin':
+ c.admin(options['admin'])
if options['serial'] is not None:
c.device(options['serial'])
@@ -374,6 +380,7 @@ def parse_opts():
'partial': [],
'sync': False,
'vsys': [],
+ 'admin':[],
'commit_all': False,
'ad_hoc': None,
'modify': False,
@@ -428,7 +435,7 @@ def parse_opts():
short_options = 'de:gksS:U:C:A:o:l:h:P:K:xpjrXHGDt:T:'
long_options = ['version', 'help',
'ad-hoc=', 'modify', 'validate', 'force', 'partial=',
- 'sync', 'vsys=', 'src=', 'dst=', 'move=', 'rename',
+ 'sync', 'vsys=', 'admin=', 'src=', 'dst=', 'move=', 'rename',
'clone', 'override=', 'export=', 'log=', 'recursive',
'cafile=', 'capath=', 'ls', 'serial=',
'group=', 'merge', 'nlogs=', 'skip=', 'filter=',
@@ -480,6 +487,10 @@ def parse_opts():
if arg:
l = get_vsys(arg)
[options['vsys'].append(s) for s in l]
+ elif opt == '--admin':
+ if arg:
+ l = get_admin(arg)
+ [options['admin'].append(s) for s in l]
elif opt == '-A':
options['commit_all'] = True
options['cmd'] = get_element(arg)
@@ -644,6 +655,17 @@ def get_vsys(s):
else:
list.append(v)
return list
+
+
+def get_admin(s):
+ list = []
+ admin = s.split(',')
+ for admin in admin:
+ if admin:
+
+ list.append(admin)
+
+ return list
def get_parts(s):
@@ -880,6 +902,7 @@ def usage():
--override element override template object at xpath
--vsys vsys VSYS for dynamic update/partial commit/
operational command/report
+ --admin admin admin for specific update/partial commit
-l api_username[:api_password]
-h hostname
-P port URL port number
diff --git a/doc/panxapi.rst b/doc/panxapi.rst
index d87eda9..1ed4192 100644
--- a/doc/panxapi.rst
+++ b/doc/panxapi.rst
@@ -188,6 +188,7 @@ DESCRIPTION
- shared-object-excluded
- no-vsys
- vsys
+ - admin
**device-and-network-excluded** applies when the device is in
single-vsys mode and **shared-object-excluded** applies when the device
@@ -197,6 +198,14 @@ DESCRIPTION
options or separating each part with comma (,). Virtual systems for
the **vsys** part can be specified with **--vsys**.
+ ``--admin`` *admin*
+ Specify optional **admin** for partial commit (**--partial** admin). Commits
+ only the changes made only by specified administrator accounts. Requires
+ PanOS 8.0+.
+
+ Multiple admin users can be specified by using multiple
+ **--admin** options or separating each *admin* with comma (,).
+
``--sync``
Perform a synchronous commit.
diff --git a/lib/pan/commit.py b/lib/pan/commit.py
index c505fe6..49fbeb2 100644
--- a/lib/pan/commit.py
+++ b/lib/pan/commit.py
@@ -26,6 +26,7 @@
'shared-object-excluded',
'no-vsys',
'vsys',
+ 'admin',
])
_part_xml = {
@@ -39,6 +40,8 @@
'',
'vsys':
'%s',
+ 'admin':
+ '%s',
}
@@ -59,6 +62,7 @@ def __init__(self,
self._merge_with_candidate = merge_with_candidate
self.partial = set()
self._vsys = set()
+ self._admin = set()
self._device = None
self._device_group = None
@@ -99,6 +103,16 @@ def vsys(self, vsys):
vsys = [vsys]
for name in vsys:
self._vsys.add(name)
+
+ def admin(self, admin):
+ if not self._commit_all:
+ part = 'admin'
+ self.partial.add(part)
+
+ if type(admin) == type(''):
+ admin = [admin]
+ for name in admin:
+ self._admin.add(name)
def device(self, serial):
self._device = serial
@@ -132,6 +146,9 @@ def __commit_all(self):
if self._vsys:
s += '%s' % self._vsys.pop()
+
+ if self._admin:
+ s += '%s' % self._admin.pop()
s += ''
@@ -158,6 +175,14 @@ def __commit(self):
xml_vsys = _part_xml[part] % name
s += xml_vsys
s += ''
+
+ elif part == 'admin':
+ s += ''
+ for name in self._admin:
+ xml_admin = _part_xml[part] % name
+ s += xml_admin
+ s += ''
+
else:
s += _part_xml[part]
if self.partial:
@@ -181,8 +206,10 @@ def __commit(self):
c = pan.commit.PanCommit()
c.force()
+ c.partial
c.device_and_network_excluded()
c.policy_and_objects_excluded()
c.shared_object_excluded()
c.vsys(['vsys4', 'vsys5'])
+ c.admin(['admin'])
print('cmd:', c.cmd())