Retrieve Configuration - *show* and *get*
=========================================

The **panxapi.py** **-s** option performs the
``type=config&action=show`` API request to get the *active* (also
called *running*) configuration.  The **-g** option performs
the ``type=config&action=get`` API request to get the *candidate* configuration.
*xpath* selects the parts of the configuration
to return and is the last argument on the command line.

Example: Retrieve Administrator Accounts using *get* and *show*
---------------------------------------------------------------
::
  
  $ panxapi.py -xs "/config/mgt-config/users"
  show: success
  <response status="success"><result><users>
    <entry name="admin">
      <phash>$1$fniyibcj$0tm9SixJw/wOkFkDnEqVw/</phash>
      <permissions>
        <role-based>
          <superuser>yes</superuser>
        </role-based>
      </permissions>
    </entry>
    <entry name="adminr">
      <permissions>
        <role-based>
          <superreader>yes</superreader>
        </role-based>
      </permissions>
      <phash>$1$rhprpgfp$JiYMvTDuUUWW4F7ND06JI1</phash>
    </entry>
  </users></result></response>

  $ panxapi.py -xg "/config/mgt-config/users"
  get: success [code="19"]
  <response code="19" status="success"><result count="1" total-count="1">
    <users>
      <entry name="admin">
        <phash>$1$fniyibcj$0tm9SixJw/wOkFkDnEqVw/</phash>
        <permissions>
          <role-based>
            <superuser>yes</superuser>
          </role-based>
        </permissions>
      </entry>
      <entry name="adminr">
        <permissions>
          <role-based>
            <superreader>yes</superreader>
          </role-based>
        </permissions>
        <phash>$1$rhprpgfp$JiYMvTDuUUWW4F7ND06JI1</phash>
      </entry>
    </users>
  </result></response>

.. note::

   See the
   `Abbreviated Syntax
   <https://www.w3.org/TR/1999/REC-xpath-19991116/#path-abbrev>`_
   section of
   https://www.w3.org/TR/1999/REC-xpath-19991116/
   for examples of path selection.

   The *get* response contains additional XML attributes
   (e.g., ``code`` and ``count``) in the ``response`` and ``result`` nodes.

Lab 4
-----

#. Use **panxapi.py** to perform a *get* (**-g**) request to display
   the XML output of the *rule1* security policy.

#. Use **panxapi.py** to perform a *show* (**-s**) request to display
   the XML output of the *rule1* security policy.

#. Review the output and identify differences.

.. tip:: SSH to your firewall and use ``> debug cli on`` then ``>
   configure`` and ``# show rulebase security rules rule1`` to
   determine the XPath to use in the request.

   You can use shell output redirection to redirect the output to a
   file (e.g., ``> get.xml``) and compare using a utility like
   ``diff``.

   Both *get* and *show* XML documents are in a *pretty* format,
   however the indentation and format can vary.  The ``diff -b``
   option can be used to ignore changes in white space.

   Shell quoting for the XPath is important.
   Using double outer quotes and single inner quotes for
   the XPath is recommended; for example::

     $ panxapi.py -s "/config/mgt-config/users/entry[@name='admin']"
     show: success

.. admonition:: Solution
   :class: toggle

   ::

     admin@PA-VM> debug cli on
     admin@PA-VM> configure
     admin@PA-VM# show rulebase security rules rule1

     <request cmd="get" obj="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']"></request>

     $ panxapi.py -sx "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']" >show.xml
     show: success

     $ panxapi.py -gx "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='rule1']" >get.xml
     get: success [code="19"]

     $ diff -bu show.xml get.xml
     --- show.xml    Tue Apr 10 07:33:16 2018
     +++ get.xml     Tue Apr 10 07:33:29 2018
     @@ -1,4 +1,5 @@
     -<response status="success"><result><entry name="rule1">
     +<response code="19" status="success"><result count="1" total-count="1">
     +  <entry name="rule1">
          <to>
            <member>untrust</member>
          </to>
     @@ -27,4 +28,5 @@
          <member>any</member>
        </hip-profiles>
        <action>allow</action>
     -</entry></result></response>
     +  </entry>
     +</result></response>

Lab 5
-----

#. The **panxapi.py** **-r** option removes the outer ``response`` and
   ``result`` nodes from the XML response.  Repeat the *get* and
   *show* requests, but this time add a **-r** (Note that **-r** implies **-x**,
   so you can replace **-x** with **-r**).

#. The **panxapi.py** **-j** option displays the XML response in JSON.
   Repeat the *get* and *show* requests with **-j** and **-jr**.