Delete Configuration¶
The panxapi.py -d option performs the
type=config&action=delete API request to delete objects in the
configuration. The xpath argument specifies the object’s node in
the configuration.
Example: Delete Secondary NTP Server¶
$ XPATH="/config/devices/entry[@name='localhost.localdomain']/deviceconfig/system/ntp-servers/secondary-ntp-server"
$ panxapi.py -gr $XPATH
get: success [code="19"]
<secondary-ntp-server>
<ntp-server-address>north-america.pool.ntp.org</ntp-server-address>
<authentication-type>
<none />
</authentication-type>
</secondary-ntp-server>
$ panxapi.py -dx $XPATH
delete: success [code="20"]: "command succeeded"
<response code="20" status="success"><msg>command succeeded</msg></response>
$ panxapi.py -gx $XPATH
get: success [code="7"]
<response code="7" status="success"><result /></response>
Note
The status is success and the code is “7” which specifies the object does not exist.
The codes are documented in the PAN-OS and Panorama API Guide.
Lab 10¶
- Use panxapi.py to delete the
addr3member from address-groupgroup1. - Verify results using get (-g).
Tip
SSH to your firewall and use > debug cli on, then >
configure and # delete address-group group1 static
addr3 to determine the XPath to use in the request.
Use # set address-group group1 static addr3 to restore
the member before proceeding with the panxapi.py request.
Solution
admin@PA-VM> debug cli on
admin@PA-VM> configure
admin@PA-VM# delete address-group group1 static addr3
<request cmd="delete" obj="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr3']" cookie="2983986049480030"></request>
admin@PA-VM# set address-group group1 static addr3
$ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr3']"
$ panxapi.py -d $XPATH
delete: success [code="20"]: "command succeeded"
$ panxapi.py -gx "/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member"
get: success [code="19"]
<response code="19" status="success"><result count="4" total-count="4">
<member>addr1</member>
<member>addr2</member>
<member>addr4</member>
<member>addr5</member>
</result></response>
Note
text() is an XPath node test matching text nodes only,
and is used to match the addr3 member node.
The XPath for action=delete can specify a node-set (> 1 node)
to delete multiple objects with a single request. The following
XPath expression uses the or operator to match multiple
address-group members.
Example: Get Multiple Objects¶
$ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr4' or text()='addr5']"
$ panxapi.py -gr "$XPATH"
get: success [code="19"]
<member>addr4</member>
<member>addr5</member>
Lab 11¶
- Use panxapi.py to delete the
addr1andaddr2members from address-groupgroup1. - Verify results using get (-g).
- Use panxapi.py to delete the address-group
group1. - Verify results using get (-g).
Solution
$ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']/static/member[text()='addr1' or text()='addr2']"
$ panxapi.py -d "$XPATH"
delete: success [code="20"]: "command succeeded"
$ XPATH="/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/address-group/entry[@name='group1']"
$ panxapi.py -gx $XPATH
get: success [code="19"]
<response code="19" status="success"><result count="1" total-count="1">
<entry admin="admin" dirtyId="5" name="group1" time="2018/04/14 09:29:13">
<static admin="admin" dirtyId="5" time="2018/04/14 09:29:13">
<member>addr4</member>
<member>addr5</member>
</static>
</entry>
</result></response>
$ panxapi.py -d $XPATH
delete: success [code="20"]: "command succeeded"
$ panxapi.py -gx $XPATH
get: success [code="7"]
<response code="7" status="success"><result /></response>