One-liner: how to get Pulse Secure (Juniper SSL VPN) ACLs per role

Export ACLs as XML from the GUI into acls.xml file, then run the following command:

 

cat acls.xml | sed -e 's/&/\&/g' | awk '
BEGIN { acls=""; acl=0;}
/<network-connect-acl>/ { acl=1;}
/<resource>/ { if ( acl == 1) {a=gensub(".*<resource>(.*)<\/resource>.*","\\1","g",$0); acls = acls " " a; } } 
/<roles>/ { if (acl == 1) { roles[gensub(".*<roles>(.*)<\/roles>.*","\\1","g",$0)]=acls;} }
/<action>/ { if (acl == 1) { action=gensub(".*<action>(.*)<\/action>.*","\\1","g",$0)};}
/<\/network-connect-acl>/ { acl=0; acls=""; for ( i in roles) {printf("%s;%s;%s\n", i,roles[i],action);} delete roles;}' | sed -e 's/; /;/g' | less

The result will be shown in the following (semi-colon separated form):

Role;ACl1 ACL2 ACL3 …;action

Leave a Reply

Your email address will not be published. Required fields are marked *