Merge branch 'release/0.13.0'

Author: shinmog

HISTORY.rst

@@ -3,6 +3,19 @@
 History
 =======
 
+0.13.0
+------
+
+Released: 2019-10-29
+
+Status: Alpha
+
+- New flag added to examples/dyn_address_group.py to specify the vsys
+- Fixes to `network.AggregateInterface`
+- Update to version parsing to handle xfr PAN-OS releases
+- Fixes to Panorama commit functions
+- Various enhancements to HA support
+
 0.12.0
 ------
 

examples/dyn_address_group.py

@@ -36,9 +36,9 @@
 
     $ python dyn_address_group.py -u linux 10.0.0.1 admin password 3.3.3.3
 
-Clear all tags from all IP's::
+Clear all tags from all IP's in vsys2::
 
-    $ python dyn_address_group.py -c 10.0.0.1 admin password notused notused
+    $ python dyn_address_group_vsys.py -s vsys2 -c 10.0.0.1 admin password notused notused
 
 """
 
@@ -64,6 +64,7 @@ def main():
     parser.add_argument('-q', '--quiet', action='store_true', help="No output")
     parser.add_argument('-r', '--register', help="Tags to register to an IP, for multiple tags use commas eg. linux,apache,server")
     parser.add_argument('-u', '--unregister', help="Tags to remove from an an IP, for multiple tags use commas eg. linux,apache,server")
+    parser.add_argument('-s', '--vsys', help="Specify the vsys target in the form vsysN where N is the vsys number: vsys2, vsys4, etc.")
     parser.add_argument('-l', '--list', action='store_true', help="List all tags for an IP")
     parser.add_argument('-c', '--clear', action='store_true', help="Clear all tags for all IP")
     # Palo Alto Networks related arguments
@@ -105,6 +106,9 @@ def main():
         logging.error("Connected to a Panorama, but user-id API is not possible on Panorama.  Exiting.")
         sys.exit(1)
 
+    if args.vsys is not None:
+        device.vsys = args.vsys
+
     if args.clear:
         device.userid.clear_registered_ip()
 

pandevice/__init__.py

@@ -23,7 +23,7 @@
 
 __author__ = 'Palo Alto Networks'
 __email__ = '[email protected]'
-__version__ = '0.12.0'
+__version__ = '0.13.0'
 
 
 import logging

pandevice/base.py

@@ -3797,8 +3797,10 @@ def _save_system_info(self, system_info):
     def _set_version_and_version_info(self, version):
         """Sets the version and the specially formatted versioning version."""
         self.version = version
-        self._version_info = tuple(int(x) for x in
-                                   self.version.split('-')[0].split('.'))
+        # Example PAN-OS versions:  9.0.3-h1, 9.0.3.xfr
+        tokens = self.version.split('.')[:3]
+        tokens[2] = tokens[2].split('-')[0]
+        self._version_info = tuple(int(x) for x in tokens)
 
     def refresh_version(self):
         """Refresh version of PAN-OS

pandevice/firewall.py

@@ -367,11 +367,11 @@ def show_system_resources(self):
                                      pan_device=self)
 
     def commit_device_and_network(self, sync=False, exception=False):
-        return self._commit(sync=sync, exclude="device-and-network",
+        return self._commit(sync=sync, exclude="policy-and-objects",
                             exception=exception)
 
     def commit_policy_and_objects(self, sync=False, exception=False):
-        return self._commit(sync=sync, exclude="policy-and-objects",
+        return self._commit(sync=sync, exclude="device-and-network",
                             exception=exception)
 
     def organize_into_vsys(self, create_vsys_objects=True, refresh_vsys=True):

pandevice/ha.py

@@ -255,6 +255,8 @@ class HA3(HighAvailabilityInterface):
 
     Args:
         port (str): Interface to use for this HA interface (eg. ethernet1/5)
+        link_speed (str): Link speed
+        link_duplex (str): Link duplex
 
     """
     XPATH = "/interface/ha3"
@@ -263,6 +265,8 @@ class HA3(HighAvailabilityInterface):
     def variables(cls):
         return (
             Var("port"),
+            Var("link_speed"),
+            Var("link_duplex"),
         )
 
 
@@ -284,6 +288,14 @@ class HighAvailability(VersionedPanObject):
         ha2_keepalive (bool): Enable HA2 keepalives
         ha2_keepalive_action (str): HA2 keepalive action
         ha2_keepalive_threshold (int): HA2 keepalive threshold
+        peer_ip_backup (str): HA Peer's HA1 backup IP address
+        device_id (int): HA3 device id (0 or 1)
+        session_owner_selection (str): active-active session owner mode
+        session_setup (str): active-active session setup mode
+        tentative_hold_time (int): active-active tentative hold timer
+        sync_qos (bool): active-active network sync qos
+        sync_virtual_router (bool): active-active network sync virtual router
+        ip_hash_key (str): active-active hash key used by ip-hash algorithm
 
     """
     ROOT = Root.DEVICE
@@ -377,7 +389,74 @@ def _setup(self):
             '8.1.0',
             vartype='int',
             path='group/state-synchronization/ha2-keep-alive/threshold')
-
+        params.append(VersionedParamPath(
+            'peer_ip_backup', path='group/entry group_id/peer-ip-backup'))
+        params[-1].add_profile(
+            '8.1.0',
+            path='group/peer-ip-backup')
+        params.append(VersionedParamPath(
+            'device_id', condition={'mode': 'active-active'},
+            values=(0, 1), vartype='int',
+            path='group/entry group_id/mode/{mode}/device-id'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active'},
+            values=(0, 1), vartype='int',
+            path='group/mode/{mode}/device-id')
+        params.append(VersionedParamPath(
+            'session_owner_selection',
+            condition={'mode': 'active-active', 'session_owner_selection': 'primary-device'},
+            values=('primary-device', 'first-packet'),
+            path='group/entry group_id/mode/{mode}/session-owner-selection/{session_owner_selection}'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active', 'session_owner_selection': 'primary-device'},
+            values=('primary-device', 'first-packet'),
+            path='group/mode/{mode}/session-owner-selection/{session_owner_selection}')
+        params.append(VersionedParamPath(
+            'session_setup',
+            condition={'mode': 'active-active', 'session_owner_selection': 'first-packet'},
+            values=('first-packet', 'ip-modulo', 'ip-hash', 'primary-device'),
+            path='group/entry group_id/mode/{mode}/session-owner-selection/first-packet/session-setup/{session_setup}'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active', 'session_owner_selection': 'first-packet'},
+            values=('first-packet', 'ip-modulo', 'ip-hash', 'primary-device'),
+            path='group/mode/{mode}/session-owner-selection/first-packet/session-setup/{session_setup}')
+        params.append(VersionedParamPath(
+            'tentative_hold_time',
+            condition={'mode': 'active-active'}, vartype='int',
+            path='group/entry group_id/mode/{mode}/tentative-hold-time'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active'}, vartype='int',
+            path='group/mode/{mode}/tentative-hold-time')
+        params.append(VersionedParamPath(
+            'sync_qos',
+            condition={'mode': 'active-active'}, vartype='yesno',
+            path='group/entry group_id/mode/{mode}/network-configuration/sync/qos'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active'}, vartype='yesno',
+            path='group/mode/{mode}/network-configuration/sync/qos')
+        params.append(VersionedParamPath(
+            'sync_virtual_router',
+            condition={'mode': 'active-active'}, vartype='yesno',
+            path='group/entry group_id/mode/{mode}/network-configuration/sync/virtual-router'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active'}, vartype='yesno',
+            path='group/mode/{mode}/network-configuration/sync/virtual-router')
+        params.append(VersionedParamPath(
+            'ip_hash_key',
+            condition={'mode': 'active-active', 'session_owner_selection': 'first-packet', 'session_setup': 'ip-hash'},
+            values=('source', 'source-and-destination'),
+            path='group/entry group_id/mode/{mode}/session-owner-selection/first-packet/session-setup/{session_setup}/hash-key'))
+        params[-1].add_profile(
+            '8.1.0',
+            condition={'mode': 'active-active', 'session_owner_selection': 'first-packet', 'session_setup': 'ip-hash'},
+            values=('source', 'source-and-destination'),
+            path='group/mode/{mode}/session-owner-selection/first-packet/session-setup/{session_setup}/hash-key')
         self._params = tuple(params)
 
         # stubs

pandevice/network.py

@@ -1099,30 +1099,29 @@ class AggregateInterface(PhysicalInterface):
                 * layer3
                 * layer2
                 * virtual-wire
-                * tap
                 * ha
-                * decrypt-mirror
-                * aggregate-group
 
             Not all modes apply to all interface types (Default: layer3)
 
         ip (tuple): Layer3: Interface IPv4 addresses
         ipv6_enabled (bool): Layer3: IPv6 Enabled (requires
             IPv6Address child object)
-        management_profile (ManagementProfile): Layer3: Interface Management
-            Profile
+        management_profile (ManagementProfile): Layer3: Interface Management Profile
         mtu(int): Layer3: MTU for interface
         adjust_tcp_mss (bool): Layer3: Adjust TCP MSS
         netflow_profile (NetflowProfile): Netflow profile
-        lldp_enabled (bool): Layer2: Enable LLDP
-        lldp_profile (str): Layer2: Reference to an lldp profile
-        netflow_profile_l2 (NetflowProfile): Netflow profile
+        lldp_enabled (bool): Enable LLDP
+        lldp_profile (str): Reference to an lldp profile
         comment (str): The interface's comment
-        ipv4_mss_adjust(int): TCP MSS adjustment for ipv4
-        ipv6_mss_adjust(int): TCP MSS adjustment for ipv6
+        ipv4_mss_adjust(int): Layer3: TCP MSS adjustment for ipv4
+        ipv6_mss_adjust(int): Layer3: TCP MSS adjustment for ipv6
         enable_dhcp (bool): Enable DHCP on this interface
-        create_dhcp_default_route (bool): Create default route pointing to default gateway provided by server
-        dhcp_default_route_metric (int): Metric for the DHCP default route
+        create_dhcp_default_route (bool): Layer3: Create default route pointing to default gateway provided by server
+        dhcp_default_route_metric (int): Layer3: Metric for the DHCP default route
+        lacp_enable (bool): Enables LACP
+        lacp_passive_pre_negotiation (bool): Enable LACP passive pre-negotiation, off by default
+        lacp_rate (str): Set LACP transmission-rate to 'fast' or 'slow'
+        lacp_mode (str): Set LACP mode to 'active' or 'passive'
 
     """
     ALLOW_SET_VLAN = True
@@ -1149,42 +1148,49 @@ def _setup(self):
         params.append(VersionedParamPath(
             'mode', path='{mode}', default='layer3',
             values=[
-                'layer3', 'layer2', 'virtual-wire', 'tap',
-                'ha', 'decrypt-mirror', 'aggregate-group',
+                'layer3', 'layer2', 'virtual-wire', 'ha',
             ]))
         params.append(VersionedParamPath(
-            'ip', path='ip', vartype='entry'))
+            'ip', condition={'mode': 'layer3'},
+            path='{mode}/ip', vartype='entry'))
         params.append(VersionedParamPath(
-            'ipv6_enabled', path='ipv6/enabled', vartype='yesno'))
+            'ipv6_enabled', condition={'mode': 'layer3'},
+            path='{mode}/ipv6/enabled', vartype='yesno'))
         params.append(VersionedParamPath(
-            'management_profile', path='interface-management-profile'))
+            'management_profile', condition={'mode': ['layer3', 'layer2']},
+            path='{mode}/interface-management-profile'))
         params.append(VersionedParamPath(
-            'mtu', path='mtu', vartype='int'))
+            'mtu', condition={'mode': 'layer3'},
+            path='{mode}/mtu', vartype='int'))
         params.append(VersionedParamPath(
-            'adjust_tcp_mss', path='adjust-tcp-mss', vartype='yesno'))
+            'adjust_tcp_mss', condition={'mode': 'layer3'},
+            path='{path}/adjust-tcp-mss/enable', vartype='yesno'))
         params[-1].add_profile(
             '7.1.0',
-            vartype='yesno', path='adjust-tcp-mss/enable')
-        params.append(VersionedParamPath(
-            'netflow_profile', path='netflow-profile'))
+            condition={'mode': 'layer3'},
+            vartype='yesno', path='{mode}/adjust-tcp-mss/enable')
         params.append(VersionedParamPath(
-            'lldp_enabled', path='lldp/enable', vartype='yesno'))
+            'netflow_profile',
+            condition={'mode': ['layer3', 'layer2', 'vwire']},
+            path='{mode}/netflow-profile'))
         params.append(VersionedParamPath(
-            'lldp_profile', path='lldp/profile'))
+            'lldp_enabled', condition={'mode': ['layer3', 'layer2', 'vwire']},
+            path='{mode}/lldp/enable', vartype='yesno'))
         params.append(VersionedParamPath(
-            'netflow_profile_l2', path='netflow-profile'))
+            'lldp_profile', condition={'mode': ['layer3', 'layer2', 'vwire']},
+            path='{mode}/lldp/profile'))
         params.append(VersionedParamPath(
             'comment', path='comment'))
         params.append(VersionedParamPath(
             'ipv4_mss_adjust', exclude=True))
         params[-1].add_profile(
-            '7.1.0',
-            path='adjust-tcp-mss/ipv4-mss-adjustment', vartype='int')
+            '7.1.0', condition={'mode': 'layer3'},
+            path='{mode}/adjust-tcp-mss/ipv4-mss-adjustment', vartype='int')
         params.append(VersionedParamPath(
             'ipv6_mss_adjust', exclude=True))
         params[-1].add_profile(
-            '7.1.0',
-            path='adjust-tcp-mss/ipv6-mss-adjustment', vartype='int')
+            '7.1.0', condition={'mode': 'layer3'},
+            path='{mode}/adjust-tcp-mss/ipv6-mss-adjustment', vartype='int')
         params.append(VersionedParamPath(
             'enable_dhcp', path='{mode}/dhcp-client/enable',
             vartype='yesno', condition={'mode': 'layer3'}))
@@ -1196,6 +1202,22 @@ def _setup(self):
             'dhcp_default_route_metric',
             path='{mode}/dhcp-client/default-route-metric',
             vartype='int', condition={'mode': 'layer3'}))
+        params.append(VersionedParamPath(
+            'lacp_enable',
+            condition={'mode': ['layer3', 'layer2', 'ha']},
+            vartype='yesno', path='{mode}/lacp/enable'))
+        params.append(VersionedParamPath(
+            'lacp_passive_pre_negotiation',
+            condition={'mode': ['layer3', 'layer2', 'ha'], 'lacp_enable': True},
+            vartype='yesno', path='{mode}/lacp/passive-pre-negotiation'))
+        params.append(VersionedParamPath(
+            'lacp_mode',
+            condition={'mode': ['layer3', 'layer2', 'ha'], 'lacp_enable': True},
+            values=['active', 'passive'], path='{mode}/lacp/mode'))
+        params.append(VersionedParamPath(
+            'lacp_rate',
+            condition={'mode': ['layer3', 'layer2', 'ha'], 'lacp_enable': True},
+            values=['fast', 'slow'], path='{mode}/lacp/transmission-rate'))
 
         self._params = tuple(params)
 

setup.py

@@ -23,7 +23,7 @@
 
 setup_kwargs = dict(
     name='pandevice',
-    version='0.12.0',
+    version='0.13.0',
     description='Framework for interacting with Palo Alto Networks devices via API',
     long_description='The Palo Alto Networks Device Framework is a way to interact with Palo Alto Networks devices (including Next-generation Firewalls and Panorama) using the device API that is object oriented and conceptually similar to interaction with the device via the GUI or CLI.',
     author='Palo Alto Networks',