Merge branch 'release/0.5.1'

Author: shinmog

HISTORY.rst

@@ -3,10 +3,23 @@
 History
 =======
 
+0.5.1
+-----
+
+Released: 2017-09-12
+
+Status: Alpha
+
+- Fix: Security and NAT policy XPATH problems
+- Fix: `base.PanDevice.create_from_device()`'s check for certain Panorama devices
+- Fix: `firewall.Firewall.organize_into_vsys()`'s behavior with importables that aren't imported
+- Fix: `refreshall()`'s behavior when it has a `device.Vsys` parent
+
+
 0.5.0
 -----
 
-Released 2017-07-14
+Released: 2017-07-14
 
 Status: Alpha
 

README.rst

@@ -2,10 +2,10 @@
 Palo Alto Networks Device Framework
 ===================================
 
-The Palo Alto Networks Device Framework is a way to interact with Palo Alto
-Networks devices (including Next-generation Firewalls and Panorama) using the
-device API that is object oriented and conceptually similar to interaction
-with the device via the GUI or CLI.
+The Device Framework is a mechanism for interacting with Palo Alto Networks
+devices (including physical and virtualized Next-generation Firewalls and
+Panorama).  The Device Framework is object oriented and mimics the traditional
+interaction with the device via the GUI or CLI/API.
 
 * Documentation: http://pandevice.readthedocs.io
 * Overview: http://paloaltonetworks.github.io/pandevice

pandevice/__init__.py

@@ -23,7 +23,7 @@
 
 __author__ = 'Palo Alto Networks'
 __email__ = '[email protected]'
-__version__ = '0.5.0'
+__version__ = '0.5.1'
 
 
 import logging

pandevice/base.py

@@ -314,13 +314,13 @@ def _parent_xpath(self):
         if self.parent is None:
             return ""
         else:
-            return self.parent._build_xpath(self.ROOT)
+            return self.parent._build_xpath(self.ROOT, None)
 
-    def _build_xpath(self, root):
+    def _build_xpath(self, root, vsys):
         if self.parent is None:
             # self with no parent
             return ""
-        parent_xpath = self.parent._build_xpath(root) + self.XPATH
+        parent_xpath = self.parent._build_xpath(root, vsys) + self.XPATH
         if self.SUFFIX is not None:
             parent_xpath += self.SUFFIX % (self.uid, )
         return parent_xpath
@@ -334,9 +334,12 @@ def xpath_panorama(self):
             return self.parent.xpath_panorama()
 
     def _root_xpath_vsys(self, vsys):
-        root_xpath = "/config/devices/entry[@name='localhost.localdomain']/vsys"
-        specific_vsys = "/entry[@name='{0}']".format(vsys) if vsys else ""
-        return root_xpath + specific_vsys
+        if vsys == 'shared':
+            return '/config/shared'
+
+        xpath = "/config/devices/entry[@name='localhost.localdomain']"
+        xpath += "/vsys/entry[@name='{0}']".format(vsys or 'vsys1')
+        return xpath
 
     def element(self, with_children=True, comparable=False):
         """Construct an ElementTree for this PanObject and all its children
@@ -1441,8 +1444,7 @@ def _about_parameter(self, parameter):
         return ans
 
     def _requires_import_consideration(self):
-        if self.vsys in (None, 'shared') or not hasattr(self,
-                                                        'xpath_import_base'):
+        if self.vsys == 'shared' or not hasattr(self, 'XPATH_IMPORT'):
             return False
         return True
 
@@ -1489,9 +1491,12 @@ def _gather_bulk_info(self, func=None):
         for node in itertools.chain(all_objects):
             all_objects.extend(node.children)
             if node._requires_import_consideration():
-                vsys_dict.setdefault(node.vsys, {})
-                vsys_dict[node.vsys].setdefault(node.xpath_import_base(), [])
-                vsys_dict[node.vsys][node.xpath_import_base()].append(node)
+                vsys = node.vsys
+                if vsys is None and node.ALWAYS_IMPORT:
+                    vsys = 'vsys1'
+                vsys_dict.setdefault(vsys, {})
+                vsys_dict[vsys].setdefault(node.xpath_import_base(), [])
+                vsys_dict[vsys][node.xpath_import_base()].append(node)
 
         return dev, instances, vsys_dict
 
@@ -2965,7 +2970,7 @@ def create_from_device(cls,
         system_info = device.refresh_system_info()
         version = system_info[0]
         model = system_info[1]
-        if model == "Panorama":
+        if model == "Panorama" or model.startswith('M-'):
             instance = panorama.Panorama(hostname,
                                          api_username,
                                          api_password,
@@ -3271,14 +3276,14 @@ def set_config_changed(self, scope=None):
         if scope not in self.config_changed:
             self.config_changed.append(scope)
 
-    def _build_xpath(self, root):
-        return self.xpath_root(root)
+    def _build_xpath(self, root, vsys):
+        return self.xpath_root(root, vsys or self.vsys)
 
-    def xpath_root(self, root_type):
+    def xpath_root(self, root_type, vsys):
         if root_type == Root.DEVICE:
             xpath = self.xpath_device()
         elif root_type == Root.VSYS:
-            xpath = self.xpath_vsys()
+            xpath = self._root_xpath_vsys(vsys)
         elif root_type == Root.MGTCONFIG:
             xpath = self.xpath_mgtconfig()
         elif root_type == Root.PANORAMA:

pandevice/device.py

@@ -131,22 +131,12 @@ def _setup(self):
         self._params = tuple(params)
 
     def xpath_vsys(self):
-        if self.name == "shared":
-            return "/config/shared"
-        elif self.name is None:
-            return self._root_xpath_vsys('vsys1')
-        else:
-            return self._root_xpath_vsys(self.name)
-
-    def _build_xpath(self, root):
-        if root == Root.VSYS:
-            return super(Vsys, self)._build_xpath(root)
-        else:
-            # If original object is not a VSYS Root, then bypass the vsys part of the xpath
-            if self.parent is None:
-                return ""
-            else:
-                return self.parent._build_xpath(root)
+        return self._root_xpath_vsys(self.name)
+
+    def _build_xpath(self, root, vsys):
+        if self.parent is None:
+            return ''
+        return self.parent._build_xpath(root, self.name)
 
     @property
     def vsys(self):

pandevice/firewall.py

@@ -150,12 +150,7 @@ def vsys(self, value):
             self.ha_peer._vsys = value
 
     def xpath_vsys(self):
-        if self.vsys == "shared":
-            return "/config/shared"
-        elif self.vsys is None:
-            return self._root_xpath_vsys('vsys1')
-        else:
-            return self._root_xpath_vsys(self.vsys)
+        return self._root_xpath_vsys(self.vsys)
 
     def xpath_panorama(self):
         raise err.PanDeviceError("Attempt to modify Panorama configuration on non-Panorama device")
@@ -416,6 +411,13 @@ def organize_into_vsys(self, create_vsys_objects=True, refresh_vsys=True):
                                 x.parent.remove(x)
                                 vsys.add(x)
                             break
+                    else:
+                        # Checked every vsys, this importable isn't in any of
+                        # them (vsys is None), so move this node to be a child
+                        # of the firewall.
+                        if x.parent != self:
+                            x.parent.remove(x)
+                            self.add(x)
                     break
 
 

pandevice/network.py

@@ -505,7 +505,7 @@ def _setup(self):
         self._params = tuple(params)
 
 
-class VirtualWire(VersionedPanObject):
+class VirtualWire(VsysOperations):
     """Virtual wires (vwire)
 
     Args:
@@ -524,6 +524,9 @@ def _setup(self):
         # xpaths
         self._xpaths.add_profile(value='/network/virtual-wire')
 
+        # xpath imports
+        self._xpath_imports.add_profile(value='/network/virtual-wire')
+
         # params
         params = []
 

pandevice/panorama.py

@@ -87,13 +87,14 @@ def xpath_vsys(self):
         else:
             return "/config/devices/entry[@name='localhost.localdomain']/device-group/entry[@name='%s']" % self.name
 
-    def _build_xpath(self, root):
+    def _build_xpath(self, root, vsys):
         if (self.name == "shared" or self.name is None) and root == Root.VSYS:
             # This is a Vsys object in shared Panorama scope, so proceed normally
-            return super(DeviceGroup, self)._build_xpath(root)
+            return super(DeviceGroup, self)._build_xpath(root,
+                self.name or 'shared')
         else:
             # This is a member of the device-group, so override to use DeviceGroup root
-            return super(DeviceGroup, self)._build_xpath(self.ROOT)
+            return super(DeviceGroup, self)._build_xpath(self.ROOT, self.name)
 
 
 class Panorama(base.PanDevice):

pandevice/policies.py

@@ -116,6 +116,7 @@ class SecurityRule(VersionedPanObject):
     """
     # TODO: Add QoS variables
     SUFFIX = ENTRY
+    ROOT = Root.VSYS
 
     def _setup(self):
         # xpaths
@@ -242,8 +243,10 @@ class NatRule(VersionedPanObject):
         target (list): Apply this policy to the listed firewalls only
             (applies to panorama/device groups only)
         tag (list): Administrative tags
+
     """
     SUFFIX = ENTRY
+    ROOT = Root.VSYS
 
     def _setup(self):
         # xpaths

tests/test_base.py

@@ -372,7 +372,7 @@ def test_parent_xpath_for_xpath_parent(self):
         ret_val = self.obj._parent_xpath()
 
         self.assertEqual(Path, ret_val)
-        self.obj.parent._build_xpath.assert_called_once_with(0)
+        self.obj.parent._build_xpath.assert_called_once_with(0, None)
 
     def test_xpath_vsys_without_parent(self):
         ret_val = self.obj.xpath_vsys()