PyPANRestV2 2.1.0__tar.gz → 2.1.2__tar.gz

{pypanrestv2-2.1.0 → pypanrestv2-2.1.2}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.1
+Metadata-Version: 2.4
 Name: PyPANRestV2
-Version: 2.1.0
+Version: 2.1.2
 Summary: Python tools for interacting with Palo Alto Networks REST API.
 License: MIT
 Author: Mark Rzepa
@@ -10,6 +10,8 @@ Classifier: License :: OSI Approved :: MIT License
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Requires-Dist: dnspython (>=2.6.1)
 Requires-Dist: icecream (>=2.1.3)
 Requires-Dist: pycountry (>=23.12.11)
@@ -30,14 +32,22 @@ Description-Content-Type: text/markdown
 
 - **High-Level Abstraction**: Simplifies interaction with the Palo Alto Networks API.
 - **Support for Firewalls and Panorama**: Manage both individual firewalls and Panorama devices.
-- **REST API Integration**: Allows seamless communication with devices.
+- **REST API Integration**: Allows seamless communication with devices using REST API.
+- **XML API Support**: Handles XML API calls for configurations not yet available in REST API.
 - **Convenient Pythonic Objects**: Intuitive Python objects for interacting with specific sections of Palo Alto firewall configurations.
+- **Error Handling**: Custom exceptions for better error management and troubleshooting.
 
 ---
 
 ## Installation
 
-To install `PyPanRestV2`, clone the repository and install it as a package:
+You can install `PyPanRestV2` using pip:
+
+```bash
+pip install pypanrestv2
+```
+
+Alternatively, you can clone the repository and install it as a package for development:
 
 ```bash
 # Clone the repository
@@ -60,7 +70,7 @@ This will install the package and all required dependencies automatically. The `
 Start by importing the necessary classes from the library:
 
 ```python
-from pypantrestv2 import Firewall, Panorama
+from pypanrestv2 import Firewall, Panorama
 ```
 
 ### Connect to a Firewall or Panorama Device
@@ -84,12 +94,12 @@ from pypanrestv2.Policies import SecurityRules
 
 # Create a new security rule
 security_rule = SecurityRules(firewall, name='allow_web')
-security_rule.source_zone = ['trust']
-security_rule.destination_zone = ['untrust']
-security_rule.source = ['any']
-security_rule.destination = ['any']
-security_rule.application = ['web-browsing']
-security_rule.service = ['application-default']
+security_rule.from_ = {'member': ['trust']}
+security_rule.to = {'member': ['untrust']}
+security_rule.source = {'member': ['any']}
+security_rule.destination = {'member': ['any']}
+security_rule.application = {'member': ['web-browsing']}
+security_rule.service = {'member': ['application-default']}
 security_rule.action = 'allow'
 security_rule.create()
 
@@ -114,16 +124,24 @@ address.create()
 all_addresses = Addresses.get_all(firewall)
 ```
 
-#### 3. Working with Panorama Device Groups
+#### 3. Working with Panorama Policies and Rulebase
 ```python
 from pypanrestv2 import Panorama
+from pypanrestv2.Policies import SecurityRules
 
 # Initialize Panorama connection
 panorama = Panorama(base_url='panorama.example.com', api_key='YOUR_API_KEY')
 
-# Add a device to a device group
-device_group = panorama.device_groups.get('Branch_Offices')
-device_group.add_device('serial123')
+# Create a security rule in the pre-rulebase of a device group
+security_rule = SecurityRules(panorama, name='allow_internal', rulebase='Pre')
+security_rule.from_ = {'member': ['trust']}
+security_rule.to = {'member': ['untrust']}
+security_rule.source = {'member': ['any']}
+security_rule.destination = {'member': ['any']}
+security_rule.application = {'member': ['web-browsing']}
+security_rule.service = {'member': ['application-default']}
+security_rule.action = 'allow'
+security_rule.create()
 ```
 
 ---
@@ -132,15 +150,22 @@ device_group.add_device('serial123')
 
 Visit the project's GitHub repository for source code, documentation, enhancements, and contributions:
 
-[PyPanRestV2 Repository on GitHub](https://github.com/wellhealthtechnologies/PyPanRestV2.git)
+[PyPanRestV2 Repository on GitHub](https://github.com/mrzepa/pypanrestv2.git)
 
 ---
 
 ## Requirements
 
-- **Python 3.11+** (or higher)
-- **Palo Alto Devices** or Panorama
-- Python modules listed in requirements.txt
+- **Python 3.11+**
+- **Palo Alto Networks Devices** running PAN-OS 9.0+ or Panorama
+- Python dependencies:
+  - dnspython
+  - icecream
+  - pycountry
+  - python-dotenv
+  - requests
+  - tqdm
+  - validators
 
 ---
 
@@ -196,7 +221,7 @@ Be sure to check the documentation, if provided, before starting contributions.
 
 ## License
 
-This project is licensed under the MIT. See the [LICENSE](./https://opensource.org/license/mit) file for details.
+This project is licensed under the MIT License. See the [LICENSE](https://opensource.org/license/mit) file for details.
 
 ---
 

{pypanrestv2-2.1.0 → pypanrestv2-2.1.2}/README.md

@@ -8,14 +8,22 @@
 
 - **High-Level Abstraction**: Simplifies interaction with the Palo Alto Networks API.
 - **Support for Firewalls and Panorama**: Manage both individual firewalls and Panorama devices.
-- **REST API Integration**: Allows seamless communication with devices.
+- **REST API Integration**: Allows seamless communication with devices using REST API.
+- **XML API Support**: Handles XML API calls for configurations not yet available in REST API.
 - **Convenient Pythonic Objects**: Intuitive Python objects for interacting with specific sections of Palo Alto firewall configurations.
+- **Error Handling**: Custom exceptions for better error management and troubleshooting.
 
 ---
 
 ## Installation
 
-To install `PyPanRestV2`, clone the repository and install it as a package:
+You can install `PyPanRestV2` using pip:
+
+```bash
+pip install pypanrestv2
+```
+
+Alternatively, you can clone the repository and install it as a package for development:
 
 ```bash
 # Clone the repository
@@ -38,7 +46,7 @@ This will install the package and all required dependencies automatically. The `
 Start by importing the necessary classes from the library:
 
 ```python
-from pypantrestv2 import Firewall, Panorama
+from pypanrestv2 import Firewall, Panorama
 ```
 
 ### Connect to a Firewall or Panorama Device
@@ -62,12 +70,12 @@ from pypanrestv2.Policies import SecurityRules
 
 # Create a new security rule
 security_rule = SecurityRules(firewall, name='allow_web')
-security_rule.source_zone = ['trust']
-security_rule.destination_zone = ['untrust']
-security_rule.source = ['any']
-security_rule.destination = ['any']
-security_rule.application = ['web-browsing']
-security_rule.service = ['application-default']
+security_rule.from_ = {'member': ['trust']}
+security_rule.to = {'member': ['untrust']}
+security_rule.source = {'member': ['any']}
+security_rule.destination = {'member': ['any']}
+security_rule.application = {'member': ['web-browsing']}
+security_rule.service = {'member': ['application-default']}
 security_rule.action = 'allow'
 security_rule.create()
 
@@ -92,16 +100,24 @@ address.create()
 all_addresses = Addresses.get_all(firewall)
 ```
 
-#### 3. Working with Panorama Device Groups
+#### 3. Working with Panorama Policies and Rulebase
 ```python
 from pypanrestv2 import Panorama
+from pypanrestv2.Policies import SecurityRules
 
 # Initialize Panorama connection
 panorama = Panorama(base_url='panorama.example.com', api_key='YOUR_API_KEY')
 
-# Add a device to a device group
-device_group = panorama.device_groups.get('Branch_Offices')
-device_group.add_device('serial123')
+# Create a security rule in the pre-rulebase of a device group
+security_rule = SecurityRules(panorama, name='allow_internal', rulebase='Pre')
+security_rule.from_ = {'member': ['trust']}
+security_rule.to = {'member': ['untrust']}
+security_rule.source = {'member': ['any']}
+security_rule.destination = {'member': ['any']}
+security_rule.application = {'member': ['web-browsing']}
+security_rule.service = {'member': ['application-default']}
+security_rule.action = 'allow'
+security_rule.create()
 ```
 
 ---
@@ -110,15 +126,22 @@ device_group.add_device('serial123')
 
 Visit the project's GitHub repository for source code, documentation, enhancements, and contributions:
 
-[PyPanRestV2 Repository on GitHub](https://github.com/wellhealthtechnologies/PyPanRestV2.git)
+[PyPanRestV2 Repository on GitHub](https://github.com/mrzepa/pypanrestv2.git)
 
 ---
 
 ## Requirements
 
-- **Python 3.11+** (or higher)
-- **Palo Alto Devices** or Panorama
-- Python modules listed in requirements.txt
+- **Python 3.11+**
+- **Palo Alto Networks Devices** running PAN-OS 9.0+ or Panorama
+- Python dependencies:
+  - dnspython
+  - icecream
+  - pycountry
+  - python-dotenv
+  - requests
+  - tqdm
+  - validators
 
 ---
 
@@ -174,7 +197,7 @@ Be sure to check the documentation, if provided, before starting contributions.
 
 ## License
 
-This project is licensed under the MIT. See the [LICENSE](./https://opensource.org/license/mit) file for details.
+This project is licensed under the MIT License. See the [LICENSE](https://opensource.org/license/mit) file for details.
 
 ---
 

{pypanrestv2-2.1.0 → pypanrestv2-2.1.2}/pypanrestv2/Objects.py

@@ -378,80 +378,96 @@ class AddressGroups(Object):
     """
 
     valid_types = ['static', 'dynamic']
-    CompareAttributeList = ['member', 'filter'].extend(valid_types)
+    CompareAttributeList = ['member', 'filter'] + valid_types
 
     def __init__(self, PANDevice, **kwargs):
         super().__init__(PANDevice, max_name_length=64, max_description_length=1024, has_tags=False, **kwargs)
-        # Initialize MemberObj list with Address objects if 'member' list is provided
+        # Initialize container for resolved member objects
         self.MemberObj: list = []
-        self.static: Dict[str, List[str]] = {}
-        self.dynamic: Dict[str, List[str]] = {}
+
+        # Start unset; allow instantiation without static/dynamic
+        self._static: Optional[Dict[str, List[str]]] = None
+        self._dynamic: Optional[Dict[str, str]] = None
+
+        # Optionally accept one of 'static' or 'dynamic' from kwargs
+        provided_static = kwargs.get('static')
+        provided_dynamic = kwargs.get('dynamic')
+
+        if provided_static is not None and provided_dynamic is not None:
+            raise ValueError("Only one of 'static' or 'dynamic' can be provided.")
+
+        if provided_static is not None:
+            self.static = provided_static
+        elif provided_dynamic is not None:
+            self.dynamic = provided_dynamic
 
     @property
     def static(self):
         return self._static
 
     @static.setter
-    def static(self, value: dict):
+    def static(self, value: Optional[dict]):
         """
-        The setter method for the 'static' attribute.
-        Validates that the value is a dictionary containing the key 'member' with a value of type list,
-        and this list contains at least one item.
-
-        :param value: The value to set for the 'static' attribute.
-        :type value: dict
-        :raises ValueError: If the value does not meet the specified criteria.
+        Set or clear the 'static' attribute.
+        When set, it must be a dict containing key 'member' with a non-empty list.
+        Setting 'static' clears 'dynamic' (mutually exclusive).
         """
+        if value is None:
+            self._static = None
+            # Remove from entry if present
+            self.entry.pop('static', None)
+            return
+
         if not isinstance(value, dict):
             raise ValueError("The 'static' attribute must be a dictionary.")
-
         if 'member' not in value:
             raise ValueError("The dictionary must contain the key 'member'.")
-
         if not isinstance(value['member'], list):
             raise ValueError("The 'member' key must have a list as its value.")
-
         if len(value['member']) < 1:
             raise ValueError("The list under 'member' key must contain at least one item.")
 
-        self._static = value
-        self.entry.update({'static': value})
+        # Set static and clear dynamic to ensure mutual exclusivity
+        self._static = {'member': list(value['member'])}
+        self.entry.update({'static': self._static})
+        # Clear dynamic side if set
+        self._dynamic = None
+        self.entry.pop('dynamic', None)
 
     @property
-    def dynamic(self) -> dict:
+    def dynamic(self) -> Optional[dict]:
         """
         The 'dynamic' property getter.
         """
         return self._dynamic
 
     @dynamic.setter
-    def dynamic(self, value: dict) -> None:
+    def dynamic(self, value: Optional[dict]) -> None:
         """
-        The setter for the 'dynamic' attribute.
-        Validates that the value is a dictionary with a key 'filter' whose value is a string of max length 2047.
-
-        :param value: The dictionary to set as the 'dynamic' attribute.
-        :raises ValueError: If the value does not meet the specified criteria.
+        Set or clear the 'dynamic' attribute.
+        When set, it must be a dict with a key 'filter' whose value is a string of max length 2047.
+        Setting 'dynamic' clears 'static' (mutually exclusive).
         """
-        # Check if the value is a dictionary
+        if value is None:
+            self._dynamic = None
+            self.entry.pop('dynamic', None)
+            return
+
         if not isinstance(value, dict):
             raise ValueError("The 'dynamic' attribute must be a dictionary.")
-
-        # Check if the dictionary has a key named 'filter'
         if 'filter' not in value:
             raise ValueError("The dictionary must contain the key 'filter'.")
-
-        # Check if the value of 'filter' is a string
         if not isinstance(value['filter'], str):
             raise ValueError("The 'filter' key must have a string as its value.")
-
-        # Check if the string length of 'filter' is within the limit
         if len(value['filter']) > 2047:
             raise ValueError("The 'filter' value must not exceed 2047 characters.")
 
-        # If all checks pass, set the value
-        self._dynamic = value
-        self.entry.update({'dynamic': value})
+        # Set dynamic and clear static to ensure mutual exclusivity
+        self._dynamic = {'filter': value['filter']}
+        self.entry.update({'dynamic': self._dynamic})
+        # Clear static side if set
+        self._static = None
+        self.entry.pop('static', None)
 
     @property
     def MemberObj(self):
@@ -469,22 +485,27 @@ class AddressGroups(Object):
         del self._MemberObj
 
     def add_member(self, member):
-        if not hasattr(self, 'static'):
+        # Ensure we are in static mode
+        if self.static is None:
             raise ValueError("Can only add members to a 'static' type AddressGroup")
+        members = self._static.setdefault('member', [])
         if isinstance(member, Addresses):
-            if member.name not in self.member:
-                self.member.append(member.name)
+            if member.name not in members:
+                members.append(member.name)
                 self.MemberObj.append(member)
         elif isinstance(member, str):
-            if member not in self.member:
-                self.member.append(member)
-                # Optionally, resolve the Addresses object from the name and add to MemberObj
+            if member not in members:
+                members.append(member)
         else:
             raise TypeError("Member must be an Addresses object or a string")
+        # Reflect changes into entry
+        self.entry.update({'static': self._static})
 
     def remove_member(self, member):
-        if not hasattr(self, 'static'):
+        # Ensure we are in static mode
+        if self.static is None:
             raise ValueError("Can only remove members from a 'static' type AddressGroup")
+        members = self._static.get('member', [])
         if isinstance(member, Addresses):
             member_name = member.name
         elif isinstance(member, str):
@@ -492,35 +513,31 @@ class AddressGroups(Object):
         else:
             raise TypeError("Member must be an Addresses object or a string")
 
-        if member_name in self.member:
-            self.member.remove(member_name)
-            self.MemberObj = [obj for obj in self.MemberObj if obj.name != member_name]
+        if member_name in members:
+            members.remove(member_name)
+            self.MemberObj = [obj for obj in self.MemberObj if getattr(obj, 'name', None) != member_name]
+            # Reflect changes into entry
+            self.entry.update({'static': self._static})
 
     def set_filter(self, filter_str):
-        if not hasattr(self, 'dynamic'):
-            raise ValueError("Filter can only be set for a 'dynamic' type AddressGroup")
+        # Ensure we are in dynamic mode (and set if not yet set)
+        if not isinstance(filter_str, str):
+            raise TypeError("Filter must be a string")
         if len(filter_str) > 2047:
             raise ValueError("Filter length exceeds the maximum allowed characters (2047)")
-        self.dynamic = filter_str
+        # This will also clear static via the setter
+        self.dynamic = {'filter': filter_str}
 
     def get_object(self, obj_type, name: str, location: str, device_group: str, vsys: str) -> Optional[Any]:
         """
         Attempt to instantiate an object of type `obj_type` with the provided parameters.
         Returns the instantiated object if it exists, None otherwise.
-
-        :param obj_type: The class of the object to be instantiated.
-        :param name: The name of the object.
-        :param location: The location of the object.
-        :param device_group: The device group the object belongs to.
-        :param vsys: The virtual system the object belongs to.
-        :return: An instance of `obj_type` if successful, None otherwise.
         """
         try:
             obj = obj_type(PANDevice=self.PANDevice, name=name, location=location, device_group=device_group, vsys=vsys)
             if obj.get(ANYLOCATION=True, IsSearch=True):
                 return obj
         except Exception as e:
-            # Here you should log the exception e
             logger.error(f"Error instantiating object of type {obj_type.__name__}: {e}")
         return None
 
@@ -530,7 +547,7 @@ class AddressGroups(Object):
         Tries to instantiate Address objects first; if that fails, tries AddressGroups.
         Raises an exception if the static member list is empty or the objects cannot be found.
         """
-        members = self.static.get('member')
+        members = (self.static or {}).get('member')
         if not members:
             raise ValueError('Cannot populate an empty group.')
 

{pypanrestv2-2.1.0 → pypanrestv2-2.1.2}/pypanrestv2/Policies.py

@@ -562,12 +562,7 @@ class NatRules(Policy):
         if value == 'any':
             self._service = 'any'
         else:
-            check_service = Services(self.PANDevice, name=value, location=self.location, device_group=self.device_group)
-            if check_service.get(ANYLOCATION=True, IsSearch=True):
-                self._service = value
-            else:
-                raise ValueError(f"The service '{value}' does not exist.")
-
+            self._service = value
         # Update the entry dictionary
         self.entry.update({'service': self._service})
 
@@ -604,28 +599,29 @@ class NatRules(Policy):
 
     @source_translation.setter
     def source_translation(self, value: dict) -> None:
-        if not isinstance(value, dict):
-            raise TypeError("source_translation must be a dictionary.")
-
-        # Validate the keys of the main dict
-        valid_keys = ['dynamic-ip-and-port', 'dynamic-ip', 'static-ip']
-        if all(key not in valid_keys for key in value.keys()):
-            raise ValueError(f"Invalid key in source_translation. Must be one of: {', '.join(valid_keys)}")
-
-        keys_present = [key for key in valid_keys if key in value]
-        if len(keys_present) > 1:
-            raise ValueError("Only one of 'dynamic-ip-and-port', 'dynamic-ip', or 'static-ip' can be set at a time.")
-
-        if 'dynamic-ip-and-port' in value:
-            self._validate_dynamic_ip_and_port(value['dynamic-ip-and-port'])
-        elif 'dynamic-ip' in value:
-            self._validate_dynamic_ip(value['dynamic-ip'])
-        elif 'static-ip' in value:
-            self._validate_static_ip(value['static-ip'])
-
-        # Update the entry dictionary to reflect the change
-        self._source_translation = value
-        self.entry.update({'source-translation': self._source_translation})
+        if value:
+            if not isinstance(value, dict):
+                raise TypeError("source_translation must be a dictionary.")
+
+            # Validate the keys of the main dict
+            valid_keys = ['dynamic-ip-and-port', 'dynamic-ip', 'static-ip']
+            if all(key not in valid_keys for key in value.keys()):
+                raise ValueError(f"Invalid key in source_translation. Must be one of: {', '.join(valid_keys)}")
+
+            keys_present = [key for key in valid_keys if key in value]
+            if len(keys_present) > 1:
+                raise ValueError("Only one of 'dynamic-ip-and-port', 'dynamic-ip', or 'static-ip' can be set at a time.")
+
+            if 'dynamic-ip-and-port' in value:
+                self._validate_dynamic_ip_and_port(value['dynamic-ip-and-port'])
+            elif 'dynamic-ip' in value:
+                self._validate_dynamic_ip(value['dynamic-ip'])
+            elif 'static-ip' in value:
+                self._validate_static_ip(value['static-ip'])
+
+            # Update the entry dictionary to reflect the change
+            self._source_translation = value
+            self.entry.update({'source-translation': self._source_translation})
 
     def _validate_dynamic_ip_and_port(self, value: dict) -> None:
         valid_sub_keys = ['translated-addresses', 'interface-address']

{pypanrestv2-2.1.0 → pypanrestv2-2.1.2}/pyproject.toml

@@ -3,7 +3,7 @@ requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 name = "PyPANRestV2"
-version = "2.1.0"
+version = "2.1.2"
 description = "Python tools for interacting with Palo Alto Networks REST API."
 authors = [
     "Mark Rzepa <mark@rzepa.com>"