From 0bfb61c787ec1ab17c2332ccadb4aff4363550ec Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 01/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- .gitignore | 3 +++ .vscode/settings.json | 3 ++- Pipfile | 2 +- plugins/module_utils/panos.py | 29 +++++++++++++++-------- plugins/modules/panos_security_rule.py | 32 +++++++++++++++++++------- 5 files changed, 49 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index 5187a4654..8ed95f4c5 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,9 @@ ENV/ # PyCharm / IntelliJ .idea +# VS Code +.vscode + # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json index 23a41ac31..a9ca52e77 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,6 +3,7 @@ "source.organizeImports": true }, "python.linting.enabled": false, - "python.formatting.provider": "black", + "python.formatting.provider": "autopep8", "editor.formatOnSave": true, + "python.pythonPath": "/usr/local/bin/python3", } \ No newline at end of file diff --git a/Pipfile b/Pipfile index 5d661f7e6..ca1a6a1ef 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = "*" +pan-os-python = ">=1.1.0" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index bb2c85901..f2a89f790 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, Rulebase + from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase except ImportError: try: import pandevice as panos @@ -141,7 +141,8 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr(self.min_pandevice_version) + "panos", panos.__version__, _vstr( + self.min_pandevice_version) ) ) @@ -240,7 +241,8 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json(msg=pano_mia_param.format(self.template_stack)) + module.fail_json( + msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -311,7 +313,8 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format("Rulebase", module.params[self.rulebase]) + msg=not_found.format( + "Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -456,7 +459,8 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json(msg="Failed toggle: {0}".format(e)) + module.fail_json( + msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -493,8 +497,10 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ("before", "after") and existing_rule is None - improper_combo |= location in ("top", "bottom") and existing_rule is not None + improper_combo |= location in ( + "before", "after") and existing_rule is None + improper_combo |= location in ( + "top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -513,7 +519,8 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json(msg="Object {0} isn't present for move".format(uid)) + module.fail_json( + msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -804,7 +811,8 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError( + 'Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -869,7 +877,8 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", "choices": ["present", "absent"]} + spec["state"] = {"default": "present", + "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 919226edc..a151ee142 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,6 +17,12 @@ from __future__ import absolute_import, division, print_function +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -244,6 +250,10 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool + audit_comment: + description: + - Add an audit comment to the rule being defined. + type: str """ EXAMPLES = """ @@ -331,10 +341,6 @@ # Default return values """ -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) try: from panos.errors import PanDeviceError @@ -367,10 +373,12 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict(type="list", elements="str", default=["any"]), + destination_zone=dict( + type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", default=["application-default"]), + service=dict(type="list", elements="str", + default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -396,7 +404,8 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict(type="bool", default=False), + disable_server_response_inspection=dict( + type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -410,6 +419,7 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), + audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -481,6 +491,7 @@ def main(): location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] + audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -495,9 +506,14 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) + # Add the audit comment, if applicable. + if audit_comment: + RuleAuditComment.update(audit_comment) + # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position(new_rule, location, existing_rule, module) + changed |= helper.apply_position( + new_rule, location, existing_rule, module) # Optional commit. if changed and commit: From 5a1ebe2035083c3fd73607814f346ffdd852fd2e Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:44:21 -0400 Subject: [PATCH 02/25] bumped version for testing Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..8093b225d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.0 +version: 2.6.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From ee513f63c9e87b05de3b2c7ff60ac2296c3bac1b Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:57:04 -0400 Subject: [PATCH 03/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index a151ee142..129c42b2a 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,7 +508,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(audit_comment) + RuleAuditComment.update(module, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 5c25a2860096de422d394b33accc07cba86983c5 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 13:48:09 -0400 Subject: [PATCH 04/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 129c42b2a..125c6cc4a 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,7 +508,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(module, audit_comment) + rule_audit_comment = RuleAuditComment() + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 24f86efc9910be2d3948f8feab5b0f3380258259 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:23:52 -0400 Subject: [PATCH 05/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 125c6cc4a..159b1669c 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,8 +508,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - rule_audit_comment = RuleAuditComment() - rule_audit_comment.update(audit_comment) + RuleAuditComment.update(parent, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From fd19cff4b069f0de67f2128ff9cfd15266c60cfd Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:28:39 -0400 Subject: [PATCH 06/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 159b1669c..021ab6343 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,7 +508,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(parent, audit_comment) + rule_audit_comment = RuleAuditComment(parent) + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From bb7db291cc2c9359c1eca89fbf91b2ee2d25c775 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 18:30:38 -0400 Subject: [PATCH 07/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index f2a89f790..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase + from panos.policies import PostRulebase, PreRulebase, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 021ab6343..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -485,6 +485,7 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], + } # Other module info. @@ -506,16 +507,15 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) - # Add the audit comment, if applicable. - if audit_comment: - rule_audit_comment = RuleAuditComment(parent) - rule_audit_comment.update(audit_comment) - # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( new_rule, location, existing_rule, module) + # Add the audit comment, if applicable. + if changed and audit_comment and not module.check_mode: + new_rule.opstate.audit_comment.update(audit_comment) + # Optional commit. if changed and commit: helper.commit(module) From e6d20e47c57daf17f25f902d8a6276d70a20eda4 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Thu, 3 Jun 2021 08:36:17 -0400 Subject: [PATCH 08/25] removing .vscode Signed-off-by: Stephen Steiner --- .vscode/settings.json | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index a9ca52e77..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "autopep8", - "editor.formatOnSave": true, - "python.pythonPath": "/usr/local/bin/python3", -} \ No newline at end of file From f4897dac1cdffb0ba637a0f267070edffe173f35 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Thu, 3 Jun 2021 08:39:53 -0400 Subject: [PATCH 09/25] bumped to pan-os-python 1.1.0 and added tests Signed-off-by: Stephen Steiner --- requirements.txt | 2 +- tests/integration/firewall/test_panos_security_rule.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 4ace88fc2..cc7e232e0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ certifi==2020.12.5 chardet==3.0.4 idna==2.8 -pan-os-python==1.0.2 +pan-os-python>=1.1.0 pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11 diff --git a/tests/integration/firewall/test_panos_security_rule.yml b/tests/integration/firewall/test_panos_security_rule.yml index 566d2b361..053894f36 100644 --- a/tests/integration/firewall/test_panos_security_rule.yml +++ b/tests/integration/firewall/test_panos_security_rule.yml @@ -13,6 +13,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Test audit comment' register: result - name: test_panos_security_rule - Assert create was successful @@ -33,6 +34,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Testing audit_comment' register: result - name: test_panos_security_rule - Assert create (idempotence) was successful From 27f13bd8277bf508be86914aeff2be0f8323546c Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 10/25] Adding rule audit comment support - fixes #228 --- .gitignore | 3 ++ .vscode/settings.json | 8 ----- Pipfile | 2 +- galaxy.yml | 2 +- plugins/module_utils/panos.py | 27 ++++++++++----- plugins/modules/panos_security_rule.py | 33 ++++++++++++++----- requirements.txt | 2 +- .../firewall/test_panos_security_rule.yml | 2 ++ 8 files changed, 51 insertions(+), 28 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.gitignore b/.gitignore index 5187a4654..8ed95f4c5 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,9 @@ ENV/ # PyCharm / IntelliJ .idea +# VS Code +.vscode + # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 23a41ac31..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "black", - "editor.formatOnSave": true, -} \ No newline at end of file diff --git a/Pipfile b/Pipfile index 5d661f7e6..ca1a6a1ef 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = "*" +pan-os-python = ">=1.1.0" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..8093b225d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.0 +version: 2.6.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index bb2c85901..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,7 +141,8 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr(self.min_pandevice_version) + "panos", panos.__version__, _vstr( + self.min_pandevice_version) ) ) @@ -240,7 +241,8 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json(msg=pano_mia_param.format(self.template_stack)) + module.fail_json( + msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -311,7 +313,8 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format("Rulebase", module.params[self.rulebase]) + msg=not_found.format( + "Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -456,7 +459,8 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json(msg="Failed toggle: {0}".format(e)) + module.fail_json( + msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -493,8 +497,10 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ("before", "after") and existing_rule is None - improper_combo |= location in ("top", "bottom") and existing_rule is not None + improper_combo |= location in ( + "before", "after") and existing_rule is None + improper_combo |= location in ( + "top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -513,7 +519,8 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json(msg="Object {0} isn't present for move".format(uid)) + module.fail_json( + msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -804,7 +811,8 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError( + 'Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -869,7 +877,8 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", "choices": ["present", "absent"]} + spec["state"] = {"default": "present", + "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 919226edc..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,6 +17,12 @@ from __future__ import absolute_import, division, print_function +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -244,6 +250,10 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool + audit_comment: + description: + - Add an audit comment to the rule being defined. + type: str """ EXAMPLES = """ @@ -331,10 +341,6 @@ # Default return values """ -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) try: from panos.errors import PanDeviceError @@ -367,10 +373,12 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict(type="list", elements="str", default=["any"]), + destination_zone=dict( + type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", default=["application-default"]), + service=dict(type="list", elements="str", + default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -396,7 +404,8 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict(type="bool", default=False), + disable_server_response_inspection=dict( + type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -410,6 +419,7 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), + audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -475,12 +485,14 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], + } # Other module info. location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] + audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -497,7 +509,12 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position(new_rule, location, existing_rule, module) + changed |= helper.apply_position( + new_rule, location, existing_rule, module) + + # Add the audit comment, if applicable. + if changed and audit_comment and not module.check_mode: + new_rule.opstate.audit_comment.update(audit_comment) # Optional commit. if changed and commit: diff --git a/requirements.txt b/requirements.txt index 4ace88fc2..cc7e232e0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ certifi==2020.12.5 chardet==3.0.4 idna==2.8 -pan-os-python==1.0.2 +pan-os-python>=1.1.0 pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11 diff --git a/tests/integration/firewall/test_panos_security_rule.yml b/tests/integration/firewall/test_panos_security_rule.yml index 566d2b361..053894f36 100644 --- a/tests/integration/firewall/test_panos_security_rule.yml +++ b/tests/integration/firewall/test_panos_security_rule.yml @@ -13,6 +13,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Test audit comment' register: result - name: test_panos_security_rule - Assert create was successful @@ -33,6 +34,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Testing audit_comment' register: result - name: test_panos_security_rule - Assert create (idempotence) was successful From 28886562d4532e3991d0d2734fa8daa0cf9bf9e2 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 11:09:51 -0400 Subject: [PATCH 11/25] 228 formatted per lint test results Signed-off-by: Stephen Steiner --- Makefile | 2 +- Pipfile.lock | 219 +++++++++++++------------ plugins/module_utils/panos.py | 27 +-- plugins/modules/panos_security_rule.py | 14 +- 4 files changed, 125 insertions(+), 137 deletions(-) diff --git a/Makefile b/Makefile index 3d7c66c6f..37514f33d 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ else ifneq (ansible_collections,$(toplevel)) endif python_version := $(shell \ - python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ + python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ ) diff --git a/Pipfile.lock b/Pipfile.lock index a809f1bfa..b6f3fe61b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "03d83e4a064c0ab343bcfb84a18d569dfb3071417d5967d32cff9b807cb2dfe2" + "sha256": "19c82651b2164ad7ec0ca621d68ecae9d852eef15b447daa245d065a69338085" }, "pipfile-spec": 6, "requires": { @@ -18,10 +18,10 @@ "default": { "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "version": "==2020.12.5" + "version": "==2021.5.30" }, "chardet": { "hashes": [ @@ -39,11 +39,11 @@ }, "pan-os-python": { "hashes": [ - "sha256:03c6480a3a4d5f1ce899fe4ecde93de420876d45db1572301c75790ac3206993", - "sha256:b299fe54ec52d69a4766d6c0f945baf2dd02967930b7f043ea8172e463839303" + "sha256:00d55975afee6bc016cd368bce71d393d2cc04cc00ec508eddeaf5d6584b7b53", + "sha256:8b654d9b6c34ae126eafa6dcd62bfea7721ffa35d8e62e2a8cdea6d4d1edf326" ], "index": "pypi", - "version": "==1.1.0" + "version": "==1.2.0" }, "pan-python": { "hashes": [ @@ -88,25 +88,25 @@ }, "ansible": { "hashes": [ - "sha256:2de5385c48a2a24a19f6cbaccc7d7684c64b6194f9a9b175aba7949d53b07bc9" + "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" ], "index": "pypi", - "version": "==3.3.0" + "version": "==4.0.0" }, - "ansible-base": { + "ansible-core": { "hashes": [ - "sha256:04635d3e08fc29358c76b8e7f1e9db0ce443fb09ce30b2acc6cacaad165f2151" + "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==2.10.9" + "version": "==2.11.1" }, "ansible-doc-extractor": { "hashes": [ - "sha256:4d1d95743fefb4242fc4cb1e985910174255eeb3596c79eae13c211a0555ac44", - "sha256:f686e9f1715efb623c4771f6e354f97ec3aa20a3239388e9ec42f9cb6b7a17e8" + "sha256:a864dab347af7ac2cf7cb2706a6de041b489ad287ebcf2be4d19038ff0290195", + "sha256:e814c6ba24192151a7f8414693e6b93f43bfeb039a026efae19a4340931cd259" ], "index": "pypi", - "version": "==0.1.6" + "version": "==0.1.7" }, "apipkg": { "hashes": [ @@ -125,11 +125,11 @@ }, "astroid": { "hashes": [ - "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", - "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" + "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", + "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.6" + "version": "==2.5.7" }, "attrs": { "hashes": [ @@ -157,22 +157,31 @@ }, "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "version": "==2020.12.5" + "version": "==2021.5.30" }, "cffi": { "hashes": [ "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813", + "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373", + "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69", + "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f", "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06", + "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05", "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea", "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee", + "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0", "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396", + "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7", + "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f", "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73", "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315", + "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76", "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1", "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49", + "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed", "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892", "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482", "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058", @@ -180,6 +189,7 @@ "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53", "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045", "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3", + "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55", "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5", "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e", "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c", @@ -197,8 +207,10 @@ "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e", "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991", "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6", + "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc", "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1", "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406", + "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333", "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d", "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c" ], @@ -213,11 +225,11 @@ }, "click": { "hashes": [ - "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", - "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" + "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", + "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==7.1.2" + "markers": "python_version >= '3.6'", + "version": "==8.0.1" }, "coverage": { "hashes": [ @@ -293,11 +305,11 @@ }, "execnet": { "hashes": [ - "sha256:7a13113028b1e1cc4c6492b28098b3c6576c9dccc7973bfe47b342afadafb2ac", - "sha256:b73c5565e517f24b62dea8a5ceac178c661c4309d3aa0c3e420856c072c411b4" + "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", + "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.8.0" + "version": "==1.8.1" }, "idna": { "hashes": [ @@ -316,11 +328,11 @@ }, "importlib-metadata": { "hashes": [ - "sha256:8c501196e49fb9df5df43833bdb1e4328f64847763ec8a50703148b73784d581", - "sha256:d7eb1dea6d6a6086f8be21784cc9e3bcfa55872b52309bc5fad53a8ea444465d" + "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", + "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], "markers": "python_version < '3.8'", - "version": "==4.0.1" + "version": "==4.5.0" }, "iniconfig": { "hashes": [ @@ -339,11 +351,11 @@ }, "jinja2": { "hashes": [ - "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419", - "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" + "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4", + "sha256:703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==2.11.3" + "markers": "python_version >= '3.6'", + "version": "==3.0.1" }, "lazy-object-proxy": { "hashes": [ @@ -375,61 +387,43 @@ }, "markupsafe": { "hashes": [ - "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473", - "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161", - "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235", - "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5", - "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42", - "sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f", - "sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39", - "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff", - "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b", - "sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014", - "sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f", - "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1", - "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e", - "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183", - "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66", - "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b", - "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1", - "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15", - "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1", - "sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85", - "sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1", - "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e", - "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b", - "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905", - "sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850", - "sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0", - "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735", - "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d", - "sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb", - "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e", - "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d", - "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c", - "sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1", - "sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2", - "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21", - "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2", - "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5", - "sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7", - "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b", - "sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8", - "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6", - "sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193", - "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f", - "sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b", - "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f", - "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2", - "sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5", - "sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c", - "sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032", - "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7", - "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be", - "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621" + "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298", + "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64", + "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b", + "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567", + "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff", + "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74", + "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35", + "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26", + "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7", + "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75", + "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f", + "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135", + "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8", + "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a", + "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914", + "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18", + "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8", + "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2", + "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d", + "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b", + "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f", + "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb", + "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833", + "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415", + "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902", + "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9", + "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d", + "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066", + "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f", + "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5", + "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94", + "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509", + "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51", + "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.1.1" + "markers": "python_version >= '3.6'", + "version": "==2.0.1" }, "mccabe": { "hashes": [ @@ -462,11 +456,11 @@ }, "pluggy": { "hashes": [ - "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", - "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" + "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", + "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.13.1" + "version": "==1.0.0.dev0" }, "py": { "hashes": [ @@ -502,19 +496,19 @@ }, "pylint": { "hashes": [ - "sha256:586d8fa9b1891f4b725f587ef267abe2a1bad89d6b184520c7f07a253dd6e217", - "sha256:f7e2072654a6b6afdf5e2fb38147d3e2d2d43c89f648637baab63e026481279b" + "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", + "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" ], "index": "pypi", - "version": "==2.8.2" + "version": "==3.0.0a3" }, "pyparsing": { "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" + "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", + "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.4.7" + "markers": "python_version >= '3.5'", + "version": "==3.0.0b2" }, "pytest": { "hashes": [ @@ -644,6 +638,13 @@ "index": "pypi", "version": "==2.22.0" }, + "resolvelib": { + "hashes": [ + "sha256:8113ae3ed6d33c6be0bcbf03ffeb06c0995c099b7b8aaa5ddf2e9b3b3df4e915", + "sha256:9b9b80d5c60e4c2a8b7fbf0712c3449dc01d74e215632e5199850c9eca687628" + ], + "version": "==0.5.4" + }, "rstcheck": { "hashes": [ "sha256:92c4f79256a54270e0402ba16a2f92d0b3c15c8f4410cb9c57127067c215741f" @@ -668,11 +669,11 @@ }, "sphinx": { "hashes": [ - "sha256:19010b7b9fa0dc7756a6e105b2aacd3a80f798af3c25c273be64d7beeb482cb1", - "sha256:2320d4e994a191f4b4be27da514e46b3d6b420f2ff895d064f52415d342461e8" + "sha256:b5c2ae4120bf00c799ba9b3699bc895816d272d120080fbc967292f29b52b48c", + "sha256:d1cb10bee9c4231f1700ec2e24a91be3f3a3aba066ea4ca9f3bbe47e59d5a1d4" ], "index": "pypi", - "version": "==3.5.4" + "version": "==4.0.2" }, "sphinx-rtd-theme": { "hashes": [ @@ -700,11 +701,11 @@ }, "sphinxcontrib-htmlhelp": { "hashes": [ - "sha256:3c0bc24a2c41e340ac37c85ced6dafc879ab485c095b1d65d2461ac2f7cca86f", - "sha256:e8f5bb7e31b2dbb25b9cc435c8ab7a79787ebf7f906155729338f3156d93659b" + "sha256:d412243dfb797ae3ec2b59eca0e52dac12e75a241bf0e4eb861e450d06c6ed07", + "sha256:f5f8bb2d0d629f398bf47d0d69c07bc13b65f75a81ad9e2f71a63d4b7a2f6db2" ], - "markers": "python_version >= '3.5'", - "version": "==1.0.3" + "markers": "python_version >= '3.6'", + "version": "==2.0.0" }, "sphinxcontrib-jsmath": { "hashes": [ @@ -724,11 +725,11 @@ }, "sphinxcontrib-serializinghtml": { "hashes": [ - "sha256:eaa0eccc86e982a9b939b2b82d12cc5d013385ba5eadcc7e4fed23f4405f77bc", - "sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a" + "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd", + "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952" ], "markers": "python_version >= '3.5'", - "version": "==1.1.4" + "version": "==1.1.5" }, "toml": { "hashes": [ diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..bb2c85901 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,8 +141,7 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr( - self.min_pandevice_version) + "panos", panos.__version__, _vstr(self.min_pandevice_version) ) ) @@ -241,8 +240,7 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json( - msg=pano_mia_param.format(self.template_stack)) + module.fail_json(msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -313,8 +311,7 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format( - "Rulebase", module.params[self.rulebase]) + msg=not_found.format("Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -459,8 +456,7 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json( - msg="Failed toggle: {0}".format(e)) + module.fail_json(msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -497,10 +493,8 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ( - "before", "after") and existing_rule is None - improper_combo |= location in ( - "top", "bottom") and existing_rule is not None + improper_combo |= location in ("before", "after") and existing_rule is None + improper_combo |= location in ("top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -519,8 +513,7 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json( - msg="Object {0} isn't present for move".format(uid)) + module.fail_json(msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -811,8 +804,7 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError( - 'Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -877,8 +869,7 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", - "choices": ["present", "absent"]} + spec["state"] = {"default": "present", "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..606ee4cf6 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -21,6 +21,7 @@ from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( get_connection, ) + from panos.policies import RuleAuditComment __metaclass__ = type @@ -373,12 +374,10 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict( - type="list", elements="str", default=["any"]), + destination_zone=dict(type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", - default=["application-default"]), + service=dict(type="list", elements="str", default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -404,8 +403,7 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict( - type="bool", default=False), + disable_server_response_inspection=dict(type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -485,7 +483,6 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], - } # Other module info. @@ -509,8 +506,7 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position( - new_rule, location, existing_rule, module) + changed |= helper.apply_position(new_rule, location, existing_rule, module) # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: From e9a9dab452e130d13c7c5b480ba62239de9e9558 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 14:08:17 -0400 Subject: [PATCH 12/25] 228 reverted galaxy.yml collection semver Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 8093b225d..009bb650e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.1 +version: 2.6.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 9a54aebd93eace349736d40ae301f7f20cbb3b86 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 13/25] Adding rule audit comment support - fixes #228 --- .gitignore | 3 ++ .vscode/settings.json | 8 ----- Pipfile | 2 +- galaxy.yml | 2 +- plugins/module_utils/panos.py | 27 ++++++++++----- plugins/modules/panos_security_rule.py | 33 ++++++++++++++----- requirements.txt | 4 +++ .../firewall/test_panos_security_rule.yml | 2 ++ 8 files changed, 54 insertions(+), 27 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.gitignore b/.gitignore index 5187a4654..8ed95f4c5 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,9 @@ ENV/ # PyCharm / IntelliJ .idea +# VS Code +.vscode + # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 23a41ac31..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "black", - "editor.formatOnSave": true, -} \ No newline at end of file diff --git a/Pipfile b/Pipfile index 988c031b6..29c87e125 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = "*" +pan-os-python = ">=1.1.0" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..8093b225d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.0 +version: 2.6.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index bb2c85901..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,7 +141,8 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr(self.min_pandevice_version) + "panos", panos.__version__, _vstr( + self.min_pandevice_version) ) ) @@ -240,7 +241,8 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json(msg=pano_mia_param.format(self.template_stack)) + module.fail_json( + msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -311,7 +313,8 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format("Rulebase", module.params[self.rulebase]) + msg=not_found.format( + "Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -456,7 +459,8 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json(msg="Failed toggle: {0}".format(e)) + module.fail_json( + msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -493,8 +497,10 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ("before", "after") and existing_rule is None - improper_combo |= location in ("top", "bottom") and existing_rule is not None + improper_combo |= location in ( + "before", "after") and existing_rule is None + improper_combo |= location in ( + "top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -513,7 +519,8 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json(msg="Object {0} isn't present for move".format(uid)) + module.fail_json( + msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -804,7 +811,8 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError( + 'Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -869,7 +877,8 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", "choices": ["present", "absent"]} + spec["state"] = {"default": "present", + "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 919226edc..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,6 +17,12 @@ from __future__ import absolute_import, division, print_function +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -244,6 +250,10 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool + audit_comment: + description: + - Add an audit comment to the rule being defined. + type: str """ EXAMPLES = """ @@ -331,10 +341,6 @@ # Default return values """ -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) try: from panos.errors import PanDeviceError @@ -367,10 +373,12 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict(type="list", elements="str", default=["any"]), + destination_zone=dict( + type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", default=["application-default"]), + service=dict(type="list", elements="str", + default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -396,7 +404,8 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict(type="bool", default=False), + disable_server_response_inspection=dict( + type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -410,6 +419,7 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), + audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -475,12 +485,14 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], + } # Other module info. location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] + audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -497,7 +509,12 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position(new_rule, location, existing_rule, module) + changed |= helper.apply_position( + new_rule, location, existing_rule, module) + + # Add the audit comment, if applicable. + if changed and audit_comment and not module.check_mode: + new_rule.opstate.audit_comment.update(audit_comment) # Optional commit. if changed and commit: diff --git a/requirements.txt b/requirements.txt index 1ac9f175d..501cb4321 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,7 +9,11 @@ certifi==2021.5.30 chardet==3.0.4 idna==2.8 +<<<<<<< HEAD pan-os-python==1.2.0 +======= +pan-os-python>=1.1.0 +>>>>>>> 27f13bd (Adding rule audit comment support - fixes #228) pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' diff --git a/tests/integration/firewall/test_panos_security_rule.yml b/tests/integration/firewall/test_panos_security_rule.yml index 566d2b361..053894f36 100644 --- a/tests/integration/firewall/test_panos_security_rule.yml +++ b/tests/integration/firewall/test_panos_security_rule.yml @@ -13,6 +13,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Test audit comment' register: result - name: test_panos_security_rule - Assert create was successful @@ -33,6 +34,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Testing audit_comment' register: result - name: test_panos_security_rule - Assert create (idempotence) was successful From 44a647a370eb5c85a84bb3514ff4e0d52706783a Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 14/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- .gitignore | 3 --- .vscode/settings.json | 9 +++++++++ plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 15 +++++++++++---- 4 files changed, 21 insertions(+), 8 deletions(-) create mode 100644 .vscode/settings.json diff --git a/.gitignore b/.gitignore index 8ed95f4c5..5187a4654 100644 --- a/.gitignore +++ b/.gitignore @@ -74,9 +74,6 @@ ENV/ # PyCharm / IntelliJ .idea -# VS Code -.vscode - # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 000000000..a9ca52e77 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,9 @@ +{ + "editor.codeActionsOnSave": { + "source.organizeImports": true + }, + "python.linting.enabled": false, + "python.formatting.provider": "autopep8", + "editor.formatOnSave": true, + "python.pythonPath": "/usr/local/bin/python3", +} \ No newline at end of file diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..f2a89f790 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, Rulebase + from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..f96c5b0da 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -16,12 +16,10 @@ # limitations under the License. from __future__ import absolute_import, division, print_function - -from ansible.module_utils.basic import AnsibleModule from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( get_connection, ) -from panos.policies import RuleAuditComment +from ansible.module_utils.basic import AnsibleModule __metaclass__ = type @@ -344,7 +342,7 @@ try: from panos.errors import PanDeviceError - from panos.policies import SecurityRule + from panos.policies import RuleAuditComment, SecurityRule except ImportError: try: from pandevice.errors import PanDeviceError @@ -507,14 +505,23 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) + # Add the audit comment, if applicable. + if audit_comment: + RuleAuditComment.update(audit_comment) + # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( new_rule, location, existing_rule, module) + +<< << << < HEAD + # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: new_rule.opstate.audit_comment.update(audit_comment) +== == == = +>>>>>> > 0bfb61c(Adding rule audit comment - # 228) # Optional commit. if changed and commit: From 12ec15812a84ca9a3f0848c2f91f13ca634e76e6 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:57:04 -0400 Subject: [PATCH 15/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index f96c5b0da..ac8e52c64 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,7 +507,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(audit_comment) + RuleAuditComment.update(module, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From f397a4590a2cdfe206d7252ec72fac85bec75273 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 13:48:09 -0400 Subject: [PATCH 16/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index ac8e52c64..0dbeed781 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,7 +507,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(module, audit_comment) + rule_audit_comment = RuleAuditComment() + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From ae52b5c79a0e299b2752b4326e2d501a1c0bfe43 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:23:52 -0400 Subject: [PATCH 17/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 0dbeed781..d84abb140 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,8 +507,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - rule_audit_comment = RuleAuditComment() - rule_audit_comment.update(audit_comment) + RuleAuditComment.update(parent, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From e882ed616293ca34c085c826bd86429e25d89522 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:28:39 -0400 Subject: [PATCH 18/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index d84abb140..94f57b840 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,7 +507,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(parent, audit_comment) + rule_audit_comment = RuleAuditComment(parent) + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 7deed218bf383390523e7035876f70e859dbd821 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 18:30:38 -0400 Subject: [PATCH 19/25] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 13 ++----------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index f2a89f790..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase + from panos.policies import PostRulebase, PreRulebase, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 94f57b840..b4259ef07 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -16,10 +16,11 @@ # limitations under the License. from __future__ import absolute_import, division, print_function + +from ansible.module_utils.basic import AnsibleModule from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( get_connection, ) -from ansible.module_utils.basic import AnsibleModule __metaclass__ = type @@ -505,24 +506,14 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) - # Add the audit comment, if applicable. - if audit_comment: - rule_audit_comment = RuleAuditComment(parent) - rule_audit_comment.update(audit_comment) - # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( new_rule, location, existing_rule, module) - -<< << << < HEAD - # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: new_rule.opstate.audit_comment.update(audit_comment) -== == == = ->>>>>> > 0bfb61c(Adding rule audit comment - # 228) # Optional commit. if changed and commit: From 7aa1f7ee8dffb141df78466d8dd438aefe76bf94 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Thu, 3 Jun 2021 08:36:17 -0400 Subject: [PATCH 20/25] removing .vscode Signed-off-by: Stephen Steiner --- .vscode/settings.json | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index a9ca52e77..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "autopep8", - "editor.formatOnSave": true, - "python.pythonPath": "/usr/local/bin/python3", -} \ No newline at end of file From 4277a1463216aecc7bb4d7ae193ab470700ee224 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Thu, 3 Jun 2021 08:39:53 -0400 Subject: [PATCH 21/25] bumped to pan-os-python 1.1.0 and added tests Signed-off-by: Stephen Steiner --- requirements.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/requirements.txt b/requirements.txt index 501cb4321..482ff5c9b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,10 +10,14 @@ certifi==2021.5.30 chardet==3.0.4 idna==2.8 <<<<<<< HEAD +<<<<<<< HEAD pan-os-python==1.2.0 ======= pan-os-python>=1.1.0 >>>>>>> 27f13bd (Adding rule audit comment support - fixes #228) +======= +pan-os-python>=1.1.0 +>>>>>>> f4897da (bumped to pan-os-python 1.1.0 and added tests) pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' From 9fccd1d26455ec55d9fc3ee3a65d1849b298df43 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 11:09:51 -0400 Subject: [PATCH 22/25] 228 formatted per lint test results Signed-off-by: Stephen Steiner --- Makefile | 2 +- Pipfile.lock | 69 +++++++++++++++++++++++--- plugins/module_utils/panos.py | 27 ++++------ plugins/modules/panos_security_rule.py | 15 +++--- 4 files changed, 77 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index 47a7f53c3..771952ae7 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ else ifneq (ansible_collections,$(toplevel)) endif python_version := $(shell \ - python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ + python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ ) diff --git a/Pipfile.lock b/Pipfile.lock index 4f9445ddb..065e6eff9 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,11 @@ { "_meta": { "hash": { +<<<<<<< HEAD "sha256": "d37ea48af0c0ded5424ff3d36e2e3208bbd6d5917207f2255c6c6acf34a311fd" +======= + "sha256": "19c82651b2164ad7ec0ca621d68ecae9d852eef15b447daa245d065a69338085" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pipfile-spec": 6, "requires": { @@ -88,9 +92,22 @@ }, "ansible-core": { "hashes": [ +<<<<<<< HEAD "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "index": "pypi", +======= + "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" + ], + "index": "pypi", + "version": "==4.0.0" + }, + "ansible-core": { + "hashes": [ + "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", +>>>>>>> 2888656 (228 formatted per lint test results) "version": "==2.11.1" }, "ansible-doc-extractor": { @@ -100,6 +117,17 @@ ], "index": "pypi", "version": "==0.1.7" +<<<<<<< HEAD +======= + }, + "apipkg": { + "hashes": [ + "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", + "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "version": "==1.5" +>>>>>>> 2888656 (228 formatted per lint test results) }, "appdirs": { "hashes": [ @@ -110,11 +138,11 @@ }, "astroid": { "hashes": [ - "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", - "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" + "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", + "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.6" + "version": "==2.5.7" }, "attrs": { "hashes": [ @@ -290,11 +318,19 @@ }, "execnet": { "hashes": [ +<<<<<<< HEAD "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.9.0" +======= + "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", + "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==1.8.1" +>>>>>>> 2888656 (228 formatted per lint test results) }, "idna": { "hashes": [ @@ -316,7 +352,11 @@ "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], +<<<<<<< HEAD "markers": "python_version < '3.8' and python_version < '3.8'", +======= + "markers": "python_version < '3.8'", +>>>>>>> 2888656 (228 formatted per lint test results) "version": "==4.5.0" }, "iniconfig": { @@ -441,11 +481,11 @@ }, "pluggy": { "hashes": [ - "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", - "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" + "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", + "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.13.1" + "version": "==1.0.0.dev0" }, "py": { "hashes": [ @@ -481,19 +521,32 @@ }, "pylint": { "hashes": [ +<<<<<<< HEAD "sha256:0a049c5d47b629d9070c3932d13bff482b12119b6a241a93bc460b0be16953c8", "sha256:792b38ff30903884e4a9eab814ee3523731abd3c463f3ba48d7b627e87013484" ], "index": "pypi", "version": "==2.8.3" +======= + "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", + "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" + ], + "index": "pypi", + "version": "==3.0.0a3" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pyparsing": { "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" + "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", + "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" ], +<<<<<<< HEAD "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" +======= + "markers": "python_version >= '3.5'", + "version": "==3.0.0b2" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pytest": { "hashes": [ diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..bb2c85901 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,8 +141,7 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr( - self.min_pandevice_version) + "panos", panos.__version__, _vstr(self.min_pandevice_version) ) ) @@ -241,8 +240,7 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json( - msg=pano_mia_param.format(self.template_stack)) + module.fail_json(msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -313,8 +311,7 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format( - "Rulebase", module.params[self.rulebase]) + msg=not_found.format("Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -459,8 +456,7 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json( - msg="Failed toggle: {0}".format(e)) + module.fail_json(msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -497,10 +493,8 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ( - "before", "after") and existing_rule is None - improper_combo |= location in ( - "top", "bottom") and existing_rule is not None + improper_combo |= location in ("before", "after") and existing_rule is None + improper_combo |= location in ("top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -519,8 +513,7 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json( - msg="Object {0} isn't present for move".format(uid)) + module.fail_json(msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -811,8 +804,7 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError( - 'Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -877,8 +869,7 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", - "choices": ["present", "absent"]} + spec["state"] = {"default": "present", "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index b4259ef07..50cedb3d9 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -22,6 +22,8 @@ get_connection, ) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -372,12 +374,10 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict( - type="list", elements="str", default=["any"]), + destination_zone=dict(type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", - default=["application-default"]), + service=dict(type="list", elements="str", default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -403,8 +403,7 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict( - type="bool", default=False), + disable_server_response_inspection=dict(type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -484,7 +483,6 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], - } # Other module info. @@ -508,8 +506,7 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position( - new_rule, location, existing_rule, module) + changed |= helper.apply_position(new_rule, location, existing_rule, module) # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: From 02c072260bf143deaf107598cb40b9d462e8413d Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 14:08:17 -0400 Subject: [PATCH 23/25] 228 reverted galaxy.yml collection semver Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 8093b225d..009bb650e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.1 +version: 2.6.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 1580b5ae003ec844f6397834def576378c6b69b4 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 14 Jun 2021 11:51:03 -0400 Subject: [PATCH 24/25] 228: final cleanup Signed-off-by: Stephen Steiner --- Pipfile | 2 +- Pipfile.lock | 69 +++----------------------- plugins/modules/panos_security_rule.py | 11 ++-- 3 files changed, 13 insertions(+), 69 deletions(-) diff --git a/Pipfile b/Pipfile index 29c87e125..988c031b6 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = ">=1.1.0" +pan-os-python = "*" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/Pipfile.lock b/Pipfile.lock index 065e6eff9..4f9445ddb 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,11 +1,7 @@ { "_meta": { "hash": { -<<<<<<< HEAD "sha256": "d37ea48af0c0ded5424ff3d36e2e3208bbd6d5917207f2255c6c6acf34a311fd" -======= - "sha256": "19c82651b2164ad7ec0ca621d68ecae9d852eef15b447daa245d065a69338085" ->>>>>>> 2888656 (228 formatted per lint test results) }, "pipfile-spec": 6, "requires": { @@ -92,22 +88,9 @@ }, "ansible-core": { "hashes": [ -<<<<<<< HEAD "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "index": "pypi", -======= - "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" - ], - "index": "pypi", - "version": "==4.0.0" - }, - "ansible-core": { - "hashes": [ - "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", ->>>>>>> 2888656 (228 formatted per lint test results) "version": "==2.11.1" }, "ansible-doc-extractor": { @@ -117,17 +100,6 @@ ], "index": "pypi", "version": "==0.1.7" -<<<<<<< HEAD -======= - }, - "apipkg": { - "hashes": [ - "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", - "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.5" ->>>>>>> 2888656 (228 formatted per lint test results) }, "appdirs": { "hashes": [ @@ -138,11 +110,11 @@ }, "astroid": { "hashes": [ - "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", - "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" + "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", + "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.7" + "version": "==2.5.6" }, "attrs": { "hashes": [ @@ -318,19 +290,11 @@ }, "execnet": { "hashes": [ -<<<<<<< HEAD "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.9.0" -======= - "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", - "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.8.1" ->>>>>>> 2888656 (228 formatted per lint test results) }, "idna": { "hashes": [ @@ -352,11 +316,7 @@ "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], -<<<<<<< HEAD "markers": "python_version < '3.8' and python_version < '3.8'", -======= - "markers": "python_version < '3.8'", ->>>>>>> 2888656 (228 formatted per lint test results) "version": "==4.5.0" }, "iniconfig": { @@ -481,11 +441,11 @@ }, "pluggy": { "hashes": [ - "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", - "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" + "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", + "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.0.0.dev0" + "version": "==0.13.1" }, "py": { "hashes": [ @@ -521,32 +481,19 @@ }, "pylint": { "hashes": [ -<<<<<<< HEAD "sha256:0a049c5d47b629d9070c3932d13bff482b12119b6a241a93bc460b0be16953c8", "sha256:792b38ff30903884e4a9eab814ee3523731abd3c463f3ba48d7b627e87013484" ], "index": "pypi", "version": "==2.8.3" -======= - "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", - "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" - ], - "index": "pypi", - "version": "==3.0.0a3" ->>>>>>> 2888656 (228 formatted per lint test results) }, "pyparsing": { "hashes": [ - "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", - "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" + "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", + "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], -<<<<<<< HEAD "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" -======= - "markers": "python_version >= '3.5'", - "version": "==3.0.0b2" ->>>>>>> 2888656 (228 formatted per lint test results) }, "pytest": { "hashes": [ diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 50cedb3d9..49800ff51 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,13 +17,6 @@ from __future__ import absolute_import, division, print_function -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) - -from panos.policies import RuleAuditComment - __metaclass__ = type DOCUMENTATION = """ @@ -342,6 +335,10 @@ # Default return values """ +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) try: from panos.errors import PanDeviceError From ac2b6249ef8569d8b3296b77bc842ba2e62be6e3 Mon Sep 17 00:00:00 2001 From: Michael Richardson Date: Mon, 14 Jun 2021 12:34:11 -0400 Subject: [PATCH 25/25] chore: Fix merge conflict --- requirements.txt | 8 -------- 1 file changed, 8 deletions(-) diff --git a/requirements.txt b/requirements.txt index 482ff5c9b..1ac9f175d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,15 +9,7 @@ certifi==2021.5.30 chardet==3.0.4 idna==2.8 -<<<<<<< HEAD -<<<<<<< HEAD pan-os-python==1.2.0 -======= -pan-os-python>=1.1.0 ->>>>>>> 27f13bd (Adding rule audit comment support - fixes #228) -======= -pan-os-python>=1.1.0 ->>>>>>> f4897da (bumped to pan-os-python 1.1.0 and added tests) pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4'