From 0bfb61c787ec1ab17c2332ccadb4aff4363550ec Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 01/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- .gitignore | 3 +++ .vscode/settings.json | 3 ++- Pipfile | 2 +- plugins/module_utils/panos.py | 29 +++++++++++++++-------- plugins/modules/panos_security_rule.py | 32 +++++++++++++++++++------- 5 files changed, 49 insertions(+), 20 deletions(-) diff --git a/.gitignore b/.gitignore index 5187a4654..8ed95f4c5 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,9 @@ ENV/ # PyCharm / IntelliJ .idea +# VS Code +.vscode + # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json index 23a41ac31..a9ca52e77 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,6 +3,7 @@ "source.organizeImports": true }, "python.linting.enabled": false, - "python.formatting.provider": "black", + "python.formatting.provider": "autopep8", "editor.formatOnSave": true, + "python.pythonPath": "/usr/local/bin/python3", } \ No newline at end of file diff --git a/Pipfile b/Pipfile index 5d661f7e6..ca1a6a1ef 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = "*" +pan-os-python = ">=1.1.0" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index bb2c85901..f2a89f790 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, Rulebase + from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase except ImportError: try: import pandevice as panos @@ -141,7 +141,8 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr(self.min_pandevice_version) + "panos", panos.__version__, _vstr( + self.min_pandevice_version) ) ) @@ -240,7 +241,8 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json(msg=pano_mia_param.format(self.template_stack)) + module.fail_json( + msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -311,7 +313,8 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format("Rulebase", module.params[self.rulebase]) + msg=not_found.format( + "Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -456,7 +459,8 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json(msg="Failed toggle: {0}".format(e)) + module.fail_json( + msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -493,8 +497,10 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ("before", "after") and existing_rule is None - improper_combo |= location in ("top", "bottom") and existing_rule is not None + improper_combo |= location in ( + "before", "after") and existing_rule is None + improper_combo |= location in ( + "top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -513,7 +519,8 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json(msg="Object {0} isn't present for move".format(uid)) + module.fail_json( + msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -804,7 +811,8 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError( + 'Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -869,7 +877,8 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", "choices": ["present", "absent"]} + spec["state"] = {"default": "present", + "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 919226edc..a151ee142 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,6 +17,12 @@ from __future__ import absolute_import, division, print_function +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -244,6 +250,10 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool + audit_comment: + description: + - Add an audit comment to the rule being defined. + type: str """ EXAMPLES = """ @@ -331,10 +341,6 @@ # Default return values """ -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) try: from panos.errors import PanDeviceError @@ -367,10 +373,12 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict(type="list", elements="str", default=["any"]), + destination_zone=dict( + type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", default=["application-default"]), + service=dict(type="list", elements="str", + default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -396,7 +404,8 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict(type="bool", default=False), + disable_server_response_inspection=dict( + type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -410,6 +419,7 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), + audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -481,6 +491,7 @@ def main(): location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] + audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -495,9 +506,14 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) + # Add the audit comment, if applicable. + if audit_comment: + RuleAuditComment.update(audit_comment) + # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position(new_rule, location, existing_rule, module) + changed |= helper.apply_position( + new_rule, location, existing_rule, module) # Optional commit. if changed and commit: From 5a1ebe2035083c3fd73607814f346ffdd852fd2e Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:44:21 -0400 Subject: [PATCH 02/48] bumped version for testing Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..8093b225d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.0 +version: 2.6.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From ee513f63c9e87b05de3b2c7ff60ac2296c3bac1b Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:57:04 -0400 Subject: [PATCH 03/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index a151ee142..129c42b2a 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,7 +508,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(audit_comment) + RuleAuditComment.update(module, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 5c25a2860096de422d394b33accc07cba86983c5 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 13:48:09 -0400 Subject: [PATCH 04/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 129c42b2a..125c6cc4a 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,7 +508,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(module, audit_comment) + rule_audit_comment = RuleAuditComment() + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 24f86efc9910be2d3948f8feab5b0f3380258259 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:23:52 -0400 Subject: [PATCH 05/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 125c6cc4a..159b1669c 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,8 +508,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - rule_audit_comment = RuleAuditComment() - rule_audit_comment.update(audit_comment) + RuleAuditComment.update(parent, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From fd19cff4b069f0de67f2128ff9cfd15266c60cfd Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:28:39 -0400 Subject: [PATCH 06/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 159b1669c..021ab6343 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -508,7 +508,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(parent, audit_comment) + rule_audit_comment = RuleAuditComment(parent) + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From bb7db291cc2c9359c1eca89fbf91b2ee2d25c775 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 18:30:38 -0400 Subject: [PATCH 07/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index f2a89f790..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase + from panos.policies import PostRulebase, PreRulebase, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 021ab6343..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -485,6 +485,7 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], + } # Other module info. @@ -506,16 +507,15 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) - # Add the audit comment, if applicable. - if audit_comment: - rule_audit_comment = RuleAuditComment(parent) - rule_audit_comment.update(audit_comment) - # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( new_rule, location, existing_rule, module) + # Add the audit comment, if applicable. + if changed and audit_comment and not module.check_mode: + new_rule.opstate.audit_comment.update(audit_comment) + # Optional commit. if changed and commit: helper.commit(module) From e6d20e47c57daf17f25f902d8a6276d70a20eda4 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Thu, 3 Jun 2021 08:36:17 -0400 Subject: [PATCH 08/48] removing .vscode Signed-off-by: Stephen Steiner --- .vscode/settings.json | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index a9ca52e77..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "autopep8", - "editor.formatOnSave": true, - "python.pythonPath": "/usr/local/bin/python3", -} \ No newline at end of file From f4897dac1cdffb0ba637a0f267070edffe173f35 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Thu, 3 Jun 2021 08:39:53 -0400 Subject: [PATCH 09/48] bumped to pan-os-python 1.1.0 and added tests Signed-off-by: Stephen Steiner --- requirements.txt | 2 +- tests/integration/firewall/test_panos_security_rule.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 4ace88fc2..cc7e232e0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ certifi==2020.12.5 chardet==3.0.4 idna==2.8 -pan-os-python==1.0.2 +pan-os-python>=1.1.0 pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11 diff --git a/tests/integration/firewall/test_panos_security_rule.yml b/tests/integration/firewall/test_panos_security_rule.yml index 566d2b361..053894f36 100644 --- a/tests/integration/firewall/test_panos_security_rule.yml +++ b/tests/integration/firewall/test_panos_security_rule.yml @@ -13,6 +13,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Test audit comment' register: result - name: test_panos_security_rule - Assert create was successful @@ -33,6 +34,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Testing audit_comment' register: result - name: test_panos_security_rule - Assert create (idempotence) was successful From 27f13bd8277bf508be86914aeff2be0f8323546c Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 10/48] Adding rule audit comment support - fixes #228 --- .gitignore | 3 ++ .vscode/settings.json | 8 ----- Pipfile | 2 +- galaxy.yml | 2 +- plugins/module_utils/panos.py | 27 ++++++++++----- plugins/modules/panos_security_rule.py | 33 ++++++++++++++----- requirements.txt | 2 +- .../firewall/test_panos_security_rule.yml | 2 ++ 8 files changed, 51 insertions(+), 28 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.gitignore b/.gitignore index 5187a4654..8ed95f4c5 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,9 @@ ENV/ # PyCharm / IntelliJ .idea +# VS Code +.vscode + # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 23a41ac31..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "black", - "editor.formatOnSave": true, -} \ No newline at end of file diff --git a/Pipfile b/Pipfile index 5d661f7e6..ca1a6a1ef 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = "*" +pan-os-python = ">=1.1.0" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..8093b225d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.0 +version: 2.6.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index bb2c85901..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,7 +141,8 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr(self.min_pandevice_version) + "panos", panos.__version__, _vstr( + self.min_pandevice_version) ) ) @@ -240,7 +241,8 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json(msg=pano_mia_param.format(self.template_stack)) + module.fail_json( + msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -311,7 +313,8 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format("Rulebase", module.params[self.rulebase]) + msg=not_found.format( + "Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -456,7 +459,8 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json(msg="Failed toggle: {0}".format(e)) + module.fail_json( + msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -493,8 +497,10 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ("before", "after") and existing_rule is None - improper_combo |= location in ("top", "bottom") and existing_rule is not None + improper_combo |= location in ( + "before", "after") and existing_rule is None + improper_combo |= location in ( + "top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -513,7 +519,8 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json(msg="Object {0} isn't present for move".format(uid)) + module.fail_json( + msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -804,7 +811,8 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError( + 'Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -869,7 +877,8 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", "choices": ["present", "absent"]} + spec["state"] = {"default": "present", + "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 919226edc..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,6 +17,12 @@ from __future__ import absolute_import, division, print_function +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -244,6 +250,10 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool + audit_comment: + description: + - Add an audit comment to the rule being defined. + type: str """ EXAMPLES = """ @@ -331,10 +341,6 @@ # Default return values """ -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) try: from panos.errors import PanDeviceError @@ -367,10 +373,12 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict(type="list", elements="str", default=["any"]), + destination_zone=dict( + type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", default=["application-default"]), + service=dict(type="list", elements="str", + default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -396,7 +404,8 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict(type="bool", default=False), + disable_server_response_inspection=dict( + type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -410,6 +419,7 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), + audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -475,12 +485,14 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], + } # Other module info. location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] + audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -497,7 +509,12 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position(new_rule, location, existing_rule, module) + changed |= helper.apply_position( + new_rule, location, existing_rule, module) + + # Add the audit comment, if applicable. + if changed and audit_comment and not module.check_mode: + new_rule.opstate.audit_comment.update(audit_comment) # Optional commit. if changed and commit: diff --git a/requirements.txt b/requirements.txt index 4ace88fc2..cc7e232e0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,7 @@ certifi==2020.12.5 chardet==3.0.4 idna==2.8 -pan-os-python==1.0.2 +pan-os-python>=1.1.0 pan-python==0.16.0 requests==2.22.0 urllib3==1.25.11 diff --git a/tests/integration/firewall/test_panos_security_rule.yml b/tests/integration/firewall/test_panos_security_rule.yml index 566d2b361..053894f36 100644 --- a/tests/integration/firewall/test_panos_security_rule.yml +++ b/tests/integration/firewall/test_panos_security_rule.yml @@ -13,6 +13,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Test audit comment' register: result - name: test_panos_security_rule - Assert create was successful @@ -33,6 +34,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Testing audit_comment' register: result - name: test_panos_security_rule - Assert create (idempotence) was successful From 28886562d4532e3991d0d2734fa8daa0cf9bf9e2 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 11:09:51 -0400 Subject: [PATCH 11/48] 228 formatted per lint test results Signed-off-by: Stephen Steiner --- Makefile | 2 +- Pipfile.lock | 219 +++++++++++++------------ plugins/module_utils/panos.py | 27 +-- plugins/modules/panos_security_rule.py | 14 +- 4 files changed, 125 insertions(+), 137 deletions(-) diff --git a/Makefile b/Makefile index 3d7c66c6f..37514f33d 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ else ifneq (ansible_collections,$(toplevel)) endif python_version := $(shell \ - python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ + python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ ) diff --git a/Pipfile.lock b/Pipfile.lock index a809f1bfa..b6f3fe61b 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "03d83e4a064c0ab343bcfb84a18d569dfb3071417d5967d32cff9b807cb2dfe2" + "sha256": "19c82651b2164ad7ec0ca621d68ecae9d852eef15b447daa245d065a69338085" }, "pipfile-spec": 6, "requires": { @@ -18,10 +18,10 @@ "default": { "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "version": "==2020.12.5" + "version": "==2021.5.30" }, "chardet": { "hashes": [ @@ -39,11 +39,11 @@ }, "pan-os-python": { "hashes": [ - "sha256:03c6480a3a4d5f1ce899fe4ecde93de420876d45db1572301c75790ac3206993", - "sha256:b299fe54ec52d69a4766d6c0f945baf2dd02967930b7f043ea8172e463839303" + "sha256:00d55975afee6bc016cd368bce71d393d2cc04cc00ec508eddeaf5d6584b7b53", + "sha256:8b654d9b6c34ae126eafa6dcd62bfea7721ffa35d8e62e2a8cdea6d4d1edf326" ], "index": "pypi", - "version": "==1.1.0" + "version": "==1.2.0" }, "pan-python": { "hashes": [ @@ -88,25 +88,25 @@ }, "ansible": { "hashes": [ - "sha256:2de5385c48a2a24a19f6cbaccc7d7684c64b6194f9a9b175aba7949d53b07bc9" + "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" ], "index": "pypi", - "version": "==3.3.0" + "version": "==4.0.0" }, - "ansible-base": { + "ansible-core": { "hashes": [ - "sha256:04635d3e08fc29358c76b8e7f1e9db0ce443fb09ce30b2acc6cacaad165f2151" + "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==2.10.9" + "version": "==2.11.1" }, "ansible-doc-extractor": { "hashes": [ - "sha256:4d1d95743fefb4242fc4cb1e985910174255eeb3596c79eae13c211a0555ac44", - "sha256:f686e9f1715efb623c4771f6e354f97ec3aa20a3239388e9ec42f9cb6b7a17e8" + "sha256:a864dab347af7ac2cf7cb2706a6de041b489ad287ebcf2be4d19038ff0290195", + "sha256:e814c6ba24192151a7f8414693e6b93f43bfeb039a026efae19a4340931cd259" ], "index": "pypi", - "version": "==0.1.6" + "version": "==0.1.7" }, "apipkg": { "hashes": [ @@ -125,11 +125,11 @@ }, "astroid": { "hashes": [ - "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", - "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" + "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", + "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.6" + "version": "==2.5.7" }, "attrs": { "hashes": [ @@ -157,22 +157,31 @@ }, "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "version": "==2020.12.5" + "version": "==2021.5.30" }, "cffi": { "hashes": [ "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813", + "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373", + "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69", + "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f", "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06", + "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05", "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea", "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee", + "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0", "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396", + "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7", + "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f", "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73", "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315", + "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76", "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1", "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49", + "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed", "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892", "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482", "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058", @@ -180,6 +189,7 @@ "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53", "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045", "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3", + "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55", "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5", "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e", "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c", @@ -197,8 +207,10 @@ "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e", "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991", "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6", + "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc", "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1", "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406", + "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333", "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d", "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c" ], @@ -213,11 +225,11 @@ }, "click": { "hashes": [ - "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", - "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" + "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", + "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==7.1.2" + "markers": "python_version >= '3.6'", + "version": "==8.0.1" }, "coverage": { "hashes": [ @@ -293,11 +305,11 @@ }, "execnet": { "hashes": [ - "sha256:7a13113028b1e1cc4c6492b28098b3c6576c9dccc7973bfe47b342afadafb2ac", - "sha256:b73c5565e517f24b62dea8a5ceac178c661c4309d3aa0c3e420856c072c411b4" + "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", + "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.8.0" + "version": "==1.8.1" }, "idna": { "hashes": [ @@ -316,11 +328,11 @@ }, "importlib-metadata": { "hashes": [ - "sha256:8c501196e49fb9df5df43833bdb1e4328f64847763ec8a50703148b73784d581", - "sha256:d7eb1dea6d6a6086f8be21784cc9e3bcfa55872b52309bc5fad53a8ea444465d" + "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", + "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], "markers": "python_version < '3.8'", - "version": "==4.0.1" + "version": "==4.5.0" }, "iniconfig": { "hashes": [ @@ -339,11 +351,11 @@ }, "jinja2": { "hashes": [ - "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419", - "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" + "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4", + "sha256:703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==2.11.3" + "markers": "python_version >= '3.6'", + "version": "==3.0.1" }, "lazy-object-proxy": { "hashes": [ @@ -375,61 +387,43 @@ }, "markupsafe": { "hashes": [ - "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473", - "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161", - "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235", - "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5", - "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42", - "sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f", - "sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39", - "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff", - "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b", - "sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014", - "sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f", - "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1", - "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e", - "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183", - "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66", - "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b", - "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1", - "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15", - "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1", - "sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85", - "sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1", - "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e", - "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b", - "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905", - "sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850", - "sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0", - "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735", - "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d", - "sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb", - "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e", - "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d", - "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c", - "sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1", - "sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2", - "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21", - "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2", - "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5", - "sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7", - "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b", - "sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8", - "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6", - "sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193", - "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f", - "sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b", - "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f", - "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2", - "sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5", - "sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c", - "sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032", - "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7", - "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be", - "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621" + "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298", + "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64", + "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b", + "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567", + "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff", + "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74", + "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35", + "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26", + "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7", + "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75", + "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f", + "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135", + "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8", + "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a", + "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914", + "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18", + "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8", + "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2", + "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d", + "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b", + "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f", + "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb", + "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833", + "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415", + "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902", + "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9", + "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d", + "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066", + "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f", + "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5", + "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94", + "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509", + "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51", + "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.1.1" + "markers": "python_version >= '3.6'", + "version": "==2.0.1" }, "mccabe": { "hashes": [ @@ -462,11 +456,11 @@ }, "pluggy": { "hashes": [ - "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", - "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" + "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", + "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.13.1" + "version": "==1.0.0.dev0" }, "py": { "hashes": [ @@ -502,19 +496,19 @@ }, "pylint": { "hashes": [ - "sha256:586d8fa9b1891f4b725f587ef267abe2a1bad89d6b184520c7f07a253dd6e217", - "sha256:f7e2072654a6b6afdf5e2fb38147d3e2d2d43c89f648637baab63e026481279b" + "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", + "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" ], "index": "pypi", - "version": "==2.8.2" + "version": "==3.0.0a3" }, "pyparsing": { "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" + "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", + "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==2.4.7" + "markers": "python_version >= '3.5'", + "version": "==3.0.0b2" }, "pytest": { "hashes": [ @@ -644,6 +638,13 @@ "index": "pypi", "version": "==2.22.0" }, + "resolvelib": { + "hashes": [ + "sha256:8113ae3ed6d33c6be0bcbf03ffeb06c0995c099b7b8aaa5ddf2e9b3b3df4e915", + "sha256:9b9b80d5c60e4c2a8b7fbf0712c3449dc01d74e215632e5199850c9eca687628" + ], + "version": "==0.5.4" + }, "rstcheck": { "hashes": [ "sha256:92c4f79256a54270e0402ba16a2f92d0b3c15c8f4410cb9c57127067c215741f" @@ -668,11 +669,11 @@ }, "sphinx": { "hashes": [ - "sha256:19010b7b9fa0dc7756a6e105b2aacd3a80f798af3c25c273be64d7beeb482cb1", - "sha256:2320d4e994a191f4b4be27da514e46b3d6b420f2ff895d064f52415d342461e8" + "sha256:b5c2ae4120bf00c799ba9b3699bc895816d272d120080fbc967292f29b52b48c", + "sha256:d1cb10bee9c4231f1700ec2e24a91be3f3a3aba066ea4ca9f3bbe47e59d5a1d4" ], "index": "pypi", - "version": "==3.5.4" + "version": "==4.0.2" }, "sphinx-rtd-theme": { "hashes": [ @@ -700,11 +701,11 @@ }, "sphinxcontrib-htmlhelp": { "hashes": [ - "sha256:3c0bc24a2c41e340ac37c85ced6dafc879ab485c095b1d65d2461ac2f7cca86f", - "sha256:e8f5bb7e31b2dbb25b9cc435c8ab7a79787ebf7f906155729338f3156d93659b" + "sha256:d412243dfb797ae3ec2b59eca0e52dac12e75a241bf0e4eb861e450d06c6ed07", + "sha256:f5f8bb2d0d629f398bf47d0d69c07bc13b65f75a81ad9e2f71a63d4b7a2f6db2" ], - "markers": "python_version >= '3.5'", - "version": "==1.0.3" + "markers": "python_version >= '3.6'", + "version": "==2.0.0" }, "sphinxcontrib-jsmath": { "hashes": [ @@ -724,11 +725,11 @@ }, "sphinxcontrib-serializinghtml": { "hashes": [ - "sha256:eaa0eccc86e982a9b939b2b82d12cc5d013385ba5eadcc7e4fed23f4405f77bc", - "sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a" + "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd", + "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952" ], "markers": "python_version >= '3.5'", - "version": "==1.1.4" + "version": "==1.1.5" }, "toml": { "hashes": [ diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..bb2c85901 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,8 +141,7 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr( - self.min_pandevice_version) + "panos", panos.__version__, _vstr(self.min_pandevice_version) ) ) @@ -241,8 +240,7 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json( - msg=pano_mia_param.format(self.template_stack)) + module.fail_json(msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -313,8 +311,7 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format( - "Rulebase", module.params[self.rulebase]) + msg=not_found.format("Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -459,8 +456,7 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json( - msg="Failed toggle: {0}".format(e)) + module.fail_json(msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -497,10 +493,8 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ( - "before", "after") and existing_rule is None - improper_combo |= location in ( - "top", "bottom") and existing_rule is not None + improper_combo |= location in ("before", "after") and existing_rule is None + improper_combo |= location in ("top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -519,8 +513,7 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json( - msg="Object {0} isn't present for move".format(uid)) + module.fail_json(msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -811,8 +804,7 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError( - 'Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -877,8 +869,7 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", - "choices": ["present", "absent"]} + spec["state"] = {"default": "present", "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..606ee4cf6 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -21,6 +21,7 @@ from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( get_connection, ) + from panos.policies import RuleAuditComment __metaclass__ = type @@ -373,12 +374,10 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict( - type="list", elements="str", default=["any"]), + destination_zone=dict(type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", - default=["application-default"]), + service=dict(type="list", elements="str", default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -404,8 +403,7 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict( - type="bool", default=False), + disable_server_response_inspection=dict(type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -485,7 +483,6 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], - } # Other module info. @@ -509,8 +506,7 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position( - new_rule, location, existing_rule, module) + changed |= helper.apply_position(new_rule, location, existing_rule, module) # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: From 2036bc5b0aa9709285f2468a36a19cfdb85cbdfb Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:16:00 -0400 Subject: [PATCH 12/48] 230: Added protocol to panos_email_server.py Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index f752c8485..84ead73c3 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -69,6 +69,15 @@ description: - IP address or FQDN of email gateway to use. type: str + protocol: + description: + - Specify whether to use clear-text or encrypted SMTP. + type: str + choices: + - SMTP + - TLS + default: SMTP + """ EXAMPLES = """ @@ -119,6 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), + protocol=dict(), ), ) module = AnsibleModule( @@ -146,6 +156,7 @@ def main(): "to": module.params["to_email"], "also_to": module.params["also_to_email"], "email_gateway": module.params["email_gateway"], + "protocol": module.params["protocol"], } obj = EmailServer(**spec) sp.add(obj) From b6e1a78374f5c6ecca8e84a05abf3256e9b99479 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:53:51 -0400 Subject: [PATCH 13/48] 230: Added default parameter Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 84ead73c3..394c5d299 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -128,7 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(), + protocol=dict(type=str, default="SMTP"), ), ) module = AnsibleModule( From 0c64e5cc6a6126f4a6444dbc59615dc10c6b7100 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:55:11 -0400 Subject: [PATCH 14/48] bumped version in galaxy.yml Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 8093b225d..6b6ee6afe 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.1 +version: 2.6.2 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 055aed4effd40296bb8c84fed97dac15cd6e8ad6 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 14:07:44 -0400 Subject: [PATCH 15/48] 230 reverted galaxy.yml collection semver Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 6b6ee6afe..009bb650e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.2 +version: 2.6.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 292b1e06227418d11ad861a89ec41ab20abc3d28 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 16/48] Rebasing with develop --- .gitignore | 3 ++ .vscode/settings.json | 8 ----- Pipfile | 2 +- galaxy.yml | 2 +- plugins/module_utils/panos.py | 27 ++++++++++----- plugins/modules/panos_security_rule.py | 33 ++++++++++++++----- .../firewall/test_panos_security_rule.yml | 2 ++ 7 files changed, 50 insertions(+), 27 deletions(-) delete mode 100644 .vscode/settings.json diff --git a/.gitignore b/.gitignore index 5187a4654..8ed95f4c5 100644 --- a/.gitignore +++ b/.gitignore @@ -74,6 +74,9 @@ ENV/ # PyCharm / IntelliJ .idea +# VS Code +.vscode + # Configtree diagram generated by sphinx docs/_diagrams diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 23a41ac31..000000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "editor.codeActionsOnSave": { - "source.organizeImports": true - }, - "python.linting.enabled": false, - "python.formatting.provider": "black", - "editor.formatOnSave": true, -} \ No newline at end of file diff --git a/Pipfile b/Pipfile index 988c031b6..29c87e125 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = "*" +pan-os-python = ">=1.1.0" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..8093b225d 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.0 +version: 2.6.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index bb2c85901..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,7 +141,8 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr(self.min_pandevice_version) + "panos", panos.__version__, _vstr( + self.min_pandevice_version) ) ) @@ -240,7 +241,8 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json(msg=pano_mia_param.format(self.template_stack)) + module.fail_json( + msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -311,7 +313,8 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format("Rulebase", module.params[self.rulebase]) + msg=not_found.format( + "Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -456,7 +459,8 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json(msg="Failed toggle: {0}".format(e)) + module.fail_json( + msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -493,8 +497,10 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ("before", "after") and existing_rule is None - improper_combo |= location in ("top", "bottom") and existing_rule is not None + improper_combo |= location in ( + "before", "after") and existing_rule is None + improper_combo |= location in ( + "top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -513,7 +519,8 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json(msg="Object {0} isn't present for move".format(uid)) + module.fail_json( + msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -804,7 +811,8 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError( + 'Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -869,7 +877,8 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", "choices": ["present", "absent"]} + spec["state"] = {"default": "present", + "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 919226edc..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,6 +17,12 @@ from __future__ import absolute_import, division, print_function +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) +from panos.policies import RuleAuditComment + __metaclass__ = type DOCUMENTATION = """ @@ -244,6 +250,10 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool + audit_comment: + description: + - Add an audit comment to the rule being defined. + type: str """ EXAMPLES = """ @@ -331,10 +341,6 @@ # Default return values """ -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) try: from panos.errors import PanDeviceError @@ -367,10 +373,12 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict(type="list", elements="str", default=["any"]), + destination_zone=dict( + type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", default=["application-default"]), + service=dict(type="list", elements="str", + default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -396,7 +404,8 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict(type="bool", default=False), + disable_server_response_inspection=dict( + type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -410,6 +419,7 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), + audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -475,12 +485,14 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], + } # Other module info. location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] + audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -497,7 +509,12 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position(new_rule, location, existing_rule, module) + changed |= helper.apply_position( + new_rule, location, existing_rule, module) + + # Add the audit comment, if applicable. + if changed and audit_comment and not module.check_mode: + new_rule.opstate.audit_comment.update(audit_comment) # Optional commit. if changed and commit: diff --git a/tests/integration/firewall/test_panos_security_rule.yml b/tests/integration/firewall/test_panos_security_rule.yml index 566d2b361..053894f36 100644 --- a/tests/integration/firewall/test_panos_security_rule.yml +++ b/tests/integration/firewall/test_panos_security_rule.yml @@ -13,6 +13,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Test audit comment' register: result - name: test_panos_security_rule - Assert create was successful @@ -33,6 +34,7 @@ application: ['ssh'] action: 'allow' device_group: '{{ device_group | default(omit) }}' + audit_comment: 'Testing audit_comment' register: result - name: test_panos_security_rule - Assert create (idempotence) was successful From 85159a318f7edde7b7911e913c59b80051f6b2f1 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 17/48] Rebasing and removing conflicts Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..f2a89f790 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, Rulebase + from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..96d8a49be 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,6 +507,10 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) + # Add the audit comment, if applicable. + if audit_comment: + RuleAuditComment.update(audit_comment) + # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( From d8cd108ed435a0d7cedeb6feb6e4a331b216dc4b Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:57:04 -0400 Subject: [PATCH 18/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 96d8a49be..250bca2d1 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,7 +509,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(audit_comment) + RuleAuditComment.update(module, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 01087bb7709394afd94e8c2f1f63fbbdc36bca0d Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 13:48:09 -0400 Subject: [PATCH 19/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 250bca2d1..9a0182fc5 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,7 +509,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(module, audit_comment) + rule_audit_comment = RuleAuditComment() + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 8562368ab07763f341f1ceb1f65eaa7b15c8f60e Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:23:52 -0400 Subject: [PATCH 20/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 9a0182fc5..49c453ce9 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,8 +509,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - rule_audit_comment = RuleAuditComment() - rule_audit_comment.update(audit_comment) + RuleAuditComment.update(parent, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From cf13a8be95a632b7bb53d183cb236a9c563676f0 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:28:39 -0400 Subject: [PATCH 21/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 49c453ce9..a9ecd4ace 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,7 +509,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(parent, audit_comment) + rule_audit_comment = RuleAuditComment(parent) + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From bc08aeef7cbdac644b51538095a8b5c1cbb194bb Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 18:30:38 -0400 Subject: [PATCH 22/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index f2a89f790..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase + from panos.policies import PostRulebase, PreRulebase, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index a9ecd4ace..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,11 +507,6 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) - # Add the audit comment, if applicable. - if audit_comment: - rule_audit_comment = RuleAuditComment(parent) - rule_audit_comment.update(audit_comment) - # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( From d782ff78dea1e96554cc31add7f4418e31ddcdd8 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 11:09:51 -0400 Subject: [PATCH 23/48] 228 formatted per lint test results Signed-off-by: Stephen Steiner --- Makefile | 2 +- Pipfile.lock | 65 ++++++++++++++++++++++---- plugins/module_utils/panos.py | 27 ++++------- plugins/modules/panos_security_rule.py | 14 ++---- 4 files changed, 72 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index 47a7f53c3..771952ae7 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ else ifneq (ansible_collections,$(toplevel)) endif python_version := $(shell \ - python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ + python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ ) diff --git a/Pipfile.lock b/Pipfile.lock index 4f9445ddb..47339c4db 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -88,9 +88,22 @@ }, "ansible-core": { "hashes": [ +<<<<<<< HEAD "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "index": "pypi", +======= + "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" + ], + "index": "pypi", + "version": "==4.0.0" + }, + "ansible-core": { + "hashes": [ + "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", +>>>>>>> 2888656 (228 formatted per lint test results) "version": "==2.11.1" }, "ansible-doc-extractor": { @@ -100,6 +113,17 @@ ], "index": "pypi", "version": "==0.1.7" +<<<<<<< HEAD +======= + }, + "apipkg": { + "hashes": [ + "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", + "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "version": "==1.5" +>>>>>>> 2888656 (228 formatted per lint test results) }, "appdirs": { "hashes": [ @@ -110,11 +134,11 @@ }, "astroid": { "hashes": [ - "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", - "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" + "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", + "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.6" + "version": "==2.5.7" }, "attrs": { "hashes": [ @@ -290,11 +314,19 @@ }, "execnet": { "hashes": [ +<<<<<<< HEAD "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.9.0" +======= + "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", + "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==1.8.1" +>>>>>>> 2888656 (228 formatted per lint test results) }, "idna": { "hashes": [ @@ -316,7 +348,11 @@ "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], +<<<<<<< HEAD "markers": "python_version < '3.8' and python_version < '3.8'", +======= + "markers": "python_version < '3.8'", +>>>>>>> 2888656 (228 formatted per lint test results) "version": "==4.5.0" }, "iniconfig": { @@ -441,11 +477,11 @@ }, "pluggy": { "hashes": [ - "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", - "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" + "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", + "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.13.1" + "version": "==1.0.0.dev0" }, "py": { "hashes": [ @@ -481,19 +517,32 @@ }, "pylint": { "hashes": [ +<<<<<<< HEAD "sha256:0a049c5d47b629d9070c3932d13bff482b12119b6a241a93bc460b0be16953c8", "sha256:792b38ff30903884e4a9eab814ee3523731abd3c463f3ba48d7b627e87013484" ], "index": "pypi", "version": "==2.8.3" +======= + "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", + "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" + ], + "index": "pypi", + "version": "==3.0.0a3" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pyparsing": { "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" + "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", + "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" ], +<<<<<<< HEAD "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" +======= + "markers": "python_version >= '3.5'", + "version": "==3.0.0b2" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pytest": { "hashes": [ diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..bb2c85901 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,8 +141,7 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr( - self.min_pandevice_version) + "panos", panos.__version__, _vstr(self.min_pandevice_version) ) ) @@ -241,8 +240,7 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json( - msg=pano_mia_param.format(self.template_stack)) + module.fail_json(msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -313,8 +311,7 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format( - "Rulebase", module.params[self.rulebase]) + msg=not_found.format("Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -459,8 +456,7 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json( - msg="Failed toggle: {0}".format(e)) + module.fail_json(msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -497,10 +493,8 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ( - "before", "after") and existing_rule is None - improper_combo |= location in ( - "top", "bottom") and existing_rule is not None + improper_combo |= location in ("before", "after") and existing_rule is None + improper_combo |= location in ("top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -519,8 +513,7 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json( - msg="Object {0} isn't present for move".format(uid)) + module.fail_json(msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -811,8 +804,7 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError( - 'Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -877,8 +869,7 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", - "choices": ["present", "absent"]} + spec["state"] = {"default": "present", "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..606ee4cf6 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -21,6 +21,7 @@ from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( get_connection, ) + from panos.policies import RuleAuditComment __metaclass__ = type @@ -373,12 +374,10 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict( - type="list", elements="str", default=["any"]), + destination_zone=dict(type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", - default=["application-default"]), + service=dict(type="list", elements="str", default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -404,8 +403,7 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict( - type="bool", default=False), + disable_server_response_inspection=dict(type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -485,7 +483,6 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], - } # Other module info. @@ -509,8 +506,7 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position( - new_rule, location, existing_rule, module) + changed |= helper.apply_position(new_rule, location, existing_rule, module) # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: From 7743a89298eca21b194e4fe730d98782bcd59376 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:16:00 -0400 Subject: [PATCH 24/48] 230: Added protocol to panos_email_server.py Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index f752c8485..84ead73c3 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -69,6 +69,15 @@ description: - IP address or FQDN of email gateway to use. type: str + protocol: + description: + - Specify whether to use clear-text or encrypted SMTP. + type: str + choices: + - SMTP + - TLS + default: SMTP + """ EXAMPLES = """ @@ -119,6 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), + protocol=dict(), ), ) module = AnsibleModule( @@ -146,6 +156,7 @@ def main(): "to": module.params["to_email"], "also_to": module.params["also_to_email"], "email_gateway": module.params["email_gateway"], + "protocol": module.params["protocol"], } obj = EmailServer(**spec) sp.add(obj) From 0e51bbefc9a00f361af9f524c1185ccdd37776fb Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:53:51 -0400 Subject: [PATCH 25/48] 230: Added default parameter Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 84ead73c3..394c5d299 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -128,7 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(), + protocol=dict(type=str, default="SMTP"), ), ) module = AnsibleModule( From 5c0fb796768208eb8410cdad37c1baf778ac6e48 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:55:11 -0400 Subject: [PATCH 26/48] bumped version in galaxy.yml Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 8093b225d..6b6ee6afe 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.1 +version: 2.6.2 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From e42bc18e215f45ba1f90a630d12638fd6e3b1d92 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 14:07:44 -0400 Subject: [PATCH 27/48] 230 reverted galaxy.yml collection semver Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 6b6ee6afe..009bb650e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.2 +version: 2.6.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 6c2c0477a429ff239b650eae7e5d811a21c186a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Jun 2021 21:00:21 +0000 Subject: [PATCH 28/48] chore(deps): bump JamesIves/github-pages-deploy-action (#227) --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index afdd2158d..7b98fffa0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -133,7 +133,7 @@ jobs: pipenv run make docs - name: Deploy to GitHub Pages - uses: JamesIves/github-pages-deploy-action@4.1.1 + uses: JamesIves/github-pages-deploy-action@4.1.3 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} BRANCH: gh-pages # The branch the action should deploy to. From 6bc7813639694b1688b6d2ec69c913d55ff80910 Mon Sep 17 00:00:00 2001 From: Michael Richardson Date: Mon, 14 Jun 2021 09:51:45 -0400 Subject: [PATCH 29/48] chore: Clean up pipenv (#233) * Use ansible-core instead of ansible * Don't allow pre-release packages (include black specifically) * Recreate Pipfile.lock from scratch * test: Ansible 2.11 sanity fixes --- .github/workflows/ci.yml | 38 ++--- Makefile | 3 +- Pipfile | 5 +- Pipfile.lock | 220 ++++++++++++-------------- plugins/httpapi/panos.py | 4 +- plugins/modules/panos_ipsec_tunnel.py | 4 +- plugins/modules/panos_vm_auth_key.py | 2 +- requirements.txt | 15 +- tests/sanity/ignore-2.11.txt | 115 ++++++++++++++ 9 files changed, 257 insertions(+), 149 deletions(-) create mode 100644 tests/sanity/ignore-2.11.txt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7b98fffa0..2093ce129 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -27,17 +27,17 @@ jobs: run: | pip install pipenv - - name: Check pipenv cache - id: cache-pipenv - uses: actions/cache@v2 - with: - path: ~/.local/share/virtualenvs - key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} - restore-keys: | - ${{ runner.os }}-pipenv- + # - name: Check pipenv cache + # id: cache-pipenv + # uses: actions/cache@v2 + # with: + # path: ~/.local/share/virtualenvs + # key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} + # restore-keys: | + # ${{ runner.os }}-pipenv- - name: Install dependencies - if: steps.cache-pipenv.outputs.cache-hit != 'true' + # if: steps.cache-pipenv.outputs.cache-hit != 'true' run: | pipenv install --dev @@ -47,7 +47,7 @@ jobs: - name: ansible-test sanity run: | - pipenv run make sanity + pipenv run ansible-test sanity --python 3.6 - name: ansible-galaxy collection build run: | @@ -105,17 +105,17 @@ jobs: with: python-version: 3.6.8 - - name: Check pipenv cache - id: cache-pipenv - uses: actions/cache@v2 - with: - path: ~/.local/share/virtualenvs - key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} - restore-keys: | - ${{ runner.os }}-pipenv- + # - name: Check pipenv cache + # id: cache-pipenv + # uses: actions/cache@v2 + # with: + # path: ~/.local/share/virtualenvs + # key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} + # restore-keys: | + # ${{ runner.os }}-pipenv- - name: Install dependencies - if: steps.cache-pipenv.outputs.cache-hit != 'true' + # if: steps.cache-pipenv.outputs.cache-hit != 'true' run: | pipenv install --dev diff --git a/Makefile b/Makefile index 3d7c66c6f..47a7f53c3 100644 --- a/Makefile +++ b/Makefile @@ -32,7 +32,8 @@ tests: check-format sanity .PHONY: sanity sanity: ## Run sanity tests - ansible-test sanity --python $(python_version) + # import is broken on macOS. + ansible-test sanity --python $(python_version) --skip-test import .PHONY: units units: ## Run unit tests diff --git a/Pipfile b/Pipfile index ca1a6a1ef..29c87e125 100644 --- a/Pipfile +++ b/Pipfile @@ -10,7 +10,6 @@ xmltodict = "==0.12.0" requests = "==2.22.0" [dev-packages] -ansible = "*" black = "==21.5b0" isort = "==5.8.0" pytest = "*" @@ -26,9 +25,7 @@ sphinx-rtd-theme = "*" ansible-doc-extractor = "*" rstcheck = "*" six = "*" +ansible-core = "*" [requires] python_version = "3.6" - -[pipenv] -allow_prereleases = true diff --git a/Pipfile.lock b/Pipfile.lock index a809f1bfa..4f9445ddb 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "03d83e4a064c0ab343bcfb84a18d569dfb3071417d5967d32cff9b807cb2dfe2" + "sha256": "d37ea48af0c0ded5424ff3d36e2e3208bbd6d5917207f2255c6c6acf34a311fd" }, "pipfile-spec": 6, "requires": { @@ -18,10 +18,10 @@ "default": { "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "version": "==2020.12.5" + "version": "==2021.5.30" }, "chardet": { "hashes": [ @@ -39,11 +39,11 @@ }, "pan-os-python": { "hashes": [ - "sha256:03c6480a3a4d5f1ce899fe4ecde93de420876d45db1572301c75790ac3206993", - "sha256:b299fe54ec52d69a4766d6c0f945baf2dd02967930b7f043ea8172e463839303" + "sha256:00d55975afee6bc016cd368bce71d393d2cc04cc00ec508eddeaf5d6584b7b53", + "sha256:8b654d9b6c34ae126eafa6dcd62bfea7721ffa35d8e62e2a8cdea6d4d1edf326" ], "index": "pypi", - "version": "==1.1.0" + "version": "==1.2.0" }, "pan-python": { "hashes": [ @@ -86,35 +86,20 @@ ], "version": "==0.7.12" }, - "ansible": { + "ansible-core": { "hashes": [ - "sha256:2de5385c48a2a24a19f6cbaccc7d7684c64b6194f9a9b175aba7949d53b07bc9" + "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "index": "pypi", - "version": "==3.3.0" - }, - "ansible-base": { - "hashes": [ - "sha256:04635d3e08fc29358c76b8e7f1e9db0ce443fb09ce30b2acc6cacaad165f2151" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==2.10.9" + "version": "==2.11.1" }, "ansible-doc-extractor": { "hashes": [ - "sha256:4d1d95743fefb4242fc4cb1e985910174255eeb3596c79eae13c211a0555ac44", - "sha256:f686e9f1715efb623c4771f6e354f97ec3aa20a3239388e9ec42f9cb6b7a17e8" + "sha256:a864dab347af7ac2cf7cb2706a6de041b489ad287ebcf2be4d19038ff0290195", + "sha256:e814c6ba24192151a7f8414693e6b93f43bfeb039a026efae19a4340931cd259" ], "index": "pypi", - "version": "==0.1.6" - }, - "apipkg": { - "hashes": [ - "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", - "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.5" + "version": "==0.1.7" }, "appdirs": { "hashes": [ @@ -157,22 +142,31 @@ }, "certifi": { "hashes": [ - "sha256:1a4995114262bffbc2413b159f2a1a480c969de6e6eb13ee966d470af86af59c", - "sha256:719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830" + "sha256:2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee", + "sha256:50b1e4f8446b06f41be7dd6338db18e0990601dce795c2b1686458aa7e8fa7d8" ], - "version": "==2020.12.5" + "version": "==2021.5.30" }, "cffi": { "hashes": [ "sha256:005a36f41773e148deac64b08f233873a4d0c18b053d37da83f6af4d9087b813", + "sha256:04c468b622ed31d408fea2346bec5bbffba2cc44226302a0de1ade9f5ea3d373", + "sha256:06d7cd1abac2ffd92e65c0609661866709b4b2d82dd15f611e602b9b188b0b69", + "sha256:06db6321b7a68b2bd6df96d08a5adadc1fa0e8f419226e25b2a5fbf6ccc7350f", "sha256:0857f0ae312d855239a55c81ef453ee8fd24136eaba8e87a2eceba644c0d4c06", + "sha256:0f861a89e0043afec2a51fd177a567005847973be86f709bbb044d7f42fc4e05", "sha256:1071534bbbf8cbb31b498d5d9db0f274f2f7a865adca4ae429e147ba40f73dea", "sha256:158d0d15119b4b7ff6b926536763dc0714313aa59e320ddf787502c70c4d4bee", + "sha256:1bf1ac1984eaa7675ca8d5745a8cb87ef7abecb5592178406e55858d411eadc0", "sha256:1f436816fc868b098b0d63b8920de7d208c90a67212546d02f84fe78a9c26396", + "sha256:24a570cd11895b60829e941f2613a4f79df1a27344cbbb82164ef2e0116f09c7", + "sha256:24ec4ff2c5c0c8f9c6b87d5bb53555bf267e1e6f70e52e5a9740d32861d36b6f", "sha256:2894f2df484ff56d717bead0a5c2abb6b9d2bf26d6960c4604d5c48bbc30ee73", "sha256:29314480e958fd8aab22e4a58b355b629c59bf5f2ac2492b61e3dc06d8c7a315", + "sha256:293e7ea41280cb28c6fcaaa0b1aa1f533b8ce060b9e701d78511e1e6c4a1de76", "sha256:34eff4b97f3d982fb93e2831e6750127d1355a923ebaeeb565407b3d2f8d41a1", "sha256:35f27e6eb43380fa080dccf676dece30bef72e4a67617ffda586641cd4508d49", + "sha256:3c3f39fa737542161d8b0d680df2ec249334cd70a8f420f71c9304bd83c3cbed", "sha256:3d3dd4c9e559eb172ecf00a2a7517e97d1e96de2a5e610bd9b68cea3925b4892", "sha256:43e0b9d9e2c9e5d152946b9c5fe062c151614b262fda2e7b201204de0b99e482", "sha256:48e1c69bbacfc3d932221851b39d49e81567a4d4aac3b21258d9c24578280058", @@ -180,6 +174,7 @@ "sha256:58e3f59d583d413809d60779492342801d6e82fefb89c86a38e040c16883be53", "sha256:5de7970188bb46b7bf9858eb6890aad302577a5f6f75091fd7cdd3ef13ef3045", "sha256:65fa59693c62cf06e45ddbb822165394a288edce9e276647f0046e1ec26920f3", + "sha256:681d07b0d1e3c462dd15585ef5e33cb021321588bebd910124ef4f4fb71aef55", "sha256:69e395c24fc60aad6bb4fa7e583698ea6cc684648e1ffb7fe85e3c1ca131a7d5", "sha256:6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e", "sha256:6e4714cc64f474e4d6e37cfff31a814b509a35cb17de4fb1999907575684479c", @@ -197,8 +192,10 @@ "sha256:b85eb46a81787c50650f2392b9b4ef23e1f126313b9e0e9013b35c15e4288e2e", "sha256:bb89f306e5da99f4d922728ddcd6f7fcebb3241fc40edebcb7284d7514741991", "sha256:cbde590d4faaa07c72bf979734738f328d239913ba3e043b1e98fe9a39f8b2b6", + "sha256:cc5a8e069b9ebfa22e26d0e6b97d6f9781302fe7f4f2b8776c3e1daea35f1adc", "sha256:cd2868886d547469123fadc46eac7ea5253ea7fcb139f12e1dfc2bbd406427d1", "sha256:d42b11d692e11b6634f7613ad8df5d6d5f8875f5d48939520d351007b3c13406", + "sha256:df5052c5d867c1ea0b311fb7c3cd28b19df469c056f7fdcfe88c7473aa63e333", "sha256:f2d45f97ab6bb54753eab54fffe75aaf3de4ff2341c9daee1987ee1837636f1d", "sha256:fd78e5fee591709f32ef6edb9a015b4aa1a5022598e36227500c8f4e02328d9c" ], @@ -213,11 +210,11 @@ }, "click": { "hashes": [ - "sha256:d2b5255c7c6349bc1bd1e59e08cd12acbbd63ce649f2588755783aa94dfb6b1a", - "sha256:dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc" + "sha256:8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a", + "sha256:fba402a4a47334742d782209a7c79bc448911afe1149d07bdabdf480b3e2f4b6" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==7.1.2" + "markers": "python_version >= '3.6'", + "version": "==8.0.1" }, "coverage": { "hashes": [ @@ -293,11 +290,11 @@ }, "execnet": { "hashes": [ - "sha256:7a13113028b1e1cc4c6492b28098b3c6576c9dccc7973bfe47b342afadafb2ac", - "sha256:b73c5565e517f24b62dea8a5ceac178c661c4309d3aa0c3e420856c072c411b4" + "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", + "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.8.0" + "version": "==1.9.0" }, "idna": { "hashes": [ @@ -316,11 +313,11 @@ }, "importlib-metadata": { "hashes": [ - "sha256:8c501196e49fb9df5df43833bdb1e4328f64847763ec8a50703148b73784d581", - "sha256:d7eb1dea6d6a6086f8be21784cc9e3bcfa55872b52309bc5fad53a8ea444465d" + "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", + "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], - "markers": "python_version < '3.8'", - "version": "==4.0.1" + "markers": "python_version < '3.8' and python_version < '3.8'", + "version": "==4.5.0" }, "iniconfig": { "hashes": [ @@ -339,11 +336,11 @@ }, "jinja2": { "hashes": [ - "sha256:03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419", - "sha256:a6d58433de0ae800347cab1fa3043cebbabe8baa9d29e668f1c768cb87a333c6" + "sha256:1f06f2da51e7b56b8f238affdd6b4e2c61e39598a378cc49345bc1bd42a978a4", + "sha256:703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==2.11.3" + "markers": "python_version >= '3.6'", + "version": "==3.0.1" }, "lazy-object-proxy": { "hashes": [ @@ -375,61 +372,43 @@ }, "markupsafe": { "hashes": [ - "sha256:00bc623926325b26bb9605ae9eae8a215691f33cae5df11ca5424f06f2d1f473", - "sha256:09027a7803a62ca78792ad89403b1b7a73a01c8cb65909cd876f7fcebd79b161", - "sha256:09c4b7f37d6c648cb13f9230d847adf22f8171b1ccc4d5682398e77f40309235", - "sha256:1027c282dad077d0bae18be6794e6b6b8c91d58ed8a8d89a89d59693b9131db5", - "sha256:13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42", - "sha256:195d7d2c4fbb0ee8139a6cf67194f3973a6b3042d742ebe0a9ed36d8b6f0c07f", - "sha256:22c178a091fc6630d0d045bdb5992d2dfe14e3259760e713c490da5323866c39", - "sha256:24982cc2533820871eba85ba648cd53d8623687ff11cbb805be4ff7b4c971aff", - "sha256:29872e92839765e546828bb7754a68c418d927cd064fd4708fab9fe9c8bb116b", - "sha256:2beec1e0de6924ea551859edb9e7679da6e4870d32cb766240ce17e0a0ba2014", - "sha256:3b8a6499709d29c2e2399569d96719a1b21dcd94410a586a18526b143ec8470f", - "sha256:43a55c2930bbc139570ac2452adf3d70cdbb3cfe5912c71cdce1c2c6bbd9c5d1", - "sha256:46c99d2de99945ec5cb54f23c8cd5689f6d7177305ebff350a58ce5f8de1669e", - "sha256:500d4957e52ddc3351cabf489e79c91c17f6e0899158447047588650b5e69183", - "sha256:535f6fc4d397c1563d08b88e485c3496cf5784e927af890fb3c3aac7f933ec66", - "sha256:596510de112c685489095da617b5bcbbac7dd6384aeebeda4df6025d0256a81b", - "sha256:62fe6c95e3ec8a7fad637b7f3d372c15ec1caa01ab47926cfdf7a75b40e0eac1", - "sha256:6788b695d50a51edb699cb55e35487e430fa21f1ed838122d722e0ff0ac5ba15", - "sha256:6dd73240d2af64df90aa7c4e7481e23825ea70af4b4922f8ede5b9e35f78a3b1", - "sha256:6f1e273a344928347c1290119b493a1f0303c52f5a5eae5f16d74f48c15d4a85", - "sha256:6fffc775d90dcc9aed1b89219549b329a9250d918fd0b8fa8d93d154918422e1", - "sha256:717ba8fe3ae9cc0006d7c451f0bb265ee07739daf76355d06366154ee68d221e", - "sha256:79855e1c5b8da654cf486b830bd42c06e8780cea587384cf6545b7d9ac013a0b", - "sha256:7c1699dfe0cf8ff607dbdcc1e9b9af1755371f92a68f706051cc8c37d447c905", - "sha256:7fed13866cf14bba33e7176717346713881f56d9d2bcebab207f7a036f41b850", - "sha256:84dee80c15f1b560d55bcfe6d47b27d070b4681c699c572af2e3c7cc90a3b8e0", - "sha256:88e5fcfb52ee7b911e8bb6d6aa2fd21fbecc674eadd44118a9cc3863f938e735", - "sha256:8defac2f2ccd6805ebf65f5eeb132adcf2ab57aa11fdf4c0dd5169a004710e7d", - "sha256:98bae9582248d6cf62321dcb52aaf5d9adf0bad3b40582925ef7c7f0ed85fceb", - "sha256:98c7086708b163d425c67c7a91bad6e466bb99d797aa64f965e9d25c12111a5e", - "sha256:9add70b36c5666a2ed02b43b335fe19002ee5235efd4b8a89bfcf9005bebac0d", - "sha256:9bf40443012702a1d2070043cb6291650a0841ece432556f784f004937f0f32c", - "sha256:a6a744282b7718a2a62d2ed9d993cad6f5f585605ad352c11de459f4108df0a1", - "sha256:acf08ac40292838b3cbbb06cfe9b2cb9ec78fce8baca31ddb87aaac2e2dc3bc2", - "sha256:ade5e387d2ad0d7ebf59146cc00c8044acbd863725f887353a10df825fc8ae21", - "sha256:b00c1de48212e4cc9603895652c5c410df699856a2853135b3967591e4beebc2", - "sha256:b1282f8c00509d99fef04d8ba936b156d419be841854fe901d8ae224c59f0be5", - "sha256:b1dba4527182c95a0db8b6060cc98ac49b9e2f5e64320e2b56e47cb2831978c7", - "sha256:b2051432115498d3562c084a49bba65d97cf251f5a331c64a12ee7e04dacc51b", - "sha256:b7d644ddb4dbd407d31ffb699f1d140bc35478da613b441c582aeb7c43838dd8", - "sha256:ba59edeaa2fc6114428f1637ffff42da1e311e29382d81b339c1817d37ec93c6", - "sha256:bf5aa3cbcfdf57fa2ee9cd1822c862ef23037f5c832ad09cfea57fa846dec193", - "sha256:c8716a48d94b06bb3b2524c2b77e055fb313aeb4ea620c8dd03a105574ba704f", - "sha256:caabedc8323f1e93231b52fc32bdcde6db817623d33e100708d9a68e1f53b26b", - "sha256:cd5df75523866410809ca100dc9681e301e3c27567cf498077e8551b6d20e42f", - "sha256:cdb132fc825c38e1aeec2c8aa9338310d29d337bebbd7baa06889d09a60a1fa2", - "sha256:d53bc011414228441014aa71dbec320c66468c1030aae3a6e29778a3382d96e5", - "sha256:d73a845f227b0bfe8a7455ee623525ee656a9e2e749e4742706d80a6065d5e2c", - "sha256:d9be0ba6c527163cbed5e0857c451fcd092ce83947944d6c14bc95441203f032", - "sha256:e249096428b3ae81b08327a63a485ad0878de3fb939049038579ac0ef61e17e7", - "sha256:e8313f01ba26fbbe36c7be1966a7b7424942f670f38e666995b88d012765b9be", - "sha256:feb7b34d6325451ef96bc0e36e1a6c0c1c64bc1fbec4b854f4529e51887b1621" + "sha256:01a9b8ea66f1658938f65b93a85ebe8bc016e6769611be228d797c9d998dd298", + "sha256:023cb26ec21ece8dc3907c0e8320058b2e0cb3c55cf9564da612bc325bed5e64", + "sha256:0446679737af14f45767963a1a9ef7620189912317d095f2d9ffa183a4d25d2b", + "sha256:0717a7390a68be14b8c793ba258e075c6f4ca819f15edfc2a3a027c823718567", + "sha256:0955295dd5eec6cb6cc2fe1698f4c6d84af2e92de33fbcac4111913cd100a6ff", + "sha256:10f82115e21dc0dfec9ab5c0223652f7197feb168c940f3ef61563fc2d6beb74", + "sha256:1d609f577dc6e1aa17d746f8bd3c31aa4d258f4070d61b2aa5c4166c1539de35", + "sha256:2ef54abee730b502252bcdf31b10dacb0a416229b72c18b19e24a4509f273d26", + "sha256:3c112550557578c26af18a1ccc9e090bfe03832ae994343cfdacd287db6a6ae7", + "sha256:47ab1e7b91c098ab893b828deafa1203de86d0bc6ab587b160f78fe6c4011f75", + "sha256:49e3ceeabbfb9d66c3aef5af3a60cc43b85c33df25ce03d0031a608b0a8b2e3f", + "sha256:4efca8f86c54b22348a5467704e3fec767b2db12fc39c6d963168ab1d3fc9135", + "sha256:53edb4da6925ad13c07b6d26c2a852bd81e364f95301c66e930ab2aef5b5ddd8", + "sha256:594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a", + "sha256:611d1ad9a4288cf3e3c16014564df047fe08410e628f89805e475368bd304914", + "sha256:6557b31b5e2c9ddf0de32a691f2312a32f77cd7681d8af66c2692efdbef84c18", + "sha256:693ce3f9e70a6cf7d2fb9e6c9d8b204b6b39897a2c4a1aa65728d5ac97dcc1d8", + "sha256:6a7fae0dd14cf60ad5ff42baa2e95727c3d81ded453457771d02b7d2b3f9c0c2", + "sha256:6c4ca60fa24e85fe25b912b01e62cb969d69a23a5d5867682dd3e80b5b02581d", + "sha256:7d91275b0245b1da4d4cfa07e0faedd5b0812efc15b702576d103293e252af1b", + "sha256:905fec760bd2fa1388bb5b489ee8ee5f7291d692638ea5f67982d968366bef9f", + "sha256:97383d78eb34da7e1fa37dd273c20ad4320929af65d156e35a5e2d89566d9dfb", + "sha256:984d76483eb32f1bcb536dc27e4ad56bba4baa70be32fa87152832cdd9db0833", + "sha256:a30e67a65b53ea0a5e62fe23682cfe22712e01f453b95233b25502f7c61cb415", + "sha256:ab3ef638ace319fa26553db0624c4699e31a28bb2a835c5faca8f8acf6a5a902", + "sha256:b2f4bf27480f5e5e8ce285a8c8fd176c0b03e93dcc6646477d4630e83440c6a9", + "sha256:b7f2d075102dc8c794cbde1947378051c4e5180d52d276987b8d28a3bd58c17d", + "sha256:be98f628055368795d818ebf93da628541e10b75b41c559fdf36d104c5787066", + "sha256:d7f9850398e85aba693bb640262d3611788b1f29a79f0c93c565694658f4071f", + "sha256:f5653a225f31e113b152e56f154ccbe59eeb1c7487b39b9d9f9cdb58e6c79dc5", + "sha256:f826e31d18b516f653fe296d967d700fddad5901ae07c622bb3705955e1faa94", + "sha256:f8ba0e8349a38d3001fae7eadded3f6606f0da5d748ee53cc1dab1d6527b9509", + "sha256:f9081981fe268bd86831e5c75f7de206ef275defcb82bc70740ae6dc507aee51", + "sha256:fa130dd50c57d53368c9d59395cb5526eda596d3ffe36666cd81a44d56e48872" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.1.1" + "markers": "python_version >= '3.6'", + "version": "==2.0.1" }, "mccabe": { "hashes": [ @@ -502,18 +481,18 @@ }, "pylint": { "hashes": [ - "sha256:586d8fa9b1891f4b725f587ef267abe2a1bad89d6b184520c7f07a253dd6e217", - "sha256:f7e2072654a6b6afdf5e2fb38147d3e2d2d43c89f648637baab63e026481279b" + "sha256:0a049c5d47b629d9070c3932d13bff482b12119b6a241a93bc460b0be16953c8", + "sha256:792b38ff30903884e4a9eab814ee3523731abd3c463f3ba48d7b627e87013484" ], "index": "pypi", - "version": "==2.8.2" + "version": "==2.8.3" }, "pyparsing": { "hashes": [ "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" }, "pytest": { @@ -644,6 +623,13 @@ "index": "pypi", "version": "==2.22.0" }, + "resolvelib": { + "hashes": [ + "sha256:8113ae3ed6d33c6be0bcbf03ffeb06c0995c099b7b8aaa5ddf2e9b3b3df4e915", + "sha256:9b9b80d5c60e4c2a8b7fbf0712c3449dc01d74e215632e5199850c9eca687628" + ], + "version": "==0.5.4" + }, "rstcheck": { "hashes": [ "sha256:92c4f79256a54270e0402ba16a2f92d0b3c15c8f4410cb9c57127067c215741f" @@ -668,11 +654,11 @@ }, "sphinx": { "hashes": [ - "sha256:19010b7b9fa0dc7756a6e105b2aacd3a80f798af3c25c273be64d7beeb482cb1", - "sha256:2320d4e994a191f4b4be27da514e46b3d6b420f2ff895d064f52415d342461e8" + "sha256:b5c2ae4120bf00c799ba9b3699bc895816d272d120080fbc967292f29b52b48c", + "sha256:d1cb10bee9c4231f1700ec2e24a91be3f3a3aba066ea4ca9f3bbe47e59d5a1d4" ], "index": "pypi", - "version": "==3.5.4" + "version": "==4.0.2" }, "sphinx-rtd-theme": { "hashes": [ @@ -700,11 +686,11 @@ }, "sphinxcontrib-htmlhelp": { "hashes": [ - "sha256:3c0bc24a2c41e340ac37c85ced6dafc879ab485c095b1d65d2461ac2f7cca86f", - "sha256:e8f5bb7e31b2dbb25b9cc435c8ab7a79787ebf7f906155729338f3156d93659b" + "sha256:d412243dfb797ae3ec2b59eca0e52dac12e75a241bf0e4eb861e450d06c6ed07", + "sha256:f5f8bb2d0d629f398bf47d0d69c07bc13b65f75a81ad9e2f71a63d4b7a2f6db2" ], - "markers": "python_version >= '3.5'", - "version": "==1.0.3" + "markers": "python_version >= '3.6'", + "version": "==2.0.0" }, "sphinxcontrib-jsmath": { "hashes": [ @@ -724,18 +710,18 @@ }, "sphinxcontrib-serializinghtml": { "hashes": [ - "sha256:eaa0eccc86e982a9b939b2b82d12cc5d013385ba5eadcc7e4fed23f4405f77bc", - "sha256:f242a81d423f59617a8e5cf16f5d4d74e28ee9a66f9e5b637a18082991db5a9a" + "sha256:352a9a00ae864471d3a7ead8d7d79f5fc0b57e8b3f95e9867eb9eb28999b92fd", + "sha256:aa5f6de5dfdf809ef505c4895e51ef5c9eac17d0f287933eb49ec495280b6952" ], "markers": "python_version >= '3.5'", - "version": "==1.1.4" + "version": "==1.1.5" }, "toml": { "hashes": [ "sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b", "sha256:b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==0.10.2" }, "typed-ast": { @@ -771,7 +757,7 @@ "sha256:f8afcf15cc511ada719a88e013cec87c11aff7b91f019295eb4530f96fe5ef2f", "sha256:fb1bbeac803adea29cedd70781399c99138358c26d05fcbd23c13016b7f5ec65" ], - "markers": "python_version < '3.8' and implementation_name == 'cpython'", + "markers": "python_version < '3.8' and python_version < '3.8' and implementation_name == 'cpython'", "version": "==1.4.3" }, "typing-extensions": { @@ -780,7 +766,7 @@ "sha256:50b6f157849174217d0656f99dc82fe932884fb250826c18350e159ec6cdf342", "sha256:779383f6086d90c99ae41cf0ff39aac8a7937a9283ce0a414e5dd782f4c94a84" ], - "markers": "python_version < '3.8'", + "markers": "python_version < '3.8' and python_version < '3.8'", "version": "==3.10.0.0" }, "urllib3": { diff --git a/plugins/httpapi/panos.py b/plugins/httpapi/panos.py index 6b4aaadb9..f33a8fc9a 100644 --- a/plugins/httpapi/panos.py +++ b/plugins/httpapi/panos.py @@ -44,7 +44,9 @@ from ansible.module_utils.six.moves.urllib.error import HTTPError from ansible.plugins.httpapi import HttpApiBase from ansible.utils.display import Display -from ansible_collections.mrichardson03.panos.plugins.module_utils.panos import cmd_xml +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + cmd_xml, +) display = Display() diff --git a/plugins/modules/panos_ipsec_tunnel.py b/plugins/modules/panos_ipsec_tunnel.py index 180fd0249..f9a76ff67 100644 --- a/plugins/modules/panos_ipsec_tunnel.py +++ b/plugins/modules/panos_ipsec_tunnel.py @@ -268,7 +268,7 @@ def main(): default=None, choices=["md5", "sha1", "sha256", "sha384", "sha512"], ), - mk_auth_key=dict(type="str", default=None), + mk_auth_key=dict(type="str", default=None, no_log=True), mk_esp_encryption=dict( type="str", default=None, @@ -281,7 +281,7 @@ def main(): "null", ], ), - mk_esp_encryption_key=dict(type="str", default=None), + mk_esp_encryption_key=dict(type="str", default=None, no_log=True), gps_portal_address=dict(type="str", default=None), gps_prefer_ipv6=dict(type="bool", default=False), gps_interface=dict(type="str", default=None), diff --git a/plugins/modules/panos_vm_auth_key.py b/plugins/modules/panos_vm_auth_key.py index 1b2dca081..fd46afbf7 100644 --- a/plugins/modules/panos_vm_auth_key.py +++ b/plugins/modules/panos_vm_auth_key.py @@ -27,7 +27,7 @@ - This module will ask Panorama to create a VM auth key for VM-Series bootstrapping. author: - Garfield Lee Freeman (@shinmog) -version_added: '1.0.3' +version_added: '1.1.0' requirements: - pan-python - pandevice diff --git a/requirements.txt b/requirements.txt index cc7e232e0..1ac9f175d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,9 +1,16 @@ --i https://pypi.org/simple/ -certifi==2020.12.5 +# +# These requirements were autogenerated by pipenv +# To regenerate from the project's Pipfile, run: +# +# pipenv lock --requirements +# + +-i https://pypi.org/simple +certifi==2021.5.30 chardet==3.0.4 idna==2.8 -pan-os-python>=1.1.0 +pan-os-python==1.2.0 pan-python==0.16.0 requests==2.22.0 -urllib3==1.25.11 +urllib3==1.25.11; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' xmltodict==0.12.0 diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt new file mode 100644 index 000000000..3afb0e312 --- /dev/null +++ b/tests/sanity/ignore-2.11.txt @@ -0,0 +1,115 @@ +plugins/modules/panos_address_group.py validate-modules:missing-gplv3-license +plugins/modules/panos_address_object.py validate-modules:missing-gplv3-license +plugins/modules/panos_admin.py validate-modules:missing-gplv3-license +plugins/modules/panos_admin.py validate-modules:deprecation-mismatch +plugins/modules/panos_admin.py validate-modules:invalid-documentation +plugins/modules/panos_administrator.py validate-modules:missing-gplv3-license +plugins/modules/panos_admpwd.py validate-modules:missing-gplv3-license +plugins/modules/panos_aggregate_interface.py validate-modules:missing-gplv3-license +plugins/modules/panos_api_key.py validate-modules:missing-gplv3-license +plugins/modules/panos_application_filter.py validate-modules:missing-gplv3-license +plugins/modules/panos_application_group.py validate-modules:missing-gplv3-license +plugins/modules/panos_application_object.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_aggregate.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_auth.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_conditional_advertisement.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_dampening.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_peer.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_peer_group.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_policy_filter.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_policy_rule.py validate-modules:missing-gplv3-license +plugins/modules/panos_bgp_redistribute.py validate-modules:missing-gplv3-license +plugins/modules/panos_cert_gen_ssh.py validate-modules:missing-gplv3-license +plugins/modules/panos_check.py validate-modules:missing-gplv3-license +plugins/modules/panos_commit.py validate-modules:deprecation-mismatch +plugins/modules/panos_commit.py validate-modules:invalid-documentation +plugins/modules/panos_commit.py validate-modules:missing-gplv3-license +plugins/modules/panos_commit_panorama.py validate-modules:missing-gplv3-license +plugins/modules/panos_commit_firewall.py validate-modules:missing-gplv3-license +plugins/modules/panos_commit_push.py validate-modules:missing-gplv3-license +plugins/modules/panos_config_element.py validate-modules:missing-gplv3-license +plugins/modules/panos_custom_url_category.py validate-modules:missing-gplv3-license +plugins/modules/panos_dag.py no-get-exception +plugins/modules/panos_dag.py validate-modules:deprecation-mismatch +plugins/modules/panos_dag.py validate-modules:invalid-documentation +plugins/modules/panos_dag.py validate-modules:missing-gplv3-license +plugins/modules/panos_dag_tags.py no-get-exception +plugins/modules/panos_dag_tags.py validate-modules:deprecation-mismatch +plugins/modules/panos_dag_tags.py validate-modules:invalid-documentation +plugins/modules/panos_dag_tags.py validate-modules:missing-gplv3-license +plugins/modules/panos_dynamic_updates.py validate-modules:missing-gplv3-license +plugins/modules/panos_dynamic_user_group.py validate-modules:missing-gplv3-license +plugins/modules/panos_email_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_email_server.py validate-modules:missing-gplv3-license +plugins/modules/panos_export.py validate-modules:missing-gplv3-license +plugins/modules/panos_gre_tunnel.py validate-modules:missing-gplv3-license +plugins/modules/panos_ha.py validate-modules:missing-gplv3-license +plugins/modules/panos_http_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_http_profile_header.py validate-modules:missing-gplv3-license +plugins/modules/panos_http_profile_param.py validate-modules:missing-gplv3-license +plugins/modules/panos_http_server.py validate-modules:missing-gplv3-license +plugins/modules/panos_ike_crypto_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_ike_gateway.py validate-modules:missing-gplv3-license +plugins/modules/panos_import.py validate-modules:missing-gplv3-license +plugins/modules/panos_interface.py validate-modules:missing-gplv3-license +plugins/modules/panos_ipsec_ipv4_proxyid.py validate-modules:missing-gplv3-license +plugins/modules/panos_ipsec_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_ipsec_tunnel.py validate-modules:missing-gplv3-license +plugins/modules/panos_ipv6_address.py validate-modules:missing-gplv3-license +plugins/modules/panos_l2_subinterface.py validate-modules:missing-gplv3-license +plugins/modules/panos_l3_subinterface.py validate-modules:missing-gplv3-license +plugins/modules/panos_lic.py validate-modules:missing-gplv3-license +plugins/modules/panos_loadcfg.py validate-modules:missing-gplv3-license +plugins/modules/panos_log_forwarding_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_log_forwarding_profile_match_list.py validate-modules:missing-gplv3-license +plugins/modules/panos_log_forwarding_profile_match_list_action.py validate-modules:missing-gplv3-license +plugins/modules/panos_loopback_interface.py validate-modules:missing-gplv3-license +plugins/modules/panos_management_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_match_rule.py validate-modules:missing-gplv3-license +plugins/modules/panos_mgtconfig.py validate-modules:missing-gplv3-license +plugins/modules/panos_nat_rule.py validate-modules:missing-gplv3-license +plugins/modules/panos_nat_rule_facts.py validate-modules:missing-gplv3-license +plugins/modules/panos_object.py validate-modules:deprecation-mismatch +plugins/modules/panos_object.py validate-modules:invalid-documentation +plugins/modules/panos_object.py validate-modules:missing-gplv3-license +plugins/modules/panos_object_facts.py validate-modules:missing-gplv3-license +plugins/modules/panos_op.py validate-modules:missing-gplv3-license +plugins/modules/panos_pbf_rule.py validate-modules:missing-gplv3-license +plugins/modules/panos_pg.py validate-modules:missing-gplv3-license +plugins/modules/panos_query_rules.py validate-modules:deprecation-mismatch +plugins/modules/panos_query_rules.py validate-modules:invalid-documentation +plugins/modules/panos_query_rules.py validate-modules:missing-gplv3-license +plugins/modules/panos_redistribution.py validate-modules:missing-gplv3-license +plugins/modules/panos_region.py validate-modules:missing-gplv3-license +plugins/modules/panos_registered_ip.py validate-modules:missing-gplv3-license +plugins/modules/panos_registered_ip_facts.py validate-modules:missing-gplv3-license +plugins/modules/panos_restart.py validate-modules:missing-gplv3-license +plugins/modules/panos_sag.py no-get-exception +plugins/modules/panos_sag.py validate-modules:deprecation-mismatch +plugins/modules/panos_sag.py validate-modules:invalid-documentation +plugins/modules/panos_sag.py validate-modules:missing-gplv3-license +plugins/modules/panos_schedule_object.py validate-modules:missing-gplv3-license +plugins/modules/panos_security_rule.py validate-modules:missing-gplv3-license +plugins/modules/panos_security_rule_facts.py validate-modules:missing-gplv3-license +plugins/modules/panos_service_group.py validate-modules:missing-gplv3-license +plugins/modules/panos_service_object.py validate-modules:missing-gplv3-license +plugins/modules/panos_snmp_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_snmp_v2c_server.py validate-modules:missing-gplv3-license +plugins/modules/panos_snmp_v3_server.py validate-modules:missing-gplv3-license +plugins/modules/panos_software.py validate-modules:missing-gplv3-license +plugins/modules/panos_static_route.py validate-modules:missing-gplv3-license +plugins/modules/panos_syslog_profile.py validate-modules:missing-gplv3-license +plugins/modules/panos_syslog_server.py validate-modules:missing-gplv3-license +plugins/modules/panos_tag_object.py validate-modules:missing-gplv3-license +plugins/modules/panos_tunnel.py validate-modules:missing-gplv3-license +plugins/modules/panos_type_cmd.py validate-modules:missing-gplv3-license +plugins/modules/panos_userid.py validate-modules:missing-gplv3-license +plugins/modules/panos_virtual_router.py validate-modules:missing-gplv3-license +plugins/modules/panos_virtual_router_facts.py validate-modules:missing-gplv3-license +plugins/modules/panos_virtual_wire.py validate-modules:missing-gplv3-license +plugins/modules/panos_vlan.py validate-modules:missing-gplv3-license +plugins/modules/panos_vlan_interface.py validate-modules:missing-gplv3-license +plugins/modules/panos_vm_auth_key.py validate-modules:missing-gplv3-license +plugins/modules/panos_zone.py validate-modules:missing-gplv3-license +plugins/modules/panos_zone_facts.py validate-modules:missing-gplv3-license From 7849afd262df7c0426d775bb903beae384c88955 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 09:26:15 -0400 Subject: [PATCH 30/48] Rebasing and removing conflicts Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..f2a89f790 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, Rulebase + from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..96d8a49be 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,6 +507,10 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) + # Add the audit comment, if applicable. + if audit_comment: + RuleAuditComment.update(audit_comment) + # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( From cb78ab1c2048f00c991efca7e7d305e86a61a693 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 12:57:04 -0400 Subject: [PATCH 31/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 96d8a49be..250bca2d1 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,7 +509,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(audit_comment) + RuleAuditComment.update(module, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 2acdc2dcecf35163b577f99be638f9e3ee8e2f50 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 13:48:09 -0400 Subject: [PATCH 32/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 250bca2d1..9a0182fc5 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,7 +509,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(module, audit_comment) + rule_audit_comment = RuleAuditComment() + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From f0f4441a4fec477d3377fa10d6579e4028e03fab Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:23:52 -0400 Subject: [PATCH 33/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 9a0182fc5..49c453ce9 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,8 +509,7 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - rule_audit_comment = RuleAuditComment() - rule_audit_comment.update(audit_comment) + RuleAuditComment.update(parent, audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 3848143c634a466911feacaa1b5fd91f2ff5cd44 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 14:28:39 -0400 Subject: [PATCH 34/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/modules/panos_security_rule.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 49c453ce9..a9ecd4ace 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -509,7 +509,8 @@ def main(): # Add the audit comment, if applicable. if audit_comment: - RuleAuditComment.update(parent, audit_comment) + rule_audit_comment = RuleAuditComment(parent) + rule_audit_comment.update(audit_comment) # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": From 6f9ce6ca4e7c60e2780b633ad0653a47113eced1 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Wed, 2 Jun 2021 18:30:38 -0400 Subject: [PATCH 35/48] Adding rule audit comment - #228 Signed-off-by: Stephen Steiner --- plugins/module_utils/panos.py | 2 +- plugins/modules/panos_security_rule.py | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index f2a89f790..a630948b7 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -45,7 +45,7 @@ from panos.errors import PanCommitNotNeeded, PanDeviceError from panos.firewall import Firewall from panos.panorama import DeviceGroup, Template, TemplateStack - from panos.policies import PostRulebase, PreRulebase, RuleAuditComment, Rulebase + from panos.policies import PostRulebase, PreRulebase, Rulebase except ImportError: try: import pandevice as panos diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index a9ecd4ace..c572710e8 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -507,11 +507,6 @@ def main(): # Which action shall we take on the rule object? changed, diff = helper.apply_state(new_rule, rules, module) - # Add the audit comment, if applicable. - if audit_comment: - rule_audit_comment = RuleAuditComment(parent) - rule_audit_comment.update(audit_comment) - # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": changed |= helper.apply_position( From 25ba6e87fb63be996aad79aaf23d8223deec59dd Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 11:09:51 -0400 Subject: [PATCH 36/48] 228 formatted per lint test results Signed-off-by: Stephen Steiner --- Makefile | 2 +- Pipfile.lock | 65 ++++++++++++++++++++++---- plugins/module_utils/panos.py | 27 ++++------- plugins/modules/panos_security_rule.py | 14 ++---- 4 files changed, 72 insertions(+), 36 deletions(-) diff --git a/Makefile b/Makefile index 47a7f53c3..771952ae7 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ else ifneq (ansible_collections,$(toplevel)) endif python_version := $(shell \ - python -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ + python3 -c 'import sys; print(".".join(map(str, sys.version_info[:2])))' \ ) diff --git a/Pipfile.lock b/Pipfile.lock index 4f9445ddb..47339c4db 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -88,9 +88,22 @@ }, "ansible-core": { "hashes": [ +<<<<<<< HEAD "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "index": "pypi", +======= + "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" + ], + "index": "pypi", + "version": "==4.0.0" + }, + "ansible-core": { + "hashes": [ + "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", +>>>>>>> 2888656 (228 formatted per lint test results) "version": "==2.11.1" }, "ansible-doc-extractor": { @@ -100,6 +113,17 @@ ], "index": "pypi", "version": "==0.1.7" +<<<<<<< HEAD +======= + }, + "apipkg": { + "hashes": [ + "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", + "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", + "version": "==1.5" +>>>>>>> 2888656 (228 formatted per lint test results) }, "appdirs": { "hashes": [ @@ -110,11 +134,11 @@ }, "astroid": { "hashes": [ - "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", - "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" + "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", + "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.6" + "version": "==2.5.7" }, "attrs": { "hashes": [ @@ -290,11 +314,19 @@ }, "execnet": { "hashes": [ +<<<<<<< HEAD "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.9.0" +======= + "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", + "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" + ], + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", + "version": "==1.8.1" +>>>>>>> 2888656 (228 formatted per lint test results) }, "idna": { "hashes": [ @@ -316,7 +348,11 @@ "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], +<<<<<<< HEAD "markers": "python_version < '3.8' and python_version < '3.8'", +======= + "markers": "python_version < '3.8'", +>>>>>>> 2888656 (228 formatted per lint test results) "version": "==4.5.0" }, "iniconfig": { @@ -441,11 +477,11 @@ }, "pluggy": { "hashes": [ - "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", - "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" + "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", + "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==0.13.1" + "version": "==1.0.0.dev0" }, "py": { "hashes": [ @@ -481,19 +517,32 @@ }, "pylint": { "hashes": [ +<<<<<<< HEAD "sha256:0a049c5d47b629d9070c3932d13bff482b12119b6a241a93bc460b0be16953c8", "sha256:792b38ff30903884e4a9eab814ee3523731abd3c463f3ba48d7b627e87013484" ], "index": "pypi", "version": "==2.8.3" +======= + "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", + "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" + ], + "index": "pypi", + "version": "==3.0.0a3" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pyparsing": { "hashes": [ - "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", - "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" + "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", + "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" ], +<<<<<<< HEAD "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" +======= + "markers": "python_version >= '3.5'", + "version": "==3.0.0b2" +>>>>>>> 2888656 (228 formatted per lint test results) }, "pytest": { "hashes": [ diff --git a/plugins/module_utils/panos.py b/plugins/module_utils/panos.py index a630948b7..bb2c85901 100644 --- a/plugins/module_utils/panos.py +++ b/plugins/module_utils/panos.py @@ -141,8 +141,7 @@ def get_pandevice_parent(self, module, timeout=0): if pdv < self.min_pandevice_version: module.fail_json( msg=_MIN_VERSION_ERROR.format( - "panos", panos.__version__, _vstr( - self.min_pandevice_version) + "panos", panos.__version__, _vstr(self.min_pandevice_version) ) ) @@ -241,8 +240,7 @@ def get_pandevice_parent(self, module, timeout=0): elif self.template is not None: tmpl_required = True elif not self.template_is_optional: - module.fail_json( - msg=pano_mia_param.format(self.template_stack)) + module.fail_json(msg=pano_mia_param.format(self.template_stack)) # Spec: template. if self.template is not None: @@ -313,8 +311,7 @@ def get_pandevice_parent(self, module, timeout=0): parent = rb else: module.fail_json( - msg=not_found.format( - "Rulebase", module.params[self.rulebase]) + msg=not_found.format("Rulebase", module.params[self.rulebase]) ) else: # Firewall connection. @@ -459,8 +456,7 @@ def apply_state( try: item.update(enabled_disabled_param) except PanDeviceError as e: - module.fail_json( - msg="Failed toggle: {0}".format(e)) + module.fail_json(msg="Failed toggle: {0}".format(e)) break else: module.fail_json(msg="Cannot enable/disable non-existing obj") @@ -497,10 +493,8 @@ def apply_position(self, obj, location, existing_rule, module): # Sanity check the location / existing_rule params. improper_combo = False improper_combo |= location is None and existing_rule is not None - improper_combo |= location in ( - "before", "after") and existing_rule is None - improper_combo |= location in ( - "top", "bottom") and existing_rule is not None + improper_combo |= location in ("before", "after") and existing_rule is None + improper_combo |= location in ("top", "bottom") and existing_rule is not None if improper_combo: module.fail_json( msg='Improper combination of "location" / "existing_rule".' @@ -519,8 +513,7 @@ def apply_position(self, obj, location, existing_rule, module): obj_index = listing.index(uid) rule = rules[obj_index] except ValueError: - module.fail_json( - msg="Object {0} isn't present for move".format(uid)) + module.fail_json(msg="Object {0} isn't present for move".format(uid)) if location == "top": if listing[0] != uid: @@ -811,8 +804,7 @@ def get_connection( if vsys is not None: raise KeyError('Define "vsys" or "vsys_shared", not both.') elif vsys_importable is not None: - raise KeyError( - 'Define "vsys_importable" or "vsys_shared", not both.') + raise KeyError('Define "vsys_importable" or "vsys_shared", not both.') if isinstance(vsys_shared, bool): param = "vsys" else: @@ -877,8 +869,7 @@ def __init__( self.api_endpoint = api_endpoint if with_state: - spec["state"] = {"default": "present", - "choices": ["present", "absent"]} + spec["state"] = {"default": "present", "choices": ["present", "absent"]} if with_enabled_state: spec["state"] = { diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index c572710e8..606ee4cf6 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -21,6 +21,7 @@ from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( get_connection, ) + from panos.policies import RuleAuditComment __metaclass__ = type @@ -373,12 +374,10 @@ def main(): source_ip=dict(type="list", elements="str", default=["any"]), source_user=dict(type="list", elements="str", default=["any"]), hip_profiles=dict(type="list", elements="str", default=["any"]), - destination_zone=dict( - type="list", elements="str", default=["any"]), + destination_zone=dict(type="list", elements="str", default=["any"]), destination_ip=dict(type="list", elements="str", default=["any"]), application=dict(type="list", elements="str", default=["any"]), - service=dict(type="list", elements="str", - default=["application-default"]), + service=dict(type="list", elements="str", default=["application-default"]), category=dict(type="list", elements="str", default=["any"]), action=dict( default="allow", @@ -404,8 +403,7 @@ def main(): disabled=dict(type="bool", default=False), schedule=dict(), icmp_unreachable=dict(type="bool"), - disable_server_response_inspection=dict( - type="bool", default=False), + disable_server_response_inspection=dict(type="bool", default=False), group_profile=dict(), antivirus=dict(), spyware=dict(), @@ -485,7 +483,6 @@ def main(): "data_filtering": module.params["data_filtering"], "target": module.params["target"], "negate_target": module.params["negate_target"], - } # Other module info. @@ -509,8 +506,7 @@ def main(): # Move the rule to the correct spot, if applicable. if module.params["state"] == "present": - changed |= helper.apply_position( - new_rule, location, existing_rule, module) + changed |= helper.apply_position(new_rule, location, existing_rule, module) # Add the audit comment, if applicable. if changed and audit_comment and not module.check_mode: From c4fb814ee20c3077efab8050edafea5db860ee9b Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:16:00 -0400 Subject: [PATCH 37/48] 230: Added protocol to panos_email_server.py Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index f752c8485..84ead73c3 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -69,6 +69,15 @@ description: - IP address or FQDN of email gateway to use. type: str + protocol: + description: + - Specify whether to use clear-text or encrypted SMTP. + type: str + choices: + - SMTP + - TLS + default: SMTP + """ EXAMPLES = """ @@ -119,6 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), + protocol=dict(), ), ) module = AnsibleModule( @@ -146,6 +156,7 @@ def main(): "to": module.params["to_email"], "also_to": module.params["also_to_email"], "email_gateway": module.params["email_gateway"], + "protocol": module.params["protocol"], } obj = EmailServer(**spec) sp.add(obj) From e9a308c8002f726320a3c070930dd99771f7f1f3 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:53:51 -0400 Subject: [PATCH 38/48] 230: Added default parameter Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 84ead73c3..394c5d299 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -128,7 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(), + protocol=dict(type=str, default="SMTP"), ), ) module = AnsibleModule( From c2b1d3b23fa43749704cdf3dd412e01b8a5618e7 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:55:11 -0400 Subject: [PATCH 39/48] bumped version in galaxy.yml Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 8093b225d..6b6ee6afe 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.1 +version: 2.6.2 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 487db3c12df1dd3c2b65cfbb3979d1c9da33f956 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 14:07:44 -0400 Subject: [PATCH 40/48] 230 reverted galaxy.yml collection semver Signed-off-by: Stephen Steiner --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 6b6ee6afe..009bb650e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -version: 2.6.2 +version: 2.6.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 2da6aac5741de51970ccac131e10290057ef5dc2 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 11:09:51 -0400 Subject: [PATCH 41/48] 228 formatted per lint test results Signed-off-by: Stephen Steiner --- .gitignore | 3 --- Pipfile | 2 +- Pipfile.lock | 65 +++++++--------------------------------------------- 3 files changed, 9 insertions(+), 61 deletions(-) diff --git a/.gitignore b/.gitignore index 8ed95f4c5..5187a4654 100644 --- a/.gitignore +++ b/.gitignore @@ -74,9 +74,6 @@ ENV/ # PyCharm / IntelliJ .idea -# VS Code -.vscode - # Configtree diagram generated by sphinx docs/_diagrams diff --git a/Pipfile b/Pipfile index 29c87e125..988c031b6 100644 --- a/Pipfile +++ b/Pipfile @@ -4,7 +4,7 @@ verify_ssl = true name = "pypi" [packages] -pan-os-python = ">=1.1.0" +pan-os-python = "*" pan-python = "*" xmltodict = "==0.12.0" requests = "==2.22.0" diff --git a/Pipfile.lock b/Pipfile.lock index 47339c4db..4f9445ddb 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -88,22 +88,9 @@ }, "ansible-core": { "hashes": [ -<<<<<<< HEAD "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" ], "index": "pypi", -======= - "sha256:6f67ca5c634e4721d1f8e206dc71d60d1a114d147945355bfc902bd37eb07080" - ], - "index": "pypi", - "version": "==4.0.0" - }, - "ansible-core": { - "hashes": [ - "sha256:7e75827a94d47d1c3e1930d708f0ef637a3ab9a21f757aaf55deab6e9f47c682" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", ->>>>>>> 2888656 (228 formatted per lint test results) "version": "==2.11.1" }, "ansible-doc-extractor": { @@ -113,17 +100,6 @@ ], "index": "pypi", "version": "==0.1.7" -<<<<<<< HEAD -======= - }, - "apipkg": { - "hashes": [ - "sha256:37228cda29411948b422fae072f57e31d3396d2ee1c9783775980ee9c9990af6", - "sha256:58587dd4dc3daefad0487f6d9ae32b4542b185e1c36db6993290e7c41ca2b47c" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.5" ->>>>>>> 2888656 (228 formatted per lint test results) }, "appdirs": { "hashes": [ @@ -134,11 +110,11 @@ }, "astroid": { "hashes": [ - "sha256:3c9a2d84354185d13213ff2640ec03d39168dbcd13648abc84fb13ca3b2e2761", - "sha256:d66a600e1602736a0f24f725a511b0e50d12eb18f54b31ec276d2c26a0a62c6a" + "sha256:4db03ab5fc3340cf619dbc25e42c2cc3755154ce6009469766d7143d1fc2ee4e", + "sha256:8a398dfce302c13f14bab13e2b14fe385d32b73f4e4853b9bdfb64598baa1975" ], "markers": "python_version ~= '3.6'", - "version": "==2.5.7" + "version": "==2.5.6" }, "attrs": { "hashes": [ @@ -314,19 +290,11 @@ }, "execnet": { "hashes": [ -<<<<<<< HEAD "sha256:8f694f3ba9cc92cab508b152dcfe322153975c29bda272e2fd7f3f00f36e47c5", "sha256:a295f7cc774947aac58dde7fdc85f4aa00c42adf5d8f5468fc630c1acf30a142" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", "version": "==1.9.0" -======= - "sha256:7e3c2cdb6389542a91e9855a9cc7545fbed679e96f8808bcbb1beb325345b189", - "sha256:e840ce25562e414ee5684864d510dbeeb0bce016bc89b22a6e5ce323b5e6552f" - ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4'", - "version": "==1.8.1" ->>>>>>> 2888656 (228 formatted per lint test results) }, "idna": { "hashes": [ @@ -348,11 +316,7 @@ "sha256:833b26fb89d5de469b24a390e9df088d4e52e4ba33b01dc5e0e4f41b81a16c00", "sha256:b142cc1dd1342f31ff04bb7d022492b09920cb64fed867cd3ea6f80fe3ebd139" ], -<<<<<<< HEAD "markers": "python_version < '3.8' and python_version < '3.8'", -======= - "markers": "python_version < '3.8'", ->>>>>>> 2888656 (228 formatted per lint test results) "version": "==4.5.0" }, "iniconfig": { @@ -477,11 +441,11 @@ }, "pluggy": { "hashes": [ - "sha256:265a94bf44ca13662f12fcd1b074c14d4b269a712f051b6f644ef7e705d6735f", - "sha256:467f0219e89bb5061a8429c6fc5cf055fa3983a0e68e84a1d205046306b37d9e" + "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0", + "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d" ], "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", - "version": "==1.0.0.dev0" + "version": "==0.13.1" }, "py": { "hashes": [ @@ -517,32 +481,19 @@ }, "pylint": { "hashes": [ -<<<<<<< HEAD "sha256:0a049c5d47b629d9070c3932d13bff482b12119b6a241a93bc460b0be16953c8", "sha256:792b38ff30903884e4a9eab814ee3523731abd3c463f3ba48d7b627e87013484" ], "index": "pypi", "version": "==2.8.3" -======= - "sha256:2b422dd6f251a1caea5532cbb5a7d0cbf66b1ee6a36b50c53e32fa7a8272cc55", - "sha256:49b58c3ab27ea78cdcbd2d85b21f8e939bb179301f1cde1bd3f65168d9cbf25a" - ], - "index": "pypi", - "version": "==3.0.0a3" ->>>>>>> 2888656 (228 formatted per lint test results) }, "pyparsing": { "hashes": [ - "sha256:1c6409312ce2ce2997896af5756753778d5f1603666dba5587804f09ad82ed27", - "sha256:f4896b4cc085a1f8f8ae53a1a90db5a86b3825ff73eb974dffee3d9e701007f4" + "sha256:c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1", + "sha256:ef9d7589ef3c200abe66653d3f1ab1033c3c419ae9b9bdb1240a85b024efc88b" ], -<<<<<<< HEAD "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.4.7" -======= - "markers": "python_version >= '3.5'", - "version": "==3.0.0b2" ->>>>>>> 2888656 (228 formatted per lint test results) }, "pytest": { "hashes": [ From 4bbc4ef422baa934d42ff85bb2a3d707a9486d1d Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:16:00 -0400 Subject: [PATCH 42/48] 230: Added protocol to panos_email_server.py Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 394c5d299..84ead73c3 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -128,7 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(type=str, default="SMTP"), + protocol=dict(), ), ) module = AnsibleModule( From f52b8a586da4f5af08b229f281a9627e08a2ab2e Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:53:51 -0400 Subject: [PATCH 43/48] 230: Added default parameter Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 84ead73c3..394c5d299 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -128,7 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(), + protocol=dict(type=str, default="SMTP"), ), ) module = AnsibleModule( From f1708623a08182367cf4743f2599cb51fc36197e Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 12:55:11 -0400 Subject: [PATCH 44/48] bumped version in galaxy.yml Signed-off-by: Stephen Steiner --- galaxy.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/galaxy.yml b/galaxy.yml index 009bb650e..efb7e2dba 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,7 +9,11 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning +<<<<<<< HEAD version: 2.6.0 +======= +version: 2.6.2 +>>>>>>> 0c64e5c (bumped version in galaxy.yml) # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 4a4eba3a4fed125db7e7e0b40e7388dda46a1057 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 7 Jun 2021 14:07:44 -0400 Subject: [PATCH 45/48] 230 reverted galaxy.yml collection semver Signed-off-by: Stephen Steiner --- galaxy.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index efb7e2dba..6b6ee6afe 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,11 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -<<<<<<< HEAD -version: 2.6.0 -======= version: 2.6.2 ->>>>>>> 0c64e5c (bumped version in galaxy.yml) # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' From 5876cb64e438698d4e1ae2adb8dbc20141763075 Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 14 Jun 2021 11:10:18 -0400 Subject: [PATCH 46/48] updated arg spec Signed-off-by: Stephen Steiner --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 394c5d299..91052b54d 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -128,7 +128,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(type=str, default="SMTP"), + protocol=dict(type=str, choices=['SMTP', 'TLS'], default='SMTP'), ), ) module = AnsibleModule( From 0fe213edc1cb04371143dd306c133b0b02a4152b Mon Sep 17 00:00:00 2001 From: Stephen Steiner Date: Mon, 14 Jun 2021 11:29:27 -0400 Subject: [PATCH 47/48] 230: final cleanup Signed-off-by: Stephen Steiner --- galaxy.yml | 6 +----- plugins/modules/panos_email_server.py | 3 +-- plugins/modules/panos_security_rule.py | 21 ++++----------------- 3 files changed, 6 insertions(+), 24 deletions(-) diff --git a/galaxy.yml b/galaxy.yml index a9bb434cc..c2320cb90 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -9,11 +9,7 @@ namespace: 'paloaltonetworks' name: 'panos' # The version of the collection. Must be compatible with semantic versioning -<<<<<<< HEAD -version: 2.6.2 -======= -version: 2.6.0 ->>>>>>> ddc080f123cd0c8b66f40e32a4e433911e399b5a +version: '2.6.0' # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: 'README.md' diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 91052b54d..88de096b9 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -77,7 +77,6 @@ - SMTP - TLS default: SMTP - """ EXAMPLES = """ @@ -128,7 +127,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(type=str, choices=['SMTP', 'TLS'], default='SMTP'), + protocol=dict(choices=['SMTP', 'TLS'], default='SMTP'), ), ) module = AnsibleModule( diff --git a/plugins/modules/panos_security_rule.py b/plugins/modules/panos_security_rule.py index 606ee4cf6..919226edc 100644 --- a/plugins/modules/panos_security_rule.py +++ b/plugins/modules/panos_security_rule.py @@ -17,13 +17,6 @@ from __future__ import absolute_import, division, print_function -from ansible.module_utils.basic import AnsibleModule -from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( - get_connection, -) - -from panos.policies import RuleAuditComment - __metaclass__ = type DOCUMENTATION = """ @@ -251,10 +244,6 @@ description: - Exclude this rule from the listed firewalls in Panorama. type: bool - audit_comment: - description: - - Add an audit comment to the rule being defined. - type: str """ EXAMPLES = """ @@ -342,6 +331,10 @@ # Default return values """ +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.paloaltonetworks.panos.plugins.module_utils.panos import ( + get_connection, +) try: from panos.errors import PanDeviceError @@ -417,7 +410,6 @@ def main(): location=dict(choices=["top", "bottom", "before", "after"]), existing_rule=dict(), commit=dict(type="bool", default=False), - audit_comment=dict(type="str"), # TODO(gfreeman) - remove this in the next role release. devicegroup=dict(), ), @@ -489,7 +481,6 @@ def main(): location = module.params["location"] existing_rule = module.params["existing_rule"] commit = module.params["commit"] - audit_comment = module.params["audit_comment"] # Retrieve the current rules. try: @@ -508,10 +499,6 @@ def main(): if module.params["state"] == "present": changed |= helper.apply_position(new_rule, location, existing_rule, module) - # Add the audit comment, if applicable. - if changed and audit_comment and not module.check_mode: - new_rule.opstate.audit_comment.update(audit_comment) - # Optional commit. if changed and commit: helper.commit(module) From fbdbf6d76c2c549632486142774f68bdbb7feae1 Mon Sep 17 00:00:00 2001 From: Michael Richardson Date: Mon, 14 Jun 2021 11:34:42 -0400 Subject: [PATCH 48/48] style: black fixes --- plugins/modules/panos_email_server.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_email_server.py b/plugins/modules/panos_email_server.py index 88de096b9..75319cb99 100644 --- a/plugins/modules/panos_email_server.py +++ b/plugins/modules/panos_email_server.py @@ -127,7 +127,7 @@ def main(): to_email=dict(), also_to_email=dict(), email_gateway=dict(), - protocol=dict(choices=['SMTP', 'TLS'], default='SMTP'), + protocol=dict(choices=["SMTP", "TLS"], default="SMTP"), ), ) module = AnsibleModule(