Merge branch 'release/0.6.5'

PaloAltoNetworks · Oct 7, 2018 · c96173c · c96173c
2 parents 81e2871 + b11c851
commit c96173c
Show file tree

Hide file tree

Showing 10 changed files with 40 additions and 18 deletions.
diff --git a/HISTORY.rst b/HISTORY.rst
@@ -3,6 +3,18 @@
 History
 =======
 
+0.6.5
+-----
+
+Released: 2018-10-07
+
+Status: Alpha
+
+- Fixed: ICMP Unreachable param type in security rules
+- Fixed: Content upgrade error
+- Fixed: (Python3) The comparison of encrypted types
+- Various documentation fixes
+
 0.6.4
 -----
 

diff --git a/README.rst b/README.rst
@@ -81,16 +81,16 @@ The following examples assume the modules were imported as such::
 
 Create a subinterface and commit::
 
-    fw = firewall.Firewall("10.0.0.1", username="admin", password="admin")
+    fw = firewall.Firewall("10.0.0.1", api_username="admin", api_password="admin")
     eth = fw.add(network.EthernetInterface("ethernet1/1", mode="layer3"))
     subeth = eth.add(network.Layer3Subinterface("ethernet1/1.30", ip="4.4.4.4/24", tag=30))
     subeth.create()
     fw.commit()
 
 Operational commands leverage the 'op' method of the device::
 
-    fw = firewall.Firewall("10.0.0.1", username="admin", password="admin")
-    print fw.op("show system info", xml=True)
+    fw = firewall.Firewall("10.0.0.1", api_username="admin", api_password="admin")
+    print fw.op("show system info")
 
 Some operational commands have methods to refresh the variables in an object::
 

diff --git a/docs/usage.rst b/docs/usage.rst
@@ -83,13 +83,13 @@ more information.
 
 In each of these examples, assume a Firewall and Panorama object have been instantiated::
 
-    fw = firewall.Firewall('10.0.0.1', 'admin', 'mypassword')
-    pano = panorama.Panorama('10.0.0.5', 'admin', 'mypassword')
+    fw = firewall.Firewall("10.0.0.1", "admin", "mypassword")
+    pano = panorama.Panorama("10.0.0.5", "admin", "mypassword")
 
 Create an address object on a firewall::
 
     webserver = objects.AddressObject("Apache-webserver", "5.5.5.5", description="Company web server")
-    fw.add(webapache)
+    fw.add(webserver)
     webserver.create()
 
 In this example, add() makes the AddressObject a child of the Firewall. This does not make any change to

diff --git a/examples/dyn_address_group.py b/examples/dyn_address_group.py
@@ -30,11 +30,11 @@
 
 Tag the IP 3.3.3.3 with the tag 'linux' and 'apache'::
 
-    $ python dyn_address_group.py 10.0.0.1 admin password 3.3.3.3 linux,apache
+    $ python dyn_address_group.py -r linux,apache 10.0.0.1 admin password 3.3.3.3
 
 Remove the tag apache from the IP 3.3.3.3::
 
-    $ python dyn_address_group.py -u 10.0.0.1 admin password 3.3.3.3 linux
+    $ python dyn_address_group.py -u linux 10.0.0.1 admin password 3.3.3.3
 
 Clear all tags from all IP's::
 

diff --git a/pandevice/__init__.py b/pandevice/__init__.py
@@ -23,7 +23,7 @@
 
 __author__ = 'Palo Alto Networks'
 __email__ = '[email protected]'
-__version__ = '0.6.4'
+__version__ = '0.6.5'
 
 
 import logging

diff --git a/pandevice/base.py b/pandevice/base.py
@@ -2642,8 +2642,9 @@ def _sha1_hash(string):
             return string[5:33]
         else:
             # Sha1 hash the cleartext value
-            sha1 = hashlib.sha1(string)
-            return base64.b64encode(sha1.digest())
+            # Python3:  encode for sha1, decode for XML serialization.
+            sha1 = hashlib.sha1(string.encode('utf-8'))
+            return base64.b64encode(sha1.digest()).decode('utf-8')
 
     def parse_xml(self, xml, settings, possibilities):
         """Parse the XML to find this parameter's value.

diff --git a/pandevice/errors.py b/pandevice/errors.py
@@ -37,6 +37,7 @@ class PanDeviceError(PanXapiError):
     def __init__(self, *args, **kwargs):
         self.pan_device = kwargs.pop('pan_device', None)
         super(PanDeviceError, self).__init__(*args, **kwargs)
+        self.message = '{0}'.format(self)
 
 class PanDeviceXapiError(PanDeviceError):
     """General error returned by an API call"""

diff --git a/pandevice/policies.py b/pandevice/policies.py
@@ -75,6 +75,8 @@ class SecurityRule(VersionedPanObject):
         fromzone (list): From zones
         tozone (list): To zones
         source (list): Source addresses
+        source_user (list): Source users and groups
+        hip_profiles (list): GlobalProtect host integrity profiles
         destination (list): Destination addresses
         application (list): Applications
         service (list): Destination services (ports) (Default:
@@ -160,7 +162,7 @@ def _setup(self):
         params.append(VersionedParamPath(
             'schedule', path='schedule'))
         params.append(VersionedParamPath(
-            'icmp_unreachable', path='icmp-unreachable'))
+            'icmp_unreachable', path='icmp-unreachable', vartype='yesno'))
         params.append(VersionedParamPath(
             'disable_server_response_inspection', vartype='yesno',
             path='option/disable-server-response-inspection'))

diff --git a/pandevice/updater.py b/pandevice/updater.py
@@ -297,21 +297,27 @@ def check(self):
         self.pandevice.content_version = self._parse_current_version(response)
         self.versions = self._parse_version_list(response)
 
-    def download(self, version="latest", sync_to_peer=True, sync=False):
+    def download(self, sync_to_peer=None, sync=False):
         if not self.versions:
             self.check()
         available_versions = map(PanOSVersion, self.versions.keys())
         latest_version = max(available_versions)
         if self.versions[str(latest_version)]['downloaded']:
             return
-        self._logger.info("Device %s downloading content version: %s" % (self.pandevice.id, version))
-        response = self._op('request content upgrade download latest sync-to-peer "%s"' %
-                            "yes" if sync_to_peer else "no")
+        self._logger.info("Device %s downloading content version: %s" % (self.pandevice.id, latest_version))
+        if sync_to_peer is None:
+            sync_to_peer_text = ''
+        elif sync_to_peer:
+            sync_to_peer_text = ' "" sync-to-peer "yes"'
+        else:
+            sync_to_peer_text = ' "" sync-to-peer "no"'
+        command = 'request content upgrade download latest{0}'.format(sync_to_peer_text)
+        response = self._op(command)
         if sync:
             result = self.pandevice.syncjob(response)
             if not result['success']:
                 raise err.PanDeviceError("Device %s attempt to download content version %s failed: %s" %
-                                         (self.pandevice.id, version, result['messages']))
+                                         (self.pandevice.id, latest_version, result['messages']))
             return result
         else:
             return True

diff --git a/setup.py b/setup.py
@@ -23,7 +23,7 @@
 
 setup(
     name='pandevice',
-    version='0.6.4',
+    version='0.6.5',
     description='Framework for interacting with Palo Alto Networks devices via API',
     long_description='The Palo Alto Networks Device Framework is a way to interact with Palo Alto Networks devices (including Next-generation Firewalls and Panorama) using the device API that is object oriented and conceptually similar to interaction with the device via the GUI or CLI.',
     author='Palo Alto Networks',