Add new action to work with Group Tags in policy rules (pan-os-php type=rule)

PaloAltoNetworks / pan-os-php

Framework and utilities to easily manage and edit Palo Alto Network PANOS devices

ISC License

72 stars 15 forks source link

Add new action to work with Group Tags in policy rules (pan-os-php type=rule) #758

Closed nikolay-matveev-kkr closed 1 year ago

nikolay-matveev-kkr commented 1 year ago

Is your feature request related to a problem?

It would be great to be able to add/remove Group Tags to rules using "pan-os-php type=rule" (the current list of actions includes "tag-Add|Add-Force|Remove|Remove-All|Remove-Regex" which work only with regular tags but not with Group Tags)

Describe the solution you'd like

Add new actions (for example "groupTag-Add|Add-Force|Remove|Remove-Regex") They should work the same way as the actions for regular tags.

Describe alternatives you've considered

Manual change, or pan-os-python.

Additional context

We use Group tags to visually group rules in a policy with many rules.

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

swaschkut commented 1 year ago

Thanks for reaching out:

your feature is already implemented:

based on CHANGELOG.txt - since April 2023:

2.0.75 (20230412)
UTIL:
* type=rule | extend with actions=group-tag-remove | group-tag-set:GROUPTAGNAME

the actual latest public version is 2.1.8 - and develop version is currently 2.1.9

pan-os-php type=rule listactions 
..........
* group-tag-Remove          |
====================================================================
* group-tag-Set             | #1 Group-Tag:string     | *nodefault* | 
.........

pan-os-php type=rule help group-tag-set

***********************************************
*********** pan-os-php.php type=rule UTILITY **************

 - PAN-OS-PHP version: 2.1.9 [UNIX] [8.2.5]
*** help for Action group-tag-Set:Group-Tag

Listing arguments:

-- Group-Tag :
 OPTIONAL
 type=string

  *no help available*

swaschkut commented 1 year ago

FYI: with new version 2.1.9 - right now under development, there will come a new filter:

type=rule 'filter=(group-tag is.regex /VALUE/)'

nikolay-matveev-kkr commented 1 year ago

I was looking right into the list of actions and could not see it. Probably need to get back to studying the alphabet LOL. Thank you so much!

swaschkut commented 1 year ago

It is maybe worth to check which version you are running:

pan-os-php version