search

PaloAltoNetworks / pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
https://pan-os-python.readthedocs.io
ISC License
345 stars 170 forks source link

add optional timeout for userid register() #377

Closed devsecfranklin closed 2 years ago

devsecfranklin commented 3 years ago

Description

Ben Parker 2:39 PM

So this call should actaully support another argument https://pan-os-python.readthedocs.io/en/latest/module-userid.html#panos.userid.UserId.audit_registered_ip

the timeout like argument like https://pan-os-python.readthedocs.io/en/latest/module-userid.html#panos.userid.UserId.audit_registered_ip

Ben Parker 2:40 PM Here is what the whole API call looks like 

https://{{host}}/api?key={{key}}&type=user-id&cmd=<uid-message><version>2.0</version><type>update</type><payload><register><entry ip="{{tagged-ip}}"><tag><member timeout="60">{{tag}}</member></tag></entry></register></payload></uid-message>

Motivation and Context

Need update to XML API call

How Has This Been Tested?

New unit test cases included

Types of changes

Checklist

welcome-to-palo-alto-networks[bot] commented 3 years ago

:tada: Thanks for opening this pull request! We really appreciate contributors like you! :raised_hands:

bparker-sec commented 3 years ago

Test the following commands on the FW and here was the resulting API from DEBUG mode.

my_fw.userid.batch_start() my_fw.userid.register("1.1.1.1","tag123","120") my_fw.userid.register("1.1.1.2","tag123","60") my_fw.userid.register("1.1.1.3", "tag123") my_fw.userid.register("2.2.2.2","tag456","60") my_fw.userid.batch_end()

[2021/11/03 00:37:47] user=772142##### XML Api Request

1.0updatetag123tag123tag123tag456 ]]>

[2021/11/03 00:37:48] user=77214###### XML Api Request End

devsecfranklin commented 2 years ago

Update after testing with three scenarios:

  1. Test with a non-zero/valid timeout.
  2. Test with timeout set to 0.
  3. Test with no timeout value provided.
2021/11/10 11:11:12 vsys1 

1.2.3.4 timeout_1hour 3600 register XMLAPI xml-api 

2021/11/10 11:11:12 vsys1 

1.1.1.3 timeout_set_to_0 0 register XMLAPI xml-api 

2021/11/10 11:11:12 vsys1 

1.1.1.4 timeout_not_set 0 register XMLAPI xml-api
devsecfranklin commented 2 years ago

There are two more instances where I see timeout/minutes but they are not from my change. Shall I update those as well? @shinmog

welcome-to-palo-alto-networks[bot] commented 2 years ago

:tada: Congrats on getting your first pull request merged! We here at Palo Alto Networks are so grateful! :heart:

github-actions[bot] commented 2 years ago

:tada: This PR is included in version 1.6.0 :tada:

The release is available on PyPI and GitHub release

Posted by semantic-release bot