search

PaloAltoNetworks / pan-os-python

The PAN-OS SDK for Python is a package to help interact with Palo Alto Networks devices (including physical and virtualized Next-generation Firewalls and Panorama). The pan-os-python SDK is object oriented and mimics the traditional interaction with the device via the GUI or CLI/API.
https://pan-os-python.readthedocs.io
ISC License
340 stars 168 forks source link

Implementation of a TS Agent class for UserID #443

Open A-Thomas-91 opened 2 years ago

A-Thomas-91 commented 2 years ago

Description

I have implemented the ability to add TS Agent objects directly to the firewall. https://docs.paloaltonetworks.com/compatibility-matrix/terminal-services-ts-agent

Motivation and Context

The company I work for uses Azure Virtual Desktop, we have different host pools in different regions and corresponding PA-VMs in the regions. Due to the dynamic nature of host creation, this has allowed us to add 30 hosts' (which have the TS agent installed) corresponding IP addresses and port numbers in a matter of seconds to our firewalls.

How Has This Been Tested?

We don't have a testing environment but at the time we had a spare physical PA device which the implementation was tested on, after running the tests, the TS agent objects were successfully added to the firewall. This was then tested in production and we began to instantly see users mapped to traffic on the newly added AVD hosts.

Types of changes

Checklist

Forgive me for not ticking the test tick boxes as this is my first ever pull request, I would love to work on other aspects of this project and implement different classes under guidance of understanding the API in full. Whilst I was able to read the code to implement this class I do not fully understand how I would implement decryption exlusion/decryption profile classes which I do have a need for.

welcome-to-palo-alto-networks[bot] commented 2 years ago

:tada: Thanks for opening this pull request! We really appreciate contributors like you! :raised_hands:

A-Thomas-91 commented 2 years ago

Oh, actually, looks like the acctests are failing. There's no parent defined.

Seems this needs to be added to the CHILDTYPES of at least panos.firewall.Firewall and panos.device.Vsys.

I have updated both CHILDTYPES, hopefully the acctests should now pass.

shinmog commented 2 years ago

@A-Thomas-91

Some acctests are failing. You can do make test to verify the tests will pass, that's all the CI is running. Just needs a tweak to fix.

A-Thomas-91 commented 1 year ago

Changes completed under following pull : All acctests passed https://github.com/PaloAltoNetworks/pan-os-python/pull/443/commits/b2b13676844577629c915b918e2b0c6e283020ac