Open rebelfish opened 1 year ago
I am seeing this same issue on 10.1.10.
Reverting back to using the standard delete() on each rule still works, albeit it is much slower than using delete_similar().
This is not linked to pan-os-python but to PAN-OS itself. After getting some feedback from the TAC, the bulk delete XML API calls have been removed voluntarily starting 10.X because of some wrong behaviour on some objects caches. It seems it has been restored (PAN-179059) on the following releases :
Tested on my side on 10.1.9, and it seems it's still not working... Trying to get more inputs.
I can confirm that .delete_simillar() works as expected on 10.2.4-h3.
delete_simillar has stopped working again on 10.2.5 and greater in the 10.x.x release train. It also does not work on 11.0.3.
I got this feedback from Palo Alto support.
"The support for XML API requests to delete multiple security policies at one shot by, passing the policy names separated by the 'or' operator in the x-path is no longer available."
Describe the bug
A script using
.delete_similar()
worked against 9.1.X but was recently discovered to not be working against 10.1.7. The script has not changed. Only the PAN-OS upgrade.Expected behavior
Cycling through a dict of DeviceGroups as keys and a list of SecurityRule objects as the value:
This would do an atomic delete per Device Group
Current behavior
Possible solution
Steps to reproduce
Screenshots
Context
This is part of an automation script that is used to disable a csv list of rules and then on a designated day of the month, the script is used to delete those rules if still disabled
Your Environment
Tested with multiple versions of lxml, pan-os-python, and pan-python (0.16.0, 0.17.0).