Support for Panorama commit and push

[danieleva]

Description

CTS already support triggering commit on Panos api, it would be great if it supported commit and push to devices on Panorama as well

Use Cases

To handle Panos FW deployments at scale it's common to use Panorama to manage the configuration and push that to all devices. The terraform provider already support many panorama features, but it can't be used with CTS as a human still needs to trigger the push in Panorama.

Alternative Solutions

Trigger a script to perform the commit is possible with some hacky null_resource and forced dependencies, but it's brittle at best.

I'm happy to work on a PR for the feature if you are interested in it

[lornasong]

Hi @danieleva thanks so much for writing up this issue! It’s really great to hear that people would like to use CTS with Panorama. We as a team are starting to realize that it would be helpful to support a general way for users to add custom functionality after a task executes. We’d like to support this in a way where our team doesn’t block users and cause them to wait for functionality to be added and released.

Currently, we are thinking of supporting a feature to configure a task to execute a custom script after task execution. We think this would support your use-case. Please feel free to give feedback!

Since we currently don’t have a timeline for this feature, we definitely don’t want to block you and your team and would more than welcome a change to support Panorama. We wanted to flag this for you to consider before you invest time in making a Panorama PR that we are planning to remove all third-party specific code after we support this feature. So wanted to be really transparent that any new changes for Panorama, existing Panos code, any other third-party that comes up will be removed after this feature is released. However, as a part of that feature's release, we will ensure that the Panos and Panorama use-case can be easily transitioned to adopt the new feature.

Again, we’d really welcome a Panorama PR and want to be considerate of your time and what works best for your team. Happy to discuss more! Please let us know if you have any questions or feedback.

[danieleva]

Hi, thanks for the context. #309 will cover my use case, I can do the commit and push to panorama easily in a standalone binary or a plugin. The current handler approach causes some issues as I can't have 2 tasks with same provider and different handlers, or multiple handlers for the same provider, so I'm really looking forward to #309 :) Since this patch would be throwaway work I'll see if I can come up with an elegant way to add panorama support without breaking panos, but I can't promise I'll get it done and pushed here. I might end up with a customised binary used internally to cover my use case until #309 is done.

[lornasong]

Hi @danieleva, awesome! Really glad to hear that #309 will cover your use-case and make it possible to handle committing for different types of provider requirements.

Regarding a Panorama patch - helpful to know and that sounds good. If it works out, we’d certainly welcome a patch. If it’s easier your team to keep an internal custom solution, completely ok! Definitely don’t feel pressure or obligated to push anything.

We’ll be sure to keep #309 updated the latest. Feel free to leave any feedback or questions. Thank you!