Skip to content

Releases: PaloAltoNetworks/pan-chainguard

0.3.0

12 Jun 18:16
@kevinsteves kevinsteves
v0.3.0
9c06726
Compare
Choose a tag to compare
0.3.0 Latest
Latest

  • guard.py: Cache certificate names so we can use a single API request
    to enable them as trusted root CAs.

  • guard.py: When device is panorama and template specified, perform
    partial commit with template scope.

  • chain.py: Also retry download on 503 Service Unavailable.

  • guard.py: Fix partial commit using specific admin. In the XML cmd
    document, needs to be within container.

  • guard.py: Simplify Xpath() class.

  • admin-guide.rst:

    chainguard-api admin profile does require type=op because we use
    synchronous commit in pan.xapi which uses 'show jobs id id-num' to
    check job status.

  • guard.py: Fix use of panorama from removal of global.

Assets 3

0.2.0

30 May 16:43
@kevinsteves kevinsteves
v0.2.0
6c7fe39
Compare
Choose a tag to compare
0.2.0

  • guard.py: Add support for import to Panorama Template shared device
    certificates.

  • chain.py:

    Change 'Server Authentication' not in 'Derived Trust Bits' check to
    a warning. Safer to leave these valid until we can research this
    more.

  • Documentation improvements and fixes:

    • type=op not needed in admin role profile.

    • Add admin role profile for Panorama.

    • Document intermediate certificate name pattern.

    • There is a single All Certificate Information (root and
      intermediate) in CCADB (CSV)       data file now.

Assets 3

0.1.0

09 Apr 19:29
@kevinsteves kevinsteves
v0.1.0
35dcbc0
Compare
Choose a tag to compare
0.1.0

  • fling.py, chain.py, guard.py, admin-guide.rst:

    Add --debug argument and use args.debug for all debugging related
    output, and be consistent in use of args.verbose for verbose output
    (e.g., progress messages).

  • chain.py:

    • Log when a CA certificate is not in any of Apple, Google Chrome,
      Microsoft, Mozilla root stores.
    • Log when 0 intermediates found for a CA certificate.

  • chain.py:

    Add message when all certificate chains were downloaded
    successfully.

  • chain.py:

    • Display PAN-OS certificates not in CCADB and consider them
      invalid, because we will not find intermediate certificate chains
      for these.
    • Output invalid PAN-OS certificate messages to stderr.
    • Display total invalid PAN-OS certificates found.

  • chain.py: Fix invalid path in error.

  • chain.py: Print download error to stderr.

  • chain.py: Also retry on status code 502, 504.

  • chain.py: Improve some messages.

  • chain.py:

    Since we don't use xapi.export_result 'file', check 'content'
    instead. There is currently an issue in pan.xapi export() where
    filename can be None. Fixes a bug where certificate names with
    parentheses were not saved to the archive.

  • chain.py: exit with status 2 when there are download failures.

  • chain.py:

    • Fix missing value for format string.
    • Change message to Error.

  • Documentation improvements and fixes.

Assets 3

0.0.0

15 Mar 19:24
@kevinsteves kevinsteves
v0.0.0
2cd968a
Compare
Choose a tag to compare
0.0.0
  • Initial release.
Assets 3