You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a static route exists on the firewall which references an interface, a full_delete() will fail on a different interface.
Expected behavior
full_delete() should complete without throwing an exception
Current behavior
A TypeError exception is thrown, such as:
File "/work/panos/network.py", line 595, in full_delete
elif "__iter__" in dir(obj.interface) and self in obj.interface:
TypeError: 'in ' requires string as left operand, not EthernetInterface
Possible solution
StaticRoute's interface attribute gets populated as a string, whereas the full_delete code appears to expect a list (which is the case for other objects such as VirtualRouter or Zone). Since the str type will also pass the __iter__ check, a more specific type check may be needed to avoid the in test that results at network.py:595.
Steps to reproduce
Minimal pan-os-python reproduction without a live firewall (StaticRoute is being added directly to Firewall for brevity but error still triggers with VirtualRouter):
This can be a really tricky situation to avoid since the StaticRoute that triggers the error is unrelated to the interface being changed. Routes targeted at interfaces rather than next-hops can be common in environments with IPSec tunnels, but the interface can also be present in addition to a next-hop for any static route.
Your Environment
Python 3.9.15
pan-os-python 1.7.3
The text was updated successfully, but these errors were encountered:
The following fixes the problem for me:
In version 1.8.0 in network.py line 594 from elif "__iter__" in dir(obj.interface) and self in obj.interface:
to elif "__iter__" in dir(obj.interface) and str(self) in obj.interface:
Describe the bug
If a static route exists on the firewall which references an interface, a full_delete() will fail on a different interface.
Expected behavior
full_delete() should complete without throwing an exception
Current behavior
A TypeError exception is thrown, such as:
File "/work/panos/network.py", line 595, in full_delete
elif "__iter__" in dir(obj.interface) and self in obj.interface:
TypeError: 'in ' requires string as left operand, not EthernetInterface
Possible solution
StaticRoute's interface attribute gets populated as a string, whereas the full_delete code appears to expect a list (which is the case for other objects such as VirtualRouter or Zone). Since the str type will also pass the __iter__ check, a more specific type check may be needed to avoid the in test that results at network.py:595.
Steps to reproduce
Minimal pan-os-python reproduction without a live firewall (StaticRoute is being added directly to Firewall for brevity but error still triggers with VirtualRouter):
Context
This can be a really tricky situation to avoid since the StaticRoute that triggers the error is unrelated to the interface being changed. Routes targeted at interfaces rather than next-hops can be common in environments with IPSec tunnels, but the interface can also be present in addition to a next-hop for any static route.
Your Environment
Python 3.9.15
pan-os-python 1.7.3
The text was updated successfully, but these errors were encountered: