Return a VSYS of 'shared' when a Firewall or Panorama object has no parent.

[paulowen]

I have updated pandevice/base.py to return a VSYS of 'shared' when a Firewall or Panorama object has no parent (None). This will allow for subsequent code to build the correct shared xpath for child objects of the Firewall/Panorama instance. I have also updated the base test to reflect this change.

Reading around, it seems the intent of project owners to deal with shared objects (services, addresses, etc) is to have them created as child objects of the Firewall/Panorama. I think this is sensible, so my logic with this fix is that given the target device has no parent, it cannot be a VSYS, so the default operative space should be Shared. Given pre-existing downstream code has the capability to act on the 'shared' VSYS, I hope this fix is appropriate. It is now working for me in a Panorama instance.

This 'may' relate to issue #96 and this fix will allow for correct advice for a resolution to issue PaloAltoNetworks/ansible-pan#44 of the ansible-pan project. It was also experiencing issues in trying to create shared objects in Panorama via ansible-pan which I have worked through in proposing this fix.

[niemesrw]

I think I'm running into an issue that these changes might fix? When trying to add a tag to panorama I see this error:

"msg": "Could not find schema node for xpath /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/tag\n"

In addition, it doesn't seem possible to add a "Shared" address object even when specifying Shared in my playbook:

"msg": "'Shared' device group not found in Panorama. Is the name correct?"

[btorresgil]

@shinmog is working on some changes to how xpath is generated which will improve shared objects. The issue to track it is: #96

[shinmog]

I appreciate you taking this on, @niemesrw but this should be fixed in develop now. I had to update all of the xpath stuff to account for template support.

[shinmog]

Closing as this should already be happening.