fix(panos.policies.SecurityRule): hip-profiles removed from v10.1.5+ (

#442) Fixies #441
PaloAltoNetworks · Apr 11, 2022 · ab4d088 · ab4d088
1 parent 256349c
commit ab4d088
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: clean-pyc clean-build docs clean
+.PHONY: clean-pyc clean-build docs clean local-setup
 
 help:
 	@echo "clean - remove all build, test, coverage and Python artifacts"
@@ -16,6 +16,7 @@ help:
 	@echo "release - package and upload a release"
 	@echo "dist - package"
 	@echo "sync-deps - save dependencies to requirements.txt"
+	@echo "local-setup - sets up a linux or macos local directory for contribution by installing poetry and requirements"
 
 clean: clean-build clean-pyc clean-test clean-docs
 
@@ -57,6 +58,9 @@ check-format:
 test:
 	pytest
 
+test-simple:
+	pytest --disable-warnings
+
 test-all:
 	tox
 
@@ -80,3 +84,14 @@ sync-deps:
 	poetry export -f requirements.txt > requirements.txt
 	dephell deps convert
 	black setup.py
+
+local-setup:
+ifeq ($(wildcard ~/.local/bin/poetry),)
+	@echo "installing poetry"
+	curl -sSL https://install.python-poetry.org | python3 -
+else
+	@echo "poetry installation found"
+endif
+	~/.local/bin/poetry install
+
+
diff --git a/panos/policies.py b/panos/policies.py
@@ -311,7 +311,7 @@ class SecurityRule(VersionedPanObject):
         tozone (list): To zones
         source (list): Source addresses
         source_user (list): Source users and groups
-        hip_profiles (list): GlobalProtect host integrity profiles
+        hip_profiles (list): (PAN-OS 10.1.4-) GlobalProtect host integrity profiles
         destination (list): Destination addresses
         application (list): Applications
         service (list): Destination services (ports) (Default:
@@ -388,6 +388,14 @@ def _setup(self):
                 )
             )
 
+        # 10.1.5 drops support for hip-profiles,
+        # so we want to make sure we don't include it in the request
+        # body that we send to the api
+        for param in params:
+            if param.name == "hip_profiles":
+                param.add_profile("10.1.5", exclude=True)
+                break
+
         params.append(
             VersionedParamPath(
                 "service",

diff --git a/tests/test_versioning.py b/tests/test_versioning.py
@@ -302,5 +302,22 @@ def test_add_profile_raises_error_on_adding_lower_version_after_adding_a_higher_
         self.assertRaises(ValueError, self.obj.add_profile, "5.5.5", "foo")
 
 
+def test_security_rule_hip_profiles():
+    "security rules on 10.1.5 should not have hip-profiles"
+    rule = panos.policies.SecurityRule(
+        name="test_rule", source=["0.0.0.0/0"], destination=["0.0.0.0/0"],
+    )
+    rule._UNKNOWN_PANOS_VERSION = (10, 1, 5)
+    st = rule.element_str(False).decode()
+    assert "<hip-profiles>" not in st
+
+    rule = panos.policies.SecurityRule(
+        name="test_rule", source=["0.0.0.0/0"], destination=["0.0.0.0/0"],
+    )
+    rule._UNKNOWN_PANOS_VERSION = (9, 0, 0)
+    st = rule.element_str(False).decode()
+    assert "<hip-profiles><member>any</member></hip-profiles>" in st
+
+
 if __name__ == "__main__":
     unittest.main()