[panOS] Add Security Rule does not take list as paramter (#27040)

* Change source_user arg to list

* Update yml file

* Update yml changes to pan-os and panorama

* Update release notes

* Update 1_17_5.md

* Rename 1_17_5.md to 1_17_6.md

* Delete 1_17_6.md

* Update RN

* Add UT for PR changes

* Update README.md

* Update Packs/PAN-OS/ReleaseNotes/1_17_6.md

Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>

* Version bump

* Update docker image

* Update RN

---------

Co-authored-by: Guy Afik <53861351+GuyAfik@users.noreply.github.com>

Packs/PAN-OS/Integrations/Panorama/Panorama.py

@@ -629,7 +629,7 @@ def set_xpath_network(template: str = None) -> Tuple[str, Optional[str]]:
 def prepare_security_rule_params(api_action: str = None, rulename: str = None, source: Any = None,
                                  destination: Any = None, negate_source: str = None,
                                  negate_destination: str = None, action: str = None, service: List[str] = None,
-                                 disable: str = None, application: List[str] = None, source_user: str = None,
+                                 disable: str = None, application: List[str] = None, source_user: List[str] = None,
                                  category: List[str] = None, from_: str = None, to: str = None, description: str = None,
                                  target: str = None, log_forwarding: str = None,
                                  disable_server_response_inspection: str = None, tags: List[str] = None,
@@ -652,7 +652,7 @@ def prepare_security_rule_params(api_action: str = None, rulename: str = None, s
         + add_argument_list(destination, 'destination', True, True)
         + add_argument_list(application, 'application', True)
         + add_argument_list(category, 'category', True)
-        + add_argument_open(source_user, 'source-user', True)
+        + add_argument_list(source_user, 'source-user', True)
         + add_argument_list(from_, 'from', True, True)  # default from will always be any
         + add_argument_list(to, 'to', True, True)  # default to will always be any
         + add_argument_list(service, 'service', True, True)
@@ -3651,7 +3651,7 @@ def panorama_create_rule_command(args: dict):
     disable = args.get('disable')
     categories = argToList(args.get('category'))
     application = argToList(args.get('application'))
-    source_user = args.get('source_user')
+    source_user = argToList(args.get('source_user'))
     disable_server_response_inspection = args.get('disable_server_response_inspection')
     description = args.get('description')
     target = args.get('target')

Packs/PAN-OS/Integrations/Panorama/Panorama.yml

@@ -1595,12 +1595,12 @@ script:
       - Yes
       - No
     - defaultValue: any
-      description: A comma-separated list of application object names for the rule. to create.
+      description: A comma-separated list of application object names for the rule to create.
       isArray: true
       name: application
-    - defaultValue: any
-      description: The source user for the rule to create.
+    - description: A comma-separated list of source users for the rule to create.
       name: source_user
+      isArray: true
     - auto: PREDEFINED
       description: The pre-rule or post-rule (Panorama instances).
       name: pre_post
@@ -5027,12 +5027,12 @@ script:
       - Yes
       - No
     - defaultValue: any
-      description: A comma-separated list of application object names for the rule. to create.
+      description: A comma-separated list of application object names for the rule to create.
       isArray: true
       name: application
-    - defaultValue: any
-      description: The source user for the rule to create.
+    - description: A comma-separated list of source users for the rule to create.
       name: source_user
+      isArray: true
     - auto: PREDEFINED
       description: The pre-rule or post-rule (Panorama instances).
       name: pre_post
@@ -9656,7 +9656,7 @@ script:
       required: true
     description: Deletes a tag from Panorama.
     name: pan-os-delete-tag
-  dockerimage: demisto/pan-os-python:1.0.0.61510
+  dockerimage: demisto/pan-os-python:1.0.0.62889
   feed: false
   isfetch: true
   longRunning: false

Packs/PAN-OS/Integrations/Panorama/Panorama_test.py

@@ -738,13 +738,37 @@ def test_prettify_logs():
 
 
 prepare_security_rule_inputs = [
+    ('after', 'test_rule_name', ['user1'], '<source-user><member>user1</member></source-user>'),
+    ('after', 'test_rule_name', ['user1,user2'], '<source-user><member>user1,user2</member></source-user>'),
+]
+
+
+@pytest.mark.parametrize('where, dst, source_user, expected_result', prepare_security_rule_inputs)
+def test_prepare_security_rule_params(where, dst, source_user, expected_result):
+    """
+    Given:
+     - valid arguments for the prepare_security_rule_params function
+
+    When:
+     - running the prepare_security_rule_params utility function
+
+    Then:
+     - a valid security rule dictionary is returned.
+    """
+    from Panorama import prepare_security_rule_params
+    params = prepare_security_rule_params(api_action='set', action='drop', destination=['any'], source=['any'],
+                                          rulename='test', where=where, dst=dst, source_user=source_user)
+    assert expected_result in params.get('element', '')
+
+
+prepare_security_rule_fail_inputs = [
     ('top', 'test_rule_name'),
     ('bottom', 'test_rule_name'),
 ]
 
 
-@pytest.mark.parametrize('where, dst', prepare_security_rule_inputs)
-def test_prepare_security_rule_params(where, dst):
+@pytest.mark.parametrize('where, dst', prepare_security_rule_fail_inputs)
+def test_prepare_security_rule_params_fail(where, dst):
     """
     Given:
      - a non valid arguments for the prepare_security_rule_params function

Packs/PAN-OS/Integrations/Panorama/README.md

@@ -2315,7 +2315,7 @@ Creates a policy rule.
 | service | A comma-separated list of service object names for the rule. | Optional | 
 | disable | Whether to disable the rule. Can be "Yes" or "No" (default is "No"). | Optional | 
 | application | A comma-separated list of application object names for the rule. | Optional | 
-| source_user | Source user for the rule to create. | Optional | 
+| source_user | A comma-separated list of source users for the rule to create. | Optional | 
 | pre_post | Pre rule or Post rule (Panorama instances). | Optional | 
 | target | Specifies a target firewall for the rule (Panorama instances). | Optional | 
 | log_forwarding | Log forwarding profile. | Optional | 

Packs/PAN-OS/ReleaseNotes/1_17_7.md

@@ -0,0 +1,6 @@
+#### Integrations
+
+##### Palo Alto Networks PAN-OS
+
+- Updated the ***pan-os-create-rule*** command to support comma-separated list of values for the *source_user* argument.
+- Updated Docker image to *demisto/pan-os-python:1.0.0.62889*.

Packs/PAN-OS/pack_metadata.json

@@ -2,7 +2,7 @@
     "name": "PAN-OS by Palo Alto Networks",
     "description": "Manage Palo Alto Networks Firewall and Panorama. Use this pack to manage Prisma Access through Panorama. For more information see Panorama documentation.",
     "support": "xsoar",
-    "currentVersion": "1.17.6",
+    "currentVersion": "1.17.7",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",