- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-15-2022 06:51 AM
Hi,
I was wondering if I'm using the edit security post-rule endpoint correctly or I'm missing something here.
I am sending an HTTP PUT request to the panorama to update an existing security rule, but according to the documentation, if I want to update a single field (say the Source Address list), I need to send in the payload all the other fields that are already configured on the rule, even though I'm not changing them. I tried sending the PUT request with just the source field, bit I got a response that I'm missing required fields.
Is this the normal behaviour of the edit endpoint? It's treating it the same way as the Add endpoint (POST Create a Security Post Rule). Any way I can use that endpoint by just sending the field I need to update and not every single field configured on the rule that I'm not editing?
An example of the PUT request sent that failed cause of missing fields:
requests.put(url="https://{{host}}/restapi/v9.1/Policies/SecurityPostRules?location=device-group&device-group={{dg_name}}&name={{rule_name}}", headers={"X-PAN-KEY": "{{key}}"}, data={"entry": {\"@name\": "{{rule_name}}", "source": {"member": ["NEW_ADDR_GRP"]}}}, verify=False)
And we get this response:
{"code":3,"message":"Invalid Object","details":[{"@type":"CauseInfo","causes":[{"code":12,"module":"panui_mgmt","description":"Invalid Object: {{rule_name}} is missing 'from'."}]}])
When I add "from" to the pauload I get i'm missing "to", and this goes on until I have all the required fields from the Create endpoint in the payload, but it overwrites the optional fields that I did not include in my Edit payload.
Thanks
09-13-2022 05:01 AM
Hi @abedJawhar, yes, this is expected behaviour for a PUT in a RESTful API, where PUT methods normally expect the entire definition of a resource, because it replaces the resource definition. This is useful to maintain idempotent operations amongst other reasons. The PAN-OS REST API works in the same way with the PUT-based methods. It would be best to, in your code, do a GET first, modify the resource, then do a PUT.
A feature request for future would be a PATCH-based HTTP method for the PAN-OS REST API to be able to provide partial resource definitions.
09-13-2022 05:01 AM
Hi @abedJawhar, yes, this is expected behaviour for a PUT in a RESTful API, where PUT methods normally expect the entire definition of a resource, because it replaces the resource definition. This is useful to maintain idempotent operations amongst other reasons. The PAN-OS REST API works in the same way with the PUT-based methods. It would be best to, in your code, do a GET first, modify the resource, then do a PUT.
A feature request for future would be a PATCH-based HTTP method for the PAN-OS REST API to be able to provide partial resource definitions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!