11-14-2018 06:13 AM
I am trying to achieve two things in Pandevice and am struggling.
1) I cannot automatically create a local firewall object with all of it's children.
I can create a fw object. I can then use it as a parent to manually refreshall the object types that are used as children. I cannot get this to work in a single function though, it looks like refresh() should do it - but it fails with an authorisation error. Has anyone been able to get this working?
2) I cannot create multiple local objects from an xml element without having to specify the names of all sub-elements.
I would like to be able to create all local objects, say all address groups and addresses, from an xml elemtent (an xml copy of a candidate config for example). I have been able to get this working with the fw object
I've tried using refresh(xml=blah) but this is called on self and requires the object to exist before I can refresh from the xml. I've tried using refresh_from_xml(xml=blah) but again this seems to require reference to self - which is what i'm trying to create.
All of this is just with a view to being able to easily translate objects between xml output and python classes easily to allow me to perform logical operations and backup services.
11-14-2018 07:55 AM
Hi Joe, thanks for reaching out, happy to help!
1) I cannot automatically create a local firewall object with all of it's children.
This is by intention. You mentioned you're trying to "perform logical operations and backup services." Device Framework (pandevice) is not intended to perform backups. This was a design decision early on because the FW and Panorama already have many reliable backup capabilities built in. Thus, Device Framework cannot pull every object type from a device all at once. This would be a huge operation with a lot of XML transfered and converted. Think of accidentally ending up with a config tree containing hundreds of VSYS containing tens of thousands of policy rules each. Then imagine that tree is out of date the first time someone makes a change in the GUI or via another script. One could easily shoot themselves in the foot with that kind of operation.
It is easy enough to `refreshall` the objects you intend to work on right before working on them. It keeps things well synced and scoped to the work being done, so that is the best way to operate.
Device Framework is intended for many use cases such as automation, configuration, and monitoring. But to perform backups, you should use the operational API calls for backups already built into the device. We'll try to clarify this in the documentation.
2) I cannot create multiple local objects from an xml element without having to specify the names of all sub-elements.
You're probably looking for the `refreshall_from_xml()` method which gets called by `refreshall()`.
This method is admitedly not as friendly as `refreshall` because it requires an instance of the class you're trying to refresh with the parent set correctly. The `refreshall` method does this for you, so you can check out the `refreshall` method for an example of how to use `refreshall_from_xml()`:
https://pandevice.readthedocs.io/en/latest/_modules/pandevice/base.html#PanObject.refreshall
11-14-2018 07:55 AM
Hi Joe, thanks for reaching out, happy to help!
1) I cannot automatically create a local firewall object with all of it's children.
This is by intention. You mentioned you're trying to "perform logical operations and backup services." Device Framework (pandevice) is not intended to perform backups. This was a design decision early on because the FW and Panorama already have many reliable backup capabilities built in. Thus, Device Framework cannot pull every object type from a device all at once. This would be a huge operation with a lot of XML transfered and converted. Think of accidentally ending up with a config tree containing hundreds of VSYS containing tens of thousands of policy rules each. Then imagine that tree is out of date the first time someone makes a change in the GUI or via another script. One could easily shoot themselves in the foot with that kind of operation.
It is easy enough to `refreshall` the objects you intend to work on right before working on them. It keeps things well synced and scoped to the work being done, so that is the best way to operate.
Device Framework is intended for many use cases such as automation, configuration, and monitoring. But to perform backups, you should use the operational API calls for backups already built into the device. We'll try to clarify this in the documentation.
2) I cannot create multiple local objects from an xml element without having to specify the names of all sub-elements.
You're probably looking for the `refreshall_from_xml()` method which gets called by `refreshall()`.
This method is admitedly not as friendly as `refreshall` because it requires an instance of the class you're trying to refresh with the parent set correctly. The `refreshall` method does this for you, so you can check out the `refreshall` method for an example of how to use `refreshall_from_xml()`:
https://pandevice.readthedocs.io/en/latest/_modules/pandevice/base.html#PanObject.refreshall
11-16-2018 01:36 AM
Hi btorresgil,
Thanks for coming back to me - wasn't sure i'd find anyone to talk to about the framework so this is very helpful. I should also note that the framework has been a real find for me, making my job much easier - so thanks again.
It's good to know that not pulling all children was a design decision. I hadn't read that anywhere so assumed I must have missed some way to do this.
I will experiment more with the refresh_from_xml method. A use case at the moment is to be able to populate, say, address-objects from 'show config' output. I have checked the jupyter notebook github project as well as the online docs, but examples for this method seem thin on the ground. Sounds like it should be easily possible with the right xpath params so I'll see if I can figure it out - but if you can give me a quick example of how you might call it that'd save me a few days 😉
Thanks
Joe
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
