Thanks Brian for this response. This is all looking good and thanks to you and your team/contributors for the work. I'm glad that PA has this on the radar and is working on improving the functionality of the Ansible modules. My concern over 3rd party libraries was that with the Ansible modules being dependant on them, a change to either pandevice or pan-python could break the Ansible module and that would leave customers 'stuck' waiting on a fix. If we decide to go the Ansible route for automation, there is a significant time and cost investment involved in it - we would not want to develop and deploy automation solutions that could work one day and then not another. Remember, most of us are net-sec engineers and not developers - this is new ground for a lot of us and it has to work all the time to sell it to management and other engineers. As for the support question - I understand that Github works and is best effort - but to reiterate my statement above - if significant time and cost is sunk into an automation solution, enterprise customers should be able to reach qualified support options other than best effort. I guess the ask is to have a resource that TAC can reach if we have a problem with this. What we're seeing on the customer side is a push from vendors to automate (we were at Ignite and Ansiblefest - automation was definitely a topic for PA) - but we're not seeing enterprise level support options (even if it was added paid for). I'll work on developing my wish list for new modules as well. Thanks.
... View more