Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(firewall_proxy/is_panorama_connected): Added fix for panorama check for FWs in version PAN-OS 11 or later #159

Merged
merged 5 commits into from
Mar 7, 2024
Merged

fix(firewall_proxy/is_panorama_connected): Added fix for panorama check for FWs in version PAN-OS 11 or later #159

merged 5 commits into from
Mar 7, 2024

Conversation

horiagunica
Copy link
Collaborator

Description

This PR closes #158 .

FWs in PAN-s 11.0 and later removed a line from the show panorama-status op command output:

Pre-version 11.0:

<Panorama Server 1 : 10.10.10.5
    Connected     : yes
    HA state      : Active

Panorama Server 2 : 10.10.10.6
    Connected     : yes
    HA state      : Passive>.

Version >=11.0:

<Panorama Server 1 : 10.10.10.5
    Connected     : yes
    HA state      : Active
Panorama Server 2 : 10.10.10.6
    Connected     : yes
    HA state      : Passive>.

This resulted in two different list lengths that did no match the condition properly.

Motivation and Context

Support for PAN-OS >=11.0 for is_panorama_connected check .

How Has This Been Tested?

Local Example with two different versions:

python3 run_readiness_checks.py -d <pan_os_v11> -u admin -p <MY_PASS>
['Panorama Server 1 : 10.10.10.5', '    Connected     : yes', '    HA state      : Active', 'Panorama Server 2 : 10.10.10.6', '    Connected     : yes', '    HA state      : Passive']
 panorama:
   | state: True
   | reason: [SUCCESS]
True [SUCCESS]

python3 run_readiness_checks.py -d <pan_os_v10.2> -u admin -p <MYP_PASS>
['Panorama Server 1 : 10.10.10.5', '    Connected     : yes', '    HA state      : Active', '', 'Panorama Server 2 : 10.10.10.6', '    Connected     : yes', '    HA state      : Passive']
 panorama:
   | state: True
   | reason: [SUCCESS]
False [FAIL] Peer device is not in active or passive state.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes if appropriate.
  • All new and existing tests passed.

@horiagunica horiagunica force-pushed the panorama_connected_v11_fix branch from ac393f9 to a21ea3f Compare March 4, 2024 13:39
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024
edited
Loading

Coverage report

Click to see where and how coverage changed

FileStatementsMissingCoverageCoverage
(new stmts)		Lines missing
  panos_upgrade_assurance
  firewall_proxy.py
Project Total  

This report was generated by python-coverage-comment-action

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

A Preview PR in PanDev repo has been created. You can view it here.

@horiagunica horiagunica requested a review from alperenkose March 6, 2024 10:30
adambaumeister
adambaumeister reviewed Mar 6, 2024
View reviewed changes
Copy link
Collaborator

@adambaumeister adambaumeister left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we're not just doing a simple re.search('connected: yes') here?

@horiagunica
Copy link
Collaborator Author

I see no reason not to :) - refactored the code - please have a look.

@horiagunica horiagunica requested a review from alperenkose March 6, 2024 18:15
alperenkose
alperenkose approved these changes Mar 6, 2024
View reviewed changes
Copy link
Collaborator

@alperenkose alperenkose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏻

adambaumeister
adambaumeister approved these changes Mar 6, 2024
View reviewed changes
Copy link
Collaborator

@adambaumeister adambaumeister left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only comment I have here is that this will fail if there are two panorama's present and one isn't connected but the other is. This is probably the behavior we want anyway :)

@horiagunica horiagunica merged commit e617dbc into main Mar 7, 2024
7 checks passed
@horiagunica horiagunica deleted the panorama_connected_v11_fix branch March 7, 2024 09:45
github-actions bot pushed a commit that referenced this pull request Mar 7, 2024
@semantic-release-bot
chore(release): 0.3.4
2f63295 
## [0.3.4](v0.3.3...v0.3.4) (2024-03-07)

### Features

* bgp peers snapshot comparison ([#154](#154)) ([4fec622](4fec622))

### Bug Fixes

* calculate_diff_on_dicts to Support Integer Values for ARP Table ttl ([#153](#153)) ([47ebea5](47ebea5))
* **firewall_proxy/is_panorama_connected:** Added fix for panorama check for FWs in version PAN-OS 11 or later ([#159](#159)) ([e617dbc](e617dbc))
* route snapshot missing entries fix ([#146](#146)) ([d946462](d946462))
@horiagunica
Copy link
Collaborator Author

🎉 This PR is included in version 0.3.4 🎉

The release is available on PyPI and GitHub release

Posted by semantic-release bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adambaumeister adambaumeister adambaumeister approved these changes

@alperenkose alperenkose alperenkose approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Panorama connectivity check parsing issue for pan-os >=11.1
3 participants
@horiagunica @alperenkose @adambaumeister