Merge pull request #770 from swaschkut/main

publish version 2.1.13

CHANGELOG.txt

@@ -1,9 +1,44 @@
 CHANGELOG
 
-2.1.12
+2.1.13
+UTIL:
+* type=address | introduction of actions=upload-address-2cloudmanager:panorama.xml,DGname && actions=upload-addressgroup-2cloudmanager:panorama.xml,DGname
+* type=address actions=upload-address-2cloudmanager | extend validation if object name is already available
+* type=servicegroup-merger | introduce validation extension for childDG merger
+* type=rule-compare | exend with argument 'keepJSONfile1' and 'reuseJSONfile1'
+* type=rule-compare | introduce argument 'generateRuleHtmlFile'
+* type=servicegroup-merger | extend with childancestor validation
+* type=service actions=exporttoexcel:file.html | introduce additional arguments nestedmembers
+* type=XYZ actions=exporttoexcel:file.html | use single function to create spreadsheet content
+* type=dhcp | introduce actions=exporttoexcel:file.html
+* type=dhcp | improvement for actions=exporttoexcel
+* type=dhcp actions=display/exporttoexcel | extend with additional DHCP information
+* type=rule 'actions=exporttoexcel:file.html,resovleservicesummary' | extend with column service_resolve_nested/_name/_value/_location
+* type=service actions=exporttoexcel:file.html | correct predefined service-http/-https output
+* type=address/server actions=exporttoexcel:file.html,nestedmembers | extend with column nested members location
+* class Address - use $RuleReferenceLocation
+* type=zone | introduce 'filter=(interface is.set)'
+
+BUGFIX:
+* class Region | bugfix - introduce method type() - to handle "type=address actions="
+* type=address actions=move - bugifx/workaround - do not move region objects
+* type=addressgroup-merger | bugfix to check childancestor objects availability
+* type=addressgroup-merger | bugfix if multiple childDG has same objectgroup incl. value, but one differ; stop merging
+* class AddressGroup  | bugfix for method expand() - to correctly extract all submembers and their value for type=rule 'actions=exporttoexcel:file.html,resolveaddresssummary'
+* type=address actions=exporttoexcel:file.html | bugfix to crash for tmp objects
+* type=dhcp actions=exporttoexcel | bugfix to add correct template
+* class PH - workaround for none working API mode connector - discard setType()
+* class RULEUTIL - defaultSecurityRules not available in Fawkes Snippet
+* type=rule - actions=display/exporttoexcel:resolveaddresssummary | add new src/dst_resovled_sum - for better nested calculation
+
+GENERAL:
+* PAN-OS dynamic content update to version  8741-8213
+
+
+2.1.12 (20230731)
 UTIL:
 * type=bpa-generator | extend response output if not valid JSON
-* type=gcp | extend for mqsql usage and bring in mysql pw in type=key-manager
+* type=gcp | extend for mysql usage and bring in mysql pw in type=key-manager
 
 BUGFIX:
 * type=XYZ | in=api://{MGMT-IP} actions=name-rename - bugfix for API usage

lib/container-classes/AddressRuleContainer.php

@@ -189,7 +189,7 @@ public function API_remove($Obj, $forceAny = FALSE, $context = null)
     }
 
 
-    public function API_sync()
+    public function API_sync( $new = false )
     {
         $con = findConnectorOrDie($this);
 
@@ -210,7 +210,14 @@ public function API_sync()
             }
         }
         elseif( $con->isSaseAPI() )
-            $con->sendPUTRequest($this);
+        {
+            if( $new )
+                $con->sendCreateRequest($this);
+            else
+                $con->sendPUTRequest($this);
+        }
+
+
     }
 
     public function setAny()
@@ -616,7 +623,7 @@ public function getIP4Mapping( $RuleReferenceLocation = null )
             elseif( $member->isAddress() )
             {
                 /** @var Address $member */
-                $localMap = $member->getIP4Mapping();
+                $localMap = $member->getIP4Mapping( $RuleReferenceLocation );
                 $mapObject->addMap($localMap, TRUE);
             }
             elseif( $member->isGroup() )
@@ -633,7 +640,7 @@ public function getIP4Mapping( $RuleReferenceLocation = null )
             elseif( $member->isRegion() )
             {
                 /** @var Region $member */
-                $localMap = $member->getIP4Mapping();
+                $localMap = $member->getIP4Mapping( $RuleReferenceLocation );
                 $mapObject->addMap($localMap, TRUE);
             }
             else

lib/misc-classes/PH.php

@@ -182,7 +182,7 @@ function __construct($argv, $argc)
 
     private static $library_version_major = 2;
     private static $library_version_sub = 1;
-    private static $library_version_bugfix = 12;
+    private static $library_version_bugfix = 13;
 
     //BASIC AUTH PAN-OS 7.1
     public static $softwareupdate_key = "658d787f293e631196dac9fb29490f1cc1bb3827";
@@ -471,7 +471,8 @@ public static function &processIOMethod($str, $checkFileExists)
                         $host = $fileExplode[0];
                     }
                     $connector = PanAPIConnector::findOrCreateConnectorFromHost($host);
-                    $connector->setType($connector->info_deviceType);
+                    #swaschkut: not working 20230807
+                    #$connector->setType($connector->info_deviceType);
                 }
                 else
                 {

lib/misc-classes/PanSaseAPIConnector.php

@@ -41,6 +41,8 @@ class PanSaseAPIConnector
 
     public $url_token = "https://auth.apps.paloaltonetworks.com/oauth2/access_token";
     public $url_api = "https://api.sase.paloaltonetworks.com";
+    #public $url_api = "https://api.stratacloud.paloaltonetworks.com"; //identical to api.sase.paloaltonetworks.com but introduced on 20230801
+
 
     static public $folderArray = array(
         "All",
@@ -640,6 +642,7 @@ function importConfig($sub, $folder, $type, $jsonArray)
 
                         $tmp_addressgroup->setSaseID( $object['id'] );
                     }
+                    //elseif( isset($object['dynamic']) )
                 }
             }
             elseif( $type === "services" )
@@ -902,6 +905,26 @@ public function getDataFromObject( $object )
 
             $bodyArray['folder'] = $object->owner->owner->name();
 
+            return $bodyArray;
+        }
+        if( get_class( $object ) == "AddressGroup" )
+        {
+            //Sase-API
+
+            $bodyArray['description'] = $object->description();
+            $bodyArray['name'] = $object->name();
+            $bodyArray['folder'] = $object->owner->owner->name();
+            $memberArray = $object->members();
+            if( !$object->isDynamic() )
+            {
+                $bodyArray['static'] = array();
+                foreach($memberArray as $member)
+                    $bodyArray['static'][] = $member->name();
+            }
+            else
+                $bodyArray['dynamic']['filter'] = $object->filter;
+
+
             return $bodyArray;
         }
         elseif( get_class( $object ) == "Service" )

lib/misc-classes/filters/filters-Zone.php

@@ -471,4 +471,19 @@
         'input' => 'input/panorama-8.0.xml'
     )
 );
+
+RQuery::$defaultFilters['zone']['interface']['operators']['is.set'] = array(
+    'Function' => function (ZoneRQueryContext $context) {
+        $object = $context->object;
+
+        $interfaces = $object->attachedInterfaces->getAll();
+        if( count($interfaces) > 0)
+            return TRUE;
+        else
+            return FALSE;
+
+        return null;
+    },
+    'arg' => FALSE
+);
 // </editor-fold>

lib/misc-classes/trait/XmlConvertible.php

@@ -54,15 +54,21 @@ function &getChildXmlText_inline()
         return DH::domlist_to_xml($this->xmlroot->childNodes, -1, FALSE);
     }
 
-    public function API_sync()
+    public function API_sync( $new = false)
     {
         $xpath = DH::elementToPanXPath($this->xmlroot);
         $con = findConnectorOrDie($this);
 
         if( $con->isAPI() )
             $con->sendEditRequest($xpath, $this->getXmlText_inline());
         elseif( $con->isSaseAPI() )
-            $con->sendPUTRequest($this);
+        {
+            if( $new )
+                $con->sendCreateRequest($this);
+            else
+                $con->sendPUTRequest($this);
+        }
+
     }
 
 

lib/network-classes/Certificate.php

@@ -266,14 +266,13 @@ public function API_setName($newname)
             $c = findConnectorOrDie($this);
             $path = $this->getXPath();
 
+            $this->setName($newname);
             $c->sendRenameRequest($path, $newname);
         }
         else
         {
             mwarning('this is a temporary object, cannot be renamed from API');
         }
-
-        $this->setName($newname);
     }
 
     public function hasPublicKey()

lib/network-classes/DHCP.php

@@ -27,6 +27,11 @@ class DHCP
     /** @var DHCPStore */
     public $owner;
     public $server_leases = array();
+    public $server_ip_pool = array();
+    public $relay_ipv4 = array();
+    public $relay_ipv6 = array();
+    public $relay_ipv4_status = false;
+    public $relay_ipv6_status = false;
 
     /**
      * @param $name string
@@ -76,9 +81,69 @@ public function load_from_domxml($xml)
                         $tmp_mac = $tmp_mac_xml->textContent;
 
                         $this->server_leases[] = array( 'ip' => $tmp_IP, 'mac' => $tmp_mac );
-                        #PH::print_stdout("   * "."IP: ".$tmp_IP." | mac: ".$tmp_mac);
                     }
+                }
+            }
+
+            $tmp_ip_pool = DH::findFirstElement("ip-pool", $tmp_server);
+            if( $tmp_ip_pool !== false )
+            {
+                foreach( $tmp_ip_pool->childNodes as $entry )
+                {
+                    if( $entry->nodeType != XML_ELEMENT_NODE )
+                        continue;
+
+                    $this->server_ip_pool[] = $entry->textContent;
+                }
+            }
+                /*
+              <option>
+               <lease>
+                <unlimited/>
+               </lease>
+              </option>
+              <mode>auto</mode>
+             */
+        }
+        $tmp_relay = DH::findFirstElement("relay", $xml);
+        if( $tmp_relay !== false )
+        {
+            $tmp_relay_ipv4 = DH::findFirstElement("ip", $tmp_relay);
+            if( $tmp_relay_ipv4 !== false )
+            {
+                $tmp_enabled = DH::findFirstElement("enabled", $tmp_relay_ipv4);
+                if( $tmp_enabled->textContent == "yes" )
+                    $this->relay_ipv4_status = true;
 
+                $tmp_server = DH::findFirstElement("server", $tmp_relay_ipv4);
+                if( $tmp_server !== false )
+                {
+                    foreach( $tmp_server->childNodes as $entry )
+                    {
+                        if( $entry->nodeType != XML_ELEMENT_NODE )
+                            continue;
+
+                        $this->relay_ipv4[] = $entry->textContent;
+                    }
+                }
+            }
+            $tmp_relay_ipv6 = DH::findFirstElement("ipv6", $tmp_relay);
+            if( $tmp_relay_ipv6 !== false )
+            {
+                $tmp_enabled = DH::findFirstElement("enabled", $tmp_relay_ipv6);
+                if( $tmp_enabled->textContent == "yes" )
+                    $this->relay_ipv6_status = true;
+
+                $tmp_server = DH::findFirstElement("server", $tmp_relay_ipv6);
+                if( $tmp_server !== false )
+                {
+                    foreach( $tmp_server->childNodes as $entry )
+                    {
+                        if( $entry->nodeType != XML_ELEMENT_NODE )
+                            continue;
+
+                        $this->relay_ipv6[] = $entry->textContent;
+                    }
                 }
             }
         }

lib/network-classes/Zone.php

@@ -259,14 +259,13 @@ public function API_setName($newname)
             $c = findConnectorOrDie($this);
             $path = $this->getXPath();
 
+            $this->setName($newname);
             $c->sendRenameRequest($path, $newname);
         }
         else
         {
             mwarning('this is a temporary object, cannot be renamed from API');
         }
-
-        $this->setName($newname);
     }
 
     /**