Awesome
PAN-OS Code Generation Repository (pan-os-codegen)
Welcome to the PAN-OS Code Generation Repository! This repository provides tools for generating
the pango SDK and
the panos
Terraform provider for Palo Alto Networks
PAN-OS devices.
Overview
PAN-OS is the operating system for Palo Alto Networks next-generation firewalls and Panorama, providing advanced security features and capabilities. This repository aims to simplify the process of building and maintainging the Go SDK and Terraform provider.
The repository contains:
- Spec files: Represent a normalised version of the PAN-OS XML schema.
- Code generator: Generates the Pango SDK and the PAN-OS Terraform provider based on the spec files.
Roadmap
We are maintaining a public roadmap to help users understand when we will release new features, bug fixes and enhancements.
Getting Help
Open an issue on Github.
Usage
The code have run login in cmd/codegen
directory, to run it with default option please use:
go run cmd/codegen/main.go
This command can be parametrizes using options:
-t/-type
- operation type, default is to create both Terraformmktp
- create only Terraform providermksdk
- create only PAN-OS SDK
config
- specify path for the config file, default iscmd/codegen/config.yaml
Generate SDK
In order to use generated SDK code, go to directory defined in config.yaml
e.g. ../generated/pango
and execute
example code:
go run cmd/codegen/main.go -t mksdk
cd ../generated/pango
PANOS_HOSTNAME='***' PANOS_USERNAME='***' PANOS_PASSWORD='***' go run example/main.go
Acceptance testing
The acceptance test suite creates real resources in a configured instance. We need to set the following environment variables in order to run an acceptance test against the PANOS provider.
# set up the Terraform plugin testing framework in acceptance testing mode
# explicitly to allow the creation of real resources using a provider
# See: https://developer.hashicorp.com/terraform/plugin/testing/acceptance-tests#requirements-and-recommendations
export TF_ACC=1
# Provider configurations
export PANOS_HOSTNAME=...
# if we have self-signed certificate for a testing instance
export PANOS_SKIP_VERIFY_CERTIFICATE=true
# API key
export PANOS_API_KEY=...
Consult this documentation page to obtain an API key. The same page mentions that:
If you have an existing key and generate another key for the same user, all existing sessions will end for the user and previous API sessions will be deleted.
This is the reason why we don't use user name and password for a provider configuration with the environment variables PANOS_USERNAME
and PANOS_PASSWORD
in the context of acceptance tests.
We can run the acceptance test suite with the following command.
$ go test ./test/... -v -count 1 -parallel 20 -timeout 180m