nautobot / nautobot-plugin-chatops-panorama Goto Github PK

Environment

• Python version:
• Nautobot version:
• nautobot-chatops version:
• nautobot-plugin-chatops-panorama version:

Expected Behavior

After running /panorama sync-firewalls, the command /panorama packet-capture should work.

Observed Behavior

When running /panorama sync-firewalls, the primary IP is saved correctly, however I believe it pulls from Ethernet1/1, which may be the internal RFC1918 address. This command should account for any and all active interfaces with IP addresses assigned.

Because of this, /panorama packet-capture may not use the correct IP address to connect, as it connects directly to the device instead of through Panorama. This will affect other future commands that connect in a similar manner.

Steps to Reproduce

1. Run /panorama sync-firewalls
2. Run /panorama packet-capture with any valid values. Must connect to a firewall device where you normally connect through a different IP address than what's assigned as its primary IP in Nautobot (from sync-firewalls)

Environment

• Python version: 3.9.9
• Nautobot version: 1.2.8 via Docker Compose
• nautobot-chatops version: 1.7.0
• nautobot-plugin-chatops-panorama version: 1.1.0

Proposed Functionality

• Currently, the get-device-rules feature only returns rules configured locally on the managed firewalls.
• Ideally, as a plugin targeting Panorama specifically, the rules configured in Panorama and pushed to managed devices would also be included in the output from this function.

Use Case

• Most organisations using Panorama would push rules to firewalls from Panorama, as opposed to configure the rules locally on firewalls. Therefore, the usefulness of the get-device-rules would be dramatically increased by enhancing this feature.

Environment

• Nautobot version: . 1.1.0
• nautobot-chatops version: 1.5.0
• nautobot-plugin-chatops-panorama version: . 0.2.0

Proposed Functionality

The current command capture-traffic is the only command available that requires the Palo Alto devices to be properly configured in Nautobot.

With the migration of the sync-firewalls command over to the SSOT plugin, this command needs to be reworked to pull device info from Panorama instead of Nautobot.

As a side note, this may also resolve issue #89.

Use Case

Fully abstracts out reliance on Nautobot DCIM, as previously discussed and decided on.

Environment

• Python version: 3.9.9
• Nautobot version: 1.2.8 via Docker Compose
• nautobot-chatops version: 1.7.0
• nautobot-plugin-chatops-panorama version: 1.1.0

Expected Behavior

/panorama get-device-rules works even if there are managed devices (firewalls) which are disconnected

Observed Behavior

/panorama get-device-rules fails if there are one or more managed devices (firewalls) which are disconnected, with error message: *An internal error occurred: <SERIAL-NUMBER> not connected*

Steps to Reproduce

1. Install Nautobot and plugin components per instructions, and configure appropriately for Panorama access
2. Have at least one managed device be in "disconnected" state (for example, temporarily turn off a firewall)
3. Execute /panorama get-device-rules in Slack, observe the error message
4. Then ensure all devices are connected again, re-execute the slash command, and no error is observed

Prior to open sourcing, please add the following to the docs:

• Info in the About section
• Info about the app; currently it has the A plugin for Nautobot. from the cookie cutter
  • What the app is
  • What the app does
  • Why the app is useful, use cases, etc

Environment

• Python version: 3.6.13
• Nautobot version: 1.1.0
• nautobot-chatops version: 1.3.1
• nautobot-plugin-chatops-panorama version:

Expected Behavior

The next available OS's to display

Observed Behavior

If trying to pick an available option that isn't shown, and you click "Next...", you get this:

Hey @Matt Vitale, you've requested to upload menu_offset-99 to PA-VM.
Starting download now...
There was an issue uploading menu_offset-99 to PA-VM. version menu_offset-99 not available for download

Steps to Reproduce

1. Run /panorama upload-software
2. With more than 100 options to pick from, scroll to the bottom and select "Next..."

Environment

• Python version:
• Nautobot version:
• nautobot-chatops version:
• nautobot-plugin-chatops-panorama version:

Expected Behavior

It should work.

Observed Behavior

This error occurs:

 *An internal error occurred:
invalid literal for int() with base 10: 'tcp'* 

This command works when using the menu dropdown dialog box.

Steps to Reproduce

1. Run this command: /panorama validate-rule-exists PA-VM 10.0.50.100 10.0.20.20 tcp 636

Environment

• Python version:
• Nautobot version:
• nautobot-chatops version:
• nautobot-plugin-chatops-panorama version:

Expected Behavior

The command should work.

Observed Behavior

This error occurs:

 *An internal error occurred:
['“PA-VM” is not a valid UUID.']*

Steps to Reproduce

1. Run command /panorama validate-objects PA-VM all Demo

Environment

OS:

• Ubuntu 20.04.4 VM on GCP
• Docker version: 20.10.12, build e91ed57
• Docker Compose version: v2.2.3

Inside container:

• Python version: 3.9.9
• Nautobot version: 1.2.4 in Dockerfile, GUI/CLI reports: 5f65c8a48643 (v1.0.3)
• nautobot-chatops version: 1.6.0
• nautobot-plugin-chatops-panorama version: 1.0.0

Issue

In Slack:
a) Type /panorama get-device-rules and receive a drop-down list of Panorama's managed devices from which to select, then get the rules from that device

a) Error:

Or....

b) Type /panorama get-device-rules <managed-device-hostname>, then get the rules from that device

b) Empty rulebase:

Steps to Reproduce

1. Panorama 10.1.4 installed (HA pair) as VMs in ESXi
2. Nautobot installed using "docker compose" per instructions
3. Docker compose modified to include install of chatops plugin and Panorama chatops plugin, as well as custom TLS cert/key, and Slack as the chatops platform
4. Execute "slash commands" in Slack