/pan-os-codegen

Generator for pango SDK and panos Terraform Provider

Primary LanguageGoMIT LicenseMIT

PAN-OS Code Generation Repository (pan-os-codegen)

Welcome to the PAN-OS Code Generation Repository! This repository provides tools for generating the pango SDK and the panos Terraform provider for Palo Alto Networks PAN-OS devices.

Overview

PAN-OS is the operating system for Palo Alto Networks next-generation firewalls and Panorama, providing advanced security features and capabilities. This repository aims to simplify the process of building and maintainging the Go SDK and Terraform provider.

The repository contains:

  • Spec files: Represent a normalised version of the PAN-OS XML schema.
  • Code generator: Generates the Pango SDK and the PAN-OS Terraform provider based on the spec files.

Roadmap

We are maintaining a public roadmap to help users understand when we will release new features, bug fixes and enhancements.

Getting Help

Open an issue on Github.

Usage

The code have run login in cmd/codegen directory, to run it with default option please use:

go run cmd/codegen/main.go

This command can be parametrizes using options:

  • -t/-type - operation type, default is to create both Terraform
    • mktp - create only Terraform provider
    • mksdk - create only PAN-OS SDK
  • config - specify path for the config file, default is cmd/codegen/config.yaml

Generate SDK

In order to use generated SDK code, go to directory defined in config.yaml e.g. ../generated/pango and execute example code:

go run cmd/codegen/main.go -t mksdk
cd ../generated/pango
PANOS_HOSTNAME='***' PANOS_USERNAME='***' PANOS_PASSWORD='***' go run example/main.go

Acceptance testing

The acceptance test suite creates real resources in a configured instance. We need to set the following environment variables in order to run an acceptance test against the PANOS provider.

# set up the Terraform plugin testing framework in acceptance testing mode
# explicitly to allow the creation of real resources using a provider
# See: https://developer.hashicorp.com/terraform/plugin/testing/acceptance-tests#requirements-and-recommendations
export TF_ACC=1

# Provider configurations
export PANOS_HOSTNAME=...

# if we have self-signed certificate for a testing instance
export PANOS_SKIP_VERIFY_CERTIFICATE=true

# API key
export PANOS_API_KEY=...

Consult this documentation page to obtain an API key. The same page mentions that:

If you have an existing key and generate another key for the same user, all existing sessions will end for the user and previous API sessions will be deleted.

This is the reason why we don't use user name and password for a provider configuration with the environment variables PANOS_USERNAME and PANOS_PASSWORD in the context of acceptance tests.

We can run the acceptance test suite with the following command.

$ go test ./test/... -v -count 1 -parallel 20  -timeout 180m