Hi, I would like to merge support for Palo Alto Network's firewall appliances to the master branch. Development for this has been done by Will Stevens at CloudOps on branch [1].
There was an introduction [2], a proposal [3], and a discussion [4] on the mailing list regarding this feature. Checklist: Jira ticket for the feature is here [5]. The FS can be found at [6]. Unit tests for the feature are available at [7] and [8]. I have developed the unit tests with a flag to output additional detail in the console [9]. Here is the result of the tests without detail [10] and here is the result of the tests with detail [11]. This plugin communicates to the Palo Alto Networks firewall appliances through an API documented at [12] with a training manual [13]. This plugin depends on a modification to core to remove a limitation which was discussed here [14], with this jira issue [15] and has been approved here [16]. This plugin is being reviewed at [17] according to this patch [18]. There are no 3rd party libraries needed for this plugin, however it does depend on a 3rd party API [12][13] to orchestrate the configuration on the appliance. The plugin is currently being built via the 'nonoss' flag. It should be moved into either the 'noredist' or core because it appears that 'nonoss' will be going away [19] and 'noredist' has been merged [20]. I would appreciate input on which build this should be put into given its interaction with an 3rd party appliance. Here are the slides for a presentation [21] given about this integration at the CloudStack Collaboration Conference in Santa Clara, CA. [1] https://github.com/cloudops/cs_palo_alto/tree/palo_alto [2] http://markmail.org/message/hukydzwkec3dwuxq?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto [3] http://markmail.org/message/odbg2icft7esj3ut?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto [4] http://markmail.org/message/n5276i4hfh7ek57o?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+Palo+Alto [5] https://issues.apache.org/jira/browse/CLOUDSTACK-1275 [6] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Palo+Alto+Firewall+Integration [7] https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java [8] https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/MockablePaloAltoResource.java [9] https://github.com/cloudops/cs_palo_alto/blob/palo_alto/plugins/network-elements/palo-alto/test/com/cloud/network/resource/PaloAltoResourceTest.java#L156 [10] https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_without_logging.txt?version=1&modificationDate=1383248404474 [11] https://cwiki.apache.org/confluence/download/attachments/30753712/palo_alto_tests_with_logging.txt?version=1&modificationDate=1383248432061 [12] https://cwiki.apache.org/confluence/download/attachments/30753712/XML-API-5-1.0-RevA.pdf?version=1&modificationDate=1366305634000 [13] https://cwiki.apache.org/confluence/download/attachments/30753712/XML_API_Training.pdf?version=1&modificationDate=1366305635000 [14] http://markmail.org/message/374hyn7ko6zrb2cf?q=list:org%2Eapache%2Eincubator%2Ecloudstack-%2A+supported+source+nat+types [15] https://issues.apache.org/jira/browse/CLOUDSTACK-4991 [16] https://reviews.apache.org/r/15047/ [17] https://reviews.apache.org/r/15050/ [18] https://reviews.apache.org/r/15050/diff/ [19] http://markmail.org/message/37qcg4lgudmf57ws?q=DISCUSS%5D+rename+nonoss+to+noredist [20] http://markmail.org/message/zqkiuod5qabcyra6?q=%5BMERGE%5D+changing+nonoss+to+noredist [21] https://cwiki.apache.org/confluence/download/attachments/30753712/CS_PA_Integration.pptx?version=1&modificationDate=1383250830719 Cheers, Will
