Home
pan-scm-sdk: Python SDK to manage Palo Alto Networks Strata Cloud Manager
Documentation : https://cdot65.github.io/pan-scm-sdk/
Source Code : https://github.com/cdot65/pan-scm-sdk
pan-scm-sdk is a Python SDK for Palo Alto Networks Strata Cloud Manager.
Installation
Requirements:
- Python 3.10 or higher
Install the package via pip:
pip install pan-scm-sdk
Quick Example
from scm.client import Scm
# Initialize the unified client (handles all object types through a single interface)client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Work with Address objectsaddresses = client.address.list(folder="Texas")
print(f"Found {len(addresses)} addresses")
# Fetch a specific addressmy_address = client.address.fetch(name="web-server", folder="Texas")
print(f"Address details: {my_address.name}, {my_address.ip_netmask}")
# Update the addressmy_address.description = "Updated via unified client"
updated_address = client.address.update(my_address)
# Work with Internal DNS Serversdns_server = client.internal_dns_servers.create({
"name": "main-dns-server",
"domain_name": ["example.com", "internal.example.com"],
"primary": "192.168.1.10",
"secondary": "192.168.1.11"
})
print(f"Created DNS server: {dns_server.name}")
# List all DNS serversdns_servers = client.internal_dns_servers.list()
print(f"Found {len(dns_servers)} DNS servers")
# Work with BGP Routingbgp_settings = client.bgp_routing.get()
print(f"Current BGP routing: {bgp_settings.backbone_routing}")
# Update BGP routing preferencesclient.bgp_routing.update({
"routing_preference": {"hot_potato_routing": {}},
"backbone_routing": "asymmetric-routing-with-load-share",
"accept_route_over_SC": True,
"outbound_routes_for_services": ["10.0.0.0/8"]
})
print("Updated BGP routing settings")
# Work with Network Locationslocations = client.network_location.list()
print(f"Found {len(locations)} network locations")
us_locations = client.network_location.list(continent="North America")
print(f"Found {len(us_locations)} locations in North America")
west_coast = client.network_location.fetch("us-west-1")
print(f"Location: {west_coast.display} ({west_coast.value})")
# Work with GlobalProtect Agent Versions (read-only)agent_versions = client.agent_versions.list()
print(f"Found {len(agent_versions)} GlobalProtect agent versions")
# Filter for specific versionsfiltered_versions = client.agent_versions.list(version="5.3")
print(f"Found {len(filtered_versions)} versions containing '5.3'")
# Work with Security Rulessecurity_rule = client.security_rule.fetch(name="allow-web", folder="Texas")
print(f"Security rule: {security_rule.name}, Action: {security_rule.action}")
# Work with NAT Rules - list with filteringnat_rules = client.nat_rule.list(
folder="Texas",
source_zone=["trust"]
)
print(f"Found {len(nat_rules)} NAT rules with source zone 'trust'")
# Work with Security Zonessecurity_zones = client.security_zone.list(folder="Texas")
print(f"Found {len(security_zones)} security zones")
# Work with Bandwidth Allocationsbandwidth_allocations = client.bandwidth_allocation.list()
print(f"Found {len(bandwidth_allocations)} bandwidth allocations")
# Create a new bandwidth allocationnew_allocation = client.bandwidth_allocation.create({
"name": "test-region",
"allocated_bandwidth": 100,
"spn_name_list": ["spn1", "spn2"],
"qos": {
"enabled": True,
"customized": True,
"profile": "test-profile",
"guaranteed_ratio": 0.5
}
})
print(f"Created bandwidth allocation: {new_allocation.name}")
# Delete a NAT ruleif nat_rules:
client.nat_rule.delete(nat_rules[0].id)
print(f"Deleted NAT rule: {nat_rules[0].name}")
# Make configuration changesclient.commit(
folders=["Texas"],
description="Updated address, DNS servers, BGP routing, and removed NAT rule",
sync=True
)
# Initialize the unified client (handles all object types through a single interface)client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Work with Address objectsaddresses = client.address.list(folder="Texas")
print(f"Found {len(addresses)} addresses")
# Fetch a specific addressmy_address = client.address.fetch(name="web-server", folder="Texas")
print(f"Address details: {my_address.name}, {my_address.ip_netmask}")
# Update the addressmy_address.description = "Updated via unified client"
updated_address = client.address.update(my_address)
# Work with Internal DNS Serversdns_server = client.internal_dns_servers.create({
"name": "main-dns-server",
"domain_name": ["example.com", "internal.example.com"],
"primary": "192.168.1.10",
"secondary": "192.168.1.11"
})
print(f"Created DNS server: {dns_server.name}")
# List all DNS serversdns_servers = client.internal_dns_servers.list()
print(f"Found {len(dns_servers)} DNS servers")
# Work with BGP Routingbgp_settings = client.bgp_routing.get()
print(f"Current BGP routing: {bgp_settings.backbone_routing}")
# Update BGP routing preferencesclient.bgp_routing.update({
"routing_preference": {"hot_potato_routing": {}},
"backbone_routing": "asymmetric-routing-with-load-share",
"accept_route_over_SC": True,
"outbound_routes_for_services": ["10.0.0.0/8"]
})
print("Updated BGP routing settings")
# Work with Network Locationslocations = client.network_location.list()
print(f"Found {len(locations)} network locations")
us_locations = client.network_location.list(continent="North America")
print(f"Found {len(us_locations)} locations in North America")
west_coast = client.network_location.fetch("us-west-1")
print(f"Location: {west_coast.display} ({west_coast.value})")
# Work with GlobalProtect Agent Versions (read-only)agent_versions = client.agent_versions.list()
print(f"Found {len(agent_versions)} GlobalProtect agent versions")
# Filter for specific versionsfiltered_versions = client.agent_versions.list(version="5.3")
print(f"Found {len(filtered_versions)} versions containing '5.3'")
# Work with Security Rulessecurity_rule = client.security_rule.fetch(name="allow-web", folder="Texas")
print(f"Security rule: {security_rule.name}, Action: {security_rule.action}")
# Work with NAT Rules - list with filteringnat_rules = client.nat_rule.list(
folder="Texas",
source_zone=["trust"]
)
print(f"Found {len(nat_rules)} NAT rules with source zone 'trust'")
# Work with Security Zonessecurity_zones = client.security_zone.list(folder="Texas")
print(f"Found {len(security_zones)} security zones")
# Work with Bandwidth Allocationsbandwidth_allocations = client.bandwidth_allocation.list()
print(f"Found {len(bandwidth_allocations)} bandwidth allocations")
# Create a new bandwidth allocationnew_allocation = client.bandwidth_allocation.create({
"name": "test-region",
"allocated_bandwidth": 100,
"spn_name_list": ["spn1", "spn2"],
"qos": {
"enabled": True,
"customized": True,
"profile": "test-profile",
"guaranteed_ratio": 0.5
}
})
print(f"Created bandwidth allocation: {new_allocation.name}")
# Delete a NAT ruleif nat_rules:
client.nat_rule.delete(nat_rules[0].id)
print(f"Deleted NAT rule: {nat_rules[0].name}")
# Make configuration changesclient.commit(
folders=["Texas"],
description="Updated address, DNS servers, BGP routing, and removed NAT rule",
sync=True
)
For more detailed usage instructions and examples, refer to the User Guide.
Contributing
Contributions are welcome and greatly appreciated. Visit the Contributing page for guidelines on how to contribute.
License
This project is licensed under the Apache 2.0 License - see the License page for details.