Address Group Configuration Object

The AddressGroup class provides functionality to manage address groups in Palo Alto Networks' Strata Cloud Manager. Address groups can be used to organize and manage collections of addresses either statically (by explicitly listing addresses) or dynamically (using tag-based filters).

Overview

Address groups are essential components in network security policy management, allowing you to:

• Create static groups with explicit lists of addresses
• Define dynamic groups that automatically update based on tag filters
• Organize addresses within folders, snippets, or devices
• Apply tags for better organization and management

Methods

Method	Description
create()	Creates a new address group
get()	Retrieves an address group by ID
update()	Updates an existing address group
delete()	Deletes an address group
list()	Lists address groups with optional filtering
fetch()	Retrieves a single address group by name

Creating Address Groups

The create() method allows you to create new address groups. You must specify either a static list of addresses or a dynamic filter, along with exactly one container type (folder, snippet, or device).

Example: Creating a Static Address Group

static_group = {
"name": "web_servers",
"description": "Web server group",
"static": ["example_website", "webserver_network"],
"folder": "Texas",
"tag": ["Python", "Automation"]
}

new_group = address_groups.create(static_group)
print(f"Created group: {new_group.name}")

Example: Creating a Dynamic Address Group

dynamic_group = {
"name": "python servers",
"description": "Python-based automation servers",
"dynamic": {
"filter": "'Python'"
},
"folder": "Texas",
"tag": ["Automation"]
}

new_group = address_groups.create(dynamic_group)
print(f"Created group: {new_group.name}")

Getting Address Groups

Use the get() method to retrieve an address group by its ID.

group_id = "d4d09614-55a3-4a94-911b-f1bbda353ca6"
group = address_groups.get(group_id)
print(f"Group Name: {group.name}")
print(f"Type: {'Dynamic' if 'dynamic' in group else 'Static'}")

Updating Address Groups

The update() method allows you to modify existing address groups.

# return an existing grouppython_server_group = address_groups.fetch(folder='Texas', name='python servers')
# perform the updatepython_server_group['description'] = 'updated description'
# push changes to the SCM APIupdated_group = address_groups.update(python_server_group)

print(f"Updated group: {updated_group.name}")

Deleting Address Groups

Use the delete() method to remove an address group.

group_id = "d4d09614-55a3-4a94-911b-f1bbda353ca6"
address_groups.delete(group_id)
print("Group deleted successfully")

Listing Address Groups

The list() method retrieves multiple address groups with optional filtering. You can filter the results using the following kwargs:

• types: List[str] - Filter by group types (e.g., ['static', 'dynamic'])
• values: List[str] - Filter by group values (static members or dynamic filter values)
• tags: List[str] - Filter by tags (e.g., ['Automation', 'Production'])

# List all groups in a foldergroups = address_groups.list(folder="Texas")
# List only static groupsstatic_groups = address_groups.list(
folder="Texas",
types=['static']
)
# List groups with specific valuesspecific_groups = address_groups.list(
folder="Texas",
values=['web_server1', 'web_server2']
)
# List groups with specific tagstagged_groups = address_groups.list(
folder="Texas",
tags=['Automation', 'Production']
)
# Combine multiple filtersfiltered_groups = address_groups.list(
folder="Texas",
types=['static'],
tags=['Production']
)
# Print the resultsfor group in groups:
print(f"Name: {group.name}")
print(f"Type: {'Dynamic' if group.dynamic else 'Static'}")

Fetching Address Groups

The fetch() method retrieves a single address group by name from a specific container.

# pass in the folder and name required parameters, will return a dictionary objectdag_group = address_groups.fetch(folder='Texas', name='DAG_test')
# print out the name of the group to the screenprint(f"Found group: {dag_group['name']}")

Full Workflow Example

Here's a complete example demonstrating the full lifecycle of an address group:

from scm.client import Scm
from scm.config.objects import Address, AddressGroup
# Initialize clientclient = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Initialize address and address group objectsaddresses = Address(client)
address_groups = AddressGroup(client)
# Create address object `test_network1`ao1 = {
"name": "test_network1",
"ip_netmask": "10.0.0.0/24",
"description": "Test network",
"folder": "Texas",
"tag": ["Automation"]
}
test_network1 = addresses.create(ao1)
# Create address object `test_network2`ao2 = {
"name": "test_network2",
"ip_netmask": "10.0.1.0/24",
"description": "Test network",
"folder": "Texas",
"tag": ["Automation"]
}
test_network2 = addresses.create(ao2)
# Create a new static grouptest_network_group = {
"name": "test_network_group",
"description": "Test networks",
"static": [test_network1.name, test_network2.name],
"folder": "Texas",
"tag": ["Automation"]
}

new_group = address_groups.create(test_network_group)
print(f"Created group: {new_group.name}")
# Fetch the group by namefetched_group = address_groups.fetch(
name="test_network_group",
folder="Texas"
)
# Modify the fetched groupfetched_group["description"] = "Updated test networks"
fetched_group["tag"] = ["Automation"]
# Update the groupaddress_groups.update(fetched_group)
# List all groupsgroups = address_groups.list(folder="Texas")
for group in groups:
print(f"Listed group: {group.name}")
# Clean upaddress_groups.delete(new_group.id)
print("Group deleted successfully")

Related Models

• AddressGroupCreateModel
• AddressGroupUpdateModel
• AddressGroupResponseModel