Route Prefix List Models
Overview
The Route Prefix List models provide a structured way to represent and validate route prefix list configuration data for Palo Alto Networks' Strata Cloud Manager. Route prefix lists are used for prefix-based route filtering in BGP and OSPF routing policies. Each entry can match a specific network with optional greater-than-or-equal (ge) and less-than-or-equal (le) prefix length modifiers, or match any network using the special any keyword.
Models
The module provides the following Pydantic models:
RoutePrefixListBaseModel: Base model with fields common to all route prefix list operationsRoutePrefixListCreateModel: Model for creating new route prefix listsRoutePrefixListUpdateModel: Model for updating existing route prefix listsRoutePrefixListResponseModel: Response model for route prefix list operationsRoutePrefixListIpv4: IPv4 prefix list containerRoutePrefixListIpv4Entry: Individual IPv4 prefix list entryRoutePrefixListPrefix: Prefix configuration (oneOf:network"any" orentry)RoutePrefixListPrefixEntry: Prefix entry with network and optional ge/le
The RoutePrefixListBaseModel and RoutePrefixListCreateModel / RoutePrefixListUpdateModel use extra="forbid" configuration, which rejects any fields not explicitly defined in the model. The RoutePrefixListResponseModel uses extra="ignore" to provide resilience against unexpected fields returned by the API.
Model Attributes
RoutePrefixListBaseModel
This is the base model containing fields common to all route prefix list operations.
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
name | str | Yes | None | Filter prefix list name. |
description | str | No | None | Description. |
ipv4 | RoutePrefixListIpv4 | No | None | IPv4 prefix list configuration. |
folder | str | No** | None | Folder location. Pattern: ^[a-zA-Z\d\-_. ]+$. Max 64 chars. |
snippet | str | No** | None | Snippet location. Pattern: ^[a-zA-Z\d\-_. ]+$. Max 64 chars. |
device | str | No** | None | Device location. Pattern: ^[a-zA-Z\d\-_. ]+$. Max 64 chars. |
** Exactly one container (folder/snippet/device) must be provided for create operations
RoutePrefixListCreateModel
Inherits all fields from RoutePrefixListBaseModel and enforces that exactly one of folder, snippet, or device is provided during creation.
RoutePrefixListUpdateModel
Extends RoutePrefixListBaseModel by adding:
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
id | UUID | Yes | None | The unique identifier of the route prefix list |
RoutePrefixListResponseModel
Extends RoutePrefixListBaseModel by adding:
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
id | UUID | Yes | None | The unique identifier of the route prefix list |
The RoutePrefixListResponseModel uses extra="ignore" instead of extra="forbid". This means it will silently ignore any extra fields returned by the API that are not defined in the model, providing resilience against API changes.
Supporting Models
RoutePrefixListIpv4
IPv4 prefix list container holding the list of entries.
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
ipv4_entry | List[RoutePrefixListIpv4Entry] | No | None | IPv4 prefix list entries. |
RoutePrefixListIpv4Entry
Individual IPv4 prefix list entry with sequence number, action, and prefix matching.
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
name | int | No | None | Sequence number (1-65535). |
action | str | No | None | Action: deny or permit. Pattern: ^(deny|permit)$ |
prefix | RoutePrefixListPrefix | No | None | Prefix configuration. |
RoutePrefixListPrefix
Prefix configuration. Uses oneOf semantics: network and entry are mutually exclusive.
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
network | str | No* | None | Network keyword (must be any). Pattern: ^any$ |
entry | RoutePrefixListPrefixEntry | No* | None | Prefix entry with network address and optional ge/le. |
* network and entry are mutually exclusive.
RoutePrefixListPrefixEntry
Prefix entry with network address and optional ge/le modifiers.
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
network | str | No | None | Network address (e.g., "10.0.0.0/8"). |
greater_than_or_equal | int | No | None | Greater than or equal to prefix length (0-32). |
less_than_or_equal | int | No | None | Less than or equal to prefix length (0-32). |
Exceptions
The models perform strict validation and will raise ValueError in scenarios such as:
- When creating a route prefix list (
RoutePrefixListCreateModel), if not exactly one container (folder,snippet, ordevice) is provided. - When both
networkandentryare set inRoutePrefixListPrefix(mutually exclusive). - When an entry sequence number is outside the valid range (1-65535).
- When an entry action is not
denyorpermit. - When ge/le values are outside the valid range (0-32).
- When container identifiers (folder, snippet, device) do not match the required pattern or exceed the maximum length.
Model Validators
OneOf Validator in RoutePrefixListPrefix
- validate_prefix_type:
Ensures that
networkandentryare mutually exclusive. If both are set, it raises aValueError. A prefix can either match any network (usingnetwork: "any") or a specific prefix entry, but not both.
Container Validation in RoutePrefixListCreateModel
- validate_container_type:
After model initialization, this validator checks that exactly one of the container fields (
folder,snippet, ordevice) is provided. If not, it raises aValueError.
Usage Examples
Creating a Route Prefix List
Using a Dictionary
from scm.models.network import RoutePrefixListCreateModel
prefix_list_data = {
"name": "prefix-list-1",
"description": "Allow default and specific prefixes",
"ipv4": {
"ipv4_entry": [
{
"name": 10,
"action": "permit",
"prefix": {
"entry": {
"network": "10.0.0.0/8",
"greater_than_or_equal": 16,
"less_than_or_equal": 24,
},
},
},
{
"name": 20,
"action": "permit",
"prefix": {
"entry": {
"network": "172.16.0.0/12",
"greater_than_or_equal": 16,
"less_than_or_equal": 28,
},
},
},
{
"name": 100,
"action": "deny",
"prefix": {
"network": "any",
},
},
],
},
"folder": "Routing",
}
# Validate and create model instance
prefix_list = RoutePrefixListCreateModel(**prefix_list_data)
payload = prefix_list.model_dump(exclude_unset=True, by_alias=True)
print(payload)
Using the Model Directly
from scm.models.network import (
RoutePrefixListCreateModel,
RoutePrefixListIpv4,
RoutePrefixListIpv4Entry,
RoutePrefixListPrefix,
RoutePrefixListPrefixEntry,
)
# Build prefix list entries
entries = [
RoutePrefixListIpv4Entry(
name=10,
action="permit",
prefix=RoutePrefixListPrefix(
entry=RoutePrefixListPrefixEntry(
network="10.0.0.0/8",
greater_than_or_equal=16,
less_than_or_equal=24,
),
),
),
RoutePrefixListIpv4Entry(
name=100,
action="deny",
prefix=RoutePrefixListPrefix(network="any"),
),
]
# Create the prefix list
prefix_list = RoutePrefixListCreateModel(
name="prefix-list-2",
description="Specific prefix filtering",
ipv4=RoutePrefixListIpv4(ipv4_entry=entries),
folder="Routing",
)
payload = prefix_list.model_dump(exclude_unset=True, by_alias=True)
print(payload)
Updating a Route Prefix List
from scm.client import Scm
# Initialize client
client = Scm(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id",
)
# Fetch existing prefix list
existing = client.route_prefix_list.fetch(name="prefix-list-1", folder="Routing")
# Modify description
existing.description = "Updated prefix filtering rules"
# Pass modified object to update()
updated = client.route_prefix_list.update(existing)
print(f"Updated prefix list: {updated.name}")