Address Group Models

Overview

The Address Group models provide a structured way to manage address groups in Palo Alto Networks' Strata Cloud Manager. These models support both static and dynamic address groups, which can be defined in folders, snippets, or devices. The models handle validation of inputs and outputs when interacting with the SCM API.

Models

Model	Purpose
`DynamicFilter`	Represents dynamic filter with tag-based criteria
`AddressGroupBaseModel`	Base model with common fields for all operations
`AddressGroupCreateModel`	Model for creating new address groups
`AddressGroupUpdateModel`	Model for updating existing address groups
`AddressGroupResponseModel`	Model for API responses

All models use extra="forbid" configuration, which rejects any fields not explicitly defined in the model.

Attributes

Attribute	Type	Required	Default	Description
name	str	Yes	None	Name of the address group. Max length: 63 chars. Must match pattern: ^[a-zA-Z0-9_ .-]+$
description	str	No	None	Description of the address group. Max length: 1023 chars
tag	List[str]	No	None	List of tags. Each tag max length: 127 chars
dynamic	DynamicFilter	No*	None	Dynamic filter for group membership
static	List[str]	No*	None	List of static addresses. Min: 1, Max: 4096
folder	str	No**	None	Folder where group is defined. Max length: 64 chars
snippet	str	No**	None	Snippet where group is defined. Max length: 64 chars
device	str	No**	None	Device where group is defined. Max length: 64 chars
id	UUID	Yes***	None	UUID of the address group (response only)

* Either dynamic or static must be provided, but not both * Exactly one container type (folder/snippet/device) must be provided ** Only required for response model

DynamicFilter Model

The DynamicFilter model represents tag-based filter criteria for dynamic address groups.

Attribute	Type	Required	Default	Description
filter	str	Yes	None	Tag-based filter defining group membership. Max length: 1024 chars

Exceptions

The Address Group models can raise the following exceptions during validation:

ValueError: Raised in several scenarios:
When neither or both static and dynamic fields are provided
When multiple container types (folder/snippet/device) are specified
When no container type is specified for create operations
When tag values are not unique in a list
When tag input is neither a string nor a list

Model Validators

Address Group Type Validation

The models enforce that exactly one group type (static or dynamic) must be specified:

# This will raise a validation error
from scm.models.objects import AddressGroupCreateModel

# Error: both static and dynamic provided
try:
    group = AddressGroupCreateModel(
        name="invalid-group",
        static=["addr1"],
        dynamic={"filter": "'tag1'"},
        folder="Texas"
    )
except ValueError as e:
    print(e)  # "Exactly one of 'static' or 'dynamic' must be provided."

# Error: neither static nor dynamic provided
try:
    group = AddressGroupCreateModel(
        name="invalid-group",
        folder="Texas"
    )
except ValueError as e:
    print(e)  # "Exactly one of 'static' or 'dynamic' must be provided."

Container Type Validation

For create operations, exactly one container type must be specified:

# This will raise a validation error
try:
    group = AddressGroupCreateModel(
        name="invalid-group",
        static=["addr1"],
        folder="Texas",
        device="fw01"  # Can't specify both folder and device
    )
except ValueError as e:
    print(e)  # "Exactly one of 'folder', 'snippet', or 'device' must be provided."

Tag Validation

Tags must be unique and properly formatted:

# This will raise a validation error for duplicate tags
try:
    group = AddressGroupCreateModel(
        name="invalid-group",
        static=["addr1"],
        folder="Texas",
        tag=["web", "web"]  # Duplicate tags not allowed
    )
except ValueError as e:
    print(e)  # "List items must be unique"

# This will convert a single string tag to a list
group = AddressGroupCreateModel(
    name="valid-group",
    static=["addr1"],
    folder="Texas",
    tag="web"  # Will be converted to ["web"]
)

Usage Examples

Creating a Static Address Group

from scm.client import ScmClient

# Initialize client
client = ScmClient(
    client_id="your_client_id",
    client_secret="your_client_secret",
    tsg_id="your_tsg_id"
)

# Using dictionary
static_group_dict = {
    "name": "web-servers",
    "description": "Web server group",
    "static": ["web1", "web2", "web3"],
    "folder": "Texas",
    "tag": ["web", "production"]
}

response = client.address_group.create(static_group_dict)

Creating a Dynamic Address Group

# Using dictionary
dynamic_group_dict = {
    "name": "aws-instances",
    "description": "AWS EC2 instances",
    "dynamic": {
        "filter": "'aws-tag' and 'production'"
    },
    "folder": "Cloud",
    "tag": ["aws", "dynamic"]
}

response = client.address_group.create(dynamic_group_dict)

Updating an Address Group

# Fetch existing group
existing = client.address_group.fetch(name="web-servers", folder="Texas")

# Modify attributes using dot notation
existing.description = "Updated web server group"
existing.static = ["web1", "web2", "web3", "web4"]
existing.tag = ["web", "production", "updated"]

# Pass modified object to update()
updated = client.address_group.update(existing)