External Dynamic Lists Models
Overview
The External Dynamic Lists models provide a structured way to manage external dynamic lists in Palo Alto Networks' Strata Cloud Manager. These models support various types of dynamic lists including IP, domain, URL, IMSI, and IMEI lists, with configurable update intervals and authentication options.
Attributes
| Attribute | Type | Required | Default | Description |
|---|---|---|---|---|
| name | str | Yes | None | Name of the list. Max length: 63 chars. Must match pattern: ^[ a-zA-Z\d.-_]+$ |
| type | TypeUnion | Yes* | None | Type of dynamic list (predefined_ip, predefined_url, ip, domain, url, imsi, imei) |
| folder | str | No** | None | Folder where list is defined. Max length: 64 chars |
| snippet | str | No** | None | Snippet where list is defined. Max length: 64 chars |
| device | str | No** | None | Device where list is defined. Max length: 64 chars |
| id | UUID | Yes*** | None | UUID of the list (response only) |
| description | str | No | None | Description of the list. Max length: 255 chars |
| url | str | Yes | "http://" | URL for fetching list content |
| exception_list | List[str] | No | None | List of exceptions |
| certificate_profile | str | No | None | Client certificate profile name |
| auth | AuthModel | No | None | Username/password authentication |
| recurring | RecurringUnion | Yes | None | Update interval configuration |
| expand_domain | bool | No | False | Enable domain expansion (domain type only) |
* Required for non-predefined lists * Exactly one container type (folder/snippet/device) must be provided for create operations ** Required for response model when snippet is not "predefined"
Exceptions
The External Dynamic Lists models can raise the following exceptions during validation:
- ValueError: Raised in several scenarios:
- When no container type or multiple container types are specified for create operations
- When ID is missing for non-predefined response models
- When type is missing for non-predefined response models
- When invalid recurring interval configuration is provided
- When invalid URL format is provided
- When name pattern validation fails
Model Validators
Container Type Validation
For create operations, exactly one container type must be specified:
from scm.models.objects import ExternalDynamicListsCreateModel
# This will raise a validation errortry:
edl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
device="fw01", # Can't specify both folder and device
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"hourly": {}}
}}
)
except ValueError as e:
print(e) # "Exactly one of 'folder', 'snippet', or 'device' must be provided."
# This will raise a validation errortry:
edl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
device="fw01", # Can't specify both folder and device
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"hourly": {}}
}}
)
except ValueError as e:
print(e) # "Exactly one of 'folder', 'snippet', or 'device' must be provided."
Recurring Interval Validation
The models support various recurring update intervals:
# Five minute intervaledl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"five_minute": {}}
}}
)
# Daily at specific houredl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"daily": {"at": "23"}}
}}
)
# Weekly on specific day and timeedl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"weekly": {"day_of_week": "monday", "at": "12"}}
}}
)
name="blocked-ips",
folder="Shared",
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"five_minute": {}}
}}
)
# Daily at specific houredl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"daily": {"at": "23"}}
}}
)
# Weekly on specific day and timeedl = ExternalDynamicListsCreateModel(
name="blocked-ips",
folder="Shared",
type={"ip": {
"url": "http://example.com/blocked.txt",
"recurring": {"weekly": {"day_of_week": "monday", "at": "12"}}
}}
)
Usage Examples
Creating an IP List
from scm.config.objects import ExternalDynamicLists
# Using dictionaryip_list = {
"name": "blocked-ips",
"folder": "Shared",
"type": {
"ip": {
"description": "Blocked IP addresses",
"url": "http://example.com/blocked.txt",
"auth": {
"username": "user1",
"password": "pass123"
},
"recurring": {"hourly": {}}
}
}
}
edl = ExternalDynamicLists(api_client)
response = edl.create(ip_list)
# Using dictionaryip_list = {
"name": "blocked-ips",
"folder": "Shared",
"type": {
"ip": {
"description": "Blocked IP addresses",
"url": "http://example.com/blocked.txt",
"auth": {
"username": "user1",
"password": "pass123"
},
"recurring": {"hourly": {}}
}
}
}
edl = ExternalDynamicLists(api_client)
response = edl.create(ip_list)
Creating a Domain List
# Using model directlyfrom scm.models.objects import (
ExternalDynamicListsCreateModel,
DomainType,
DomainModel,
AuthModel,
HourlyRecurringModel
)
domain_list = ExternalDynamicListsCreateModel(
name="blocked-domains",
folder="Shared",
type=DomainType(
domain=DomainModel(
description="Blocked domains",
url="http://example.com/domains.txt",
auth=AuthModel(
username="user1",
password="pass123"
),
recurring=HourlyRecurringModel(hourly={}),
expand_domain=True
)
)
)
payload = domain_list.model_dump(exclude_unset=True)
response = edl.create(payload)
ExternalDynamicListsCreateModel,
DomainType,
DomainModel,
AuthModel,
HourlyRecurringModel
)
domain_list = ExternalDynamicListsCreateModel(
name="blocked-domains",
folder="Shared",
type=DomainType(
domain=DomainModel(
description="Blocked domains",
url="http://example.com/domains.txt",
auth=AuthModel(
username="user1",
password="pass123"
),
recurring=HourlyRecurringModel(hourly={}),
expand_domain=True
)
)
)
payload = domain_list.model_dump(exclude_unset=True)
response = edl.create(payload)
Updating a List
# Using dictionaryupdate_dict = {
"id": "123e4567-e89b-12d3-a456-426655440000",
"name": "blocked-ips-updated",
"type": {
"ip": {
"description": "Updated blocked IPs",
"url": "http://example.com/blocked-new.txt",
"recurring": {"daily": {"at": "12"}}
}
}
}
response = edl.update(update_dict)
"id": "123e4567-e89b-12d3-a456-426655440000",
"name": "blocked-ips-updated",
"type": {
"ip": {
"description": "Updated blocked IPs",
"url": "http://example.com/blocked-new.txt",
"recurring": {"daily": {"at": "12"}}
}
}
}
response = edl.update(update_dict)
Best Practices
-
List Management
- Use descriptive names for lists
- Document list purposes in descriptions
- Configure appropriate update intervals
- Monitor list update status
- Review exception lists regularly
-
Security
- Use HTTPS URLs when possible
- Implement proper authentication
- Use client certificates when available
- Regularly rotate credentials
- Monitor list content changes
-
Performance
- Choose appropriate update intervals
- Monitor bandwidth usage
- Use exception lists efficiently
- Consider list size impacts
- Monitor update job status