From c614554a982407c0320ef2599ece2c74c3abe073 Mon Sep 17 00:00:00 2001
From: David Swan <david.swan@puppet.co.uk>
Date: Tue, 24 Mar 2020 10:39:24 +0000
Subject: [PATCH] (MODULES-10385) - Work expanded to cover remaining types -
 panos_address_group - panos_net_policy - panos_security_policy_rule -
 panos_service_group - panos_service - panos_tag - panos_zone

---
 .../provider/panos_address_group/panos_address_group.rb     | 4 ++--
 lib/puppet/provider/panos_nat_policy/panos_nat_policy.rb    | 4 ++--
 .../panos_security_policy_rule.rb                           | 4 ++--
 lib/puppet/provider/panos_service/panos_service.rb          | 4 ++--
 .../provider/panos_service_group/panos_service_group.rb     | 4 ++--
 lib/puppet/provider/panos_tag/panos_tag.rb                  | 4 ++--
 lib/puppet/provider/panos_zone/panos_zone.rb                | 4 ++--
 lib/puppet/type/panos_address_group.rb                      | 6 +++++-
 lib/puppet/type/panos_nat_policy.rb                         | 6 +++++-
 lib/puppet/type/panos_security_policy_rule.rb               | 6 +++++-
 lib/puppet/type/panos_service.rb                            | 6 +++++-
 lib/puppet/type/panos_service_group.rb                      | 6 +++++-
 lib/puppet/type/panos_tag.rb                                | 6 +++++-
 lib/puppet/type/panos_zone.rb                               | 6 +++++-
 14 files changed, 49 insertions(+), 21 deletions(-)

diff --git a/lib/puppet/provider/panos_address_group/panos_address_group.rb b/lib/puppet/provider/panos_address_group/panos_address_group.rb
index 5e453435..e1124856 100644
--- a/lib/puppet/provider/panos_address_group/panos_address_group.rb
+++ b/lib/puppet/provider/panos_address_group/panos_address_group.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_address_group type using the Resource API.
-class Puppet::Provider::PanosAddressGroup::PanosAddressGroup < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosAddressGroup::PanosAddressGroup < Puppet::Provider::PanosVsysBase
   def validate_should(should)
     if should[:type] == 'static' && !should.key?(:static_members)
       raise Puppet::ResourceError, 'Static Address group must provide `static_members`'
diff --git a/lib/puppet/provider/panos_nat_policy/panos_nat_policy.rb b/lib/puppet/provider/panos_nat_policy/panos_nat_policy.rb
index 29a0c4c6..f5f38b8e 100644
--- a/lib/puppet/provider/panos_nat_policy/panos_nat_policy.rb
+++ b/lib/puppet/provider/panos_nat_policy/panos_nat_policy.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_NAT_policy type using the Resource API.
-class Puppet::Provider::PanosNatPolicy::PanosNatPolicy < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosNatPolicy::PanosNatPolicy < Puppet::Provider::PanosVsysBase
   def munge(entry)
     entry[:bi_directional] = string_to_bool(entry[:bi_directional]) unless entry[:bi_directional].nil?
     entry[:nat_type] = 'ipv4' if entry[:nat_type].nil?
diff --git a/lib/puppet/provider/panos_security_policy_rule/panos_security_policy_rule.rb b/lib/puppet/provider/panos_security_policy_rule/panos_security_policy_rule.rb
index a33ced9d..fb3364b6 100644
--- a/lib/puppet/provider/panos_security_policy_rule/panos_security_policy_rule.rb
+++ b/lib/puppet/provider/panos_security_policy_rule/panos_security_policy_rule.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_security_policy_rule type using the Resource API.
-class Puppet::Provider::PanosSecurityPolicyRule::PanosSecurityPolicyRule < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosSecurityPolicyRule::PanosSecurityPolicyRule < Puppet::Provider::PanosVsysBase
   def munge(entry)
     none_attrs = [:profile_type, :qos_type]
 
diff --git a/lib/puppet/provider/panos_service/panos_service.rb b/lib/puppet/provider/panos_service/panos_service.rb
index eb497d2f..d61d54d8 100644
--- a/lib/puppet/provider/panos_service/panos_service.rb
+++ b/lib/puppet/provider/panos_service/panos_service.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_service_type type using the Resource API.
-class Puppet::Provider::PanosService::PanosService < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosService::PanosService < Puppet::Provider::PanosVsysBase
   def xml_from_should(name, should)
     builder = Builder::XmlMarkup.new
     builder.entry('name' => name) do
diff --git a/lib/puppet/provider/panos_service_group/panos_service_group.rb b/lib/puppet/provider/panos_service_group/panos_service_group.rb
index bf815b0a..96d64f08 100644
--- a/lib/puppet/provider/panos_service_group/panos_service_group.rb
+++ b/lib/puppet/provider/panos_service_group/panos_service_group.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_service_group type using the Resource API.
-class Puppet::Provider::PanosServiceGroup::PanosServiceGroup < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosServiceGroup::PanosServiceGroup < Puppet::Provider::PanosVsysBase
   def xml_from_should(name, should)
     builder = Builder::XmlMarkup.new
     builder.entry('name' => name) do
diff --git a/lib/puppet/provider/panos_tag/panos_tag.rb b/lib/puppet/provider/panos_tag/panos_tag.rb
index 77a71091..3f805fa1 100644
--- a/lib/puppet/provider/panos_tag/panos_tag.rb
+++ b/lib/puppet/provider/panos_tag/panos_tag.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_tags type using the Resource API.
-class Puppet::Provider::PanosTag::PanosTag < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosTag::PanosTag < Puppet::Provider::PanosVsysBase
   def initialize
     super()
     @code_from_color = {
diff --git a/lib/puppet/provider/panos_zone/panos_zone.rb b/lib/puppet/provider/panos_zone/panos_zone.rb
index a0c87c3d..d67cfe70 100644
--- a/lib/puppet/provider/panos_zone/panos_zone.rb
+++ b/lib/puppet/provider/panos_zone/panos_zone.rb
@@ -1,7 +1,7 @@
-require_relative '../panos_provider'
+require_relative '../panos_vsys_base'
 
 # Implementation for the panos_tags type using the Resource API.
-class Puppet::Provider::PanosZone::PanosZone < Puppet::Provider::PanosProvider
+class Puppet::Provider::PanosZone::PanosZone < Puppet::Provider::PanosVsysBase
   def munge(entry)
     bool_attrs = [:enable_user_identification, :enable_packet_buffer_protection, :nsx_service_profile]
     bool_attrs.each do |attr|
diff --git a/lib/puppet/type/panos_address_group.rb b/lib/puppet/type/panos_address_group.rb
index da7fa22c..5be0d3af 100644
--- a/lib/puppet/type/panos_address_group.rb
+++ b/lib/puppet/type/panos_address_group.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capabilities to manage "address_groups" objects on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/address-group',
+  base_xpath: 'address-group',
   features: ['remote_resource'],
   attributes: {
     name: {
@@ -19,6 +19,10 @@
       desc:    'Whether this resource should be present or absent on the target system.',
       default: 'present',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the address groups xpath.',
+    },
     description: {
       type:      'Optional[String]',
       desc:      'Provide a description of this address-group.',
diff --git a/lib/puppet/type/panos_nat_policy.rb b/lib/puppet/type/panos_nat_policy.rb
index c0bb57cf..f39c966e 100644
--- a/lib/puppet/type/panos_nat_policy.rb
+++ b/lib/puppet/type/panos_nat_policy.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capabilities to manage "NAT Policy Rule" objects on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/rulebase/nat/rules',
+  base_xpath: 'rulebase/nat/rules',
   features: ['remote_resource'],
   attributes: {
     name: {
@@ -24,6 +24,10 @@
       desc:  'A description of the NAT Policy Rule',
       xpath: 'description/text()',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the policies xpath.',
+    },
     nat_type: {
       type:    'Enum["ipv4", "nat64", "nptv6"]',
       desc:    'The nat type of the policy',
diff --git a/lib/puppet/type/panos_security_policy_rule.rb b/lib/puppet/type/panos_security_policy_rule.rb
index 975d7c62..3e60dd3a 100644
--- a/lib/puppet/type/panos_security_policy_rule.rb
+++ b/lib/puppet/type/panos_security_policy_rule.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capilities to manage "Security Policy Rules" on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/rulebase/security/rules',
+  base_xpath: 'rulebase/security/rules',
   features: ['remote_resource'],
   attributes: {
     name: {
@@ -19,6 +19,10 @@
       desc:    'Whether this resource should be present or absent on the target system.',
       default: 'present',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the rules xpath.',
+    },
     rule_type: {
       type:    'Enum["universal", "interzone", "intrazone"]',
       desc:    <<DESC,
diff --git a/lib/puppet/type/panos_service.rb b/lib/puppet/type/panos_service.rb
index 3dacc10e..28d8ee4c 100644
--- a/lib/puppet/type/panos_service.rb
+++ b/lib/puppet/type/panos_service.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capabilities to manage "service" objects on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/service',
+  base_xpath: 'service',
   features: ['remote_resource'],
   attributes: {
     name: {
@@ -24,6 +24,10 @@
       desc:  'Provide a description of this service.',
       xpath: 'description/text()',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the services xpath.',
+    },
     protocol: {
       type:    'Enum["tcp", "udp"]',
       desc:    'Specify the protocol used by the service',
diff --git a/lib/puppet/type/panos_service_group.rb b/lib/puppet/type/panos_service_group.rb
index a8a47abc..3010100f 100644
--- a/lib/puppet/type/panos_service_group.rb
+++ b/lib/puppet/type/panos_service_group.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capabilities to manage "Service Group" objects on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/service-group',
+  base_xpath: 'service-group',
   features: ['remote_resource'],
   attributes: {
     name: {
@@ -19,6 +19,10 @@
       desc:    'Whether this resource should be present or absent on the target system.',
       default: 'present',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the service groups xpath.',
+    },
     services: {
       type:         'Array[String]',
       desc:         'An array of `panos_service`, or `panos_service_group` that form this group.',
diff --git a/lib/puppet/type/panos_tag.rb b/lib/puppet/type/panos_tag.rb
index 3a492eed..f1408910 100644
--- a/lib/puppet/type/panos_tag.rb
+++ b/lib/puppet/type/panos_tag.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capabilities to manage "tags" objects on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/tag',
+  base_xpath: 'tag',
   features: ['remote_resource', 'canonicalize'],
   attributes: {
     name: {
@@ -19,6 +19,10 @@
       desc:    'Whether this resource should be present or absent on the target system.',
       default: 'present',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the tags xpath.',
+    },
     color: {
       type:  'Optional[String]',
       desc:  'The color of the tag',
diff --git a/lib/puppet/type/panos_zone.rb b/lib/puppet/type/panos_zone.rb
index 601245a8..25342584 100644
--- a/lib/puppet/type/panos_zone.rb
+++ b/lib/puppet/type/panos_zone.rb
@@ -5,7 +5,7 @@
   docs: <<-EOS,
 This type provides Puppet with the capabilities to manage "zone" objects on Palo Alto devices.
 EOS
-  base_xpath: '/config/devices/entry/vsys/entry/zone',
+  base_xpath: 'zone',
   features: ['remote_resource'],
   attributes: {
     name: {
@@ -19,6 +19,10 @@
       desc:    'Whether this resource should be present or absent on the target system.',
       default: 'present',
     },
+    vsys: {
+      type:      'Optional[String]',
+      desc:      'The vsys of the zones xpath.',
+    },
     network: {
       type:    'Enum["tap", "virtual-wire", "layer2", "layer3", "tunnel"]',
       desc:    'The network type of this zone. An interface can belong to only one zone in one virtual system. Note: `tunnel` can only be set on PAN-OS version 8.1.0.',