PaloAltoNetworks
Bug with "Edit an address": unable to edit all attributes of object
Documentation link
https://pan.dev/access/api/prisma-access-config/put-sse-config-v-1-addresses-id/
Describe the problem
Type: Bug/Improvement
Description
Overview: In your call to change/edit a name you only specify a few fields.. the documentation could be updated to advise that you can also change the description and tags. Which is proven and works. My issue is when an address-object needs to be changed. The object is referenced by a UUID which is unique so the name has no real validity except for humans to understand.
Why then do you require the "name" to be one of the values you need in the payload in order to make a change from say ip-netmask to FQDN or change the Description field or add/remove tags (as because auto tagging doesn't work the way PanOS does I have to resort to doing all my Address Group DAGS leveraging Tags requiring me to make these changes repeatedly. I cannot just send the IP to an auto tag rule without overhead complications and having to adjust a regex and then do a saftey measure that I don't break the Auto Tagging that already exists. This is a feature that exists in PanOS and is heavily used for orchestration and automation.
Required Work Around: What I do instead is change the name of the Address Object to get it to update if the item has to be changed. Instead I have to orchestrate an entire deletion of the Address Object and re-create it with the new name.
Why this is a problem: This becomes a problem now. As of now I'm only really using this technique to be able to add and remove address objects from DAG's associated to security policies since I cannot use Auto Tagging efficiently. Yet, now if I have to delete an object and re-create it because that network moved to a new location or the FQDN changed and I want to reflect that in the name of the object I have to build a whole search and replace everywhere in the configurations. Meaning I have to create the new object then search through every place the old object was used add the new object to those locations and then remove the old object from each of these locations before I can safely remove the object. It's a code that I had to write out for PanOS and it just gets not so pretty quickly.
Suggested fix
Since I'm referencing the UUID that is unique any value for that object should be able to be adjusted. Name has or should have no relevance to your backend system as you are only using the UUID to reference any object. So, I shouldn't need to confirm the object with the "name" of the object on top of the UUID.
Also, What if I need to use the object in a new location and someone created it or it was created in a specific folder and now I need that in a new folder. In editing the object can I have the option of moving the object to a new location. We generally move it up to 'Shared' when this becomes the case, but could also be a copy if I only need that object in specific folder's.
Sorry for late response, I will check and confirm myself. But I'm wondering if this update will allow for change in name leveraging the same UUID? Or would I need to continue to use a search delete recreate and reassign the new UUID?