scm-config-clone

SCM Config Clone

scm-config-clone is a command-line tool designed to seamlessly clone configuration objects between Palo Alto Networks Strata Cloud Manager (SCM) tenants. From addresses and tags to application groups and security rules, this tool streamlines migration tasks and reduces manual errors.

Table of Contents

• Features
• Installation
• Basic Usage
• Creating the Settings File
• Cloning Objects
• Testing
• Further Reading
• Contributing
• License

Features

• Simple Setup: Store credentials and defaults in a settings.yaml file for reuse.
• Robust Cloning: Supports multiple object types (addresses, tags, services, security rules, IKE & IPsec VPN configurations, and more).
• Extensive Filters: Exclude specific folders, snippets, or devices to narrow down cloned objects.
• Flexible Controls: Run in dry-run mode, auto-approve changes, suppress console output, and create reports.
• Commit & Push: Automatically commit changes after objects are cloned.

Installation

Requirements:

• Python 3.10 or higher

Install directly from PyPI:

pip install scm-config-clone

Basic Usage

Once installed, the primary command is scm-clone. Running --help displays global options and available sub-commands:

scm-clone --help

You’ll see a list of commands like addresses, tags, services, security-rules, and settings.

Creating the Settings File

Before cloning, create a settings.yaml file to store SCM credentials and defaults:

scm-clone settings

You’ll be prompted for source/destination credentials, logging level, and defaults for auto_approve, create_report, dry_run, and quiet. Once done, settings.yaml will be created in the current directory. Subsequent commands read from it, eliminating the need to re-enter credentials or defaults.

Cloning Objects

With settings.yaml ready, cloning objects typically involves specifying a folder and object type. For example, to clone address objects:

scm-clone addresses --source-folder "Texas"

If auto_approve is disabled by default in settings.yaml, you’ll be prompted before actual creation. If you wish to override this at runtime:

scm-clone addresses --source-folder "Texas" -A

This command auto-approves without prompting. Similarly, to run in dry-run mode or commit after creation:

scm-clone addresses --source-folder "Texas" -D --commit-and-push

This simulates the creation without applying changes (-D) and would commit changes if actually applied. Remove -D to run it for real.

Testing

The project includes a comprehensive test suite with both unit and integration tests. Tests are written using pytest and use Factory Boy for creating test objects.

To run the tests:

# Install development dependencies
poetry install

# Run all tests with coverage
./run_tests.sh

# Run only unit tests
./run_tests.sh unit

# Run only integration tests
./run_tests.sh integration

For more details about the test suite, see tests/README.md.

Further Reading

• Commands Reference: Detailed command flags, workflows, and parameters.
• Examples: Practical, real-world usage patterns and integrations.
• Getting Started: Step-by-step guide to initial setup and cloning workflows.

Contributing

Contributions are welcome! Please see the CONTRIBUTING file for guidelines.

License

scm-config-clone is licensed under the Apache 2.0 License. See the LICENSE file for more details.