{"id":44885101,"url":"https://github.com/cdot65/pan-scm-sdk","last_synced_at":"2026-03-09T03:02:23.853Z","repository":{"id":257817343,"uuid":"870074804","full_name":"cdot65/pan-scm-sdk","owner":"cdot65","description":"Python SDK for Palo Alto Networks Strata Cloud Manager.","archived":false,"fork":false,"pushed_at":"2026-02-20T20:10:37.000Z","size":4493,"stargazers_count":11,"open_issues_count":2,"forks_count":16,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-02-20T22:19:26.893Z","etag":null,"topics":["network","network-automation","network-security","paloaltonetworks","sdk","strata-cloud-manager","stratacloudmanager"],"latest_commit_sha":null,"homepage":"https://cdot65.github.io/pan-scm-sdk/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cdot65.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-09T11:56:55.000Z","updated_at":"2026-02-20T20:09:49.000Z","dependencies_parsed_at":null,"dependency_job_id":"5fb7f1a0-da36-41fd-ae38-88a883880172","html_url":"https://github.com/cdot65/pan-scm-sdk","commit_stats":null,"previous_names":["cdot65/pan-scm-sdk"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/cdot65/pan-scm-sdk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdot65%2Fpan-scm-sdk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdot65%2Fpan-scm-sdk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdot65%2Fpan-scm-sdk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdot65%2Fpan-scm-sdk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cdot65","download_url":"https://codeload.github.com/cdot65/pan-scm-sdk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cdot65%2Fpan-scm-sdk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29750443,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-23T07:44:07.782Z","status":"ssl_error","status_checked_at":"2026-02-23T07:44:07.432Z","response_time":90,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["network","network-automation","network-security","paloaltonetworks","sdk","strata-cloud-manager","stratacloudmanager"],"created_at":"2026-02-17T17:15:01.487Z","updated_at":"2026-03-09T03:02:23.838Z","avatar_url":"https://github.com/cdot65.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Strata Cloud Manager SDK\n\n![Banner Image](https://raw.githubusercontent.com/cdot65/pan-scm-sdk/main/docs/images/logo.svg)\n[![codecov](https://codecov.io/github/cdot65/pan-scm-sdk/graph/badge.svg?token=BB39SMLYFP)](https://codecov.io/github/cdot65/pan-scm-sdk)\n[![Build Status](https://github.com/cdot65/pan-scm-sdk/actions/workflows/ci.yml/badge.svg)](https://github.com/cdot65/pan-scm-sdk/actions/workflows/ci.yml)\n[![PyPI version](https://img.shields.io/pypi/v/pan-scm-sdk.svg)](https://pypi.org/project/pan-scm-sdk/)\n[![Python versions](https://img.shields.io/pypi/pyversions/pan-scm-sdk.svg)](https://pypi.org/project/pan-scm-sdk/)\n[![License](https://img.shields.io/github/license/cdot65/pan-scm-sdk.svg)](https://github.com/cdot65/pan-scm-sdk/blob/main/LICENSE)\n[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/cdot65/pan-scm-sdk)\n\nPython SDK for Palo Alto Networks Strata Cloud Manager.\n\n\u003e **NOTE**: Please refer to the [GitHub Pages documentation site](https://cdot65.github.io/pan-scm-sdk/) for all\n\u003e examples\n\n## Table of Contents\n\n- [Strata Cloud Manager SDK](#strata-cloud-manager-sdk)\n - [Table of Contents](#table-of-contents)\n - [Features](#features)\n - [Development Guidelines](#development-guidelines)\n - [Installation](#installation)\n - [Usage](#usage)\n - [Authentication](#authentication)\n - [Method 1: OAuth2 Client Credentials passed into a ScmClient instance](#method-1-oauth2-client-credentials-passed-into-a-scmclient-instance)\n - [Method 2: Bearer Token Authentication](#method-2-bearer-token-authentication)\n - [TLS Certificate Verification Control](#tls-certificate-verification-control)\n - [Available Client Services](#available-client-services)\n - [Development](#development)\n - [Setup](#setup)\n - [Code Quality](#code-quality)\n - [Pre-commit Hooks](#pre-commit-hooks)\n - [Contributing](#contributing)\n - [License](#license)\n - [Support](#support)\n\n## Features\n\n- **Flexible Authentication**:\n - OAuth2 client credentials flow for standard authentication\n - Bearer token support for scenarios with pre-acquired tokens\n- **Resource Management**: Create, read, update, and delete configuration objects such as addresses, address groups,\n applications, regions, internal DNS servers, and more.\n- **Data Validation**: Utilize Pydantic models for data validation and serialization.\n- **Exception Handling**: Comprehensive error handling with custom exceptions for API errors.\n- **Extensibility**: Designed for easy extension to support additional resources and endpoints.\n\n## Development Guidelines\n\nFor developers working on this SDK:\n\n- **Service File Standards**: See `SDK_STYLING_GUIDE.md` for comprehensive service file guidelines\n- **Model Standards**: See `PYDANTIC_MODELS_GUIDE.md` for Pydantic model patterns and conventions\n- **Templates**: Use `SDK_SERVICE_TEMPLATE.py` as a starting point for new services\n\n## Installation\n\n**Requirements**:\n\n- Python 3.10 or higher\n\nInstall the package via pip:\n\n```bash\npip install pan-scm-sdk\n```\n\n## Usage\n\n### TLS Certificate Verification Control\n\nBy default, the SDK verifies TLS certificates for all HTTPS requests. You can bypass TLS verification (for development or testing) by setting the `verify_ssl` flag to `False` when initializing `Scm` or `ScmClient`:\n\n```python\nfrom scm.client import ScmClient\n\nclient = ScmClient(\n client_id=\"...\",\n client_secret=\"...\",\n tsg_id=\"...\",\n verify_ssl=False, # WARNING: disables TLS verification!\n)\n```\n\n\u003e **Warning:** Disabling TLS verification is insecure and exposes you to man-in-the-middle attacks. Only use `verify_ssl=False` in trusted development environments.\n\n### Authentication\n\nBefore interacting with the SDK, you need to authenticate:\n\n#### Method 1: OAuth2 Client Credentials passed into a ScmClient instance\n\n```python\nfrom scm.client import ScmClient\n\n# Initialize the API client with OAuth2 client credentials\napi_client = ScmClient(\n client_id=\"your_client_id\",\n client_secret=\"your_client_secret\",\n tsg_id=\"your_tsg_id\",\n)\n\n# The SCM client is now ready to use\n```\n\n#### Method 2: Bearer Token Authentication\n\nIf you already have a valid OAuth token, you can use it directly:\n\n```python\nfrom scm.client import Scm\n\n# Initialize the API client with a pre-acquired bearer token\napi_client = Scm(\n access_token=\"your_bearer_token\"\n)\n\n# The SCM client is now ready to use\n```\n\n\u003e **NOTE**: When using bearer token authentication, token refresh is your responsibility. For commit operations with bearer token auth, you must explicitly provide the `admin` parameter.\n\n```python\n# Example of commit with bearer token authentication\napi_client.commit(\n folders=[\"Texas\"],\n description=\"Configuration changes\",\n admin=[\"admin@example.com\"], # Required when using bearer token\n sync=True\n)\n```\n\n### Available Client Services\n\nThe unified client provides access to the following services through attribute-based access:\n\n| Client Property | Description |\n| ---------------------------------- | ------------------------------------------------------------- |\n| **Objects** | |\n| `address` | IP addresses, CIDR ranges, and FQDNs for security policies |\n| `address_group` | Static or dynamic collections of address objects |\n| `application` | Custom application definitions and signatures |\n| `application_filter` | Filters for identifying applications by characteristics |\n| `application_group` | Logical groups of applications for policy application |\n| `auto_tag_action` | Automated tag assignment based on traffic and security events |\n| `dynamic_user_group` | User groups with dynamic membership criteria |\n| `external_dynamic_list` | Externally managed lists of IPs, URLs, or domains |\n| `hip_object` | Host information profile match criteria |\n| `hip_profile` | Endpoint security compliance profiles |\n| `http_server_profile` | HTTP server configurations for logging and monitoring |\n| `log_forwarding_profile` | Configurations for forwarding logs to external systems |\n| `quarantined_device` | Management of devices blocked from network access |\n| `region` | Geographic regions for policy control |\n| `schedule` | Time-based policies and access control |\n| `service` | Protocol and port definitions for network services |\n| `service_group` | Collections of services for simplified policy management |\n| `syslog_server_profile` | Syslog server configurations for centralized logging |\n| `tag` | Resource classification and organization labels |\n| **Mobile Agent** | |\n| `auth_setting` | GlobalProtect authentication settings |\n| `agent_version` | GlobalProtect agent versions (read-only) |\n| **Network** | |\n| `aggregate_interface` | Aggregated ethernet interfaces with LACP support |\n| `bgp_address_family_profile` | BGP address family profiles (IPv4/IPv6 unicast/multicast) |\n| `bgp_auth_profile` | BGP authentication profiles (MD5 for BGP sessions) |\n| `bgp_filtering_profile` | BGP filtering profiles for inbound/outbound route filtering |\n| `bgp_redistribution_profile` | BGP redistribution profiles for protocol route redistribution |\n| `bgp_route_map` | BGP route maps for import/export policy control |\n| `bgp_route_map_redistribution` | BGP route map redistribution with protocol crossover patterns |\n| `dhcp_interface` | DHCP server and relay settings on interfaces |\n| `ethernet_interface` | Physical ethernet interface configurations |\n| `ike_crypto_profile` | IKE crypto profiles for VPN tunnel encryption |\n| `ike_gateway` | IKE gateways for VPN tunnel endpoints |\n| `interface_management_profile` | Interface management profiles (HTTPS, SSH, ping access) |\n| `ipsec_crypto_profile` | IPsec crypto profiles for VPN tunnel encryption |\n| `ipsec_tunnel` | IPsec tunnel objects for encrypted site-to-site connectivity |\n| `layer2_subinterface` | Layer 2 VLAN subinterfaces for switching |\n| `layer3_subinterface` | Layer 3 VLAN subinterfaces for routing |\n| `logical_router` | Logical routers with VRF, BGP, OSPF, ECMP, static routes |\n| `loopback_interface` | Loopback interfaces for management and routing |\n| `nat_rule` | Network address translation policies for traffic routing |\n| `ospf_auth_profile` | OSPF authentication profiles (MD5/password for adjacencies) |\n| `route_access_list` | Route access lists for filtering routes by network/mask |\n| `route_prefix_list` | Route prefix lists for prefix-based route filtering |\n| `security_zone` | Security zones for network segmentation |\n| `tunnel_interface` | Tunnel interfaces for VPN and overlay networks |\n| `vlan_interface` | VLAN interfaces for network segmentation |\n| `dns_proxy` | DNS proxy configurations for DNS interception and forwarding |\n| `pbf_rule` | Policy-Based Forwarding rules for application-aware routing |\n| `qos_profile` | QoS profiles for traffic shaping and bandwidth allocation |\n| `qos_rule` | QoS policy rules with rule move/reorder support |\n| `zone_protection_profile` | Zone protection with flood, scan, and packet-based defense |\n| **Deployment** | |\n| `bandwidth_allocation` | Bandwidth allocation management for network capacity planning |\n| `bgp_routing` | BGP routing configuration for network connectivity |\n| `internal_dns_server` | Internal DNS server configurations for domain resolution |\n| `network_location` | Geographic network locations for service connectivity |\n| `remote_network` | Secure branch and remote site connectivity configurations |\n| `service_connection` | Service connections to cloud service providers |\n| **Security** | |\n| `anti_spyware_profile` | Protection against spyware, C2 traffic, and data exfiltration |\n| `decryption_profile` | SSL/TLS traffic inspection configurations |\n| `dns_security_profile` | Protection against DNS-based threats and tunneling |\n| `security_rule` | Core security policies controlling network traffic |\n| `url_category` | Custom URL categorization for web filtering |\n| `vulnerability_protection_profile` | Defense against known CVEs and exploit attempts |\n| `wildfire_antivirus_profile` | Cloud-based malware analysis and zero-day protection |\n| **Insights** | |\n| `alerts` | Security alerts and threat intelligence notifications |\n| **Setup** | |\n| `device` | Device resources and management |\n| `folder` | Folder organization and hierarchy |\n| `label` | Resource classification and simple key-value object labels |\n| `snippet` | Reusable configuration snippets |\n| `variable` | Typed variables with flexible container scoping |\n\n---\n\n## Development\n\nBefore starting development, please review:\n\n- `SDK_STYLING_GUIDE.md` - Comprehensive guide for writing consistent SDK code\n- `PYDANTIC_MODELS_GUIDE.md` - Guidelines for creating Pydantic models\n- `SDK_SERVICE_TEMPLATE.py` - Template for new service files\n\n### Setup\n\n1. Clone the repository:\n\n ```bash\n git clone https://github.com/cdot65/pan-scm-sdk.git\n cd pan-scm-sdk\n ```\n\n2. Install dependencies and pre-commit hooks:\n\n ```bash\n make setup\n ```\n\n Alternatively, you can install manually:\n\n ```bash\n poetry install\n poetry run pre-commit install\n ```\n\n### Code Quality\n\nThis project uses [ruff](https://github.com/astral-sh/ruff) for linting and formatting:\n\n```bash\n# Run linting checks\nmake lint\n\n# Format code\nmake format\n\n# Auto-fix linting issues when possible\nmake fix\n```\n\n### Pre-commit Hooks\n\nWe use pre-commit hooks to ensure code quality before committing:\n\n```bash\n# Run pre-commit hooks on all files\nmake pre-commit-all\n```\n\nThe following checks run automatically before each commit:\n\n- ruff linting and formatting\n- Trailing whitespace removal\n- End-of-file fixer\n- YAML/JSON syntax checking\n- Large file detection\n- Python syntax validation\n- Merge conflict detection\n- Private key detection\n\n## Contributing\n\nWe welcome contributions! To contribute:\n\n1. Fork the repository.\n2. Create a new feature branch (`git checkout -b feature/your-feature`).\n3. Make your changes, ensuring all linting and tests pass.\n4. Commit your changes (`git commit -m 'Add new feature'`).\n5. Push to your branch (`git push origin feature/your-feature`).\n6. Open a Pull Request.\n\nEnsure your code adheres to the project's coding standards and includes tests where appropriate.\n\n## License\n\nThis project is licensed under the Apache 2.0 License. See the [LICENSE](./LICENSE) file for details.\n\n## Support\n\nFor support and questions, please refer to the [SUPPORT.md](./SUPPORT.md) file in this repository.\n\n---\n\n_Detailed documentation is available on our [GitHub Pages documentation site](https://cdot65.github.io/pan-scm-sdk/)._\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdot65%2Fpan-scm-sdk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcdot65%2Fpan-scm-sdk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcdot65%2Fpan-scm-sdk/lists"}