| Name | policy-inspector JSON |
| Version |
0.2.1
JSON |
| download |
| home_page | None |
| Summary | None |
| upload_time | 2025-07-10 06:34:23 |
| maintainer | None |
| docs_url | None |
| author | Kamil Urbanek |
| requires_python | >=3.9 |
| license | MIT |
| keywords |
|
| VCS |
|
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# pins
[](https://pypi.org/project/policy-inspector/)
[](https://pypi.org/project/policy-inspector/)
[](https://opensource.org/licenses/MIT)
[](https://github.com/psf/black)
[](https://python-poetry.org/)
**Policy Inspector for Palo Alto Networks** - Analyze firewall security policies and detect shadowed rules.
**pins** is a command-line tool that connects directly to your Palo Alto Panorama to analyze firewall security policies in real-time. It identifies shadowed rules, validates configurations, and provides comprehensive security policy insights.
## Key Features
- **🔍 Shadowing Detection**: Identifies rules that will never trigger due to preceding rules
- **🌐 Direct API Integration**: Connects to Panorama via REST API - no manual exports needed
- **🔧 Multi-Device Group Support**: Analyze multiple device groups simultaneously
- **📊 Advanced Analysis**: Resolves IP addresses for precise shadowing detection
- **📈 Multiple Output Formats**: Text, HTML, JSON, and CSV reporting
- **🔌 Extensible Framework**: Easy to add custom scenarios and checks
---
## Table of Contents
- [A Simple Example](#a-simple-example)
- [Installation](#installation)
- [Quick Start](#quick-start)
- [Usage](#usage)
- [Configuration Options](#configuration-options)
- [Scenarios](#scenarios)
- [Available Examples](#available-examples)
- [Troubleshooting](#troubleshooting)
- [Contributing](#contributing)
- [License](#license)
## A Simple Example
Get started in seconds with the built-in examples:
```bash
# Try the demo with sample data
pins run example shadowing-basic
# Or analyze your actual Panorama device groups
pins run shadowing --device-groups "Production" "DMZ"
```
**What it does:** Scans your firewall rules and identifies which ones are "shadowed" (hidden behind other rules and will never execute).
> [!NOTE]
> pins requires direct connectivity to Palo Alto Panorama and uses REST API for all data retrieval. No manual file exports needed.
## Installation
```bash
pip install policy-inspector
```
**Alternative methods:**
```bash
# Using pipx (recommended for CLI tools)
pipx install policy-inspector
# Using poetry
poetry add policy-inspector
```
**Requirements:** Python 3.9+
## Documentation
For detailed documentation, advanced usage, and API reference, visit our [documentation site](https://pins.readthedocs.io/) _(coming soon)_.
**Quick Links:**
- [Configuration Guide](#configuration-options)
- [Available Scenarios](#scenarios)
- [Troubleshooting](#troubleshooting)
- [Contributing Guide](#contributing)
## Quick Start
### Prerequisites
Before using pins, ensure you have:
- **Direct network access** to your Palo Alto Panorama instance
- **Valid credentials** with API access permissions
- **REST API enabled** on your Panorama (version 10.0 or higher recommended)
### 1. Try the Demo First
Before connecting to your Panorama, see how _pins_ works with built-in example data:
```shell
# See available examples
pins run example --help
# Run a basic example
pins run example shadowing-basic
```
This demonstrates shadowing analysis using sample firewall rules. Even if the display output isn't fully implemented yet, you'll see the analysis process in action.
**What you'll see:**
- Connection to mock data sources
- Loading of security rules and objects
- Processing messages showing the analysis workflow
### 2. Create Configuration File
For real analysis, create a `config.yaml` file with your Panorama connection details:
```yaml file=config-quickstart.yaml
# Configuration file for Policy Inspector (pins)
# Save this as config.yaml in your working directory
# Panorama connection settings
panorama:
hostname: "your-panorama.company.com"
username: "your-username"
password: "your-password"
api_version: "v11.1"
verify_ssl: false
# Optional: Control output formats
# show: ["text"] # Display results in terminal
# export: ["html", "json"] # Export results to files
# Optional: Specify device groups to analyze
# device_groups: ["Production", "DMZ"]
```
**Security Note:** For production use, consider using environment variables for credentials instead of storing passwords in config files.
### 3. Run Your First Analysis
Now analyze your actual firewall policies:
```shell
# Analyze specific device groups using your config
pins run shadowing --device-groups "DG-Production" "DG-DMZ"
# Advanced analysis with IP address resolution
pins run shadowingvalue --device-groups "DG-Production"
# Use a custom config file location
pins run shadowing --config /path/to/your-config.yaml --device-groups "Production"
```
**Expected Output:**
- A summary of shadowed rules displayed in your terminal
- Optional export to HTML/JSON files if configured
- Clear identification of which rules are being shadowed and why
> [!NOTE]
> If you see "No show function registered" messages, this indicates the display formatting is still in development. The analysis logic runs successfully, but output formatting may need additional implementation.
### Common First-Time Issues
**"No device groups found":**
- Verify device group names are exactly as they appear in Panorama
- Check that your API user has read permissions for the specified device groups
**"Connection refused":**
- Ensure Panorama's management interface is accessible from your network
- Verify that the REST API is enabled on Panorama
**"Authentication failed":**
- Double-check username and password in your config file
- Ensure the API user account is not locked or expired
### Troubleshooting
If you encounter issues during setup or execution:
**Configuration Issues:**
- Ensure your `config.yaml` file is correctly formatted (YAML syntax)
- The config file option is `--config` not `--config-file`
- Device groups parameter uses `--device-groups` (multiple values supported)
**Connection Problems:**
- Verify network connectivity to your Panorama instance
- Check API credentials and permissions
- Ensure REST API is enabled on Panorama
**Getting Help:**
- Use `pins --help` to see all available commands
- Use `pins run <command> --help` for command-specific options
- Run `pins run example shadowing-basic` to test with sample data first
## Usage
### Basic Commands
```bash
# Show main help
pins --help
# List all available scenarios
pins list
# Show help for a specific scenario
pins run shadowing --help
```
### Running Analysis
```bash
# Basic shadowing analysis
pins run shadowing --device-groups "Production" "DMZ"
# Advanced analysis with IP address resolution
pins run shadowingvalue --device-groups "Production"
# Use custom config file
pins run shadowing --config /path/to/config.yaml --device-groups "Production"
# Export results to multiple formats
pins run shadowing --device-groups "Production" --show table --export html json
```
### Working with Examples
```bash
# See all available examples
pins run example --help
# Run specific examples
pins run example shadowing-basic
pins run example shadowing-multiple-dg
pins run example shadowingvalue-basic
pins run example shadowingvalue-with-export
```
### Configuration Options
You can customize the analysis behavior in your `config.yaml`:
```yaml
# Panorama connection (required for live analysis)
panorama:
hostname: "panorama.company.com"
username: "api-user"
password: "secure-password"
api_version: "v11.1" # Default: v11.1
verify_ssl: false # Default: false
# Optional: Control output formats
show: ["text"] # Console output: text, table, rich
export: ["html", "json"] # File exports: html, json, csv
# Optional: Default device groups to analyze
device_groups: ["Production", "DMZ"]
```
**Alternative: Use CLI Options**
You can override any config file setting using command-line options:
```shell
# Override config file settings
pins run shadowing \
--panorama-hostname panorama.company.com \
--panorama-username admin \
--panorama-password \
--device-groups "Production" \
--show table \
--export json
```
## Scenarios
List of currently available scenarios.
### Shadowing (`shadowing`)
Identifies policies that will never be triggered because they're
completely hidden behind earlier rules in the processing order.
It checks if all these elements are covered by a preceding rule:
- Same action (allow/deny)
- Same or broader source and destination zones
- Same or broader source and destination addresses
- Same or broader applications
- Same or broader services (ports)
When **all conditions match**, the later rule is **flagged as
shadowed**.
**Usage:**
```shell
pins run shadowing --device-groups "DG-Production"
```
### Advanced Shadowing (`shadowingvalue`)
Advanced version of [Shadowing](#shadowing). It analyzes the
actual IP addresses behind Address Objects and Address Groups.
It identifies shadowing at the precise IP subnet level by resolving Address
names to actual IP addresses, providing more accurate detection of truly
shadowed rules.
**Usage:**
```shell
pins run shadowingvalue --device-groups "DG-Production"
```
**Requirements:**
- Address Objects and Address Groups must be accessible via Panorama API
- Proper API permissions to read object configurations
## Details
### How does it work?
_pins_ connects directly to your Palo Alto Panorama and analyzes security policies in real-time.
```mermaid
flowchart TD
Config[Load Configuration] --> Connect[Connect to Panorama]
Connect --> SelectScenario[Select Scenario]
SelectScenario --> LoadRules[Retrieve Security Rules via API]
LoadRules --> LoadObjects[Retrieve Address Objects/Groups via API]
LoadObjects --> FilterRules[Filter Security Rules]
FilterRules --> RunChecks[Run Checks for each Rule]
RunChecks --> Analyze[Analyze Results]
Analyze --> Report[Create Report]
```
**Key Features:**
- **Real-time Analysis**: Direct API connection to Panorama eliminates the need for manual file exports
- **Device Group Support**: Analyze multiple device groups simultaneously
- **Flexible Configuration**: YAML-based configuration with environment-specific settings
- **Multiple Output Formats**: Support for text, HTML, and JSON report formats
### What _Scenarios_ is?
A scenario is a set of [checks](#what-_check_-is) that **evaluate firewall rules
against specific issues or configurations**. Each scenario is
designed to identify particular problem, such as shadowing rules, rules without
logging, or other security policy issues.
### What _Check_ is?
A _check_ is simply a function. It takes security policy or policies
as an argument, assess whether the policies fulfill a check or not.
## Available Examples
You can explore _pins_ functionality with built-in examples that use mock data:
```shell
# Basic shadowing scenario
pins run example shadowing-basic
# Multiple device groups scenario
pins run example shadowing-multiple-dg
# Advanced shadowing with IP resolution
pins run example shadowingvalue-basic
# Advanced example with export options
pins run example shadowingvalue-with-export
```
**Example Output Walkthrough:**
When you run an example, you'll see:
1. **Initialization**: Connection to mock data sources
2. **Data Loading**: Security rules and address objects being processed
3. **Analysis**: The shadowing detection logic running
4. **Results**: Analysis results (formatting may vary based on implementation status)
## Troubleshooting
### Common Issues
**Connection Errors:**
- Verify network connectivity to Panorama
- Check if REST API is enabled on Panorama
- Confirm API user has proper permissions
**Authentication Failures:**
- Verify username and password in config.yaml
- Ensure API user account is not locked
- Check if multi-factor authentication is disabled for API user
**No Rules Found:**
- Verify device group names are correct
- Check if the specified device groups contain security rules
- Ensure API user has read permissions for the device groups
### Configuration Tips
**For Production Use:**
```yaml
panorama:
hostname: "panorama.company.com"
username: "pins-api-user"
password: "secure-password"
verify_ssl: true # Enable SSL verification
api_version: "v11.1"
```
**For Testing/Lab:**
```yaml
panorama:
hostname: "lab-panorama.local"
username: "admin"
password: "admin"
verify_ssl: false # Default: false (for self-signed certs)
api_version: "v11.1" # Default: v11.1
```
**Security Best Practices:**
- Use dedicated API user accounts with minimal required permissions
- Consider environment variables for passwords: `password: "${PANORAMA_PASSWORD}"`
- Enable SSL verification (`verify_ssl: true`) in production environments
## Output Formats
_pins_ supports multiple output formats for both display and export:
**Display Options (`--show`):**
- **text**: Human-readable console output (default)
- **table**: Structured table format
- **rich**: Enhanced formatting with colors and styling
**Export Options (`--export`):**
- **json**: Machine-readable format for integration with other tools
- **html**: Rich web-based reports with interactive elements
- **csv**: Spreadsheet-compatible format
**Configure in YAML:**
```yaml
show: ["text"] # Console output
export: ["html", "json"] # File exports
```
**Or use CLI options:**
```shell
pins run shadowing --device-groups "Production" --show table --export json html
```
## Contributing
We welcome contributions! Here's how you can help:
**🐛 Found a bug?** [Open an issue](https://github.com/Kanguros/pins/issues)
**💡 Have a feature idea?** [Start a discussion](https://github.com/Kanguros/pins/discussions)
**🔧 Want to contribute code?** Check our [development setup](#development)
### Development
Set up your development environment:
```bash
git clone https://github.com/Kanguros/pins
cd pins
poetry install --with=dev
pre-commit install --install-hooks
```
Run tests and checks:
```bash
pytest
pre-commit run --all-files
```
## Community & Support
- **📚 Documentation**: _(coming soon)_
- **💬 Discussions**: [GitHub Discussions](https://github.com/Kanguros/pins/discussions)
- **🐛 Issues**: [GitHub Issues](https://github.com/Kanguros/pins/issues)
- **📧 Email**: Contact the maintainer at [urbanek.kamil@gmail.com](mailto:urbanek.kamil@gmail.com)
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
Raw data
{
"_id": null,
"home_page": null,
"name": "policy-inspector",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": null,
"author": "Kamil Urbanek",
"author_email": "urbanek.kamil@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/e4/72/ac54f0ac33115668a6daf5b798e94b03de3ec7667ec9737b86c94f78e716/policy_inspector-0.2.1.tar.gz",
"platform": null,
"description": "# pins\n\n[](https://pypi.org/project/policy-inspector/)\n[](https://pypi.org/project/policy-inspector/)\n[](https://opensource.org/licenses/MIT)\n[](https://github.com/psf/black)\n[](https://python-poetry.org/)\n\n**Policy Inspector for Palo Alto Networks** - Analyze firewall security policies and detect shadowed rules.\n\n\n\n**pins** is a command-line tool that connects directly to your Palo Alto Panorama to analyze firewall security policies in real-time. It identifies shadowed rules, validates configurations, and provides comprehensive security policy insights.\n\n## Key Features\n\n- **\ud83d\udd0d Shadowing Detection**: Identifies rules that will never trigger due to preceding rules\n- **\ud83c\udf10 Direct API Integration**: Connects to Panorama via REST API - no manual exports needed\n- **\ud83d\udd27 Multi-Device Group Support**: Analyze multiple device groups simultaneously\n- **\ud83d\udcca Advanced Analysis**: Resolves IP addresses for precise shadowing detection\n- **\ud83d\udcc8 Multiple Output Formats**: Text, HTML, JSON, and CSV reporting\n- **\ud83d\udd0c Extensible Framework**: Easy to add custom scenarios and checks\n\n---\n\n## Table of Contents\n\n- [A Simple Example](#a-simple-example)\n- [Installation](#installation)\n- [Quick Start](#quick-start)\n- [Usage](#usage)\n- [Configuration Options](#configuration-options)\n- [Scenarios](#scenarios)\n- [Available Examples](#available-examples)\n- [Troubleshooting](#troubleshooting)\n- [Contributing](#contributing)\n- [License](#license)\n\n## A Simple Example\n\nGet started in seconds with the built-in examples:\n\n```bash\n# Try the demo with sample data\npins run example shadowing-basic\n\n# Or analyze your actual Panorama device groups\npins run shadowing --device-groups \"Production\" \"DMZ\"\n```\n\n**What it does:** Scans your firewall rules and identifies which ones are \"shadowed\" (hidden behind other rules and will never execute).\n\n> [!NOTE] \n> pins requires direct connectivity to Palo Alto Panorama and uses REST API for all data retrieval. No manual file exports needed.\n\n## Installation\n\n```bash\npip install policy-inspector\n```\n\n**Alternative methods:**\n\n```bash\n# Using pipx (recommended for CLI tools)\npipx install policy-inspector\n\n# Using poetry\npoetry add policy-inspector\n```\n\n**Requirements:** Python 3.9+\n\n## Documentation\n\nFor detailed documentation, advanced usage, and API reference, visit our [documentation site](https://pins.readthedocs.io/) _(coming soon)_.\n\n**Quick Links:**\n\n- [Configuration Guide](#configuration-options)\n- [Available Scenarios](#scenarios)\n- [Troubleshooting](#troubleshooting)\n- [Contributing Guide](#contributing)\n\n## Quick Start\n\n### Prerequisites\n\nBefore using pins, ensure you have:\n\n- **Direct network access** to your Palo Alto Panorama instance\n- **Valid credentials** with API access permissions\n- **REST API enabled** on your Panorama (version 10.0 or higher recommended)\n\n### 1. Try the Demo First\n\nBefore connecting to your Panorama, see how _pins_ works with built-in example data:\n\n```shell\n# See available examples\npins run example --help\n\n# Run a basic example\npins run example shadowing-basic\n```\n\nThis demonstrates shadowing analysis using sample firewall rules. Even if the display output isn't fully implemented yet, you'll see the analysis process in action.\n\n**What you'll see:**\n\n- Connection to mock data sources\n- Loading of security rules and objects\n- Processing messages showing the analysis workflow\n\n### 2. Create Configuration File\n\nFor real analysis, create a `config.yaml` file with your Panorama connection details:\n\n```yaml file=config-quickstart.yaml\n# Configuration file for Policy Inspector (pins)\n# Save this as config.yaml in your working directory\n\n# Panorama connection settings\npanorama:\n hostname: \"your-panorama.company.com\"\n username: \"your-username\"\n password: \"your-password\"\n api_version: \"v11.1\"\n verify_ssl: false\n# Optional: Control output formats\n# show: [\"text\"] # Display results in terminal\n# export: [\"html\", \"json\"] # Export results to files\n\n# Optional: Specify device groups to analyze\n# device_groups: [\"Production\", \"DMZ\"]\n```\n\n**Security Note:** For production use, consider using environment variables for credentials instead of storing passwords in config files.\n\n### 3. Run Your First Analysis\n\nNow analyze your actual firewall policies:\n\n```shell\n# Analyze specific device groups using your config\npins run shadowing --device-groups \"DG-Production\" \"DG-DMZ\"\n\n# Advanced analysis with IP address resolution\npins run shadowingvalue --device-groups \"DG-Production\"\n\n# Use a custom config file location\npins run shadowing --config /path/to/your-config.yaml --device-groups \"Production\"\n```\n\n**Expected Output:**\n\n- A summary of shadowed rules displayed in your terminal\n- Optional export to HTML/JSON files if configured\n- Clear identification of which rules are being shadowed and why\n\n> [!NOTE] \n> If you see \"No show function registered\" messages, this indicates the display formatting is still in development. The analysis logic runs successfully, but output formatting may need additional implementation.\n\n### Common First-Time Issues\n\n**\"No device groups found\":**\n\n- Verify device group names are exactly as they appear in Panorama\n- Check that your API user has read permissions for the specified device groups\n\n**\"Connection refused\":**\n\n- Ensure Panorama's management interface is accessible from your network\n- Verify that the REST API is enabled on Panorama\n\n**\"Authentication failed\":**\n\n- Double-check username and password in your config file\n- Ensure the API user account is not locked or expired\n\n### Troubleshooting\n\nIf you encounter issues during setup or execution:\n\n**Configuration Issues:**\n\n- Ensure your `config.yaml` file is correctly formatted (YAML syntax)\n- The config file option is `--config` not `--config-file`\n- Device groups parameter uses `--device-groups` (multiple values supported)\n\n**Connection Problems:**\n\n- Verify network connectivity to your Panorama instance\n- Check API credentials and permissions\n- Ensure REST API is enabled on Panorama\n\n**Getting Help:**\n\n- Use `pins --help` to see all available commands\n- Use `pins run <command> --help` for command-specific options\n- Run `pins run example shadowing-basic` to test with sample data first\n\n## Usage\n\n### Basic Commands\n\n```bash\n# Show main help\npins --help\n\n# List all available scenarios\npins list\n\n# Show help for a specific scenario\npins run shadowing --help\n```\n\n### Running Analysis\n\n```bash\n# Basic shadowing analysis\npins run shadowing --device-groups \"Production\" \"DMZ\"\n\n# Advanced analysis with IP address resolution\npins run shadowingvalue --device-groups \"Production\"\n\n# Use custom config file\npins run shadowing --config /path/to/config.yaml --device-groups \"Production\"\n\n# Export results to multiple formats\npins run shadowing --device-groups \"Production\" --show table --export html json\n```\n\n### Working with Examples\n\n```bash\n# See all available examples\npins run example --help\n\n# Run specific examples\npins run example shadowing-basic\npins run example shadowing-multiple-dg\npins run example shadowingvalue-basic\npins run example shadowingvalue-with-export\n```\n\n### Configuration Options\n\nYou can customize the analysis behavior in your `config.yaml`:\n\n```yaml\n# Panorama connection (required for live analysis)\npanorama:\n hostname: \"panorama.company.com\"\n username: \"api-user\"\n password: \"secure-password\"\n api_version: \"v11.1\" # Default: v11.1\n verify_ssl: false # Default: false\n\n# Optional: Control output formats\nshow: [\"text\"] # Console output: text, table, rich\nexport: [\"html\", \"json\"] # File exports: html, json, csv\n\n# Optional: Default device groups to analyze\ndevice_groups: [\"Production\", \"DMZ\"]\n```\n\n**Alternative: Use CLI Options**\n\nYou can override any config file setting using command-line options:\n\n```shell\n# Override config file settings\npins run shadowing \\\n --panorama-hostname panorama.company.com \\\n --panorama-username admin \\\n --panorama-password \\\n --device-groups \"Production\" \\\n --show table \\\n --export json\n```\n\n## Scenarios\n\nList of currently available scenarios.\n\n### Shadowing (`shadowing`)\n\nIdentifies policies that will never be triggered because they're\ncompletely hidden behind earlier rules in the processing order.\n\nIt checks if all these elements are covered by a preceding rule:\n\n- Same action (allow/deny)\n- Same or broader source and destination zones\n- Same or broader source and destination addresses\n- Same or broader applications\n- Same or broader services (ports)\n\nWhen **all conditions match**, the later rule is **flagged as\nshadowed**.\n\n**Usage:**\n\n```shell\npins run shadowing --device-groups \"DG-Production\"\n```\n\n### Advanced Shadowing (`shadowingvalue`)\n\nAdvanced version of [Shadowing](#shadowing). It analyzes the\nactual IP addresses behind Address Objects and Address Groups.\n\nIt identifies shadowing at the precise IP subnet level by resolving Address\nnames to actual IP addresses, providing more accurate detection of truly\nshadowed rules.\n\n**Usage:**\n\n```shell\npins run shadowingvalue --device-groups \"DG-Production\"\n```\n\n**Requirements:**\n\n- Address Objects and Address Groups must be accessible via Panorama API\n- Proper API permissions to read object configurations\n\n## Details\n\n### How does it work?\n\n_pins_ connects directly to your Palo Alto Panorama and analyzes security policies in real-time.\n\n```mermaid\nflowchart TD\n Config[Load Configuration] --> Connect[Connect to Panorama]\n Connect --> SelectScenario[Select Scenario]\n SelectScenario --> LoadRules[Retrieve Security Rules via API]\n LoadRules --> LoadObjects[Retrieve Address Objects/Groups via API]\n LoadObjects --> FilterRules[Filter Security Rules]\n FilterRules --> RunChecks[Run Checks for each Rule]\n RunChecks --> Analyze[Analyze Results]\n Analyze --> Report[Create Report]\n```\n\n**Key Features:**\n\n- **Real-time Analysis**: Direct API connection to Panorama eliminates the need for manual file exports\n- **Device Group Support**: Analyze multiple device groups simultaneously\n- **Flexible Configuration**: YAML-based configuration with environment-specific settings\n- **Multiple Output Formats**: Support for text, HTML, and JSON report formats\n\n### What _Scenarios_ is?\n\nA scenario is a set of [checks](#what-_check_-is) that **evaluate firewall rules\nagainst specific issues or configurations**. Each scenario is\ndesigned to identify particular problem, such as shadowing rules, rules without\nlogging, or other security policy issues.\n\n### What _Check_ is?\n\nA _check_ is simply a function. It takes security policy or policies\nas an argument, assess whether the policies fulfill a check or not.\n\n## Available Examples\n\nYou can explore _pins_ functionality with built-in examples that use mock data:\n\n```shell\n# Basic shadowing scenario\npins run example shadowing-basic\n\n# Multiple device groups scenario\npins run example shadowing-multiple-dg\n\n# Advanced shadowing with IP resolution\npins run example shadowingvalue-basic\n\n# Advanced example with export options\npins run example shadowingvalue-with-export\n```\n\n**Example Output Walkthrough:**\n\nWhen you run an example, you'll see:\n\n1. **Initialization**: Connection to mock data sources\n2. **Data Loading**: Security rules and address objects being processed\n3. **Analysis**: The shadowing detection logic running\n4. **Results**: Analysis results (formatting may vary based on implementation status)\n\n## Troubleshooting\n\n### Common Issues\n\n**Connection Errors:**\n\n- Verify network connectivity to Panorama\n- Check if REST API is enabled on Panorama\n- Confirm API user has proper permissions\n\n**Authentication Failures:**\n\n- Verify username and password in config.yaml\n- Ensure API user account is not locked\n- Check if multi-factor authentication is disabled for API user\n\n**No Rules Found:**\n\n- Verify device group names are correct\n- Check if the specified device groups contain security rules\n- Ensure API user has read permissions for the device groups\n\n### Configuration Tips\n\n**For Production Use:**\n\n```yaml\npanorama:\n hostname: \"panorama.company.com\"\n username: \"pins-api-user\"\n password: \"secure-password\"\n verify_ssl: true # Enable SSL verification\n api_version: \"v11.1\"\n```\n\n**For Testing/Lab:**\n\n```yaml\npanorama:\n hostname: \"lab-panorama.local\"\n username: \"admin\"\n password: \"admin\"\n verify_ssl: false # Default: false (for self-signed certs)\n api_version: \"v11.1\" # Default: v11.1\n```\n\n**Security Best Practices:**\n\n- Use dedicated API user accounts with minimal required permissions\n- Consider environment variables for passwords: `password: \"${PANORAMA_PASSWORD}\"`\n- Enable SSL verification (`verify_ssl: true`) in production environments\n\n## Output Formats\n\n_pins_ supports multiple output formats for both display and export:\n\n**Display Options (`--show`):**\n\n- **text**: Human-readable console output (default)\n- **table**: Structured table format\n- **rich**: Enhanced formatting with colors and styling\n\n**Export Options (`--export`):**\n\n- **json**: Machine-readable format for integration with other tools\n- **html**: Rich web-based reports with interactive elements\n- **csv**: Spreadsheet-compatible format\n\n**Configure in YAML:**\n\n```yaml\nshow: [\"text\"] # Console output\nexport: [\"html\", \"json\"] # File exports\n```\n\n**Or use CLI options:**\n\n```shell\npins run shadowing --device-groups \"Production\" --show table --export json html\n```\n\n## Contributing\n\nWe welcome contributions! Here's how you can help:\n\n**\ud83d\udc1b Found a bug?** [Open an issue](https://github.com/Kanguros/pins/issues) \n**\ud83d\udca1 Have a feature idea?** [Start a discussion](https://github.com/Kanguros/pins/discussions) \n**\ud83d\udd27 Want to contribute code?** Check our [development setup](#development)\n\n### Development\n\nSet up your development environment:\n\n```bash\ngit clone https://github.com/Kanguros/pins\ncd pins\npoetry install --with=dev\npre-commit install --install-hooks\n```\n\nRun tests and checks:\n\n```bash\npytest\npre-commit run --all-files\n```\n\n## Community & Support\n\n- **\ud83d\udcda Documentation**: _(coming soon)_\n- **\ud83d\udcac Discussions**: [GitHub Discussions](https://github.com/Kanguros/pins/discussions)\n- **\ud83d\udc1b Issues**: [GitHub Issues](https://github.com/Kanguros/pins/issues)\n- **\ud83d\udce7 Email**: Contact the maintainer at [urbanek.kamil@gmail.com](mailto:urbanek.kamil@gmail.com)\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": null,
"version": "0.2.1",
"project_urls": null,
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "fd066e9daaef8d0ce89258d3f0845ef647ab4f46e165225ab7cbf590e6c8282e",
"md5": "07ccbbd7009afcc81bb75651d4ae42f5",
"sha256": "c25967e0d155a18517d8f1d566600c97b310ef5ebd24681bd27d72e0b7b25454"
},
"downloads": -1,
"filename": "policy_inspector-0.2.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "07ccbbd7009afcc81bb75651d4ae42f5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 41071,
"upload_time": "2025-07-10T06:34:22",
"upload_time_iso_8601": "2025-07-10T06:34:22.853455Z",
"url": "https://files.pythonhosted.org/packages/fd/06/6e9daaef8d0ce89258d3f0845ef647ab4f46e165225ab7cbf590e6c8282e/policy_inspector-0.2.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e472ac54f0ac33115668a6daf5b798e94b03de3ec7667ec9737b86c94f78e716",
"md5": "11afb389e8037521041a24655dfbe2f9",
"sha256": "ba2d6209209dc68c3343c963a43ff5f6eeea25c1188c1555c1bc155b2b8904af"
},
"downloads": -1,
"filename": "policy_inspector-0.2.1.tar.gz",
"has_sig": false,
"md5_digest": "11afb389e8037521041a24655dfbe2f9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 34223,
"upload_time": "2025-07-10T06:34:23",
"upload_time_iso_8601": "2025-07-10T06:34:23.965355Z",
"url": "https://files.pythonhosted.org/packages/e4/72/ac54f0ac33115668a6daf5b798e94b03de3ec7667ec9737b86c94f78e716/policy_inspector-0.2.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-10 06:34:23",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "policy-inspector"
}
