add a destination for the move multi-config for unfixed versions of p…

…an-os
PaloAltoNetworks · Apr 15, 2024 · 474b86c · 474b86c
1 parent 6423893
commit 474b86c
Showing 1 changed file with 22 additions and 8 deletions.
diff --git a/policies/rules/security/service.go b/policies/rules/security/service.go
@@ -420,11 +420,18 @@ func (s *Service) MoveGroup(ctx context.Context, loc Location, position rule.Pos
 				}
 			}
 
+			// Some versions of PAN-OS require that the destination always be set.
+			var dst string
+			if !vn.Gte(util.FixedPanosVersionForMultiConfigMove) {
+				dst = "top"
+			}
+
 			updates.Add(&xmlapi.Config{
-				Action: "move",
-				Xpath:  util.AsXpath(path),
-				Where:  "top",
-				Target: s.client.GetTarget(),
+				Action:      "move",
+				Xpath:       util.AsXpath(path),
+				Where:       "top",
+				Destination: dst,
+				Target:      s.client.GetTarget(),
 			})
 
 			baseIndex = 0
@@ -452,11 +459,18 @@ func (s *Service) MoveGroup(ctx context.Context, loc Location, position rule.Pos
 				}
 			}
 
+			// Some versions of PAN-OS require that the destination always be set.
+			var dst string
+			if !vn.Gte(util.FixedPanosVersionForMultiConfigMove) {
+				dst = "bottom"
+			}
+
 			updates.Add(&xmlapi.Config{
-				Action: "move",
-				Xpath:  util.AsXpath(path),
-				Where:  "bottom",
-				Target: s.client.GetTarget(),
+				Action:      "move",
+				Xpath:       util.AsXpath(path),
+				Where:       "bottom",
+				Destination: dst,
+				Target:      s.client.GetTarget(),
 			})
 
 			baseIndex = len(listing) - 1