cannot get opstate working for SecurityRule

[FliesLikeABrick]

Documentation link

https://pan-os-python.readthedocs.io/en/latest/getting-started.html#the-opstate-namespace

Describe the problem

hit_count.refresh() reliably is resulting in hit_count still being None, with no values being populated

rulebase = panos.policies.Rulebase()
fw = ce.nodes["nat-gw1.iad.internal-domain"].interactor.obj
fw.add(rulebase)
rulebase.refresh()
for rule in rulebase.children:
    if isinstance(rule, panos.policies.SecurityRule):
        rule.opstate.hit_count.refresh()
        hit_count = rule.opstate.hit_count
        print(f"Hit count for rule '{rule.name}': {hit_count}")
Output:
Hit count for rule 'APP_FRONT_DEVOPS_UNTRUST_OUT': None
Hit count for rule 'DEVOPS_BASELINE_PING_UNTRUST': None
Hit count for rule 'DEVOPS_BASTION_DNS': None
Hit count for rule 'DEVOPS_BASELINE_YUM_NSS': None
Hit count for rule 'DEVOPS_BASELINE_YUM_NSS-EXEMPT': None
Hit count for rule 'DEVOPS_BASELINE_YUM_NSS-new': None
...

Suggested fix

The documentation at https://pan-os-python.readthedocs.io/en/latest/getting-started.html#the-opstate-namespace has a number of examples of making changes to opstate via objects, but I believe it may be missing a fundamental step about what needs to be done to refresh/fetch data from the firewall, for a simple use case such as getting security policy hit counters.

[FliesLikeABrick]

(As of now, we are still unable to figure out how to retrieve hit count data)

[FliesLikeABrick]

@shinmog would you or someone be able to help provide some direction on how I might get help with this? I'm happy to open doc PR(s) if I can get this functionality working to unblock our project

[FliesLikeABrick]

@btorresgil sorry to ping you directly, but this is a weird issue we are hung up on and I could use some kind of direction if you are able to weigh in

[rebelfish]

After rulebase.refresh(), try rulebase.opstate.hit_count.refresh("security"). Then something like the following should work:

for rule in rulebase.findall(SecurityRule):
    print(f"Hit count for rule '{rule.name}': {rule.opstate.hit_count.hit_count}")

[FliesLikeABrick]

That did work. Is there documentation in this repo or another repo that can be updated with some explanation? I genuinely would offer to open a PR for doc improvements, but do not have the knowledge or terminology to convey what the different refresh commands are doing and why they are both necessary

[rebelfish]

Other than Readthedocs.io, I know of no other documentation. I often find myself stuck trying to figure out the syntax and wish there was a way to publish the examples when I finally figure out something that isn't clearly documented.