The results of Bind/Unbind need to be explicitly pushed to the managed devices

[dmitryintel]

Description

Upon binding/unbinding a security group from OSC, with at least one protected VM, results of that operation are not propagated to the managed PAN Firewalls.

Expected Behavior

Newly created addresses (with correct tags) should appear(or disappear if unbind) under all the managed firewalls, not just Panorama.

Actual Behavior

Steps to Reproduce

1. With the Panorama plugin and Nuage, create a Security Group with at least one protected VM. Panorama needs to have at least one managed PAN firewall!
2. Bind the security group (in OSC).
3. Go to Panorama. Under Objects>Addresses, observe the correct Address objects with the correct tags created. There should be a SG and Policy tag.
4. Go to the managed Firewall Web UI. Under Objects>Addresses, the same address objects should appear. They do not.
5. The address objects appear on the firewall, after we commit and push to devices (from Panorama).
6. Go back to OSC and unbind the security group.
7. Again, observe that this action is reflected under Objects>Addresses in Panorama, but not in the firewall.

Additional Information

Environment

• OSC Version/Build: 1.0.0
• Cloud Provider Info:
• Plugin Info: OSC Pan Plugin 1.0.0
• Other:

Status

• Reproduced
• In Progress
• Validated => Verified in Version/Build:

[dmitryintel]

It appears one needs to change either PANManagerSecurityGroupInterfaceApi code, or (better) PanoramaApiClient configCommit(). This is a matter of figuring out the right API call (if exists) and adding it to the code.