fix: Fixed partial candidate config owner overwrite

[crytectobi]

Description

Fix partial candidate owner overwrite with paloaltonetworks.panos.panos_security_rule

Motivation and Context

Fixes PaloAltoNetworks/pan-os-ansible#642
Changes of #609 are implemented as well

How Has This Been Tested?

Tested with python3 -m pytest tests/test_base.py and

python3 -c "
import sys
sys.path.insert(0, '.')
import panos.objects as obj
import panos.firewall as fw

# Create a firewall stub and an address object
from unittest import mock

# Test element_str_inner on an AddressObject (SUFFIX=ENTRY)
from panos.objects import AddressObject
a = AddressObject('test-host', value='10.0.0.1', type='ip-netmask', description='test')
print('element_str:', a.element_str())
print()
print('element_str_inner:', a.element_str_inner())
"

Additionally this was tested in a real Ansible playbook with the example results below.

Examples

Before fix, first manual firwall rule change on PAN-OS GUI:

admin@de-fr2-cts-branch-fw01(active)> show config list changes


xpath: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='partial test']
owner: svc_ansible_network
action:  CREATE MOVE
other admins:svc_ansible_network
dirty id:40
prev dirty id:0
replaydbIds:2232 2231

After applying security policies with paloaltonetworks.panos.panos_security_rule via Ansible:

admin@de-fr2-cts-branch-fw01(active)> show config list changes


xpath: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules
owner: tblachetta
action:  EDIT
other admins:tblachetta
dirty id:40
prev dirty id:0
replaydbIds:2233 2232 2231

The candidate config from two administrators got merged together, and could only be commited together.

Fixed code results in:

admin@de-fr2-cts-branch-fw01(active)> show config list changes

xpath: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='test partial']
owner: svc_ansible_network
action:  CREATE MOVE
other admins:svc_ansible_network
dirty id:44
prev dirty id:0
replaydbIds:2249 2248

xpath: /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='ssl_2_KINVO_K8S_CAPI_STG_AD']
owner: tblachetta
action:  CREATE
other admins:tblachetta
dirty id:44
prev dirty id:0
replaydbIds:2250

Types of changes

• Bug fix (non-breaking change which fixes an issue)

Checklist

• [ x] I have updated the documentation accordingly.
• [x ] I have read the CONTRIBUTING document.
• [x ] I have added tests to cover my changes if appropriate.
• [x ] All new and existing tests passed.