Delete_similar() not working in 10.1.X

[rebelfish]

Describe the bug

A script using .delete_similar() worked against 9.1.X but was recently discovered to not be working against 10.1.7. The script has not changed. Only the PAN-OS upgrade.

Expected behavior

Cycling through a dict of DeviceGroups as keys and a list of SecurityRule objects as the value:

for dg in dictRules:
    dictRules[dg][0].delete_similar()

This would do an atomic delete per Device Group

Current behavior

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/panos/base.py", line 3878, in method
    super_method(self, *args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/pan/xapi.py", line 733, in delete
    self.__type_config('delete', query, extra_qs)
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/pan/xapi.py", line 805, in __type_config
    raise PanXapiError(self.status_detail)
pan.xapi.PanXapiError: The request could not be handled

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<pyshell#54>", line 2, in <module>
    dictDisabled[dg][0].delete_similar()
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/panos/base.py", line 1993, in delete_similar
    dev.xapi.delete(
  File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/panos/base.py", line 3899, in method
    raise the_exception
panos.errors.PanDeviceXapiError: The request could not be handled

Possible solution

Steps to reproduce

Screenshots

Context

This is part of an automation script that is used to disable a csv list of rules and then on a designated day of the month, the script is used to delete those rules if still disabled

Your Environment

Tested with multiple versions of lxml, pan-os-python, and pan-python (0.16.0, 0.17.0).

[scubar]

I am seeing this same issue on 10.1.10.

Reverting back to using the standard delete() on each rule still works, albeit it is much slower than using delete_similar().

[AnthoBalitrand]

This is not linked to pan-os-python but to PAN-OS itself.
After getting some feedback from the TAC, the bulk delete XML API calls have been removed voluntarily starting 10.X because of some wrong behaviour on some objects caches.
It seems it has been restored (PAN-179059) on the following releases :

• 10.0.10
• 10.1.5
• 10.2.2-h2

Tested on my side on 10.1.9, and it seems it's still not working... Trying to get more inputs.

[scubar]

I can confirm that .delete_simillar() works as expected on 10.2.4-h3.

[scubar]

delete_simillar has stopped working again on 10.2.5 and greater in the 10.x.x release train. It also does not work on 11.0.3.

[scubar]

I got this feedback from Palo Alto support.

"The support for XML API requests to delete multiple security policies at one shot by, passing the policy names separated by the 'or' operator in the x-path is no longer available."