search

CheckPointSW / terraform-provider-checkpoint

Terraform provider for Check Point
https://www.terraform.io/docs/providers/checkpoint/
Mozilla Public License 2.0
28 stars 40 forks source link

Impossible to add threat-exception to exception-group because of required layer #131

Closed neinkob15 closed 1 year ago

neinkob15 commented 2 years ago

I am currently trying to add a resource of type threat-exception and link that to a exception-group (using its 'exception_group_name' attribute).

This is the relevant Terraform code I'm using:

resource checkpoint_management_exception_group gr1 {
    apply_on = "manually-select-threat-rules"
    comments = "abc123"
    ignore_errors = true
    ignore_warnings = true
    name = "my custom exception group"
}

resource checkpoint_management_threat_exception ex1 {
    name = "Test Exception"
    layer = "Terraform_gbl Threat Prevention"
    position = {
        top = "top"
    }
    exception_group_name = checkpoint_management_exception_group.gr1.name
}

This code will produce the following error on 'terraform apply':

checkpoint_management_threat_exception.ex1: Creating...
╷
│ Error: failed to execute API call
│ Status: 400 Bad Request
│ Code: generic_err_invalid_parameter
│ Message: layer can't be used with exception-group-name or exception-group-uid
│
│   with checkpoint_management_threat_exception.ex1,
│   on main.tf line 29, in resource "checkpoint_management_threat_exception" "ex1":
│   29: resource checkpoint_management_threat_exception ex1 {

If I omit the layer-attribute in the exception, it results in Terraform complaining of a missing required attribute:

│ Error: Missing required argument
│ 
│   on main.tf line 29, in resource "checkpoint_management_threat_exception" "ex1":
│   29: resource checkpoint_management_threat_exception ex1 {
│ 
│ The argument "layer" is required, but no definition was found.

So currently there is no way to create a threat-exception and linking it to a exception-group or am I missing something? I think this could be solved by simply removing the required-flag from the layer attribute.

I would be happy about a fix :)

chkp-edenbr commented 2 years ago

Thanks for notifying us, it will be fixed in the next release.

chkp-royl commented 1 year ago

Hi @neinkob15 , We fixed this issue in provider version 2.3.0. Please upgrade version and let us know if you still have any problem.

Regards, Roy