search

CiscoDevNet / terraform-provider-sdwan

Terraform Cisco SD-WAN Provider
https://registry.terraform.io/providers/CiscoDevNet/sdwan
Mozilla Public License 2.0
17 stars 11 forks source link

Unable to create Policy | zone_based_fw_policy_definition #275

Closed rrahimm closed 3 weeks ago

rrahimm commented 3 weeks ago

We are unable to create a fully fit policy using zone_based_fw_policy_definition

when we use zone_based_fw_policy_definition to create a policy, only the name and description come in the UI.

The rules, zone_pairs, default_action etc., doesn't populate.

image

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.sdwan.sdwan_zone_based_fw_policy_definition.example will be created
  + resource "sdwan_zone_based_fw_policy_definition" "example" {
      + apply_zone_pairs = [
          + {
              + destination_zone = "e1c1758b-07d5-4a1a-ac1b-0e5720dfdf90"
              + source_zone      = "self"
            },
        ]
      + default_action   = "pass"
      + description      = "My description"
      + id               = (known after apply)
      + mode             = "security"
      + name             = "Example"
      + rules            = [
          + {
              + action_entries = [
                  + {
                      + type = "log"
                    },
                ]
              + base_action    = "inspect"
              + match_entries  = [
                  + {
                      + type  = "sourceGeoLocation"
                      + value = "AGO"
                    },
                ]
              + rule_name      = "RULE_1"
              + rule_order     = 1
            },
        ]
      + version          = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.
module.sdwan.sdwan_zone_based_fw_policy_definition.example: Creating...
module.sdwan.sdwan_zone_based_fw_policy_definition.example: Creation complete after 4s [id=82cd9875-7af8-453b-a1ff-54df8bcf9996]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
rrahimm commented 3 weeks ago

Audit Logs when creating policy from GUI

{
  "name": "TEST_MANUAL1",
  "type": "zoneBasedFW",
  "description": "TEST",
  "definition": {
    "defaultAction": {
      "type": "drop"
    },
    "sequences": [
      {
        "sequenceId": 1,
        "sequenceName": "Rule_1",
        "baseAction": "inspect",
        "sequenceType": "zoneBasedFW",
        "match": {
          "entries": [
            {
              "field": "sourceDataPrefixList",
              "ref": "a3296f92-21ad-42f6-8d7b-d519b855a9f8"
            }
          ]
        },
        "actions": []
      }
    ],
    "entries": [
      {
        "sourceZone": "self",
        "destinationZone": "25808b61-7596-4f68-97de-546b172d4796"
      }
    ]
  },
  "mode": "security",
  "optimized": "false"
}
rrahimm commented 3 weeks ago

Audit logs when creating policy through Terraform Provider zone_based_fw_policy_definition

Note the additional definition keyword after sequences.

{
  "type": "zoneBasedFW",
  "name": "Example",
  "description": "My description",
  "mode": "security",
  "definition": {
    "entries": [
      {
        "sourceZone": "self",
        "destinationZone": "e1c1758b-07d5-4a1a-ac1b-0e5720dfdf90"
      }
    ],
    "defaultAction": {
      "type": "pass"
    },
    "sequences": [
      {
        "sequenceId": 1,
        "sequenceName": "RULE_1",
        "baseAction": "inspect",
        "sequenceType": "zoneBasedFW",
        "definition": {
          "match": {
            "entries": [
              {
                "field": "sourceGeoLocation",
                "value": "AGO"
              }
            ]
          },
          "actions": [
            {
              "type": "log"
            }
          ]
        }
      }
    ]
  }
}
danischm commented 3 weeks ago

Fixed in v0.3.10.