search

PaloAltoNetworks / pan-os-ansible

Ansible collection for easy automation of Palo Alto Networks next generation firewalls and Panorama, in both physical and virtual form factors.
https://pan.dev/ansible/docs/panos
Apache License 2.0
209 stars 97 forks source link

Import Keypair for PAN-OS 10.1+ #399

Open jamesholland-uk opened 1 year ago

jamesholland-uk commented 1 year ago

Is your feature request related to a problem?

Importing a keypair from 10.1+ results in an error. Task:

    - name: Import certificate
      paloaltonetworks.panos.panos_import:
        provider: '{{ device }}'
        category: 'keypair'
        certificate_name: 'local-ca'
        format: 'pkcs12'
        filename: './local-ca.p12'
        passphrase: 'somethingSecret'

Error: fatal: [vmseries-10dot1]: FAILED! => {"changed": false, "msg": "<response status=\"error\"><msg><line>Import of certificate and private-key local-ca failed. private key doesn't exist for csr</line></msg></response>"}

It looks like the XML schema changed in 10.1, and <keypair> is now <key>. GUI debug from 10.0 and 10.1 compared: pan-os-10 1-onwards-xml-change-import-keypair

Describe the solution you'd like

Accommodate all current supported version of PAN-OS for importing certificate keypairs.

Describe alternatives you've considered

N/A

Additional context

N/A

benjamin-rousseau-shift commented 1 year ago

have you found a workaround for that ?