PaloAltoNetworks / terraform-aws-swfw-modules

Terraform Reusable Modules for Software Firewalls on AWS
https://registry.terraform.io/modules/PaloAltoNetworks/swfw-modules/aws
MIT License
14 stars 11 forks source link

[Bug Report] ASG Delicense still requires manual commit in panorama #4

Closed jschelfh-be closed 4 months ago

jschelfh-be commented 12 months ago

Describe the bug

Using ASG automatic de-license option from panorama is working nicely when scaling-in. However it still requires a manual commit in panorama. We have pipelines to push rules to panorama -> firewalls, but the de-license caused the pipeline to fail on the commitAll to the FWs.

Is it possible to include the commit as well ? (the scope of the commit can be limited to the user that is used to connect to panorama specified in the SSM Parameter: /paloalto/vmseries-asg/delicense)

Module Version

1.0.9

Terraform version

1.6.2

Expected behavior

complete automation of delicensing

Current behavior

requires manual commit

Anything else to add?

No response

migara commented 10 months ago

After issuing the delicensing request via the plugin, maybe we can query the Panorama device list to verify the removal of the device serial number from Panorama before proceeding with the commit operation.

migara commented 7 months ago

@seanyoungberg any thoughts on this? Is this something we should take care of?

migara commented 4 months ago

The recommendation is to handle this behaviour outside of these modules (i.e. a different step/stage of the CI/CD pipeline)

Closing this for the time being