search

PaloAltoNetworks / terraform-provider-panos

Terraform Panos provider
https://www.terraform.io/docs/providers/panos/
MIT License
89 stars 73 forks source link

log_setting receiving an error with "default" value #258

Open jontreynes opened 3 years ago

jontreynes commented 3 years ago

Describe the bug

Using

# Configure base security rules
resource "panos_security_policy" "security_rule" {
  provider   = panos.default
  depends_on = [panos_address_object.addresses, null_resource.allowed_urls]
  # set rulebase security rules azure_lb_healthprobe to Inside
  # set rulebase security rules azure_lb_healthprobe from Inside
  # set rulebase security rules azure_lb_healthprobe source azure_lb_probe
  # set rulebase security rules azure_lb_healthprobe destination egress_inside_cidr
  # set rulebase security rules azure_lb_healthprobe source-user any
  # set rulebase security rules azure_lb_healthprobe category any
  # set rulebase security rules azure_lb_healthprobe application any
  # set rulebase security rules azure_lb_healthprobe service application-default
  # set rulebase security rules azure_lb_healthprobe hip-profiles any
  # set rulebase security rules azure_lb_healthprobe action allow
  # set rulebase security rules azure_lb_healthprobe log-end no
  # set rulebase security rules azure_lb_healthprobe rule-type intrazone

  rule {
    name                  = "azure_lb_healthprobe"
    type                  = "intrazone"
    source_zones          = [panos_zone.zone_in.name]
    source_addresses      = ["azure_lb_probe"]
    source_users          = ["any"]
    hip_profiles          = ["any"]
    destination_zones     = [panos_zone.zone_in.name]
    destination_addresses = ["egress_inside_cidr"]
    applications          = ["any"]
    services              = ["application-default"]
    categories            = ["any"]
    action                = "allow"
    log_end               = false
  }

  # set rulebase security rules paloalto_updates to Outside
  # set rulebase security rules paloalto_updates from Inside
  # set rulebase security rules paloalto_updates source egress_mgmt_cidr
  # set rulebase security rules paloalto_updates destination any
  # set rulebase security rules paloalto_updates source-user any
  # set rulebase security rules paloalto_updates category any
  # set rulebase security rules paloalto_updates application paloalto-updates
  # set rulebase security rules paloalto_updates service application-default
  # set rulebase security rules paloalto_updates hip-profiles any
  # set rulebase security rules paloalto_updates action allow
  # set rulebase security rules paloalto_updates rule-type interzone
  # set rulebase security rules paloalto_updates log-setting default

  rule {
    name                  = "paloalto_updates"
    type                  = "interzone"
    source_zones          = [panos_zone.zone_out.name]
    source_addresses      = ["egress_mgmt_cidr"]
    source_users          = ["any"]
    hip_profiles          = ["any"]
    destination_zones     = [panos_zone.zone_in.name]
    destination_addresses = ["any"]
    applications          = ["paloalto-updates"]
    services              = ["application-default"]
    categories            = ["any"]
    action                = "allow"
    log_setting           = "default"
  }
  # set rulebase security rules allowed_urls to Outside
  # set rulebase security rules allowed_urls from Inside
  # set rulebase security rules allowed_urls source vnet_cidr
  # set rulebase security rules allowed_urls destination any
  # set rulebase security rules allowed_urls source-user any
  # set rulebase security rules allowed_urls category allowed_urls
  # set rulebase security rules allowed_urls application any
  # set rulebase security rules allowed_urls service application-default
  # set rulebase security rules allowed_urls hip-profiles any
  # set rulebase security rules allowed_urls action allow
  # set rulebase security rules allowed_urls rule-type interzone
  # set rulebase security rules allowed_urls log-setting default
  rule {
    name                  = "allowed_urls"
    type                  = "interzone"
    source_zones          = [panos_zone.zone_in.name]
    source_addresses      = ["vnet_cidr"]
    source_users          = ["any"]
    hip_profiles          = ["any"]
    destination_zones     = [panos_zone.zone_out.name]
    destination_addresses = ["any"]
    applications          = ["any"]
    services              = ["application-default"]
    categories            = ["allowed_urls"]
    action                = "allow"
    log_setting           = "default"
  }
  # set rulebase security rules jumphost_allow to Outside
  # set rulebase security rules jumphost_allow from Inside
  # set rulebase security rules jumphost_allow source jumphost_cidr
  # set rulebase security rules jumphost_allow destination any
  # set rulebase security rules jumphost_allow source-user any
  # set rulebase security rules jumphost_allow category any
  # set rulebase security rules jumphost_allow application any
  # set rulebase security rules jumphost_allow service any
  # set rulebase security rules jumphost_allow hip-profiles any
  # set rulebase security rules jumphost_allow action allow
  # set rulebase security rules jumphost_allow rule-type interzone
  # set rulebase security rules jumphost_allow log-setting default
  rule {
    name                  = "jumphost_allow"
    type                  = "interzone"
    source_zones          = [panos_zone.zone_in.name]
    source_addresses      = ["jumphost_cidr"]
    source_users          = ["any"]
    hip_profiles          = ["any"]
    destination_zones     = [panos_zone.zone_out.name]
    destination_addresses = ["any"]
    applications          = ["any"]
    services              = ["any"]
    categories            = ["any"]
    action                = "allow"
    log_setting           = "default"
  }
}

I am receiving an error that log_setting "default" is not an allowed value

jontreynes commented 3 years ago

Update: I just ran it a second time and it passed just fine.. Not sure why