Closed leighllew closed 1 year ago
:tada: Thanks for opening your first issue here! Welcome to the community!
Thanks for reporting this Leigh. I can see a diff in the XML from 10.1 to 10.2, the PAN-OS upgrade in scope:
diff 10.1.6-config.xml 10.2.3-config.xml
2c2
< <config version="10.1.0" urldb="paloaltonetworks" detail-version="10.1.6">
---
> <config version="10.2.0" urldb="paloaltonetworks" detail-version="10.2.3">
156c156,160
< <ssl-inbound-inspection>test-tls-cert</ssl-inbound-inspection>
---
> <ssl-inbound-inspection>
> <certificates>
> <member>test-tls-cert</member>
> </certificates>
> </ssl-inbound-inspection>
This XML change looks like it was introduced for this feature, which makes sense. We'll need to handle this in the provider as an enhancement.
Fixed by v1.11.1
We're getting an error stating the ssl-inbound-inspection type is invalid. Running latest Terraform Provider 1.11.0
Error: inbound-decrypt-web-xx-xxxx-com -> type -> ssl-inbound-inspection unexpected here | inbound-decrypt-web-xx-xxxx-com -> type -> ssl-inbound-inspection is unexpected | inbound-decrypt-web-xx-xxxx-com -> type is invalid
Example of the Terraform Code
resource "panos_decryption_rule_group" "inbound" {
rulebase = "post-rulebase" position_keyword = "top" device_group = local.device_group
rule { name = "inbound-decrypt-${each.value.name}" description = "Created in terraform." source_zones = [ "Untrust" ] source_users = [ "any" ] source_addresses = [ "any" ] destination_zones = [ "Transit" ] destination_addresses = [ panos_panorama_address_object.ingress_public[0].name ] services = ["any"] url_categories = compact(flatten([ each.value.name, [ for key, val in local.map_waf_listeners : val.name if val.redirect == each.key ] ])) action = "decrypt" decryption_type = "ssl-inbound-inspection" ssl_certificate = each.value.name decryption_profile = "azure-default" log_failed_tls_handshakes = var.firewall_rule_log_failed_tls_handshakes }