search

PaloAltoNetworks / terraform-provider-panos

Terraform Panos provider
https://www.terraform.io/docs/providers/panos/
MIT License
89 stars 73 forks source link

Terraform Destroy failed on panos_security_rule_group having more than one rules #370

Closed Htanto closed 1 year ago

Htanto commented 1 year ago

Describe the bug

Trying to do terraform destroy on multiple rules that has been applied using panos_security_rule_group

Expected behavior

It should have been able to destroy the rule group

Current behavior

The destroy in terraform failed, with request cannot be handled error from Terraform

Steps to reproduce

https://paloaltonetworks.github.io/terraform-iac-lab/02-configure/configure.html creation of rule set is based on this link, try to create 2 sets of rules and 2 sets of nat rules, creation will succeed but when trying deletion it returns error

code example : `resource "panos_panorama_security_rule_group" "Business_rules" { device_group = var.device_group vsys = var.device_group rule { name = "ANY1" source_zones = ["any"] source_addresses = ["any"] source_users = ["any"] destination_zones = ["any"] destination_addresses = ["any"] applications = ["any"] services = ["any"] categories = ["any"] action = "allow" }

rule { name = "ANYHOW" source_zones = ["any"] source_addresses = ["any"] source_users = ["any"] destination_zones = ["any"] destination_addresses = ["any"] applications = ["any"] services = ["any"] categories = ["any"] action = "allow"

resource "panos_panorama_nat_rule_group" "Business_NAT" { device_group = var.device_group rule { name = "nat_buss_out" original_packet { source_zones = ["any"] destination_zone = var.zone_pb_outside destination_interface = "any" source_addresses = ["ip_192.168.100.10"] destination_addresses = ["ip_192.168.10.30"] service = "service-https" } translated_packet { source {} destination {} } } rule { name = "nat_buss_in" original_packet { source_zones = ["any"] destination_zone = var.zone_pb_inside destination_interface = "any" source_addresses = ["ip_192.168.10.30"] destination_addresses = ["ip_192.168.100.10"] service = "service-https" } translated_packet { source {} destination {} } } } }`

Screenshots

image

Context

Trying to automate application +firewall with IaC

Your Environment

Panorama : 10.1.8-h2 TFCB : Terraform v.1.3.3 on linux_amd64 Pano Provider : v1.11.0

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

shinmog commented 1 year ago

Fixed by v1.11.1