search

PaloAltoNetworks / terraform-provider-panos

Terraform Panos provider
https://www.terraform.io/docs/providers/panos/
Mozilla Public License 2.0
87 stars 69 forks source link

panos_pbf_rule_group deployment fails #397

Open sumancs099 opened 11 months ago

sumancs099 commented 11 months ago

Describe the bug

created by google.golang.org/grpc.(*Server).serveStreams.func1 google.golang.org/grpc@v1.32.0/server.go:857 +0x294

Error: The terraform-provider-panos_v1.11.1 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely helpful if you could report the crash with the plugin's maintainers so that it can be fixed. The output above should help diagnose the issue.

╷ │ Error: Plugin did not respond │ │ with module.Policy_Based_Forwarding["Test_2023"].panos_pbf_rule_group.this, │ on modules/panorama/pbf_rules/main.tf line 1, in resource "panos_pbf_rule_group" "this": │ 1: resource "panos_pbf_rule_group" "this" { │ │ The plugin encountered an error, and failed to respond to the │ plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may │ contain more details. ╵ [Pipeline] } [Pipeline] // withCredentials [Pipeline] } [Pipeline] // script [Pipeline] } [Pipeline] // dir [Pipeline] } [Pipeline] // stage [Pipeline] stage [Pipeline] { (Panorama Commit and Push) Stage "Panorama Commit and Push" skipped due to earlier failure(s) [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // timeout [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // container [Pipeline] } [Pipeline] // withEnv [Pipeline] } [Pipeline] // node [Pipeline] } [Pipeline] // podTemplate [Pipeline] End of Pipeline ERROR: script returned exit code 1

GitHub has been notified of this commit’s build result

Finished: FAILURE

Expected behavior

I am running the PBF module and while applying it is showing the above error. But the error is not coming in PLAN.

YAML File :

Test: name: my-pbf description: "TEST" tags: "UNUSED" audit_comment: "second nat" source: zones: ["trust"] addresses: ["10.50.50.50"] users: ["any"] negate: "true" destination: addresses: ["10.80.80.80"] applications: ["any"] services: ["application-default"] forwarding: action : "discard"

Your Environment

resource "panos_pbf_rule_group" "this" {

device_group = var.device_group

position_keyword = "bottom"

position_reference = try(each.value.position_reference, null)

dynamic "rule" {

for_each = var.pbf_rules
content {

  audit_comment = rule.value["audit_comment"]
  name          = rule.value["name"]
  description   = try(rule.value.description, null)
  #tags          = try(rule.value.tags, null)
  source {

    addresses = try(rule.value.source.addresses, null)
    zones     = try(rule.value.source.zones, null)
    users     = try(rule.value.source.users, null)
    #negate    = try(rule.value.source.negate, false)
  }
  destination {
    addresses    = try(rule.value.destination.addresses, ["any"])
    applications = try(rule.value.destination.applications, ["any"])
    services     = try(rule.value.destination.services, "application-default")
  }
  forwarding {
    action = try(rule.value.forwarding.action, "discard")
  }
}

}

lifecycle { create_before_destroy = true }

}

terraform { required_version = "1.0.3" required_providers { panos = { source = "paloaltonetworks/panos" version = "1.11.1" } vault = { source = "hashicorp/vault" version = "3.8.2" } } }

welcome-to-palo-alto-networks[bot] commented 11 months ago

:tada: Thanks for opening your first issue here! Welcome to the community!

shinmog commented 11 months ago

The actual error isn't included in this github issue, possibly because this is wrapped in a module..? Could you please give a plan file that doesn't use a module and the full error?

Also, please mention which version of PAN-OS you're using.

sumancs099 commented 10 months ago

Thank you Shinmog!

possibly because this is wrapped in a module..? >> Yes , This is through a module. Could you please give a plan file that doesn't use a module and the full error? >> Sure , I can regenearate this without module and send you the error.

I was using a test Device group envirnment before putting those rules into an actual Firewall. Though we have 9.0 , 10.1.8.h2 Pan OS running .