search

PaloAltoNetworks / terraform-provider-panos

Terraform Panos provider
https://www.terraform.io/docs/providers/panos/
MIT License
89 stars 71 forks source link

panos_security_policy first apply deploy rules but second apply delete rules from panorama 10.2.8 #443

Open Pr1meSuspec7 opened 3 months ago

Pr1meSuspec7 commented 3 months ago

Describe the bug

First time you run "terraform apply" the rules are deployed. If you run again without changes on script terraform deletes the rules.

Expected behavior

On the second run Terraform should return "Nothing to change" because the rule is in the tfstate file.

Current behavior

On the second run Terraform returns "X to change" but it deletes the rules.

Steps to reproduce

# rules.tf
resource "panos_security_policy" "google_dns" {
    device_group = "pan-lab"
    rule {
        name = "google_dns"
        audit_comment = ""
        source_zones = ["CC-VLAN", "SEC-84"]
        source_addresses = ["any"]
        source_users = ["any"]
        destination_zones = ["untrust"]
        destination_addresses = ["google_dns"]
        applications = ["dns"]
        services = ["application-default"]
        categories = ["any"]
        action = "allow"
    }

    lifecycle {
        create_before_destroy = true
    }
}

# objects.tf
resource "panos_address_object" "google_dns_1" {
  name         = "google_dns_1"
  value        = "8.8.8.8"
  description  = ""
  type         = "ip-netmask"
  device_group = "pan-lab"

  lifecycle {
    create_before_destroy = true
  }
}

resource "panos_address_object" "google_dns_2" {
  name         = "google_dns_2"
  value        = "4.4.4.4"
  description  = ""
  type         = "ip-netmask"
  device_group = "pan-lab"

  lifecycle {
    create_before_destroy = true
  }
}

resource "panos_panorama_address_group" "google_dns" {
    name = "google_dns"
    description = ""
    device_group = "pan-lab"
    static_addresses = [
        panos_address_object.google_dns_1.name,
        panos_address_object.google_dns_2.name,
    ]

    lifecycle {
        create_before_destroy = true
    }
}
  1. Run terraform apply to deploy rules for the first time
  2. Run again terraform apply without touch any files
  3. TF returns "Plan: 0 to add, 1 to change, 0 to destroy."

Your Environment

Pr1meSuspec7 commented 3 months ago

Hi team, any update?

Thanks a lot Marco