search

PaloAltoNetworks / terraform-provider-prismacloud

Terraform PrismaCloud provider
https://www.terraform.io/docs/providers/prismacloud/
Mozilla Public License 2.0
54 stars 65 forks source link

Cannot create scheduled compliance report #254

Closed Entr04y closed 1 year ago

Entr04y commented 1 year ago

Describe the bug

When creating a schedule compliance report with the below code an error is generated. If the schedule parameter is removed, the report is created as a one-time report without error.

A second issue is that if the compliance standard doesn't have any rule defined, terraform responds with the following: Error: 400/https://api4.prismacloud.io/report Error(msg:invalid_parameter_value severity:error subject:type) This creates a dependency problem between the report and the compliance standard as you can't assign rules to a compliance standard at creation.

Expected behavior

A scheduled report should be created

Current behavior

an error message is returned: Error: 400/https://api4.prismacloud.io/report Error(msg:bad_request severity:error subject:time)

Possible solution

N/A

Steps to reproduce

NOTE: the RRULE in the schedule parameter below is cut and pasted from the API output of a get rules call of another report.

resource "prismacloud_compliance_standard" "test" { name = "Test Assessment" description = "Compliance basis for testing" }

resource "prismacloud_report" "test2" { name = "Test2 Report" report_type = prismacloud_compliance_standard.test.name cloud_type = "aws" target{ account_groups = [data.prismacloud_account_group.default_group.group_id] schedule_enabled = true schedule = "DTSTART;TZID=America/New_York:20230801T000000\nINTERVAL=1;FREQ=DAILY;BYHOUR=12;BYMINUTE=0;BYSECOND=0"

  time_range {
      relative {
          unit = "hour"
          amount = 24
      }
  }
}

}

Context

I'm trying to develop a custom compliance framework that can be easily deployed with scheduled reports

Also, documentation or examples of the format of RRULE that the schedule parameter is expecting would be helpful, rather that the documentation simply stating "in RRULE format"

Your Environment

MacOS Ventura Terraform v1.5.4 prismacloud provider version v1.4.7

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!

AnushreeHS commented 1 year ago

@Entr04y Thanks for opening the issue. After looking into the matter, we've determined that generating a report requires a compliance standard to have defined requirements, sections, and mapped rules or policies. It seems that the error message you encountered ("Error(msg:invalid_parameter_value severity: error subject: type)") occurred because you attempted to create a report using only a newly established compliance standard. Additionally, there seems to be an issue with how "time_range" is being used. The accurate usage should be "to_now" instead.
Could you kindly implement the changes and then verify if these adjustments successfully address the issue?