search

PaloAltoNetworks / terraform-provider-scm

The Terraform provider for Strata Cloud Manager
Apache License 2.0
7 stars 2 forks source link

scm_anti_spyware_profile, rules.threat_name can not be null or any #16

Open UmarA opened 5 months ago

UmarA commented 5 months ago

Describe the bug

When creating the rules for scm_anti_spyware_profile the attribute threat_name can not be set to "any" or "null". There is a validation in place for string length > 4 charachters.

Expected behavior

Should allow following rule:

 rules = [ 
    { name = "simple-critical"
      action = { reset_both = true } 
      category = "any"
      packet_capture = "single-packet"
      severities = ["critical"]
      threat_name    = "any"
    },
 ]

Current behavior

Terraform error: Error: Provider produced inconsistent result after apply │ │ When applying changes to scm_anti_spyware_profile.bt_default_spyware, provider "provider[\"registry.terraform.io/paloaltonetworks/scm\"]" produced an unexpected new value: .rules[0].threat_name: was │ null, but now cty.StringVal("any"). │ │ This is a bug in the provider, which should be reported in the provider's own issue tracker. ╵

Possible solution

Allow threat_name to be set to "any"

Steps to reproduce

  1. Create a resource: 
    resource "scm_anti_spyware_profile" "example" {
name = "test_scm_spyware"
folder = "Prisma Access"
rules = [ 
{ name = "simple-critical"
  action = { reset_both = true } 
  category = "any"
  packet_capture = "single-packet"
  severities = ["critical"]
  threat_name    = "any"
},
]
}

Context

I am creating scm_anti_spyware_profile by looking up "best-practice" and replicating the rules.

Your Environment

Terraform v1.7.4 on linux_amd64