bsimonWallix
commented
3 months ago Hello,
Investigating it.
Closed FranckSallet closed 2 months ago
bsimonWallix
commented
3 months ago Hello,
Investigating it.
bsimonWallix
commented
3 months ago Hi @FranckSallet,
I wasn't able to reproduce it.
Can you share a code sample failing ?
My testing code:
# Configure a connection policy
resource "wallix-bastion_connection_policy" "pol" {
connection_policy_name = "example"
authentication_methods = [
"PASSWORD_VAULT",
"PASSWORD_MAPPING",
"PASSWORD_INTERACTIVE"
]
protocol = "RDP"
options = jsonencode({
"general" : {
"transformation_rule" : "",
"vault_transformation_rule" : ""
},
"session" : {
"inactivity_timeout" : 0
},
"all_target_mod" : {
"tcp_user_timeout" : 0
},
"rdp" : {
"disabled_orders" : "",
"enable_nla" : true,
"enable_kerberos" : false,
"tls_min_level" : 0,
"tls_max_level" : 0,
"cipher_string" : "ALL",
"show_common_cipher_list" : false,
"allowed_dynamic_channels" : "*",
"denied_dynamic_channels" : "",
"server_redirection" : false,
"load_balance_info" : "",
"use_client_provided_alternate_shell" : false,
"use_client_provided_remoteapp" : false,
"use_native_remoteapp_capability" : true,
"enable_rdpdr_data_analysis" : true,
"wabam_uses_translated_remoteapp" : false,
"enable_remotefx" : false,
"enable_restricted_admin_mode" : false,
"force_smartcard_authentication" : false,
"enable_ipv6" : true,
"mode_console" : "allow",
"auto_reconnection_on_losing_target_link" : false,
"allow_session_reconnection_by_shortcut" : false,
"session_reconnection_delay" : 0,
"forward_client_build_number" : true,
"bogus_monitor_layout_treatment" : false,
"krb_armoring_account" : "",
"krb_armoring_realm" : "",
"krb_armoring_fallback_user" : "",
"krb_armoring_fallback_password" : "",
"remote_programs_disconnect_message_delay" : 3000,
"use_session_probe_to_launch_remote_program" : true,
"replace_null_pointer_by_default_pointer" : false
},
"session_probe" : {
"enable_session_probe" : true,
"use_smart_launcher" : true,
"enable_launch_mask" : true,
"on_launch_failure" : "1",
"launch_timeout" : 40000,
"launch_fallback_timeout" : 40000,
"start_launch_timeout_timer_only_after_logon" : true,
"keepalive_timeout" : 5000,
"on_keepalive_timeout" : "1",
"end_disconnected_session" : false,
"enable_log" : false,
"enable_log_rotation" : false,
"log_level" : "5",
"disconnected_application_limit" : 0,
"disconnected_session_limit" : 0,
"idle_session_limit" : 0,
"smart_launcher_clipboard_initialization_delay" : 2000,
"smart_launcher_start_delay" : 0,
"smart_launcher_long_delay" : 500,
"smart_launcher_short_delay" : 50,
"smart_launcher_enable_wabam_affinity" : true,
"launcher_abort_delay" : 2000,
"enable_crash_dump" : false,
"handle_usage_limit" : 0,
"memory_usage_limit" : 0,
"cpu_usage_alarm_threshold" : 0,
"cpu_usage_alarm_action" : "0",
"end_of_session_check_delay_time" : 0,
"ignore_ui_less_processes_during_end_of_session_check" : true,
"childless_window_as_unidentified_input_field" : true,
"update_disabled_features" : true,
"disabled_features" : 352,
"enable_bestsafe_interaction" : false,
"on_account_manipulation" : "0",
"alternate_directory_environment_variable" : "",
"public_session" : false,
"outbound_connection_monitoring_rules" : "",
"process_monitoring_rules" : "",
"extra_system_processes" : "",
"windows_of_these_applications_as_unidentified_input_field" : "",
"process_command_line_retrieve_method" : "2",
"periodic_task_run_interval" : 500,
"pause_if_session_is_disconnected" : false
},
"server_cert" : {
"server_cert_store" : true,
"server_cert_check" : "1",
"server_access_allowed_message" : 1,
"server_cert_create_message" : 1,
"server_cert_success_message" : 1,
"server_cert_failure_message" : 1
},
"session_log" : {
"keyboard_input_masking_level" : "2"
},
"video" : {
"disable_keyboard_log" : 0
},
"file_verification" : {
"enable_up" : false,
"enable_down" : false,
"clipboard_text_up" : false,
"clipboard_text_down" : false,
"block_invalid_file_up" : false,
"block_invalid_file_down" : false,
"log_if_accepted" : true,
"max_file_size_rejected" : 256
},
"file_storage" : {
"store_file" : "never"
}
})
}
FranckSallet
commented
3 months ago My code:
resource "wallix-bastion_connection_policy" "RDP" {
authentication_methods = [
"PASSWORD_INTERACTIVE",
"PASSWORD_MAPPING",
"PASSWORD_VAULT",
]
connection_policy_name = "RDP"
description = var.default_description
options = jsonencode(
{
all_target_mod = {
tcp_user_timeout = 0
}
file_storage = {
store_file = "never"
}
file_verification = {
block_invalid_file_down = false
block_invalid_file_up = false
clipboard_text_down = false
clipboard_text_up = false
enable_down = false
enable_up = false
log_if_accepted = true
max_file_size_rejected = 256
}
general = {
transformation_rule = ""
vault_transformation_rule = ""
}
rdp = {
allow_session_reconnection_by_shortcut = false
allowed_dynamic_channels = "*"
auto_reconnection_on_losing_target_link = false
bogus_monitor_layout_treatment = false
cipher_string = "ALL"
denied_dynamic_channels = ""
disabled_orders = ""
enable_ipv6 = true
enable_kerberos = false
enable_nla = true
enable_rdpdr_data_analysis = true
enable_remotefx = false
enable_restricted_admin_mode = false
force_smartcard_authentication = false
forward_client_build_number = true
krb_armoring_account = ""
krb_armoring_fallback_password = ""
krb_armoring_fallback_user = ""
krb_armoring_realm = ""
load_balance_info = ""
mode_console = "allow"
remote_programs_disconnect_message_delay = 3000
replace_null_pointer_by_default_pointer = false
server_redirection = false
session_reconnection_delay = 0
show_common_cipher_list = false
tls_max_level = 0
tls_min_level = 0
use_client_provided_alternate_shell = false
use_client_provided_remoteapp = false
use_native_remoteapp_capability = true
use_session_probe_to_launch_remote_program = true
wabam_uses_translated_remoteapp = false
}
server_cert = {
server_access_allowed_message = 1
server_cert_check = "3"
server_cert_create_message = 1
server_cert_failure_message = 1
server_cert_store = false
server_cert_success_message = 1
}
session = {
inactivity_timeout = 0
}
session_log = {
keyboard_input_masking_level = "2"
}
session_probe = {
alternate_directory_environment_variable = ""
childless_window_as_unidentified_input_field = true
cpu_usage_alarm_action = "0"
cpu_usage_alarm_threshold = 0
disabled_features = "0x60"
disconnected_application_limit = 0
disconnected_session_limit = 0
enable_bestsafe_interaction = false
enable_crash_dump = false
enable_launch_mask = true
enable_log = false
enable_log_rotation = true
enable_session_probe = false
end_disconnected_session = false
end_of_session_check_delay_time = 0
extra_system_processes = ""
handle_usage_limit = 0
idle_session_limit = 0
ignore_ui_less_processes_during_end_of_session_check = true
keepalive_timeout = 5000
launch_fallback_timeout = 10000
launch_timeout = 40000
launcher_abort_delay = 2000
log_level = "5"
memory_usage_limit = 0
on_account_manipulation = "0"
on_keepalive_timeout = "1"
on_launch_failure = "2"
outbound_connection_monitoring_rules = ""
pause_if_session_is_disconnected = false
periodic_task_run_interval = 500
process_command_line_retrieve_method = "0"
process_monitoring_rules = ""
public_session = false
smart_launcher_clipboard_initialization_delay = 2000
smart_launcher_enable_wabam_affinity = true
smart_launcher_long_delay = 500
smart_launcher_short_delay = 50
smart_launcher_start_delay = 0
start_launch_timeout_timer_only_after_logon = true
update_disabled_features = true
use_smart_launcher = true
windows_of_these_applications_as_unidentified_input_field = ""
}
video = {
disable_keyboard_log = 1
}
}
)
protocol = "RDP"
}for information, after manually editing the RDP connection policy, the terraform apply worked
bsimonWallix
commented
2 months ago Can I close the issue ? I wasn't able to reproduce it on my side.
FranckSallet
commented
2 months ago ok thanks
Describe the bug can't edit the RDP connexion policy on the bastion version 10.0.7. We still have the error: "Errors in options: invalid option 'disable_clipboard_log' in section 'video'". This error is not present in version 10.0.6 or previous versions of the bastion.
To Reproduce Steps to reproduce the behavior:
Regards