Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scm_url_access_profile credential_envorcement.mode issue #17

Open
murathatipoglu opened this issue May 6, 2024 · 3 comments
Open

scm_url_access_profile credential_envorcement.mode issue #17

murathatipoglu opened this issue May 6, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@murathatipoglu
Copy link

Describe the bug

I am using the following code for credential_enforcement under scm_url_access_profile resource

resource "scm_url_access_profile" "DLP_Default_Internet" {
[... cut ...]
credential_enforcement = {
blocks = [
"medium-risk",
"high-risk",
"ransomware",
]
mode = {
disabled = true
}
log_severity = "high"
}
}

Then getting the error during terraform apply. Error is shared under Current Behavior below

Expected behavior

No error should be returned and creation of the resource should succeed without error. That is because you are supposed to use one of "disabled", "domain_credentials", "ip_user" options.

Current behavior

url_access_profile is being created as part of the terafform apply but apply process is being terminated with the thrown error.

│ Error: Provider produced inconsistent result after apply

│ When applying changes to scm_url_access_profile.DLP_Default_Internet,
│ provider "provider["registry.terraform.io/paloaltonetworks/scm"]"
│ produced an unexpected new value:
│ .credential_enforcement.mode.domain_credentials: was cty.False, but now
│ null.

│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.


│ Error: Provider produced inconsistent result after apply

│ When applying changes to scm_url_access_profile.DLP_Default_Internet,
│ provider "provider["registry.terraform.io/paloaltonetworks/scm"]"
│ produced an unexpected new value: .credential_enforcement.mode.ip_user: was
│ cty.False, but now null.

│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Possible solution

Update url_access_profile resource code and make sure one of "disabled", "domain_credentials", or "ip_user" options will suffice for a successfull apply

Steps to reproduce

just create a url_access_profile via terraform provider and it will throw the same error

Screenshots

Context

This issue is preventing us to use URL Access Profiles as part of terraform automated PRisma Access maintenance

Your Environment
@murathatipoglu murathatipoglu added the bug Something isn't working label May 6, 2024
@ancoleman
Copy link
Contributor

@murathatipoglu, I will review this to determine if changes are required to handle the API response, or escalate this to our product team.

@murathatipoglu
Copy link
Author

Thanks for your kind support @ancoleman

I believe it should be a quick fix. one of the option is required under credential_enforcement -> mode. In our case we pick disabled = true. Other two options (domain_credentials, ip_user) should not be altered and linked with "null". They could stay with their default setting is which is false. I hope this makes sense.

@ksudhir1508
Copy link

Hello @ancoleman , do we made any progress to fix this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ancoleman @murathatipoglu @ksudhir1508