PaloAltoNetworks
Issue with "Create IKE gateways"
Documentation link
https://pan.dev/access/api/prisma-access-config/post-sse-config-v-1-ike-gateways/
Describe the problem
Your old documentation used to give me specifications of what was acceptable local and remote peer type. The new format just does a reg expression based on the type that is specified. It makes it difficult to "guess" what values you accept as a test as you have different GUI requirements from what the API takes. For instance you have:
- IP Address
- FQDN
- KexID As possible type values, but I can't tell what values you will accept nor do you explain the proper values that you will accept.
Suggested fix
Update your document as it was previously where it specified the type that you accept instead of having to guess and create an IKE tunnel with each type to figure out what the correct values are.
Ended up just going through it myself going through one by one which should have been displayed in the docs for ease of use instead of messing around with a production instance:
IKE_IDENTIFIER_TYPES = [
'ipaddr',
'fqdn',
'keyid',
'ufqdn'
]
Those should be added as the values and the requirements instead of just the regex you use to do verification. That would be helpful.
Hi @atav928, thanks for reporting this issue. Are you referring to local_id.type? I noticed that remote_id.type seems to list the values you referenced.
Yup, those match the values I found when testing the local_id_type just appeared to only be displayed in your remote_id_type. As I found and it matches:
IKE_IDENTIFIER_TYPES = [
'ipaddr',
'fqdn',
'keyid',
'ufqdn'
]
Which should be an easier fix since I tested those being passed and they were accepted. So, it would just be an update to the docs to provide the enum values you accept in the payload.
Should that also be added as required fields?