terraform-provider-prismacloudcompute
terraform-provider-prismacloudcompute copied to clipboard
PaloAltoNetworks
Unable to create CI Vulnerability rules
Describe the bug
I am using terraform resource prismacloudcompute_ci_image_vulnerability_policy to provision CI image vulnerability rules however its not working correct with loop.
Expected behavior
It should provision multiple rules based on input provided.
Current behavior
Only the 0th index element gets created and the terraform destroy doesn't work.
Steps to reproduce
- main.tf `locals { ci_image_vulnerability_policy_map = { "NOC Test" = { effect = "alert" collections = ["All"] alert_threshold_disabled = false alert_threshold_value = 1 block_threshold_enabled = false block_threshold_value = 1 }, "Fail high and critical vulnerabilities, alert the rest" = { effect = "ignore" collections = ["All"] alert_threshold_disabled = false alert_threshold_value = 1 block_threshold_enabled = false block_threshold_value = 7 }, // Add more entries as needed } }
resource "prismacloudcompute_ci_image_vulnerability_policy" "ruleset" { for_each = local.ci_image_vulnerability_policy_map
rule { name = each.key effect = each.value.effect collections = each.value.collections
alert_threshold {
disabled = lookup(each.value, "alert_threshold_disabled", false)
value = lookup(each.value, "alert_threshold_value", 1)
}
block_threshold {
enabled = lookup(each.value, "block_threshold_enabled", false)
value = lookup(each.value, "block_threshold_value", 7)
}
}
}
2. terraform init, terraform plan and terraform apply. 3. Terraform output terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- create
Terraform will perform the following actions:
prismacloudcompute_ci_image_vulnerability_policy.ruleset["Fail high and critical vulnerabilities, alert the rest"] will be created
- resource "prismacloudcompute_ci_image_vulnerability_policy" "ruleset" {
-
id = (known after apply)
-
rule {
-
collections = [
- "All", ]
-
effect = "ignore"
-
name = "Fail high and critical vulnerabilities, alert the rest"
-
alert_threshold {
- disabled = false
- value = 1 }
-
block_threshold {
- enabled = false
- value = 7 } } }
-
-
prismacloudcompute_ci_image_vulnerability_policy.ruleset["NOC Test"] will be created
- resource "prismacloudcompute_ci_image_vulnerability_policy" "ruleset" {
-
id = (known after apply)
-
rule {
-
collections = [
- "All", ]
-
name = "NOC Test"
-
alert_threshold {
- disabled = false
- value = 1 }
-
block_threshold {
- enabled = false
- value = 1 } } }
-
-
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve.
Enter a value: yes
prismacloudcompute_ci_image_vulnerability_policy.ruleset["NOC Test"]: Creating... prismacloudcompute_ci_image_vulnerability_policy.ruleset["Fail high and critical vulnerabilities, alert the rest"]: Creating... prismacloudcompute_ci_image_vulnerability_policy.ruleset["Fail high and critical vulnerabilities, alert the rest"]: Creation complete after 1s [id=ciImagesVulnerability] prismacloudcompute_ci_image_vulnerability_policy.ruleset["NOC Test"]: Creation complete after 2s [id=ciImagesVulnerability]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed. PS C:\Users\253905\OneDrive - Resideo\Data-Backup\Bikal-downloads\prisma-cloud-tar\prisma-saas-onboarding> terraform version Terraform v1.6.6 on windows_amd64
- provider registry.terraform.io/hashicorp/local v2.4.1
- provider registry.terraform.io/paloaltonetworks/prismacloud v1.5.1
- provider registry.terraform.io/paloaltonetworks/prismacloudcompute v0.8.0
Your version of Terraform is out of date! The latest version
is 1.7.2. You can update by downloading from https://www.terraform.io/downloads.html
4. Terraform returns success but UI doesn't show the dataThis is from state file
"instances": [
{
"index_key": "Fail high and critical vulnerabilities, alert the rest",
"schema_version": 0,
"attributes": {
"id": "ciImagesVulnerability",
"rule": [
{
"alert_threshold": [
{
"disabled": false,
"value": 1
}
],
"block_message": "",
"block_threshold": [
{
"enabled": false,
"value": 1
}
],
"collections": [
"All"
],
"cve_rule": [],
"disabled": false,
"effect": "alert",
"grace_days": 0,
"grace_days_policy": [
{
"critical": 0,
"high": 0,
"low": 0,
"medium": 0
}
],
"name": "NOC Test",
"notes": "",
"only_fixed": false,
"tag_rule": [],
"verbose": false
}
]
},
"sensitive_attributes": [],
"private": "bnVsbA=="
},
{
"index_key": "NOC Test",
"schema_version": 0,
"attributes": {
"id": "ciImagesVulnerability",
"rule": [
{
"alert_threshold": [
{
"disabled": false,
"value": 1
}
],
"block_message": "",
"block_threshold": [
{
"enabled": false,
"value": 1
}
],
"collections": [
"All"
],
"cve_rule": [],
"disabled": false,
"effect": "alert",
"grace_days": 0,
"grace_days_policy": [
{
"critical": 0,
"high": 0,
"low": 0,
"medium": 0
}
],
"name": "NOC Test",
"notes": "",
"only_fixed": false,
"tag_rule": [],
"verbose": false
}
]
},
"sensitive_attributes": [],
"private": "bnVsbA=="
}
]`
