terraform-provider-checkpoint icon indicating copy to clipboard operation
terraform-provider-checkpoint copied to clipboard

Published 20 hours ago verified publisher icon CheckPointSW

Policy package not setting install targets to none

Open deutmeyerbrianpfg opened this issue 1 month ago • 2 comments

When creating a policy package for use with an autoscale group for CME, we are trying to set the install targets to None by default.

resource "checkpoint_management_package" "autoscale" {
  count = var.autoscale_firewall_policy ? 1 : 0

  name                 = var.package_name
  comments             = var.package_comment
  access               = true
  threat_prevention    = true
  installation_targets = []
  tags                 = var.tags

  lifecycle {
    ignore_changes = [installation_targets]
  }
}

We then ignore changes to the installation_targets for CME to manage it. When the package is created, it defaults to All gateways. The state files accurately represents the fact it's an empty list, but management doesn't match.

The management APIs calls out a list is supported: https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/add-package~v2.0.1%20

deutmeyerbrianpfg avatar Sep 12 '25 20:09 deutmeyerbrianpfg