panos_security_policy_rules - Position - Parameter where (warning message) #470
Description
Describe the bug
"When I use variables in the 'position' parameter ("where variable"), I get a warning message when I run 'terraform plan' and 'terraform apply'. Even with the warning message, the configurations are applied correctly. I believe this issue is related to 'panos_security_policy_rules - Position - Parameter where (warning message) - Bug #463'."
position = { where = var.action, directly = true, pivot = "DENY_ALL" }
"If I configure it without a variable, the warning message does not appear."
position = { where = "before", directly = true, pivot = "DENY_ALL" }
Using variable: "position = { where = var.action, directly = true, pivot = "DENY_ALL" }".
Follow the code without variable:
resource "panos_security_policy_rules" "rules" {
location = {
vsys = {
name = "vsys1"
}
}
rules = [{
name = "testeleo"
source_zones = ["External_Clients-Externo"]
source_addresses = ["1.1.1.1/32"]
source_users = ["any"]
destination_zones = ["External_Clients-Externo"]
destination_addresses = ["2.2.2.2/32"]
applications = ["any"]
services = ["any"]
category = ["any"]
action = "allow"
}
]
lifecycle {
create_before_destroy = true
}
position = { where = var.action, directly = true, pivot = "DENY_ALL" }
}
output "action" {
value = {
action = var.action
}
}
resource "panos_security_policy_rules" "rules" {
location = {
vsys = {
name = "vsys1"
}
}
rules = [{
name = "testeleo"
source_zones = ["External_Clients-Externo"]
source_addresses = ["1.1.1.1/32"]
source_users = ["any"]
destination_zones = ["External_Clients-Externo"]
destination_addresses = ["2.2.2.2/32"]
applications = ["any"]
services = ["any"]
category = ["any"]
action = "allow"
}
]
lifecycle {
create_before_destroy = true
}
position = { where = var.action, directly = true, pivot = "DENY_ALL" }
}
output "action" {
value = {
action = var.action
}
}
root@DESKTOP-GHOCVGM:/home/leonardo/teste2# terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# panos_security_policy_rules.rules will be created
+ resource "panos_security_policy_rules" "rules" {
+ location = {
+ vsys = {
+ name = "vsys1"
+ ngfw_device = "localhost.localdomain"
}
}
+ position = {
+ directly = true
+ pivot = "DENY_ALL"
+ where = "after"
}
+ rules = [
+ {
+ action = "allow"
+ applications = [
+ "any",
]
+ category = [
+ "any",
]
+ destination_addresses = [
+ "2.2.2.2/32",
]
+ destination_zones = [
+ "External_Clients-Externo",
]
+ name = "testeleo"
+ rule_type = "universal"
+ services = [
+ "any",
]
+ source_addresses = [
+ "1.1.1.1/32",
]
+ source_users = [
+ "any",
]
+ source_zones = [
+ "External_Clients-Externo",
]
},
]
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ action = {
+ action = "after"
}
╷
│ Warning: Missing attribute configuration
│
│ with panos_security_policy_rules.rules,
│ on security_policy.tf line 1, in resource "panos_security_policy_rules" "rules":
│ 1: resource "panos_security_policy_rules" "rules" {
│
│ where attribute must be one of the valid values: first, last, before, after, found: ''
╵
root@DESKTOP-GHOCVGM:/home/leonardo/teste2# terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# panos_security_policy_rules.rules will be created
+ resource "panos_security_policy_rules" "rules" {
+ location = {
+ vsys = {
+ name = "vsys1"
+ ngfw_device = "localhost.localdomain"
}
}
+ position = {
+ directly = true
+ pivot = "DENY_ALL"
+ where = "after"
}
+ rules = [
+ {
+ action = "allow"
+ applications = [
+ "any",
]
+ category = [
+ "any",
]
+ destination_addresses = [
+ "2.2.2.2/32",
]
+ destination_zones = [
+ "External_Clients-Externo",
]
+ name = "testeleo"
+ rule_type = "universal"
+ services = [
+ "any",
]
+ source_addresses = [
+ "1.1.1.1/32",
]
+ source_users = [
+ "any",
]
+ source_zones = [
+ "External_Clients-Externo",
]
},
]
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ action = {
+ action = "after"
}
╷
│ Warning: Missing attribute configuration
│
│ with panos_security_policy_rules.rules,
│ on security_policy.tf line 1, in resource "panos_security_policy_rules" "rules":
│ 1: resource "panos_security_policy_rules" "rules" {
│
│ where attribute must be one of the valid values: first, last, before, after, found: ''
╵
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
panos_security_policy_rules.rules: Creating...
panos_security_policy_rules.rules: Creation complete after 6s
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
action = {
"action" = "after"
}
##########################################################################
Without variable: "position = { where = "before", directly = true, pivot = "DENY_ALL" }".
root@DESKTOP-GHOCVGM:/home/leonardo/teste2# terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# panos_security_policy_rules.rules will be created
+ resource "panos_security_policy_rules" "rules" {
+ location = {
+ vsys = {
+ name = "vsys1"
+ ngfw_device = "localhost.localdomain"
}
}
+ position = {
+ directly = true
+ pivot = "DENY_ALL"
+ where = "before"
}
+ rules = [
+ {
+ action = "allow"
+ applications = [
+ "any",
]
+ category = [
+ "any",
]
+ destination_addresses = [
+ "2.2.2.2/32",
]
+ destination_zones = [
+ "External_Clients-Externo",
]
+ name = "testeleo"
+ rule_type = "universal"
+ services = [
+ "any",
]
+ source_addresses = [
+ "1.1.1.1/32",
]
+ source_users = [
+ "any",
]
+ source_zones = [
+ "External_Clients-Externo",
]
},
]
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ action = {
+ action = "after"
}
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
Expected behavior
No warning message
Current behavior
Possible solution
Remove the warning message
- Version used: 2.0.1
- Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3):
- Operating System and version (desktop or mobile): Ubuntu 24.04.2 LTS
- Link to your project: