https://github.com/paloaltonetworks/terraform-panos-ngfw-modules
Terraform Modules for Palo Alto Networks PAN-OS based Platforms
https://github.com/paloaltonetworks/terraform-panos-ngfw-modules
configuration-management pan-os terraform
Last synced: 4 months ago
JSON representation
Terraform Modules for Palo Alto Networks PAN-OS based Platforms
- Host: GitHub
- URL: https://github.com/paloaltonetworks/terraform-panos-ngfw-modules
- Owner: PaloAltoNetworks
- License: mit
- Created: 2020-10-18T20:48:31.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2024-04-04T21:35:58.000Z (about 1 year ago)
- Last Synced: 2024-12-26T23:56:26.843Z (5 months ago)
- Topics: configuration-management, pan-os, terraform
- Language: HCL
- Homepage: https://registry.terraform.io/modules/PaloAltoNetworks/ngfw-modules/panos
- Size: 359 KB
- Stars: 7
- Watchers: 10
- Forks: 5
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Support: SUPPORT.md
Awesome Lists containing this project
README
# Terraform Modules for Palo Alto Networks PAN-OS Based Platforms
## Overview
A set of Terraform modules that can be leveraged to configure and manage Palo Alto Networks PAN-OS-based platforms (Firewalls and Panorama) using code.
This solution enables you to manage various configuration aspects, including Tags, Address Objects/Groups, Security/NAT policies, Security Profiles, and more.
## Structure
This repository has the following directory structure:
* [modules](modules): This directory contains several standalone, reusable, production-grade Terraform modules. Each
module is individually documented.
* [examples](examples): This directory shows examples of different ways to combine the modules contained in the
`modules` directory.
## Compatibility
These modules are meant for use with PAN-OS >= 10.x.x and Terraform >= 1.4
## Setup
> [!IMPORTANT]
> ### Modes
>
> The modules are designed to seamlessly integrate with either a PAN-OS firewall or a Panorama instance, providing flexibility in their usage. The user is required to implicitly pass the `mode` variable to these modules, which dictates the operational context of the modules. This variable is mandatory, with accepted values being `panorama` or `ngfw`.
The underlying panos provider can be configured using the following methods.
For all the supported arguments, please refer to [provider documentation](https://registry.terraform.io/providers/PaloAltoNetworks/panos/latest/docs#argument-reference)
1. Directly in the provider block
```terraform
provider "panos" {
hostname = "1.1.1.1"
username = "username"
password= "password"
}
```
2. Environment variable setting (where applicable)
```sh
export PANOS_HOSTNAME=
export PANOS_USERNAME=
export PANOS_API_KEY=
```
3. From a JSON config file
```sh
> cat ./panos-config.json
{
"hostname": "1.1.1.1",
"username": "user",
"password": "password"
}
```
```terraform
provider "panos" {
json_config_file = "panos-config.json"
}
```
## Testing
To execute tests, create the folder ``tests/creds/`` with below two files:
* ``panorama.json``
* ``firewall.json``
which will contain credentials to access Panorama and firewall instances, e.g.:
```
{
"hostname": "1.1.1.1",
"username": "user",
"password": "password"
}
```
When credentials files are ready, use the below commands to run tests:
```
cd tests
go mod init github.com/PaloAltoNetworks/terraform-panos-modules/tests
go mod tidy
go test -v -timeout 30m -count=1
```
## Versioning
These modules follow the principles of [Semantic Versioning](http://semver.org/). You can find each new release,
along with the changelog on the GitHub [Releases](../../releases) page.
## Getting Help
If you have found a bug, please report it. The preferred way is to create a new issue on
the [GitHub issue page](../../issues).