Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed auth type non-auth for IKE profile #418

Merged
merged 1 commit into from
Jun 28, 2023
Merged

Fixed auth type non-auth for IKE profile #418

merged 1 commit into from
Jun 28, 2023

Conversation

barloff-st
Copy link
Contributor

@barloff-st barloff-st commented Apr 6, 2023
edited
Loading

Description

IKE profile takes non-auth and not none as an authentication hash type.

TASK [palo_alto : Create Secure IKE Crypto Profile] ***************************************************************************************
fatal: [TEST_PaloAlto.hostname]: FAILED! => {"changed": false, "msg": "Failed apply:  TEST-IKE-Crypto-Profile -> hash 'none' is not an allowed keyword\n TEST-IKE-Crypto-Profile -> hash is invalid"}

Motivation and Context

aes-gcm-256 encryption has built in authentication, so you need to set the authentication to non-auth.

How Has This Been Tested?

Tested running the following on Rocky 8:

- name: Create Secure IKE Crypto Profile
  paloaltonetworks.panos.panos_ike_crypto_profile:
  ip_address: "{{ firewall_ip }}" #TEMP FOR SCRIPT TESTING, Used for ansible connection to PA
  username: "{{ username }}"
  password: "{{ password }}"
  state: 'present'
  name: 'TEST-IKE-Crypto-Profile'
  dh_group: ['group20']
  #authentication: 'none' #BUG: Authenication will leave at default "sha1" when using "none"
  authentication: 'non-auth'
  encryption: ['aes-256-gcm']
  lifetime_seconds: '28800'

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes if appropriate.
  • All new and existing tests passed.

@welcome-to-palo-alto-networks
Copy link

🎉 Thanks for opening this pull request! We really appreciate contributors like you! 🙌

@barloff-st
Copy link
Contributor Author

I do not believe none to be a valid option, but if it is in some older version of Pan OS, I can change this to simply add non-auth to the option list instead of replacing none.

@barloff-st barloff-st mentioned this pull request Apr 11, 2023
Closed
@barloff-st
Copy link
Contributor Author

See bug #419

shinmog
shinmog approved these changes Jun 27, 2023
View reviewed changes
Copy link
Collaborator

@shinmog shinmog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jamesholland-uk jamesholland-uk merged commit 0a2abe8 into PaloAltoNetworks:develop Jun 28, 2023
@welcome-to-palo-alto-networks
Copy link

🎉 Congrats on getting your first pull request merged! We here at Palo Alto Networks are so grateful! ❤️

github-actions bot pushed a commit that referenced this pull request Jun 28, 2023
@semantic-release-bot
chore(release): 2.17.2
65e9299 
### [2.17.2](v2.17.1...v2.17.2) (2023-06-28)

### Bug Fixes

* **panos_ike_crypto_profile:** Fixed auth type `non-auth` for IKE profile ([#418](#418)) ([0a2abe8](0a2abe8))
@github-actions
Copy link

🎉 This PR is included in version 2.17.2 🎉

The release is available on Ansible Galaxy and GitHub release

Posted by semantic-release bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shinmog shinmog shinmog approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@barloff-st @shinmog @jamesholland-uk