Skip to content

Policy package not setting install targets to none #229

Description

@deutmeyerbrianpfg

When creating a policy package for use with an autoscale group for CME, we are trying to set the install targets to None by default.

resource "checkpoint_management_package" "autoscale" {
  count = var.autoscale_firewall_policy ? 1 : 0

  name                 = var.package_name
  comments             = var.package_comment
  access               = true
  threat_prevention    = true
  installation_targets = []
  tags                 = var.tags

  lifecycle {
    ignore_changes = [installation_targets]
  }
}

We then ignore changes to the installation_targets for CME to manage it. When the package is created, it defaults to All gateways. The state files accurately represents the fact it's an empty list, but management doesn't match.

The management APIs calls out a list is supported: https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/add-package~v2.0.1%20

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions