panos_ike_crypto_profile: GCM encryptions missing

Question

panos_ike_crypto_profile: GCM encryptions missing

Closed this issue 2 years ago · 3 comments

Describe the bug

The encryption parameter in the panos_ike_crypto_profile module does not accept either aes-128-gcm or aes-256-gcm as encryption options.

Expected behavior

TASK [Create IKE crypto profile] ********************
changed: [localhost]

Current behavior

TASK [Create IKE crypto profile] ********************
fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "value of encryption must be one or more of: des, 3des, aes-128-cbc, aes-192-cbc, aes-256-cbc. Got no match for: aes-128-gcm"}

Possible solution

Add "aes-128-gcm", "aes-256-gcm" as choices to the encryption parameter in panos_ike_crypto_profile.py.

Steps to reproduce

- name: Create IKE crypto profile
  paloaltonetworks.panos.panos_ike_crypto_profile:
    provider: "{{ device }}"
    name: ike_crypto_profile
    encryption: aes-128-cbc
    state: present

Context

GCM encryption is considered more secure than CBC.

Your Environment

Collection: 2.9.0
Python: 3.9.12
Ansible: 2.9.27
pan-os-python = 1.5.1
pan-python = 0.16.0

Answer 1 · 2022-05-22T18:44:46.000Z

🎉 Thanks for opening your first issue here! Welcome to the community!

Answer 2 · 2022-05-25T13:19:46.000Z

In addition to this request, an additional authentication hash type needs to be added as well. Since GCM encryption has built-in auth, the authentication type "non-auth" should be used in the ike profile. This type isn't a choice for this module either.

Answer 3 · 2022-08-01T20:54:38.000Z

🎉 This issue has been resolved in version 2.10.0 🎉

The release is available on Ansible Galaxy and GitHub release

Posted by semantic-release bot