panos_ike_crypto_profile: GCM encryptions missing
Closed this issue ยท 3 comments
Describe the bug
The encryption
parameter in the panos_ike_crypto_profile
module does not accept either aes-128-gcm
or aes-256-gcm
as encryption options.
Expected behavior
TASK [Create IKE crypto profile] ********************
changed: [localhost]
Current behavior
TASK [Create IKE crypto profile] ********************
fatal: [localhost]: FAILED! => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python3"}, "changed": false, "msg": "value of encryption must be one or more of: des, 3des, aes-128-cbc, aes-192-cbc, aes-256-cbc. Got no match for: aes-128-gcm"}
Possible solution
Add "aes-128-gcm", "aes-256-gcm" as choices to the encryption parameter in panos_ike_crypto_profile.py.
Steps to reproduce
- name: Create IKE crypto profile
paloaltonetworks.panos.panos_ike_crypto_profile:
provider: "{{ device }}"
name: ike_crypto_profile
encryption: aes-128-cbc
state: present
Context
GCM encryption is considered more secure than CBC.
Your Environment
- Collection: 2.9.0
- Python: 3.9.12
- Ansible: 2.9.27
- pan-os-python = 1.5.1
- pan-python = 0.16.0
๐ Thanks for opening your first issue here! Welcome to the community!
In addition to this request, an additional authentication hash type needs to be added as well. Since GCM encryption has built-in auth, the authentication type "non-auth" should be used in the ike profile. This type isn't a choice for this module either.
๐ This issue has been resolved in version 2.10.0 ๐
The release is available on Ansible Galaxy and GitHub release
Posted by semantic-release bot