Feature Request - Add support for importing panos_addresses and panos_address_group

[robdock92]

Is your feature request related to a problem?

Currently, we are unable to use the provider to import existing addresses or address groups into the state, requiring us to either delete from the firewall's interface and re-add using the provider or consider not managing that particular address or address group at all via Terraform.

Describe the solution you'd like

It would be optimal if we could import addresses and address groups into the Terraform state file to avoid having to delete existing addresses and groups from the firewall interface. This can be a tricky process if they are in use in security rules, etc. and definitely is prone to error. Ideally, it would be a method that is used like other providers, such as:

terraform import panos_addresses.example_address addresses.example["10.0.0.0/24"]

However, I'm not sure how the resources are maintained or referenced in the firewall config vs. how they are referenced in the provider/state file, so the exact CLI command to import may differ.

Describe alternatives you've considered

There are some utilities/scripts out there (like Terraformer) that will take the running config from Panorama and output a Terraform file that can be used to create the same resources, but that would duplicate the config (which would fail) where we're looking to control our existing configurations in Terraform moving forward, so it didn't seem like the right use-case.

Additional context

As an example, we have several address groups containing several addresses each. The address groups are used in security rules to help define how traffic will flow. In order to have them maintained by Terraform, we'd need to first remove the address group from the security rules and then remove the addresses from the address group through either the GUI or CLI before we'd be able to then use Terraform to create the resources we'd just removed and add them back in to the security rules. Ideally, if we could import them, we'd skip the step of having to delete things that are already in a place where we want them.

[robdock92]

I did not see any reference to importing within the documentation for the two resources, and when attempting to try the example I provided above (with changed resource names/subnet), I receive the following error, so I just assumed it is not supported as of yet:

│ Error: State Write Error
│
│ An unexpected error was encountered trying to retrieve type information at a given path. This is always an error in the provider. Please report the following to the provider developer:
│
│ Error: AttributeName("tfid") still remains in the path: could not find attribute or block "tfid" in schema

If importing is supported and I'm just not using it correctly, please let me know!

[migara]

@robdock92 import is not supported on addresses today, but it is coming soon.

However, you can import address_groups today. We are working on the documentation, and it will be updated with import examples.

Let's say you already have an Address Group named example-address-group in the Device Group DG.

Import ID for address_groups is a base64 encoded string of the config definition (for example, local.object below).

The easiest way to import and generate HCL is to use terraform plan -generate-config-out=generated.tf (Ref: https://developer.hashicorp.com/terraform/tutorials/state/state-import)

import {
  id = base64encode(jsonencode(local.object))
  to = panos_address_group.example
}

locals {
  object = {
    location = {
      device_group = {
        name            = "DG"
        panorama_device = "localhost.localdomain"
      }
    }

    name = "example-address-group"
  }
}

Thank you for testing the new provider and for the feedback.