Creating Custom URL categories with Terraform or Ansible

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Creating Custom URL categories with Terraform or Ansible

L1 Bithead

I may be missing something, but I'm not seeing a way to create a custom URL category via Terraform or Ansible. We are trying to automate our Palo setups as much as possible, and from what I can tell, this is the only thing we are unable to do with it. We can create the URL filtering profiles, just not the URL categories. Anyone ran into this or know of a way to do it? I know you can create them via the API, but that's kind of a messy workaround. Just wanted to check before implementing it.

1 accepted solution

Accepted Solutions

Hey Jimmy, thanks for that. I guess I forgot to include some things. My issue was the I was unable to create the category via Terraform, but was unable to create some of the other things via Ansible, that I can create with Terraform. There was no one solution to set everything up, but I did figure out what I could do. There was only 1 thing I couldn't create via Terraform and 3 I couldn't create via Ansible, so I decided to go with Terraform. I was able to get the URL category working by creating a "null_resource" in Terraform with a provisioner to call an Ansible script.

I basically created an Ansible script with a single task of creating the URL Categories, then used the following for my Terraform script:

resource "null_resource" "whitelisted_sites" {
provisioner "local-exec" {
command = "ansible-playbook -T 300 url_categories.yml --extra-vars='{\"ip_address\": \"IP_ADDRESS\", \"username\": \"USERNAME\", \"password\": \"PASSWORD\"}'"
}
}

View solution in original post

13 REPLIES 13

L5 Sessionator

Hi @Brandon99, here is the Ansible module reference for Custom URL Categories: https://paloaltonetworks.github.io/pan-os-ansible/modules/panos_custom_url_category.html. Does that help?

For the PAN-OS Terraform provider, Custom URL Categories are not yet implemented, but if you could share your use case with your account team, or via your reseller, that would be really useful, and have them forward over to us. Thanks!

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

Hey Jimmy, thanks for that. I guess I forgot to include some things. My issue was the I was unable to create the category via Terraform, but was unable to create some of the other things via Ansible, that I can create with Terraform. There was no one solution to set everything up, but I did figure out what I could do. There was only 1 thing I couldn't create via Terraform and 3 I couldn't create via Ansible, so I decided to go with Terraform. I was able to get the URL category working by creating a "null_resource" in Terraform with a provisioner to call an Ansible script.

I basically created an Ansible script with a single task of creating the URL Categories, then used the following for my Terraform script:

resource "null_resource" "whitelisted_sites" {
provisioner "local-exec" {
command = "ansible-playbook -T 300 url_categories.yml --extra-vars='{\"ip_address\": \"IP_ADDRESS\", \"username\": \"USERNAME\", \"password\": \"PASSWORD\"}'"
}
}

L5 Sessionator

Yes, that's a way to supplement Terraform provider functionality, use a null_resource to execute another script, Ansible being one example. If you can let us know via your usual account team or reseller the use case for Custom URL Categories and have them send it to me, it helps prioritise future Terraform provider features. Thanks!

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

L1 Bithead

Hey @JimmyHolland,

I'm not even sure who to go to with that to be honest. We're a small team here and as far as I know, we don't really have a reseller. 
We are just using the Palo Alto AMI from the marketplace. We do have a license for our physical Palo Altos in our offices, but I'm honestly not sure who we go through for that.

No problem, I'll send you a message directly.

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

L0 Member

I'm looking for the same functionality. I'll reach out to our TAM and let them know. Should I reference this forum or is there a specific project/internal ticket I should reference? 

I've sent you a message directly @rborunda_dexcom 

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

L5 Sessionator

Custom URL categories will be in the next Terraform release (will be out before the end of the year).

Hello,
Could you please tell me by when exactly will this be expected ?
From your above post you hint towards the end of 2021....It would be super awesome if its done by December, I'll escape the pain of incorporating our pure terraform automation with ansible 🙂 🙂

L5 Sessionator

Exactly I can't say.  But it will be out before Dec 31st for sure.  We're looking over the github issues and seeing if there's anything else that can be crammed in in time.

Hello...sorry I missed your reply to my query
Is there a pull request on the repo currently https://github.com/PaloAltoNetworks/terraform-provider-panos that I can track for this custom url category feature? 🙂
Currently I dont see any open PR 😕

L5 Sessionator

Hi @SohelMomin, you could track this issue, this issue, or "watch" the repo itself for a new release.

Hope that helps?

Help the community: "Like" helpful comments, and click "Accept as Solution" if you found your answer 🙂

L5 Sessionator

Probably the last day of December, it's looking like.

  • 1 accepted solution
  • 7830 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!