About gfreeman

As improbable as it seems, you're missing xmltodict , as the other module that panos_op loads is json which is a standard Python library.  You are also potentially missing pan-os-python , but as the check for xmltodict happens before the check for pan-os-python does, it is being hidden and thus not showing you the sys.path that your Ansible environment is searching for installed libraries.   I recommend using almost any other module and seeing if it works, as if it fails, the panos collection will at least tell you what the sys.path is that your Ansible environment is looking for installed dependencies in:         - name: Check env panos_address_object: provider: '{{ provider }}' state: 'gathered' gathered_filter: '*'       Assuming that fails, one of the things it outputs is the sys.path.  Use that and verify it is as expected, and that both xmltodict and pan-os-python are installed inside one of those directories. ... View more

Depending on how many rules are in your policy, it could take a while, yes.  After creating all the security rules, it has to adjust the placement of each rule to ensure that they are placed where they need to be.   If you want to see what's going on, you can always tell Terraform to show you debug output using the TF_LOG environment variable so you can see what the provider is sending and receiving with regards to PAN-OS:   TF_LOG=debug terraform apply 2>&1 | tee out.log   Then you can view the "out.log" file afterwards to see the API calls and what's happening.   You'll also need to configure the provider to output both "send" and "receive" within your provider configuration block:   provider "panos" { # ...other config options here logging = [ "send", "receive", "action", "query", "op", ] } ... View more