hashicorp · katbyte · Jan 31, 2024 · Jan 11, 2024 · Jan 11, 2024 · Jan 12, 2024
@@ -188,6 +188,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_local_rulestack
     network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id
     public_ip_address_ids        = [azurerm_public_ip.test.id]
     egress_nat_ip_address_ids    = [azurerm_public_ip.egress.id]
+    trusted_address_ranges       = ["20.22.92.11"]
   }
 
   dns_settings {
@@ -240,6 +241,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_local_rulestack
     virtual_hub_id               = azurerm_virtual_hub.test.id
     network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id
     public_ip_address_ids        = [azurerm_public_ip.test.id]
+    trusted_address_ranges       = ["20.22.92.11", "20.23.92.11"]
   }
 
   dns_settings {

@@ -152,6 +152,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_panorama" "test
     network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id
     public_ip_address_ids        = [azurerm_public_ip.test.id]
     egress_nat_ip_address_ids    = [azurerm_public_ip.egress.id]
+    trusted_address_ranges       = ["20.22.92.11"]
   }
 
   dns_settings {

@@ -188,6 +188,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_local_rules
   network_profile {
     public_ip_address_ids     = [azurerm_public_ip.test.id]
     egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
+    trusted_address_ranges    = ["20.22.92.11", "20.23.92.11"]
 
     vnet_configuration {
       virtual_network_id  = azurerm_virtual_network.test.id
@@ -245,6 +246,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_local_rules
   network_profile {
     public_ip_address_ids     = [azurerm_public_ip.test.id]
     egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
+    trusted_address_ranges    = ["20.22.92.11", "20.23.92.11"]
 
     vnet_configuration {
       virtual_network_id  = azurerm_virtual_network.test.id

@@ -155,6 +155,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_panorama" "
   network_profile {
     public_ip_address_ids     = [azurerm_public_ip.test.id]
     egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
+    trusted_address_ranges    = ["20.22.92.11"]
 
     vnet_configuration {
       virtual_network_id  = azurerm_virtual_network.test.id

@@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/go-azure-sdk/resource-manager/paloaltonetworks/2023-09-01/firewalls"
 	networkValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/validate"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
 )
 
 type NetworkProfileVnet struct {
@@ -17,6 +18,7 @@ type NetworkProfileVnet struct {
 
 	// Optional
 	EgressNatIPIDs    []string            `tfschema:"egress_nat_ip_address_ids"`
+	TrustedRanges     []string            `tfschema:"trusted_address_ranges"`
 	VnetConfiguration []VnetConfiguration `tfschema:"vnet_configuration"`
 
 	// Computed
@@ -30,6 +32,7 @@ type NetworkProfileVHub struct {
 
 	// Optional
 	EgressNatIPIDs []string `tfschema:"egress_nat_ip_address_ids"`
+	TrustedRanges  []string `tfschema:"trusted_address_ranges"`
 
 	// Computed
 	PublicIPs       []string `tfschema:"public_ip_addresses"`
@@ -67,6 +70,18 @@ func VnetNetworkProfileSchema() *pluginsdk.Schema {
 					},
 				},
 
+				"trusted_address_ranges": {
+					Type:     pluginsdk.TypeList,
+					Optional: true,
+					Elem: &pluginsdk.Schema{
+						Type: pluginsdk.TypeString,
+						ValidateFunc: validation.Any(
+							validation.IsCIDR,
+							validation.IsIPv4Address,
+						),
+					},
+				},
+
 				"vnet_configuration": VnetConfigurationSchema(),
 
 				// Computed
@@ -95,6 +110,7 @@ func ExpandNetworkProfileVnet(input []NetworkProfileVnet) firewalls.NetworkProfi
 	result := firewalls.NetworkProfile{
 		EnableEgressNat: firewalls.EgressNatDISABLED,
 		NetworkType:     firewalls.NetworkTypeVNET,
+		TrustedRanges:   &[]string{},
 	}
 
 	if len(input) == 0 {
@@ -124,6 +140,10 @@ func ExpandNetworkProfileVnet(input []NetworkProfileVnet) firewalls.NetworkProfi
 		result.EgressNatIP = pointer.To(egressNatIPs)
 	}
 
+	if len(profile.TrustedRanges) > 0 {
+		result.TrustedRanges = pointer.To(profile.TrustedRanges)
+	}
+
 	vnet := profile.VnetConfiguration[0]
 	result.VnetConfiguration = &firewalls.VnetConfiguration{
 		TrustSubnet: firewalls.IPAddressSpace{
@@ -171,6 +191,12 @@ func FlattenNetworkProfileVnet(input firewalls.NetworkProfile) []NetworkProfileV
 	result.EgressNatIPIDs = egressIds
 	result.EgressNatIP = egressIPs
 
+	trustedRanges := make([]string, 0)
+	if v := input.TrustedRanges; v != nil {
+		trustedRanges = pointer.From(v)
+	}
+	result.TrustedRanges = trustedRanges
+
 	if v := input.VnetConfiguration; v != nil {
 		vNet := VnetConfiguration{}
 
@@ -229,6 +255,18 @@ func VHubNetworkProfileSchema() *pluginsdk.Schema {
 					},
 				},
 
+				"trusted_address_ranges": {
+					Type:     pluginsdk.TypeList,
+					Optional: true,
+					Elem: &pluginsdk.Schema{
+						Type: pluginsdk.TypeString,
+						ValidateFunc: validation.Any(
+							validation.IsCIDR,
+							validation.IsIPv4Address,
+						),
+					},
+				},
+
 				"trusted_subnet_id": {
 					Type:     pluginsdk.TypeString,
 					Computed: true,
@@ -268,6 +306,7 @@ func ExpandNetworkProfileVHub(input []NetworkProfileVHub) firewalls.NetworkProfi
 	result := firewalls.NetworkProfile{
 		EnableEgressNat: firewalls.EgressNatDISABLED,
 		EgressNatIP:     &[]firewalls.IPAddress{},
+		TrustedRanges:   &[]string{},
 	}
 	if len(input) == 0 {
 		return result
@@ -297,6 +336,10 @@ func ExpandNetworkProfileVHub(input []NetworkProfileVHub) firewalls.NetworkProfi
 		result.EgressNatIP = pointer.To(egressNatIPs)
 	}
 
+	if len(profile.TrustedRanges) > 0 {
+		result.TrustedRanges = pointer.To(profile.TrustedRanges)
+	}
+
 	result.NetworkType = firewalls.NetworkTypeVWAN
 
 	result.VwanConfiguration = &firewalls.VwanConfiguration{
@@ -340,6 +383,12 @@ func FlattenNetworkProfileVHub(input firewalls.NetworkProfile) (*NetworkProfileV
 	result.EgressNatIPIDs = egressIds
 	result.EgressNatIP = egressIPs
 
+	trustedRanges := make([]string, 0)
+	if v := input.TrustedRanges; v != nil {
+		trustedRanges = pointer.From(v)
+	}
+	result.TrustedRanges = trustedRanges
+
 	if v := input.VwanConfiguration; v != nil {
 
 		result.VHubID = pointer.From(v.VHub.ResourceId)

@@ -132,6 +132,8 @@ A `network_profile` block supports the following:
 
 * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Public IP IDs to use for Egress NAT.
 
+* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.
+
 ## Attributes Reference
 
 In addition to the Arguments listed above - the following Attributes are exported: 

@@ -137,6 +137,8 @@ A `network_profile` block supports the following:
 
 * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Public IP IDs to use for Egress NAT.
 
+* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.
+
 ## Attributes Reference
 
 In addition to the Arguments listed above - the following Attributes are exported: 

@@ -197,6 +197,8 @@ A `network_profile` block supports the following:
 
 * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
 
+* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.
+
 ---
 
 A `vnet_configuration` block supports the following:

@@ -177,6 +177,8 @@ A `network_profile` block supports the following:
 
 * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.
 
+* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.
+
 ---
 
 A `vnet_configuration` block supports the following: