Is your feature request related to a problem?
We manage multiple device groups in our panorama environment and we would like to allow some teams to manage some objects on their device groups via Terraform. Unfortunately, the XML API, which currently is used by this provider, can not be used with „Access Domains“ and „Device Group and Template“-roles and therefore requires full access to the entire environment. This is a blocker for us, since we can not give these permissions to individual teams.
Describe the solution you'd like
The REST API supports granular object-level permissions and targeting individual device groups. It’s therefore a much better API from a security perspective.
Provide a field on individual resources, or on the provider config, to specify whether it should use the XML API or the REST API (e.g., ˋprovider_type = "rest"ˋ)
THE REST API supports XML as a format, so maybe the translation logic can be done in a generic way to support many resources.
Describe alternatives you've considered
This would not be necessary if Access Domains and granular permissions were to be supported in the XML API.
We tried using a generic REST provider, but since the REST API has some quirks (e.g. using an "entry" wrapper object for POST/PUT), this can’t be done easily.
Additional context
Is your feature request related to a problem?
We manage multiple device groups in our panorama environment and we would like to allow some teams to manage some objects on their device groups via Terraform. Unfortunately, the XML API, which currently is used by this provider, can not be used with „Access Domains“ and „Device Group and Template“-roles and therefore requires full access to the entire environment. This is a blocker for us, since we can not give these permissions to individual teams.
Describe the solution you'd like
The REST API supports granular object-level permissions and targeting individual device groups. It’s therefore a much better API from a security perspective.
Provide a field on individual resources, or on the provider config, to specify whether it should use the XML API or the REST API (e.g., ˋprovider_type = "rest"ˋ)
THE REST API supports XML as a format, so maybe the translation logic can be done in a generic way to support many resources.
Describe alternatives you've considered
This would not be necessary if Access Domains and granular permissions were to be supported in the XML API.
We tried using a generic REST provider, but since the REST API has some quirks (e.g. using an "entry" wrapper object for POST/PUT), this can’t be done easily.
Additional context