Log forwarding profile cannot be specified on decryption rules

[nikolay-matveev-kkr]

Describe the bug

panos.policies.DecryptionRule class has forwarding_profile parameter to specify a Log Forwarding Profile however it does not work.

Expected behavior

When a string with log forwarding profile name is specified as a value of this paramater the resultant decryption rule should be created with the specified profile.

Current behavior

I am getting the error "panos.errors.PanDeviceXapiError: pre-rulebase -> decryption -> rules -> [my rule name] -> forwarding-profile unexpected here".

Possible solution

Steps to reproduce

Create a decryption rule referencing a log forwarding profile. My script goes along these lines:

...
new_ruleset.append(panos.policies.DecryptionRule(name='default-decryption',
                                                     source_users='any',  source_zones=['INSIDE'], source_addresses='any',
                                                     destination_zones=['INET'], destination_addresses='any', services='service-https',
                                                     url_categories=['any'],
                                                     forwarding_profile='default',
                                                     log_failed_tls_handshakes=True,
                                                     action='decrypt', decryption_type='ssl-forward-proxy', decryption_profile='default-profile')) 
...
...
rulebase_post.apply()

Screenshots

Context

Currently the log forwarding profile has to be specified manually, after the policy has been created by the script.

Your Environment

This is on Panorama PAN-OS 10.2.5 and SDK version 1.11.0. The same behaviour was observed on 10.1.* and 9.1.* and previous versions of the SDK. Python 3.9 on Windows 10.