From 294fa7eff7a5152cd012d1a68f08c28b461d331d Mon Sep 17 00:00:00 2001 From: Sean Conroy <141843633+seconroy@users.noreply.github.com> Date: Wed, 18 Oct 2023 08:06:11 +0100 Subject: [PATCH] Add advanced inspection profile policy definition resource and data source (#96) --- CHANGELOG.md | 1 + ...ed_inspection_profile_policy_definition.md | 41 +++ docs/guides/changelog.md | 21 +- ...ed_inspection_profile_policy_definition.md | 56 ++++ .../data-source.tf | 3 + .../import.sh | 1 + .../resource.tf | 6 + ..._inspection_profile_policy_definition.yaml | 90 ++++++ ...ed_inspection_profile_policy_definition.go | 144 ++++++++++ ...spection_profile_policy_definition_test.go | 70 +++++ ...ed_inspection_profile_policy_definition.go | 144 ++++++++++ internal/provider/provider.go | 2 + ...ed_inspection_profile_policy_definition.go | 261 ++++++++++++++++++ ...spection_profile_policy_definition_test.go | 66 +++++ templates/guides/changelog.md.tmpl | 21 +- 15 files changed, 907 insertions(+), 20 deletions(-) create mode 100644 docs/data-sources/advanced_inspection_profile_policy_definition.md create mode 100644 docs/resources/advanced_inspection_profile_policy_definition.md create mode 100644 examples/data-sources/sdwan_advanced_inspection_profile_policy_definition/data-source.tf create mode 100644 examples/resources/sdwan_advanced_inspection_profile_policy_definition/import.sh create mode 100644 examples/resources/sdwan_advanced_inspection_profile_policy_definition/resource.tf create mode 100644 gen/definitions/generic/advanced_inspection_profile_policy_definition.yaml create mode 100644 internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition.go create mode 100644 internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition_test.go create mode 100644 internal/provider/model_sdwan_advanced_inspection_profile_policy_definition.go create mode 100644 internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition.go create mode 100644 internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 21336bf6..e3baeed1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - BREAKING CHANGE: Rename `group` attribute of `sdwan_cedge_aaa_feature_template` resource and data source to `groups` and fix type - Use type `Set` for `device_types` attributes of feature template resources and data sources - Add `sdwan_tls_ssl_decryption_policy_definition` resource and data source +- Add `sdwan_advanced_inspection_profile_policy_definition` resource and data source ## 0.2.8 diff --git a/docs/data-sources/advanced_inspection_profile_policy_definition.md b/docs/data-sources/advanced_inspection_profile_policy_definition.md new file mode 100644 index 00000000..8a511118 --- /dev/null +++ b/docs/data-sources/advanced_inspection_profile_policy_definition.md @@ -0,0 +1,41 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_advanced_inspection_profile_policy_definition Data Source - terraform-provider-sdwan" +subcategory: "Security Policies" +description: |- + This data source can read the Advanced Inspection Profile Policy Definition . +--- + +# sdwan_advanced_inspection_profile_policy_definition (Data Source) + +This data source can read the Advanced Inspection Profile Policy Definition . + +## Example Usage + +```terraform +data "sdwan_advanced_inspection_profile_policy_definition" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} +``` + + +## Schema + +### Required + +- `id` (String) The id of the object + +### Read-Only + +- `advanced_malware_protection_id` (String) Advanced malware protection ID +- `advanced_malware_protection_version` (Number) Advanced malware protection version +- `description` (String) The description of the policy definition. +- `intrusion_prevention_id` (String) Intrusion prevention ID (unified mode) +- `intrusion_prevention_version` (Number) Intrusion prevention version +- `name` (String) The name of the policy definition. +- `tls_action` (String) TLS Action +- `tls_ssl_decryption_id` (String) TLS/SSL decryption ID +- `tls_ssl_decryption_version` (Number) TLS/SSL decryption version +- `url_filtering_id` (String) URL filtering ID (unified mode) +- `url_filtering_version` (Number) URL filtering version +- `version` (Number) The version of the object diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index 3a1135cd..8c1df0a8 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -1,18 +1,19 @@ ---- -subcategory: "Guides" -page_title: "Changelog" -description: |- - Changelog ---- - -# Changelog - +--- +subcategory: "Guides" +page_title: "Changelog" +description: |- + Changelog +--- + +# Changelog + ## 0.2.9 (unreleased) - Add `sdwan_advanced_malware_protection_policy_definition` resource and data source - BREAKING CHANGE: Rename `group` attribute of `sdwan_cedge_aaa_feature_template` resource and data source to `groups` and fix type - Use type `Set` for `device_types` attributes of feature template resources and data sources - Add `sdwan_tls_ssl_decryption_policy_definition` resource and data source +- Add `sdwan_advanced_inspection_profile_policy_definition` resource and data source ## 0.2.8 @@ -87,4 +88,4 @@ description: |- ## 0.1.0 (July 23, 2021) - Initial Release - + diff --git a/docs/resources/advanced_inspection_profile_policy_definition.md b/docs/resources/advanced_inspection_profile_policy_definition.md new file mode 100644 index 00000000..46cb435d --- /dev/null +++ b/docs/resources/advanced_inspection_profile_policy_definition.md @@ -0,0 +1,56 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_advanced_inspection_profile_policy_definition Resource - terraform-provider-sdwan" +subcategory: "Security Policies" +description: |- + This resource can manage a Advanced Inspection Profile Policy Definition . +--- + +# sdwan_advanced_inspection_profile_policy_definition (Resource) + +This resource can manage a Advanced Inspection Profile Policy Definition . + +## Example Usage + +```terraform +resource "sdwan_advanced_inspection_profile_policy_definition" "example" { + name = "Example" + description = "My description" + tls_action = "decrypt" + url_filtering_id = "914670a3-9726-4a51-847f-b3db70819dc2" +} +``` + + +## Schema + +### Required + +- `description` (String) The description of the policy definition. +- `name` (String) The name of the policy definition. + +### Optional + +- `advanced_malware_protection_id` (String) Advanced malware protection ID +- `advanced_malware_protection_version` (Number) Advanced malware protection version +- `intrusion_prevention_id` (String) Intrusion prevention ID (unified mode) +- `intrusion_prevention_version` (Number) Intrusion prevention version +- `tls_action` (String) TLS Action + - Choices: `decrypt`, `skipDecrypt`, `doNotDecrypt` +- `tls_ssl_decryption_id` (String) TLS/SSL decryption ID +- `tls_ssl_decryption_version` (Number) TLS/SSL decryption version +- `url_filtering_id` (String) URL filtering ID (unified mode) +- `url_filtering_version` (Number) URL filtering version + +### Read-Only + +- `id` (String) The id of the object +- `version` (Number) The version of the object + +## Import + +Import is supported using the following syntax: + +```shell +terraform import sdwan_advanced_inspection_profile_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd" +``` diff --git a/examples/data-sources/sdwan_advanced_inspection_profile_policy_definition/data-source.tf b/examples/data-sources/sdwan_advanced_inspection_profile_policy_definition/data-source.tf new file mode 100644 index 00000000..4b4e125b --- /dev/null +++ b/examples/data-sources/sdwan_advanced_inspection_profile_policy_definition/data-source.tf @@ -0,0 +1,3 @@ +data "sdwan_advanced_inspection_profile_policy_definition" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} diff --git a/examples/resources/sdwan_advanced_inspection_profile_policy_definition/import.sh b/examples/resources/sdwan_advanced_inspection_profile_policy_definition/import.sh new file mode 100644 index 00000000..fe4873f7 --- /dev/null +++ b/examples/resources/sdwan_advanced_inspection_profile_policy_definition/import.sh @@ -0,0 +1 @@ +terraform import sdwan_advanced_inspection_profile_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd" diff --git a/examples/resources/sdwan_advanced_inspection_profile_policy_definition/resource.tf b/examples/resources/sdwan_advanced_inspection_profile_policy_definition/resource.tf new file mode 100644 index 00000000..fba774e7 --- /dev/null +++ b/examples/resources/sdwan_advanced_inspection_profile_policy_definition/resource.tf @@ -0,0 +1,6 @@ +resource "sdwan_advanced_inspection_profile_policy_definition" "example" { + name = "Example" + description = "My description" + tls_action = "decrypt" + url_filtering_id = "914670a3-9726-4a51-847f-b3db70819dc2" +} diff --git a/gen/definitions/generic/advanced_inspection_profile_policy_definition.yaml b/gen/definitions/generic/advanced_inspection_profile_policy_definition.yaml new file mode 100644 index 00000000..f234d247 --- /dev/null +++ b/gen/definitions/generic/advanced_inspection_profile_policy_definition.yaml @@ -0,0 +1,90 @@ +name: Advanced Inspection Profile Policy Definition +rest_endpoint: /template/policy/definition/advancedinspectionprofile/ +has_version: true +id_attribute: definitionId +doc_category: Security Policies +attributes: + - model_name: type + type: String + value: advancedInspectionProfile + - model_name: name + tf_name: name + type: String + mandatory: true + description: The name of the policy definition. + example: Example + - model_name: description + tf_name: description + type: String + mandatory: true + description: The description of the policy definition. + example: My description + - model_name: tlsDecryptionAction + data_path: [definition] + tf_name: tls_action + type: String + enum_values: [decrypt, skipDecrypt, doNotDecrypt] + description: TLS Action + example: decrypt + - model_name: ref + data_path: [definition, intrusionPrevention] + tf_name: intrusion_prevention_id + type: String + description: Intrusion prevention ID (unified mode) + example: b80ed541-3950-45c7-ab35-d8f11e180599 + exclude_test: true + - tf_name: intrusion_prevention_version + tf_only: true + type: Version + description: Intrusion prevention version + exclude_test: true + - model_name: ref + data_path: [definition, urlFiltering] + tf_name: url_filtering_id + type: String + description: URL filtering ID (unified mode) + example: 914670a3-9726-4a51-847f-b3db70819dc2 + test_value: sdwan_url_filtering_policy_definition.test.id + - tf_name: url_filtering_version + tf_only: true + type: Version + description: URL filtering version + exclude_test: true + - model_name: ref + data_path: [definition, advancedMalwareProtection] + tf_name: advanced_malware_protection_id + type: String + description: Advanced malware protection ID + example: c3590312-7f67-41d7-b9a5-42ec97c7a73d + exclude_test: true + - tf_name: advanced_malware_protection_version + tf_only: true + type: Version + description: Advanced malware protection version + exclude_test: true + - model_name: ref + data_path: [definition, sslDecryption] + tf_name: tls_ssl_decryption_id + type: String + description: TLS/SSL decryption ID + example: 84f10c9d-def7-45a3-8c64-6df26163c861 + exclude_test: true + - tf_name: tls_ssl_decryption_version + tf_only: true + type: Version + description: TLS/SSL decryption version + exclude_test: true + +test_prerequisites: | + resource "sdwan_url_filtering_policy_definition" "test" { + name = "TF_TEST" + description = "Terraform test" + mode = "security" + alerts = ["blacklist"] + web_categories = ["alcohol-and-tobacco"] + web_categories_action = "allow" + web_reputation = "moderate-risk" + target_vpns = ["1"] + block_page_action = "text" + block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" + } diff --git a/internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition.go b/internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition.go new file mode 100644 index 00000000..e9b7bd11 --- /dev/null +++ b/internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition.go @@ -0,0 +1,144 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ datasource.DataSource = &AdvancedInspectionProfilePolicyDefinitionDataSource{} + _ datasource.DataSourceWithConfigure = &AdvancedInspectionProfilePolicyDefinitionDataSource{} +) + +func NewAdvancedInspectionProfilePolicyDefinitionDataSource() datasource.DataSource { + return &AdvancedInspectionProfilePolicyDefinitionDataSource{} +} + +type AdvancedInspectionProfilePolicyDefinitionDataSource struct { + client *sdwan.Client +} + +func (d *AdvancedInspectionProfilePolicyDefinitionDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_advanced_inspection_profile_policy_definition" +} + +func (d *AdvancedInspectionProfilePolicyDefinitionDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: "This data source can read the Advanced Inspection Profile Policy Definition .", + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Required: true, + }, + "version": schema.Int64Attribute{ + MarkdownDescription: "The version of the object", + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "The name of the policy definition.", + Computed: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "The description of the policy definition.", + Computed: true, + }, + "tls_action": schema.StringAttribute{ + MarkdownDescription: "TLS Action", + Computed: true, + }, + "intrusion_prevention_id": schema.StringAttribute{ + MarkdownDescription: "Intrusion prevention ID (unified mode)", + Computed: true, + }, + "intrusion_prevention_version": schema.Int64Attribute{ + MarkdownDescription: "Intrusion prevention version", + Computed: true, + }, + "url_filtering_id": schema.StringAttribute{ + MarkdownDescription: "URL filtering ID (unified mode)", + Computed: true, + }, + "url_filtering_version": schema.Int64Attribute{ + MarkdownDescription: "URL filtering version", + Computed: true, + }, + "advanced_malware_protection_id": schema.StringAttribute{ + MarkdownDescription: "Advanced malware protection ID", + Computed: true, + }, + "advanced_malware_protection_version": schema.Int64Attribute{ + MarkdownDescription: "Advanced malware protection version", + Computed: true, + }, + "tls_ssl_decryption_id": schema.StringAttribute{ + MarkdownDescription: "TLS/SSL decryption ID", + Computed: true, + }, + "tls_ssl_decryption_version": schema.Int64Attribute{ + MarkdownDescription: "TLS/SSL decryption version", + Computed: true, + }, + }, + } +} + +func (d *AdvancedInspectionProfilePolicyDefinitionDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + d.client = req.ProviderData.(*SdwanProviderData).Client +} + +func (d *AdvancedInspectionProfilePolicyDefinitionDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config AdvancedInspectionProfilePolicyDefinition + + // Read config + diags := req.Config.Get(ctx, &config) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String())) + + res, err := d.client.Get("/template/policy/definition/advancedinspectionprofile/" + config.Id.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) + return + } + + config.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) + + diags = resp.State.Set(ctx, &config) + resp.Diagnostics.Append(diags...) +} diff --git a/internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition_test.go b/internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition_test.go new file mode 100644 index 00000000..6556fda9 --- /dev/null +++ b/internal/provider/data_source_sdwan_advanced_inspection_profile_policy_definition_test.go @@ -0,0 +1,70 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccDataSourceSdwanAdvancedInspectionProfilePolicyDefinition(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSdwanAdvancedInspectionProfilePolicyDefinitionConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.sdwan_advanced_inspection_profile_policy_definition.test", "name", "Example"), + resource.TestCheckResourceAttr("data.sdwan_advanced_inspection_profile_policy_definition.test", "description", "My description"), + resource.TestCheckResourceAttr("data.sdwan_advanced_inspection_profile_policy_definition.test", "tls_action", "decrypt"), + ), + }, + }, + }) +} + +const testAccDataSourceSdwanAdvancedInspectionProfilePolicyDefinitionConfig = ` +resource "sdwan_url_filtering_policy_definition" "test" { + name = "TF_TEST" + description = "Terraform test" + mode = "security" + alerts = ["blacklist"] + web_categories = ["alcohol-and-tobacco"] + web_categories_action = "allow" + web_reputation = "moderate-risk" + target_vpns = ["1"] + block_page_action = "text" + block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" +} + + +resource "sdwan_advanced_inspection_profile_policy_definition" "test" { + name = "Example" + description = "My description" + tls_action = "decrypt" + url_filtering_id = sdwan_url_filtering_policy_definition.test.id +} + +data "sdwan_advanced_inspection_profile_policy_definition" "test" { + id = sdwan_advanced_inspection_profile_policy_definition.test.id +} +` diff --git a/internal/provider/model_sdwan_advanced_inspection_profile_policy_definition.go b/internal/provider/model_sdwan_advanced_inspection_profile_policy_definition.go new file mode 100644 index 00000000..dc30a514 --- /dev/null +++ b/internal/provider/model_sdwan_advanced_inspection_profile_policy_definition.go @@ -0,0 +1,144 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" +) + +type AdvancedInspectionProfilePolicyDefinition struct { + Id types.String `tfsdk:"id"` + Version types.Int64 `tfsdk:"version"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + TlsAction types.String `tfsdk:"tls_action"` + IntrusionPreventionId types.String `tfsdk:"intrusion_prevention_id"` + IntrusionPreventionVersion types.Int64 `tfsdk:"intrusion_prevention_version"` + UrlFilteringId types.String `tfsdk:"url_filtering_id"` + UrlFilteringVersion types.Int64 `tfsdk:"url_filtering_version"` + AdvancedMalwareProtectionId types.String `tfsdk:"advanced_malware_protection_id"` + AdvancedMalwareProtectionVersion types.Int64 `tfsdk:"advanced_malware_protection_version"` + TlsSslDecryptionId types.String `tfsdk:"tls_ssl_decryption_id"` + TlsSslDecryptionVersion types.Int64 `tfsdk:"tls_ssl_decryption_version"` +} + +func (data AdvancedInspectionProfilePolicyDefinition) toBody(ctx context.Context) string { + body := "" + body, _ = sjson.Set(body, "type", "advancedInspectionProfile") + if !data.Name.IsNull() { + body, _ = sjson.Set(body, "name", data.Name.ValueString()) + } + if !data.Description.IsNull() { + body, _ = sjson.Set(body, "description", data.Description.ValueString()) + } + if !data.TlsAction.IsNull() { + body, _ = sjson.Set(body, "definition.tlsDecryptionAction", data.TlsAction.ValueString()) + } + if !data.IntrusionPreventionId.IsNull() { + body, _ = sjson.Set(body, "definition.intrusionPrevention.ref", data.IntrusionPreventionId.ValueString()) + } + if !data.UrlFilteringId.IsNull() { + body, _ = sjson.Set(body, "definition.urlFiltering.ref", data.UrlFilteringId.ValueString()) + } + if !data.AdvancedMalwareProtectionId.IsNull() { + body, _ = sjson.Set(body, "definition.advancedMalwareProtection.ref", data.AdvancedMalwareProtectionId.ValueString()) + } + if !data.TlsSslDecryptionId.IsNull() { + body, _ = sjson.Set(body, "definition.sslDecryption.ref", data.TlsSslDecryptionId.ValueString()) + } + return body +} + +func (data *AdvancedInspectionProfilePolicyDefinition) fromBody(ctx context.Context, res gjson.Result) { + state := *data + if value := res.Get("name"); value.Exists() { + data.Name = types.StringValue(value.String()) + } else { + data.Name = types.StringNull() + } + if value := res.Get("description"); value.Exists() { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("definition.tlsDecryptionAction"); value.Exists() { + data.TlsAction = types.StringValue(value.String()) + } else { + data.TlsAction = types.StringNull() + } + if value := res.Get("definition.intrusionPrevention.ref"); value.Exists() { + data.IntrusionPreventionId = types.StringValue(value.String()) + } else { + data.IntrusionPreventionId = types.StringNull() + } + if value := res.Get("definition.urlFiltering.ref"); value.Exists() { + data.UrlFilteringId = types.StringValue(value.String()) + } else { + data.UrlFilteringId = types.StringNull() + } + if value := res.Get("definition.advancedMalwareProtection.ref"); value.Exists() { + data.AdvancedMalwareProtectionId = types.StringValue(value.String()) + } else { + data.AdvancedMalwareProtectionId = types.StringNull() + } + if value := res.Get("definition.sslDecryption.ref"); value.Exists() { + data.TlsSslDecryptionId = types.StringValue(value.String()) + } else { + data.TlsSslDecryptionId = types.StringNull() + } + data.updateVersions(ctx, &state) +} + +func (data *AdvancedInspectionProfilePolicyDefinition) hasChanges(ctx context.Context, state *AdvancedInspectionProfilePolicyDefinition) bool { + hasChanges := false + if !data.Name.Equal(state.Name) { + hasChanges = true + } + if !data.Description.Equal(state.Description) { + hasChanges = true + } + if !data.TlsAction.Equal(state.TlsAction) { + hasChanges = true + } + if !data.IntrusionPreventionId.Equal(state.IntrusionPreventionId) { + hasChanges = true + } + if !data.UrlFilteringId.Equal(state.UrlFilteringId) { + hasChanges = true + } + if !data.AdvancedMalwareProtectionId.Equal(state.AdvancedMalwareProtectionId) { + hasChanges = true + } + if !data.TlsSslDecryptionId.Equal(state.TlsSslDecryptionId) { + hasChanges = true + } + return hasChanges +} + +func (data *AdvancedInspectionProfilePolicyDefinition) updateVersions(ctx context.Context, state *AdvancedInspectionProfilePolicyDefinition) { + data.IntrusionPreventionVersion = state.IntrusionPreventionVersion + data.UrlFilteringVersion = state.UrlFilteringVersion + data.AdvancedMalwareProtectionVersion = state.AdvancedMalwareProtectionVersion + data.TlsSslDecryptionVersion = state.TlsSslDecryptionVersion +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index e510f98b..69005213 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -262,6 +262,7 @@ func (p *SdwanProvider) Resources(ctx context.Context) []func() resource.Resourc NewCiscoVPNInterfaceIPSecFeatureTemplateResource, NewCLITemplateFeatureTemplateResource, NewACLPolicyDefinitionResource, + NewAdvancedInspectionProfilePolicyDefinitionResource, NewAdvancedMalwareProtectionPolicyDefinitionResource, NewAllowURLListPolicyObjectResource, NewAppProbeClassPolicyObjectResource, @@ -342,6 +343,7 @@ func (p *SdwanProvider) DataSources(ctx context.Context) []func() datasource.Dat NewCiscoVPNInterfaceIPSecFeatureTemplateDataSource, NewCLITemplateFeatureTemplateDataSource, NewACLPolicyDefinitionDataSource, + NewAdvancedInspectionProfilePolicyDefinitionDataSource, NewAdvancedMalwareProtectionPolicyDefinitionDataSource, NewAllowURLListPolicyObjectDataSource, NewAppProbeClassPolicyObjectDataSource, diff --git a/internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition.go b/internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition.go new file mode 100644 index 00000000..0834b71d --- /dev/null +++ b/internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition.go @@ -0,0 +1,261 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + "strings" + "sync" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// Ensure provider defined types fully satisfy framework interfaces +var _ resource.Resource = &AdvancedInspectionProfilePolicyDefinitionResource{} +var _ resource.ResourceWithImportState = &AdvancedInspectionProfilePolicyDefinitionResource{} + +func NewAdvancedInspectionProfilePolicyDefinitionResource() resource.Resource { + return &AdvancedInspectionProfilePolicyDefinitionResource{} +} + +type AdvancedInspectionProfilePolicyDefinitionResource struct { + client *sdwan.Client + updateMutex *sync.Mutex +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_advanced_inspection_profile_policy_definition" +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a Advanced Inspection Profile Policy Definition .").String, + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "version": schema.Int64Attribute{ + MarkdownDescription: "The version of the object", + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("The name of the policy definition.").String, + Required: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("The description of the policy definition.").String, + Required: true, + }, + "tls_action": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("TLS Action").AddStringEnumDescription("decrypt", "skipDecrypt", "doNotDecrypt").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("decrypt", "skipDecrypt", "doNotDecrypt"), + }, + }, + "intrusion_prevention_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Intrusion prevention ID (unified mode)").String, + Optional: true, + }, + "intrusion_prevention_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Intrusion prevention version").String, + Optional: true, + }, + "url_filtering_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("URL filtering ID (unified mode)").String, + Optional: true, + }, + "url_filtering_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("URL filtering version").String, + Optional: true, + }, + "advanced_malware_protection_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Advanced malware protection ID").String, + Optional: true, + }, + "advanced_malware_protection_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Advanced malware protection version").String, + Optional: true, + }, + "tls_ssl_decryption_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("TLS/SSL decryption ID").String, + Optional: true, + }, + "tls_ssl_decryption_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("TLS/SSL decryption version").String, + Optional: true, + }, + }, + } +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*SdwanProviderData).Client + r.updateMutex = req.ProviderData.(*SdwanProviderData).UpdateMutex +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan AdvancedInspectionProfilePolicyDefinition + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Name.ValueString())) + + // Create object + body := plan.toBody(ctx) + + res, err := r.client.Post("/template/policy/definition/advancedinspectionprofile/", body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) + return + } + + plan.Id = types.StringValue(res.Get("definitionId").String()) + plan.Version = types.Int64Value(0) + + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state AdvancedInspectionProfilePolicyDefinition + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Name.String())) + + res, err := r.client.Get("/template/policy/definition/advancedinspectionprofile/" + state.Id.ValueString()) + if strings.Contains(res.Get("error.message").String(), "Failed to find specified resource") || strings.Contains(res.Get("error.message").String(), "Invalid template type") || strings.Contains(res.Get("error.message").String(), "Template definition not found") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + state.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Name.ValueString())) + + diags = resp.State.Set(ctx, &state) + resp.Diagnostics.Append(diags...) +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state AdvancedInspectionProfilePolicyDefinition + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + // Read state + diags = req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Name.ValueString())) + + if plan.hasChanges(ctx, &state) { + body := plan.toBody(ctx) + r.updateMutex.Lock() + res, err := r.client.Put("/template/policy/definition/advancedinspectionprofile/"+plan.Id.ValueString(), body) + r.updateMutex.Unlock() + if err != nil { + if strings.Contains(res.Get("error.message").String(), "Failed to acquire lock") { + resp.Diagnostics.AddWarning("Client Warning", "Failed to modify policy due to policy being locked by another change. Policy changes will not be applied. Re-run 'terraform apply' to try again.") + } else { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + } + } else { + tflog.Debug(ctx, fmt.Sprintf("%s: No changes detected", plan.Name.ValueString())) + } + plan.Version = types.Int64Value(state.Version.ValueInt64() + 1) + + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state AdvancedInspectionProfilePolicyDefinition + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Name.ValueString())) + + res, err := r.client.Delete("/template/policy/definition/advancedinspectionprofile/" + state.Id.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Name.ValueString())) + + resp.State.RemoveResource(ctx) +} + +func (r *AdvancedInspectionProfilePolicyDefinitionResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition_test.go b/internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition_test.go new file mode 100644 index 00000000..afd9376d --- /dev/null +++ b/internal/provider/resource_sdwan_advanced_inspection_profile_policy_definition_test.go @@ -0,0 +1,66 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccSdwanAdvancedInspectionProfilePolicyDefinition(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccSdwanAdvancedInspectionProfilePolicyDefinitionConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("sdwan_advanced_inspection_profile_policy_definition.test", "name", "Example"), + resource.TestCheckResourceAttr("sdwan_advanced_inspection_profile_policy_definition.test", "description", "My description"), + resource.TestCheckResourceAttr("sdwan_advanced_inspection_profile_policy_definition.test", "tls_action", "decrypt"), + ), + }, + }, + }) +} + +const testAccSdwanAdvancedInspectionProfilePolicyDefinitionConfig = ` +resource "sdwan_url_filtering_policy_definition" "test" { + name = "TF_TEST" + description = "Terraform test" + mode = "security" + alerts = ["blacklist"] + web_categories = ["alcohol-and-tobacco"] + web_categories_action = "allow" + web_reputation = "moderate-risk" + target_vpns = ["1"] + block_page_action = "text" + block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" +} + + +resource "sdwan_advanced_inspection_profile_policy_definition" "test" { + name = "Example" + description = "My description" + tls_action = "decrypt" + url_filtering_id = sdwan_url_filtering_policy_definition.test.id +} +` diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index 3a1135cd..8c1df0a8 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -1,18 +1,19 @@ ---- -subcategory: "Guides" -page_title: "Changelog" -description: |- - Changelog ---- - -# Changelog - +--- +subcategory: "Guides" +page_title: "Changelog" +description: |- + Changelog +--- + +# Changelog + ## 0.2.9 (unreleased) - Add `sdwan_advanced_malware_protection_policy_definition` resource and data source - BREAKING CHANGE: Rename `group` attribute of `sdwan_cedge_aaa_feature_template` resource and data source to `groups` and fix type - Use type `Set` for `device_types` attributes of feature template resources and data sources - Add `sdwan_tls_ssl_decryption_policy_definition` resource and data source +- Add `sdwan_advanced_inspection_profile_policy_definition` resource and data source ## 0.2.8 @@ -87,4 +88,4 @@ description: |- ## 0.1.0 (July 23, 2021) - Initial Release - +