Fmc device ha pair (#226)

adding support for HA

Co-authored-by: kadadhic <[email protected]>
Co-authored-by: rchrabas <[email protected]>

.gitignore

@@ -29,7 +29,8 @@ website/node_modules
 .vscode/settings.json
 
 website/vendor
-
+vendor
+running.sh
 # Test exclusions
 !command/test-fixtures/**/*.tfstate
 !command/test-fixtures/**/.terraform/

docs/data-sources/device_ha_pair.md

@@ -0,0 +1,64 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "fmc_device_ha_pair Data Source - terraform-provider-fmc"
+subcategory: "Device"
+description: |-
+  This data source can read the Device HA Pair.
+---
+
+# fmc_device_ha_pair (Data Source)
+
+This data source can read the Device HA Pair.
+
+## Example Usage
+
+```terraform
+data "fmc_device_ha_pair" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `domain` (String) The name of the FMC domain
+- `id` (String) The id of the object
+- `name` (String) The name of the High Availability (HA) Pair.
+
+### Read-Only
+
+- `action` (String) FTD HA PUT operation action. Specifically used for manual switch. HA Break will be triggered when you run terraform destroy
+- `encryption_enabled` (Boolean) Use encryption for communication.
+- `encryption_key` (String) Pass shared key for encryption if CUSTOM key geneeration scheme is selected.
+- `encryption_key_generation_scheme` (String) Select the encyption key generation scheme.
+- `failed_interfaces_limit` (Number) Number of Failed Interfaces that triggers failover.
+- `failed_interfaces_percent` (Number) Percentage of Failed Interfaces that triggers failover.
+- `ha_link_interface_id` (String) ID of High Availability Link interface.
+- `ha_link_interface_name` (String) Name of High Availability Link interface.
+- `ha_link_interface_type` (String) Type of High Availability Link interface.
+- `ha_link_logical_name` (String) The logical name of failover interface.
+- `ha_link_netmask` (String) Subnet mask for HA link.
+- `ha_link_primary_ip` (String) The IP of primary node interface.
+- `ha_link_secondary_ip` (String) The IP of secondary node interface.
+- `ha_link_use_ipv6` (Boolean) Use IPv6 addressing for HA communication.
+- `interface_hold_time` (Number) Interface Hold Time in seconds
+- `interface_poll_time` (Number) Peer Pool Time (1-15 SEC or 500-999 MSEC)
+- `interface_poll_time_unit` (String) Peer Pool Time Unit
+- `peer_hold_time` (Number) Peer Hold Time (3-45 SEC or 800-999 MSEC)
+- `peer_hold_time_unit` (String) Peer Hold Time Unit
+- `peer_poll_time` (Number) Peer Pool Time (1-15 SEC or 200-999 MSEC)
+- `peer_poll_time_unit` (String) Peer Pool Time Unit
+- `primary_device_id` (String) ID of primary FTD in the HA Pair.
+- `secondary_device_id` (String) ID of secondary FTD in the HA Pair.
+- `state_link_interface_id` (String) ID of physical interface.
+- `state_link_interface_name` (String) Name of state link interface.
+- `state_link_interface_type` (String) Type of state link interface.
+- `state_link_logical_name` (String)
+- `state_link_netmask` (String) Subnet mask for state link.
+- `state_link_primary_ip` (String) The IP of primary node interface.
+- `state_link_secondary_ip` (String) The IP of secondary node interface.
+- `state_link_use_ipv6` (Boolean) Use IPv6 addressing for HA communication.
+- `state_link_use_same_as_ha` (Boolean) Use the same link for state and HA.
+- `type` (String) Type of the resource; This is always `DeviceHAPair`.

docs/resources/device_ha_pair.md

@@ -0,0 +1,123 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "fmc_device_ha_pair Resource - terraform-provider-fmc"
+subcategory: "Device"
+description: |-
+  Resource to manage HA Pair. failed_interfaces_limit or failed_interfaces_percent needs to be set.
+---
+
+# fmc_device_ha_pair (Resource)
+
+Resource to manage HA Pair. failed_interfaces_limit or failed_interfaces_percent needs to be set.
+
+## Example Usage
+
+```terraform
+resource "fmc_device_ha_pair" "example" {
+  name                             = "FTD_HA"
+  primary_device_id                = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+  secondary_device_id              = "96d24097-41c4-4332-a4d0-a8c07ac08482"
+  ha_link_interface_id             = "96d24097-41c4-4332-a4d0-a8c07ac08482"
+  ha_link_interface_name           = "GigabitEthernet0/0"
+  ha_link_interface_type           = ""
+  ha_link_logical_name             = "LAN-INTERFACE"
+  ha_link_use_ipv6                 = false
+  ha_link_primary_ip               = "1.1.1.1"
+  ha_link_secondary_ip             = "1.1.1.2"
+  ha_link_netmask                  = "255.255.255.0"
+  state_link_use_same_as_ha        = false
+  state_link_interface_id          = "76d24097-hj7r-7786-a4d0-a8c07ac08470"
+  state_link_interface_name        = "GigabitEthernet0/0"
+  state_link_interface_type        = "PhysicalInterface"
+  state_link_logical_name          = "Stateful-INTERFACE"
+  state_link_use_ipv6              = false
+  state_link_primary_ip            = "10.10.10.1"
+  state_link_secondary_ip          = "10.10.10.2"
+  state_link_netmask               = "255.255.255.0"
+  encryption_enabled               = true
+  encryption_key_generation_scheme = "AUTO"
+  failed_interfaces_limit          = 1
+  peer_poll_time                   = 1
+  peer_poll_time_unit              = "SEC"
+  peer_hold_time                   = 15
+  peer_hold_time_unit              = "SEC"
+  interface_poll_time              = 5
+  interface_poll_time_unit         = "SEC"
+  interface_hold_time              = 25
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `ha_link_interface_id` (String) ID of High Availability Link interface.
+- `ha_link_interface_name` (String) Name of High Availability Link interface.
+- `ha_link_interface_type` (String) Type of High Availability Link interface.
+- `ha_link_logical_name` (String) The logical name of failover interface.
+- `ha_link_netmask` (String) Subnet mask for HA link.
+- `ha_link_primary_ip` (String) The IP of primary node interface.
+- `ha_link_secondary_ip` (String) The IP of secondary node interface.
+- `name` (String) The name of the High Availability (HA) Pair.
+- `primary_device_id` (String) ID of primary FTD in the HA Pair.
+- `secondary_device_id` (String) ID of secondary FTD in the HA Pair.
+- `state_link_use_same_as_ha` (Boolean) Use the same link for state and HA.
+
+### Optional
+
+- `action` (String) FTD HA PUT operation action. Specifically used for manual switch. HA Break will be triggered when you run terraform destroy
+  - Choices: `SWITCH`, `HABREAK`
+- `domain` (String) The name of the FMC domain
+- `encryption_enabled` (Boolean) Use encryption for communication.
+- `encryption_key` (String) Pass shared key for encryption if CUSTOM key geneeration scheme is selected.
+- `encryption_key_generation_scheme` (String) Select the encyption key generation scheme.
+  - Choices: `AUTO`, `CUSTOM`
+- `failed_interfaces_limit` (Number) Number of Failed Interfaces that triggers failover.
+  - Range: `1`-`211`
+- `failed_interfaces_percent` (Number) Percentage of Failed Interfaces that triggers failover.
+  - Range: `1`-`100`
+- `ha_link_use_ipv6` (Boolean) Use IPv6 addressing for HA communication.
+  - Default value: `false`
+- `interface_hold_time` (Number) Interface Hold Time in seconds
+  - Range: `25`-`75`
+  - Default value: `25`
+- `interface_poll_time` (Number) Peer Pool Time (1-15 SEC or 500-999 MSEC)
+  - Range: `1`-`999`
+  - Default value: `5`
+- `interface_poll_time_unit` (String) Peer Pool Time Unit
+  - Choices: `SEC`, `MSEC`
+  - Default value: `SEC`
+- `peer_hold_time` (Number) Peer Hold Time (3-45 SEC or 800-999 MSEC)
+  - Range: `3`-`999`
+  - Default value: `15`
+- `peer_hold_time_unit` (String) Peer Hold Time Unit
+  - Choices: `SEC`, `MSEC`
+  - Default value: `SEC`
+- `peer_poll_time` (Number) Peer Pool Time (1-15 SEC or 200-999 MSEC)
+  - Range: `1`-`999`
+  - Default value: `1`
+- `peer_poll_time_unit` (String) Peer Pool Time Unit
+  - Choices: `SEC`, `MSEC`
+  - Default value: `SEC`
+- `state_link_interface_id` (String) ID of physical interface.
+- `state_link_interface_name` (String) Name of state link interface.
+- `state_link_interface_type` (String) Type of state link interface.
+- `state_link_logical_name` (String)
+- `state_link_netmask` (String) Subnet mask for state link.
+- `state_link_primary_ip` (String) The IP of primary node interface.
+- `state_link_secondary_ip` (String) The IP of secondary node interface.
+- `state_link_use_ipv6` (Boolean) Use IPv6 addressing for HA communication.
+
+### Read-Only
+
+- `id` (String) The id of the object
+- `type` (String) Type of the resource; This is always `DeviceHAPair`.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import fmc_device_ha_pair.example "<id>"
+```

examples/data-sources/fmc_device_ha_pairs/data-source.tf

@@ -0,0 +1,3 @@
+data "fmc_device_ha_pairs" "example" {
+  id = "76d24097-41c4-4558-a4d0-a8c07ac08470"
+}

examples/resources/fmc_device_ha_pair/resource.tf

@@ -2,26 +2,31 @@ resource "fmc_device_ha_pair" "example" {
   name                             = "FTD_HA"
   primary_device_id                = "76d24097-41c4-4558-a4d0-a8c07ac08470"
   secondary_device_id              = "96d24097-41c4-4332-a4d0-a8c07ac08482"
-  is_encryption_enabled            = false
-  use_same_link_for_failovers      = false
-  shared_key                       = "cisco123"
-  enc_key_generation_scheme        = "CUSTOM"
-  lan_failover_standby_ip          = "1.1.1.2"
-  lan_failover_active_ip           = "1.1.1.1"
-  lan_failover_name                = "LAN-INTERFACE"
-  lan_failover_subnet_mask         = "255.255.255.0"
-  lan_failover_ipv6_addr           = false
-  lan_failover_interface_name      = "GigabitEthernet0/0"
-  lan_failover_interface_id        = "757kdgh5-41c4-4558-a4d0-a8c07ac08470"
-  lan_failover_interface_type      = "PhysicalInterface"
-  stateful_failover_standby_ip     = "10.10.10.2"
-  stateful_failover_active_ip      = "10.10.10.1"
-  stateful_failover_name           = "Stateful-INTERFACE"
-  stateful_failover_subnet_mask    = "255.255.255.0"
-  stateful_failover_ipv6_addr      = false
-  stateful_failover_interface_name = "GigabitEthernet0/0"
-  stateful_failover_interface_id   = "76d24097-hj7r-7786-a4d0-a8c07ac08470"
-  stateful_failover_interface_type = "PhysicalInterface"
-  action                           = "SWITCH"
-  force_break                      = false
+  ha_link_interface_id             = "96d24097-41c4-4332-a4d0-a8c07ac08482"
+  ha_link_interface_name           = "GigabitEthernet0/0"
+  ha_link_interface_type           = ""
+  ha_link_logical_name             = "LAN-INTERFACE"
+  ha_link_use_ipv6                 = false
+  ha_link_primary_ip               = "1.1.1.1"
+  ha_link_secondary_ip             = "1.1.1.2"
+  ha_link_netmask                  = "255.255.255.0"
+  state_link_use_same_as_ha        = false
+  state_link_interface_id          = "76d24097-hj7r-7786-a4d0-a8c07ac08470"
+  state_link_interface_name        = "GigabitEthernet0/0"
+  state_link_interface_type        = "PhysicalInterface"
+  state_link_logical_name          = "Stateful-INTERFACE"
+  state_link_use_ipv6              = false
+  state_link_primary_ip            = "10.10.10.1"
+  state_link_secondary_ip          = "10.10.10.2"
+  state_link_netmask               = "255.255.255.0"
+  encryption_enabled               = true
+  encryption_key_generation_scheme = "AUTO"
+  failed_interfaces_limit          = 1
+  peer_poll_time                   = 1
+  peer_poll_time_unit              = "SEC"
+  peer_hold_time                   = 15
+  peer_hold_time_unit              = "SEC"
+  interface_poll_time              = 5
+  interface_poll_time_unit         = "SEC"
+  interface_hold_time              = 25
 }

examples/resources/fmc_device_ha_pairs/import.sh

@@ -0,0 +1 @@
+terraform import fmc_device_ha_pairs.example "<id>"

examples/resources/fmc_device_ha_pairs/resource.tf

@@ -0,0 +1,27 @@
+resource "fmc_device_ha_pairs" "example" {
+  name                             = "FTD_HA"
+  primary_device_id                = "<FTD1_ID>"
+  secondary_device_id              = "<FTD2_ID>"
+  is_encryption_enabled            = false
+  use_same_link_for_failovers      = false
+  shared_key                       = "cisco123"
+  enc_key_generation_scheme        = "CUSTOM"
+  lan_failover_standby_ip          = "1.1.1.2"
+  lan_failover_active_ip           = "1.1.1.1"
+  lan_failover_name                = "LAN-INTERFACE"
+  lan_failover_subnet_mask         = "255.255.255.0"
+  lan_failover_ipv6_addr           = false
+  lan_failover_interface_name      = "GigabitEthernet0/0"
+  lan_failover_interface_id        = "<interface uuid>"
+  lan_failover_interface_type      = "PhysicalInterface"
+  stateful_failover_standby_ip     = "1.1.1.2"
+  stateful_failover_active_ip      = "1.1.1.1"
+  stateful_failover_name           = "Stateful-INTERFACE"
+  stateful_failover_subnet_mask    = "255.255.255.0"
+  stateful_failover_ipv6_addr      = false
+  stateful_failover_interface_name = "GigabitEthernet0/0"
+  stateful_failover_interface_id   = "<interface uuid>"
+  stateful_failover_interface_type = "PhysicalInterface"
+  action                           = "SWITCH"
+  force_break                      = false
+}