feat(lh-89397): add optional software_version and asdm_version params to cdo_asa_device (#154)

siddhuwarrier · web-flow · commit 201fbec35c17 · 2025-01-21T09:53:24.000Z
* feat(lh-89397): add optional software_version and asdm_version params to cdo_asa_device * fix(lh-89397): fail with sensible error if the software version or ASDM version is updated Support will be added to update software version and ASDM version as part of https://jira-eng-rtp3.cisco.com/jira/browse/LH-89398 * docs(lh-89397): fix docs * test(lh-89397): revert this: make sure everything is fine by running acceptance tests against branch * fix(lh-89937): fix broken acceptance test * ci(lh-89397): fix IP address * fix(lh-89397): fix again * ci(lh-89397): do not run acceptance tests on branch
diff --git a/client/client.go b/client/client.go
@@ -73,7 +73,7 @@ func (c *Client) ReadDeviceByName(ctx context.Context, inp device.ReadByNameAndT
 	return device.ReadByNameAndType(ctx, c.client, inp)
 }
 
-func (c *Client) CreateAsa(ctx context.Context, inp asa.CreateInput) (*asa.CreateOutput, *asa.CreateError) {
+func (c *Client) CreateAsa(ctx context.Context, inp asa.CreateInput) (*asa.ReadOutput, *asa.ReadSpecificOutput, *asa.CreateError) {
 	return asa.Create(ctx, c.client, inp)
 }
 
diff --git a/client/device/asa/asafixture_test.go b/client/device/asa/asafixture_test.go
@@ -129,7 +129,7 @@ func configureDeviceReadToRespondWithError(deviceUid string) {
 	)
 }
 
-func configureDeviceReadSpecificToRespondSuccessfully(deviceUid string, readOutput device.ReadSpecificOutput) {
+func configureDeviceReadSpecificToRespondSuccessfully(deviceUid string, readOutput asa.ReadSpecificOutput) {
 	httpmock.RegisterResponder(
 		http.MethodGet,
 		buildDeviceReadSpecificPath(deviceUid),
diff --git a/client/device/asa/create.go b/client/device/asa/create.go
@@ -2,6 +2,9 @@ package asa
 
 import (
 	"context"
+	"errors"
+	"fmt"
+	"strings"
 
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/connector"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
@@ -21,10 +24,10 @@ type CreateInput struct {
 	Password string
 
 	IgnoreCertificate bool
+	SoftwareVersion   string
+	AsdmVersion       string
 }
 
-type CreateOutput = ReadOutput
-
 type Metadata struct {
 	IsNewPolicyObjectModel string `json:"isNewPolicyObjectModel"` // yes it is a string, but it should be either "true" or "false" :/
 }
@@ -49,7 +52,7 @@ func (r *CreateError) Error() string {
 	return r.Err.Error()
 }
 
-func NewCreateRequestInput(name, connectorUid, connectorType, socketAddress, username, password string, ignoreCertificate bool, labels publicapilabels.Type) *CreateInput {
+func NewCreateRequestInput(name, connectorUid, connectorType, socketAddress, username, password string, ignoreCertificate bool, labels publicapilabels.Type, softwareVersion string, asdmVersion string) *CreateInput {
 	return &CreateInput{
 		Name:              name,
 		ConnectorUid:      connectorUid,
@@ -59,20 +62,22 @@ func NewCreateRequestInput(name, connectorUid, connectorType, socketAddress, use
 		Password:          password,
 		IgnoreCertificate: ignoreCertificate,
 		Labels:            labels,
+		SoftwareVersion:   softwareVersion,
+		AsdmVersion:       asdmVersion,
 	}
 }
 
-func Create(ctx context.Context, client http.Client, createInp CreateInput) (*CreateOutput, *CreateError) {
+func Create(ctx context.Context, client http.Client, createInp CreateInput) (*ReadOutput, *ReadSpecificOutput, *CreateError) {
 
-	client.Logger.Println("creating asa")
+	client.Logger.Println("creating asa device")
 
 	createUrl := url.CreateAsa(client.BaseUrl())
 
 	var connectorName string
 	if createInp.ConnectorType == "SDC" {
 		conn, err := connector.ReadByUid(ctx, client, connector.ReadByUidInput{ConnectorUid: createInp.ConnectorUid})
 		if err != nil {
-			return nil, &CreateError{
+			return nil, nil, &CreateError{
 				Err:               err,
 				CreatedResourceId: nil,
 			}
@@ -96,7 +101,7 @@ func Create(ctx context.Context, client http.Client, createInp CreateInput) (*Cr
 		},
 	)
 	if err != nil {
-		return nil, &CreateError{
+		return nil, nil, &CreateError{
 			Err:               err,
 			CreatedResourceId: &transaction.EntityUid,
 		}
@@ -108,19 +113,53 @@ func Create(ctx context.Context, client http.Client, createInp CreateInput) (*Cr
 		"Waiting for Asa to onboard...",
 	)
 	if err != nil {
-		return nil, &CreateError{
+		return nil, nil, &CreateError{
 			Err:               err,
 			CreatedResourceId: &transaction.EntityUid,
 		}
 	}
 
 	readOut, err := Read(ctx, client, ReadInput{Uid: transaction.EntityUid})
 	if err == nil {
-		return readOut, nil
-	} else {
-		return readOut, &CreateError{
-			Err:               err,
-			CreatedResourceId: &transaction.EntityUid,
+		if err = validateSoftwareVersion(readOut, createInp.SoftwareVersion); err != nil {
+			client.Logger.Println("Version validation failed...")
+			return nil, nil, &CreateError{
+				Err:               err,
+				CreatedResourceId: &transaction.EntityUid,
+			}
 		}
+
+		readSpecificOut, err := ReadSpecific(ctx, client, ReadSpecificInput{Uid: transaction.EntityUid})
+		if err == nil {
+			if err = validateAsdmVersion(readSpecificOut, createInp.AsdmVersion); err != nil {
+				client.Logger.Println("ASDM version validation failed...")
+				return nil, nil, &CreateError{
+					Err:               err,
+					CreatedResourceId: &transaction.EntityUid,
+				}
+			}
+			return readOut, readSpecificOut, nil
+		}
+	}
+
+	return nil, nil, &CreateError{
+		Err:               err,
+		CreatedResourceId: &transaction.EntityUid,
 	}
 }
+
+func validateSoftwareVersion(readOut *ReadOutput, softwareVersion string) error {
+	if strings.TrimSpace(softwareVersion) != "" && readOut.SoftwareVersion != softwareVersion {
+		return errors.New(fmt.Sprintf("ASA Software version mismatch. Specified software version %s does not match actual software version %s on ASA device", softwareVersion, readOut.SoftwareVersion))
+	}
+
+	return nil
+}
+
+func validateAsdmVersion(readOut *ReadSpecificOutput, asdmVersion string) error {
+	if strings.TrimSpace(asdmVersion) != "" && readOut.Metadata.AsdmVersion != asdmVersion {
+		return errors.New(fmt.Sprintf("ASDM version mismatch. Specified ASDM version %s does not match actual ASDM version %s on ASA device", asdmVersion, readOut.Metadata.AsdmVersion))
+	}
+
+	return nil
+}
diff --git a/client/device/asa/create_test.go b/client/device/asa/create_test.go
@@ -24,14 +24,19 @@ func TestAsaCreate(t *testing.T) {
 	cdgReadOutput := testModel.CdgReadOutput()
 	createInput := testModel.AsaCreateInput()
 	readOutput := testModel.AsaReadOutput()
+	readSpecificOutput := testModel.AsaReadSpecificDeviceOutput()
+	createInputWithIncorrectSoftwareVersion := createInput
+	createInputWithIncorrectSoftwareVersion.SoftwareVersion = readOutput.SoftwareVersion + "_different"
+	createInputWithIncorrectAsdmVersion := createInput
+	createInputWithIncorrectAsdmVersion.AsdmVersion = readOutput.AsdmVersion + "_different"
 	doneTransaction := testModel.CreateDoneTransaction(readOutput.Uid, transactiontype.ONBOARD_ASA)
 	errorTransaction := testModel.CreateErrorTransaction(readOutput.Uid, transactiontype.ONBOARD_ASA)
 
 	testCases := []struct {
 		testName   string
 		input      asa.CreateInput
 		setupFunc  func(input asa.CreateInput)
-		assertFunc func(output *asa.CreateOutput, err *asa.CreateError, t *testing.T)
+		assertFunc func(output *asa.ReadOutput, specificDeviceOutput *asa.ReadSpecificOutput, err *asa.CreateError, t *testing.T)
 	}{
 		{
 			testName: "successfully onboards ASA",
@@ -41,16 +46,50 @@ func TestAsaCreate(t *testing.T) {
 				internalTesting.MockGetOk(url.ReadConnectorByUid(testModel.BaseUrl, cdgReadOutput.Uid), cdgReadOutput)
 				internalTesting.MockPostAccepted(url.CreateAsa(testModel.BaseUrl), doneTransaction)
 				internalTesting.MockGetOk(url.ReadDevice(testModel.BaseUrl, readOutput.Uid), readOutput)
+				internalTesting.MockGetOk(url.ReadSpecificDevice(testModel.BaseUrl, readOutput.Uid), readSpecificOutput)
 			},
 
-			assertFunc: func(actualOutput *asa.CreateOutput, err *asa.CreateError, t *testing.T) {
+			assertFunc: func(actualOutput *asa.ReadOutput, actualSpecificDeviceOutput *asa.ReadSpecificOutput, err *asa.CreateError, t *testing.T) {
 				assert.Nil(t, err)
 				assert.NotNil(t, actualOutput)
+				assert.NotNil(t, actualSpecificDeviceOutput)
 				assert.Equal(t, readOutput, *actualOutput)
 			},
 		},
 		{
-			testName: "fails onboards Duo Admin Panel if transaction fails",
+			testName: "fails to onboard ASA due to specified software version mismatch",
+			input:    createInputWithIncorrectSoftwareVersion,
+			setupFunc: func(input asa.CreateInput) {
+				internalTesting.MockGetOk(url.ReadConnectorByUid(testModel.BaseUrl, cdgReadOutput.Uid), cdgReadOutput)
+				internalTesting.MockPostAccepted(url.CreateAsa(testModel.BaseUrl), doneTransaction)
+				internalTesting.MockGetOk(url.ReadDevice(testModel.BaseUrl, readOutput.Uid), readOutput)
+				internalTesting.MockGetOk(url.ReadSpecificDevice(testModel.BaseUrl, readOutput.Uid), readSpecificOutput)
+			},
+			assertFunc: func(actualOutput *asa.ReadOutput, actualSpecificDeviceOutput *asa.ReadSpecificOutput, err *asa.CreateError, t *testing.T) {
+				assert.Nil(t, actualOutput)
+				assert.Nil(t, actualSpecificDeviceOutput)
+				assert.NotNil(t, err)
+				assert.ErrorContains(t, err, "ASA Software version mismatch.")
+			},
+		},
+		{
+			testName: "fails to onboard ASA due to specified ASDM version mismatch",
+			input:    createInputWithIncorrectAsdmVersion,
+			setupFunc: func(input asa.CreateInput) {
+				internalTesting.MockGetOk(url.ReadConnectorByUid(testModel.BaseUrl, cdgReadOutput.Uid), cdgReadOutput)
+				internalTesting.MockPostAccepted(url.CreateAsa(testModel.BaseUrl), doneTransaction)
+				internalTesting.MockGetOk(url.ReadDevice(testModel.BaseUrl, readOutput.Uid), readOutput)
+				internalTesting.MockGetOk(url.ReadSpecificDevice(testModel.BaseUrl, readOutput.Uid), readSpecificOutput)
+			},
+			assertFunc: func(actualOutput *asa.ReadOutput, actualSpecificDeviceOutput *asa.ReadSpecificOutput, err *asa.CreateError, t *testing.T) {
+				assert.Nil(t, actualOutput)
+				assert.Nil(t, actualSpecificDeviceOutput)
+				assert.NotNil(t, err)
+				assert.ErrorContains(t, err, "ASDM version mismatch.")
+			},
+		},
+		{
+			testName: "fails onboards ASA if transaction fails",
 			input:    createInput,
 
 			setupFunc: func(input asa.CreateInput) {
@@ -59,23 +98,25 @@ func TestAsaCreate(t *testing.T) {
 				internalTesting.MockGetOk(url.ReadDevice(testModel.BaseUrl, readOutput.Uid), readOutput)
 			},
 
-			assertFunc: func(actualOutput *asa.CreateOutput, err *asa.CreateError, t *testing.T) {
+			assertFunc: func(actualOutput *asa.ReadOutput, actualSpecificDeviceOutput *asa.ReadSpecificOutput, err *asa.CreateError, t *testing.T) {
 				assert.Nil(t, actualOutput)
+				assert.Nil(t, actualSpecificDeviceOutput)
 				assert.NotNil(t, err)
 				assert.ErrorContains(t, err, errorTransaction.ErrorMessage)
 			},
 		},
 		{
-			testName: "fails onboards Duo Admin Panel if trigger transaction fails",
+			testName: "fails onboards ASA if trigger transaction fails",
 			input:    createInput,
 
 			setupFunc: func(input asa.CreateInput) {
 				internalTesting.MockPostError(url.CreateAsa(testModel.BaseUrl), "post error")
 				internalTesting.MockGetOk(url.ReadDevice(testModel.BaseUrl, readOutput.Uid), readOutput)
 			},
 
-			assertFunc: func(actualOutput *asa.CreateOutput, err *asa.CreateError, t *testing.T) {
+			assertFunc: func(actualOutput *asa.ReadOutput, actualSpecificDeviceOutput *asa.ReadSpecificOutput, err *asa.CreateError, t *testing.T) {
 				assert.Nil(t, actualOutput)
+				assert.Nil(t, actualSpecificDeviceOutput)
 				assert.NotNil(t, err)
 				assert.ErrorContains(t, err, "post error")
 			},
@@ -88,13 +129,13 @@ func TestAsaCreate(t *testing.T) {
 
 			testCase.setupFunc(testCase.input)
 
-			output, err := asa.Create(
+			output, specificDeviceOuput, err := asa.Create(
 				context.Background(),
 				*http.MustNewWithConfig(testModel.BaseUrl, "a_valid_token", 0, 0, time.Minute),
 				testCase.input,
 			)
 
-			testCase.assertFunc(output, err, t)
+			testCase.assertFunc(output, specificDeviceOuput, err, t)
 		})
 	}
 }
diff --git a/client/device/asa/read.go b/client/device/asa/read.go
@@ -2,7 +2,6 @@ package asa
 
 import (
 	"context"
-
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/model/device/tags"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/model/devicetype"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/model/statemachine"
@@ -26,6 +25,8 @@ type ReadOutput struct {
 	Port            string          `json:"port"`
 	Host            string          `json:"host"`
 	Tags            tags.Type       `json:"tags"`
+	SoftwareVersion string          `json:"softwareVersion"`
+	AsdmVersion     string          `json:"asdmVersion,omitempty"`
 
 	IgnoreCertificate   bool                 `json:"ignoreCertificate"`
 	ConnectivityState   int                  `json:"connectivityState,omitempty"`
diff --git a/client/device/asa/readspecific.go b/client/device/asa/readspecific.go
@@ -13,10 +13,15 @@ type ReadSpecificInput struct {
 }
 
 type ReadSpecificOutput struct {
-	SpecificUid string     `json:"uid"`
-	State       state.Type `json:"state"`
-	Namespace   string     `json:"namespace"`
-	Type        string     `json:"type"`
+	SpecificUid string                 `json:"uid"`
+	State       state.Type             `json:"state"`
+	Namespace   string                 `json:"namespace"`
+	Type        string                 `json:"type"`
+	Metadata    SpecificDeviceMetadata `json:"metadata"`
+}
+
+type SpecificDeviceMetadata struct {
+	AsdmVersion string `json:"deviceManager"`
 }
 
 func NewReadSpecificInput(uid string) *ReadSpecificInput {
diff --git a/client/device/asa/readspecific_test.go b/client/device/asa/readspecific_test.go
@@ -6,7 +6,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/device"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/device/asa"
 	"github.com/CiscoDevnet/terraform-provider-cdo/go-client/internal/http"
 	"github.com/jarcoal/httpmock"
@@ -35,7 +34,7 @@ func TestAsaReadSpecific(t *testing.T) {
 			},
 
 			setupFunc: func() {
-				configureDeviceReadSpecificToRespondSuccessfully(deviceUid, device.ReadSpecificOutput(specificDevice))
+				configureDeviceReadSpecificToRespondSuccessfully(deviceUid, asa.ReadSpecificOutput(specificDevice))
 			},
 
 			assertFunc: func(output *asa.ReadSpecificOutput, err error, t *testing.T) {
diff --git a/client/device/asa/update_test.go b/client/device/asa/update_test.go
@@ -87,7 +87,7 @@ func TestAsaUpdate(t *testing.T) {
 			},
 
 			setupFunc: func(input asa.UpdateInput) {
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDevice)
 				configureAsaConfigUpdateToRespondSuccessfully(asaConfig.SpecificUid, asaconfig.UpdateOutput{Uid: asaConfig.SpecificUid})
 				configureAsaConfigReadToRespondSuccessfully(asaConfig.SpecificUid, asaconfig.ReadOutput{Uid: asaConfig.SpecificUid, State: state.DONE})
@@ -111,7 +111,7 @@ func TestAsaUpdate(t *testing.T) {
 			},
 
 			setupFunc: func(input asa.UpdateInput) {
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDeviceOnboardedByOnPremConnector)
 
 				configureConnectorReadToRespondSuccessfully(onPremConnector)
@@ -141,7 +141,7 @@ func TestAsaUpdate(t *testing.T) {
 				updatedDevice.Host = "10.10.5.4"
 				updatedDevice.Port = "443"
 
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDevice)
 				configureAsaConfigUpdateToRespondSuccessfully(asaConfig.SpecificUid, asaconfig.UpdateOutput{Uid: asaConfig.SpecificUid})
 				configureAsaConfigReadToRespondSuccessfully(asaConfig.SpecificUid, asaconfig.ReadOutput{Uid: asaConfig.SpecificUid, State: state.DONE})
@@ -193,7 +193,7 @@ func TestAsaUpdate(t *testing.T) {
 			},
 
 			setupFunc: func(input asa.UpdateInput) {
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondWithError(asaDeviceOnboardedByOnPremConnector.Uid)
 
 				configureConnectorReadToRespondSuccessfully(onPremConnector)
@@ -217,7 +217,7 @@ func TestAsaUpdate(t *testing.T) {
 			},
 
 			setupFunc: func(input asa.UpdateInput) {
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDeviceOnboardedByOnPremConnector)
 
 				configureConnectorReadToRespondWithError(onPremConnector.Uid)
@@ -241,7 +241,7 @@ func TestAsaUpdate(t *testing.T) {
 			},
 
 			setupFunc: func(input asa.UpdateInput) {
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDeviceOnboardedByOnPremConnector)
 
 				configureConnectorReadToRespondSuccessfully(onPremConnector)
@@ -265,7 +265,7 @@ func TestAsaUpdate(t *testing.T) {
 			},
 
 			setupFunc: func(input asa.UpdateInput) {
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDeviceOnboardedByOnPremConnector)
 
 				configureConnectorReadToRespondSuccessfully(onPremConnector)
@@ -293,7 +293,7 @@ func TestAsaUpdate(t *testing.T) {
 				updatedDevice.Host = "10.10.5.4"
 				updatedDevice.Port = "443"
 
-				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, device.ReadSpecificOutput(asaConfig))
+				configureDeviceReadSpecificToRespondSuccessfully(input.Uid, asaConfig)
 				configureDeviceReadToRespondSuccessfully(asaDevice)
 				configureAsaConfigUpdateToRespondSuccessfully(asaConfig.SpecificUid, asaconfig.UpdateOutput{Uid: asaConfig.SpecificUid})
 				configureAsaConfigReadToRespondWithError(asaConfig.SpecificUid)
diff --git a/client/internal/testing/asa.go b/client/internal/testing/asa.go
diff --git a/docs/resources/asa_device.md b/docs/resources/asa_device.md
diff --git a/provider/.github-action.env b/provider/.github-action.env
diff --git a/provider/internal/device/asa/resource.go b/provider/internal/device/asa/resource.go

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ func (c *Client) ReadDeviceByName(ctx context.Context, inp device.ReadByNameAndT`
`73`	`73`	`return device.ReadByNameAndType(ctx, c.client, inp)`
`74`	`74`	`}`
`75`	`75`
`76`		`-func (c Client) CreateAsa(ctx context.Context, inp asa.CreateInput) (asa.CreateOutput, *asa.CreateError) {`
	`76`	`+func (c Client) CreateAsa(ctx context.Context, inp asa.CreateInput) (asa.ReadOutput, asa.ReadSpecificOutput, asa.CreateError) {`
`77`	`77`	`return asa.Create(ctx, c.client, inp)`
`78`	`78`	`}`
`79`	`79`
Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@ func configureDeviceReadToRespondWithError(deviceUid string) {`
`129`	`129`	`)`
`130`	`130`	`}`
`131`	`131`
`132`		`-func configureDeviceReadSpecificToRespondSuccessfully(deviceUid string, readOutput device.ReadSpecificOutput) {`
	`132`	`+func configureDeviceReadSpecificToRespondSuccessfully(deviceUid string, readOutput asa.ReadSpecificOutput) {`
`133`	`133`	`httpmock.RegisterResponder(`
`134`	`134`	`http.MethodGet,`
`135`	`135`	`buildDeviceReadSpecificPath(deviceUid),`