From 82693213dffc3f72c55694fc0aff1cc3641fd909 Mon Sep 17 00:00:00 2001 From: kuba-mazurkiewicz Date: Thu, 12 Dec 2024 16:01:13 +0100 Subject: [PATCH] add new resource - ise_trustsec_matrix_cell_default --- CHANGELOG.md | 2 +- .../trustsec_egress_matrix_cell_default.md | 33 +++ docs/guides/changelog.md | 2 +- .../trustsec_egress_matrix_cell_default.md | 46 ++++ .../data-source.tf | 3 + .../import.sh | 1 + .../resource.tf | 5 + .../trustsec_egress_matrix_cell_default.yaml | 54 ++++ gen/generator.go | 1 + gen/schema/schema.yaml | 1 + gen/templates/resource.go | 10 +- ...ise_trustsec_egress_matrix_cell_default.go | 134 ++++++++++ ...rustsec_egress_matrix_cell_default_test.go | 70 +++++ ...ise_trustsec_egress_matrix_cell_default.go | 153 +++++++++++ internal/provider/provider.go | 2 + ...esource_ise_active_directory_add_groups.go | 3 +- ...ve_directory_join_domain_with_all_nodes.go | 3 +- ...esource_ise_trustsec_egress_matrix_cell.go | 33 +-- ...ise_trustsec_egress_matrix_cell_default.go | 249 ++++++++++++++++++ ...rustsec_egress_matrix_cell_default_test.go | 80 ++++++ templates/guides/changelog.md.tmpl | 2 +- 21 files changed, 861 insertions(+), 26 deletions(-) create mode 100644 docs/data-sources/trustsec_egress_matrix_cell_default.md create mode 100644 docs/resources/trustsec_egress_matrix_cell_default.md create mode 100644 examples/data-sources/ise_trustsec_egress_matrix_cell_default/data-source.tf create mode 100644 examples/resources/ise_trustsec_egress_matrix_cell_default/import.sh create mode 100644 examples/resources/ise_trustsec_egress_matrix_cell_default/resource.tf create mode 100644 gen/definitions/trustsec_egress_matrix_cell_default.yaml create mode 100644 internal/provider/data_source_ise_trustsec_egress_matrix_cell_default.go create mode 100644 internal/provider/data_source_ise_trustsec_egress_matrix_cell_default_test.go create mode 100644 internal/provider/model_ise_trustsec_egress_matrix_cell_default.go create mode 100644 internal/provider/resource_ise_trustsec_egress_matrix_cell_default.go create mode 100644 internal/provider/resource_ise_trustsec_egress_matrix_cell_default_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 57af308..b876fa6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ ## 0.2.6 (unreleased) -- Add support for default egress policy matrix rule +- Add `ise_trustsec_egress_matrix_cell_default` resource to support default egress policy matrix rule modifications ## 0.2.5 diff --git a/docs/data-sources/trustsec_egress_matrix_cell_default.md b/docs/data-sources/trustsec_egress_matrix_cell_default.md new file mode 100644 index 0000000..3bd0164 --- /dev/null +++ b/docs/data-sources/trustsec_egress_matrix_cell_default.md @@ -0,0 +1,33 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "ise_trustsec_egress_matrix_cell_default Data Source - terraform-provider-ise" +subcategory: "TrustSec" +description: |- + This data source can read the TrustSec Egress Matrix Cell Default. +--- + +# ise_trustsec_egress_matrix_cell_default (Data Source) + +This data source can read the TrustSec Egress Matrix Cell Default. + +## Example Usage + +```terraform +data "ise_trustsec_egress_matrix_cell_default" "example" { + id = "92c1a900-8c01-11e6-996c-525400b48521" +} +``` + + +## Schema + +### Required + +- `id` (String) The id of the object + +### Read-Only + +- `default_rule` (String) Can be used only if sgacls not specified. Final Catch All Rule +- `description` (String) Description +- `matrix_cell_status` (String) Matrix Cell Status +- `sgacls` (Set of String) List of TrustSec Security Groups ACLs diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index c7d75ce..59ab737 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -9,7 +9,7 @@ description: |- ## 0.2.6 (unreleased) -- Add support for default egress policy matrix rule +- Add `ise_trustsec_egress_matrix_cell_default` resource to support default egress policy matrix rule modifications ## 0.2.5 diff --git a/docs/resources/trustsec_egress_matrix_cell_default.md b/docs/resources/trustsec_egress_matrix_cell_default.md new file mode 100644 index 0000000..3f11de3 --- /dev/null +++ b/docs/resources/trustsec_egress_matrix_cell_default.md @@ -0,0 +1,46 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "ise_trustsec_egress_matrix_cell_default Resource - terraform-provider-ise" +subcategory: "TrustSec" +description: |- + Allows modifications to the default egress policy matrix rule +--- + +# ise_trustsec_egress_matrix_cell_default (Resource) + +Allows modifications to the default egress policy matrix rule + +## Example Usage + +```terraform +resource "ise_trustsec_egress_matrix_cell_default" "example" { + description = "Default egress rule" + default_rule = "PERMIT_IP" + matrix_cell_status = "ENABLED" +} +``` + + +## Schema + +### Optional + +- `default_rule` (String) Can be used only if sgacls not specified. Final Catch All Rule + - Choices: `NONE`, `DENY_IP`, `PERMIT_IP` +- `description` (String) Description +- `matrix_cell_status` (String) Matrix Cell Status + - Choices: `DISABLED`, `ENABLED`, `MONITOR` + - Default value: `DISABLED` +- `sgacls` (Set of String) List of TrustSec Security Groups ACLs + +### Read-Only + +- `id` (String) The id of the object + +## Import + +Import is supported using the following syntax: + +```shell +terraform import ise_trustsec_egress_matrix_cell_default.example "92c1a900-8c01-11e6-996c-525400b48521" +``` diff --git a/examples/data-sources/ise_trustsec_egress_matrix_cell_default/data-source.tf b/examples/data-sources/ise_trustsec_egress_matrix_cell_default/data-source.tf new file mode 100644 index 0000000..106717f --- /dev/null +++ b/examples/data-sources/ise_trustsec_egress_matrix_cell_default/data-source.tf @@ -0,0 +1,3 @@ +data "ise_trustsec_egress_matrix_cell_default" "example" { + id = "92c1a900-8c01-11e6-996c-525400b48521" +} diff --git a/examples/resources/ise_trustsec_egress_matrix_cell_default/import.sh b/examples/resources/ise_trustsec_egress_matrix_cell_default/import.sh new file mode 100644 index 0000000..127f8e5 --- /dev/null +++ b/examples/resources/ise_trustsec_egress_matrix_cell_default/import.sh @@ -0,0 +1 @@ +terraform import ise_trustsec_egress_matrix_cell_default.example "92c1a900-8c01-11e6-996c-525400b48521" diff --git a/examples/resources/ise_trustsec_egress_matrix_cell_default/resource.tf b/examples/resources/ise_trustsec_egress_matrix_cell_default/resource.tf new file mode 100644 index 0000000..f156647 --- /dev/null +++ b/examples/resources/ise_trustsec_egress_matrix_cell_default/resource.tf @@ -0,0 +1,5 @@ +resource "ise_trustsec_egress_matrix_cell_default" "example" { + description = "Default egress rule" + default_rule = "PERMIT_IP" + matrix_cell_status = "ENABLED" +} diff --git a/gen/definitions/trustsec_egress_matrix_cell_default.yaml b/gen/definitions/trustsec_egress_matrix_cell_default.yaml new file mode 100644 index 0000000..4dd38b3 --- /dev/null +++ b/gen/definitions/trustsec_egress_matrix_cell_default.yaml @@ -0,0 +1,54 @@ +--- +name: TrustSec Egress Matrix Cell Default +rest_endpoint: /ers/config/egressmatrixcell +doc_category: TrustSec +res_description: Allows modifications to the default egress policy matrix rule +no_delete: true +put_create: true +put_id_query_path: true +skip_minimum_test: true +put_id_include_path: EgressMatrixCell +attributes: + - model_name: id + id: true + data_path: [EgressMatrixCell] + type: String + description: Default egress policy matrix rule id + value: 92c1a900-8c01-11e6-996c-525400b48521 + example: 92c1a900-8c01-11e6-996c-525400b48521 + exclude_test: true + - model_name: description + data_path: [EgressMatrixCell] + type: String + description: Description + example: Default egress rule + - model_name: defaultRule + data_path: [EgressMatrixCell] + type: String + enum_values: [NONE, DENY_IP, PERMIT_IP] + description: "Can be used only if sgacls not specified. Final Catch All Rule" + example: "PERMIT_IP" + - model_name: matrixCellStatus + data_path: [EgressMatrixCell] + type: String + enum_values: [DISABLED, ENABLED, MONITOR] + default_value: "DISABLED" + example: "ENABLED" + description: "Matrix Cell Status" + - model_name: sgacls + data_path: [EgressMatrixCell] + tf_name: sgacls + type: Set + element_type: String + description: List of TrustSec Security Groups ACLs + exclude_test: true + - model_name: sourceSgtId + data_path: [EgressMatrixCell] + type: String + description: Source Trustsec Security Group ID + value: "92bb1950-8c01-11e6-996c-525400b48521" + - model_name: destinationSgtId + data_path: [EgressMatrixCell] + type: String + description: Destination Trustsec Security Group ID + value: "92bb1950-8c01-11e6-996c-525400b48521" diff --git a/gen/generator.go b/gen/generator.go index 0ac2a35..f6ba74e 100644 --- a/gen/generator.go +++ b/gen/generator.go @@ -104,6 +104,7 @@ type YamlConfig struct { NoImport bool `yaml:"no_import"` PostUpdate bool `yaml:"post_update"` PutCreate bool `yaml:"put_create"` + PutIdQueryPath bool `yaml:"put_id_query_path"` PutDelete bool `yaml:"put_delete"` PutRead bool `yaml:"put_read"` NoRead bool `yaml:"no_read"` diff --git a/gen/schema/schema.yaml b/gen/schema/schema.yaml index ed1f6c3..bb987d4 100644 --- a/gen/schema/schema.yaml +++ b/gen/schema/schema.yaml @@ -19,6 +19,7 @@ no_read_prefix: bool(required=False) # Set to true if it is an Open API endpoint no_id: bool(required=False) # Set to true if the data source does not have an ID id_path: str(required=False) # Path to the ID in the response (use "." to access nested elements) put_id_include_path: str(required=False) # If PUT needs to have specific JSON path where ID should be inserted +put_id_query_path: bool(required=False) # Set to true if PUT request is used to create and required ID in path data_source_name_query: bool(required=False) # Set to true if the data source supports name queries minimum_version: str(required=False) # Define a minimum supported version ds_description: str(required=False) # Define a data source description diff --git a/gen/templates/resource.go b/gen/templates/resource.go index b6a9173..10af9fc 100644 --- a/gen/templates/resource.go +++ b/gen/templates/resource.go @@ -511,7 +511,11 @@ func (r *{{camelCase .Name}}Resource) Create(ctx context.Context, req resource.C if plan.Name.ValueString() != "Default" { {{- end}} {{- if .PutCreate}} - res, err := r.client.Put(plan.getPath(), body) + params := "" + {{- if .PutIdQueryPath}} + params += "/" + url.QueryEscape(gjson.Get(body, "{{.PutIdIncludePath}}.id").String()) + {{- end}} + res, err := r.client.Put(plan.getPath() + params, body) {{- else if and (isErs .RestEndpoint) (not .IdPath) (not (hasId .Attributes))}} res, location, err := r.client.Post(plan.getPath(), body) {{- else}} @@ -523,9 +527,11 @@ func (r *{{camelCase .Name}}Resource) Create(ctx context.Context, req resource.C } {{- if .IdPath}} plan.Id = types.StringValue(res.Get("{{.IdPath}}").String()) - {{- else if hasId .Attributes}} + {{- else if and (hasId .Attributes) (not .PutIdQueryPath)}} {{- $id := getId .Attributes}} plan.Id = types.StringValue(fmt.Sprint(plan.{{toGoName $id.TfName}}.Value{{$id.Type}}())) + {{- else if .PutIdQueryPath}} + plan.Id = types.StringValue(gjson.Get(body, "{{.PutIdIncludePath}}.id").String()) {{- else}} locationElements := strings.Split(location, "/") plan.Id = types.StringValue(locationElements[len(locationElements)-1]) diff --git a/internal/provider/data_source_ise_trustsec_egress_matrix_cell_default.go b/internal/provider/data_source_ise_trustsec_egress_matrix_cell_default.go new file mode 100644 index 0000000..89cc31f --- /dev/null +++ b/internal/provider/data_source_ise_trustsec_egress_matrix_cell_default.go @@ -0,0 +1,134 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "context" + "fmt" + "net/url" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-ise" +) + +//template:end imports + +//template:begin header + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ datasource.DataSource = &TrustSecEgressMatrixCellDefaultDataSource{} + _ datasource.DataSourceWithConfigure = &TrustSecEgressMatrixCellDefaultDataSource{} +) + +func NewTrustSecEgressMatrixCellDefaultDataSource() datasource.DataSource { + return &TrustSecEgressMatrixCellDefaultDataSource{} +} + +type TrustSecEgressMatrixCellDefaultDataSource struct { + client *ise.Client +} + +func (d *TrustSecEgressMatrixCellDefaultDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_trustsec_egress_matrix_cell_default" +} + +//template:end header + +//template:begin model +func (d *TrustSecEgressMatrixCellDefaultDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: "This data source can read the TrustSec Egress Matrix Cell Default.", + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Required: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "Description", + Computed: true, + }, + "default_rule": schema.StringAttribute{ + MarkdownDescription: "Can be used only if sgacls not specified. Final Catch All Rule", + Computed: true, + }, + "matrix_cell_status": schema.StringAttribute{ + MarkdownDescription: "Matrix Cell Status", + Computed: true, + }, + "sgacls": schema.SetAttribute{ + MarkdownDescription: "List of TrustSec Security Groups ACLs", + ElementType: types.StringType, + Computed: true, + }, + }, + } +} + +//template:end model + +//template:begin configValidators +//template:end configValidators + +//template:end configure +func (d *TrustSecEgressMatrixCellDefaultDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + d.client = req.ProviderData.(*IseProviderData).Client +} + +//template:end configure + +//template:begin read +func (d *TrustSecEgressMatrixCellDefaultDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config TrustSecEgressMatrixCellDefault + + // Read config + diags := req.Config.Get(ctx, &config) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.ValueString())) + + res, err := d.client.Get(config.getPath() + "/" + url.QueryEscape(config.Id.ValueString())) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) + return + } + + config.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) + + diags = resp.State.Set(ctx, &config) + resp.Diagnostics.Append(diags...) +} + +//template:end read diff --git a/internal/provider/data_source_ise_trustsec_egress_matrix_cell_default_test.go b/internal/provider/data_source_ise_trustsec_egress_matrix_cell_default_test.go new file mode 100644 index 0000000..db0142f --- /dev/null +++ b/internal/provider/data_source_ise_trustsec_egress_matrix_cell_default_test.go @@ -0,0 +1,70 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +//template:end imports + +//template:begin testAccDataSource +func TestAccDataSourceIseTrustSecEgressMatrixCellDefault(t *testing.T) { + var checks []resource.TestCheckFunc + checks = append(checks, resource.TestCheckResourceAttr("data.ise_trustsec_egress_matrix_cell_default.test", "description", "Default egress rule")) + checks = append(checks, resource.TestCheckResourceAttr("data.ise_trustsec_egress_matrix_cell_default.test", "default_rule", "PERMIT_IP")) + checks = append(checks, resource.TestCheckResourceAttr("data.ise_trustsec_egress_matrix_cell_default.test", "matrix_cell_status", "ENABLED")) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceIseTrustSecEgressMatrixCellDefaultConfig(), + Check: resource.ComposeTestCheckFunc(checks...), + }, + }, + }) +} + +//template:end testAccDataSource + +//template:begin testPrerequisites +//template:end testPrerequisites + +//template:begin testAccDataSourceConfig +func testAccDataSourceIseTrustSecEgressMatrixCellDefaultConfig() string { + config := `resource "ise_trustsec_egress_matrix_cell_default" "test" {` + "\n" + config += ` description = "Default egress rule"` + "\n" + config += ` default_rule = "PERMIT_IP"` + "\n" + config += ` matrix_cell_status = "ENABLED"` + "\n" + config += `}` + "\n" + + config += ` + data "ise_trustsec_egress_matrix_cell_default" "test" { + id = ise_trustsec_egress_matrix_cell_default.test.id + } + ` + return config +} + +//template:end testAccDataSourceConfig diff --git a/internal/provider/model_ise_trustsec_egress_matrix_cell_default.go b/internal/provider/model_ise_trustsec_egress_matrix_cell_default.go new file mode 100644 index 0000000..28b1109 --- /dev/null +++ b/internal/provider/model_ise_trustsec_egress_matrix_cell_default.go @@ -0,0 +1,153 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "context" + + "github.com/CiscoDevNet/terraform-provider-ise/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" +) + +//template:end imports + +//template:begin types +type TrustSecEgressMatrixCellDefault struct { + Id types.String `tfsdk:"id"` + Description types.String `tfsdk:"description"` + DefaultRule types.String `tfsdk:"default_rule"` + MatrixCellStatus types.String `tfsdk:"matrix_cell_status"` + Sgacls types.Set `tfsdk:"sgacls"` +} + +//template:end types + +//template:begin getPath +func (data TrustSecEgressMatrixCellDefault) getPath() string { + return "/ers/config/egressmatrixcell" +} + +//template:end getPath + +//template:begin getPathDelete + +//template:end getPathDelete + +//template:begin toBody +func (data TrustSecEgressMatrixCellDefault) toBody(ctx context.Context, state TrustSecEgressMatrixCellDefault) string { + body := "" + if data.Id.ValueString() != "" { + body, _ = sjson.Set(body, "EgressMatrixCell.id", data.Id.ValueString()) + } + body, _ = sjson.Set(body, "EgressMatrixCell.id", "92c1a900-8c01-11e6-996c-525400b48521") + if !data.Description.IsNull() { + body, _ = sjson.Set(body, "EgressMatrixCell.description", data.Description.ValueString()) + } + if !data.DefaultRule.IsNull() { + body, _ = sjson.Set(body, "EgressMatrixCell.defaultRule", data.DefaultRule.ValueString()) + } + if !data.MatrixCellStatus.IsNull() { + body, _ = sjson.Set(body, "EgressMatrixCell.matrixCellStatus", data.MatrixCellStatus.ValueString()) + } + if !data.Sgacls.IsNull() { + var values []string + data.Sgacls.ElementsAs(ctx, &values, false) + body, _ = sjson.Set(body, "EgressMatrixCell.sgacls", values) + } + body, _ = sjson.Set(body, "EgressMatrixCell.sourceSgtId", "92bb1950-8c01-11e6-996c-525400b48521") + body, _ = sjson.Set(body, "EgressMatrixCell.destinationSgtId", "92bb1950-8c01-11e6-996c-525400b48521") + return body +} + +//template:end toBody + +//template:begin fromBody +func (data *TrustSecEgressMatrixCellDefault) fromBody(ctx context.Context, res gjson.Result) { + if value := res.Get("EgressMatrixCell.description"); value.Exists() && value.Type != gjson.Null { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("EgressMatrixCell.defaultRule"); value.Exists() && value.Type != gjson.Null { + data.DefaultRule = types.StringValue(value.String()) + } else { + data.DefaultRule = types.StringNull() + } + if value := res.Get("EgressMatrixCell.matrixCellStatus"); value.Exists() && value.Type != gjson.Null { + data.MatrixCellStatus = types.StringValue(value.String()) + } else { + data.MatrixCellStatus = types.StringValue("DISABLED") + } + if value := res.Get("EgressMatrixCell.sgacls"); value.Exists() { + data.Sgacls = helpers.GetStringSet(value.Array()) + } else { + data.Sgacls = types.SetNull(types.StringType) + } +} + +//template:end fromBody + +//template:begin updateFromBody +func (data *TrustSecEgressMatrixCellDefault) updateFromBody(ctx context.Context, res gjson.Result) { + if value := res.Get("EgressMatrixCell.description"); value.Exists() && !data.Description.IsNull() { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("EgressMatrixCell.defaultRule"); value.Exists() && !data.DefaultRule.IsNull() { + data.DefaultRule = types.StringValue(value.String()) + } else { + data.DefaultRule = types.StringNull() + } + if value := res.Get("EgressMatrixCell.matrixCellStatus"); value.Exists() && !data.MatrixCellStatus.IsNull() { + data.MatrixCellStatus = types.StringValue(value.String()) + } else if data.MatrixCellStatus.ValueString() != "DISABLED" { + data.MatrixCellStatus = types.StringNull() + } + if value := res.Get("EgressMatrixCell.sgacls"); value.Exists() && !data.Sgacls.IsNull() { + data.Sgacls = helpers.GetStringSet(value.Array()) + } else { + data.Sgacls = types.SetNull(types.StringType) + } +} + +//template:end updateFromBody + +//template:begin isNull +func (data *TrustSecEgressMatrixCellDefault) isNull(ctx context.Context, res gjson.Result) bool { + if !data.Description.IsNull() { + return false + } + if !data.DefaultRule.IsNull() { + return false + } + if !data.MatrixCellStatus.IsNull() { + return false + } + if !data.Sgacls.IsNull() { + return false + } + return true +} + +//template:end isNull diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 94f03c4..814d21c 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -287,6 +287,7 @@ func (p *IseProvider) Resources(ctx context.Context) []func() resource.Resource NewTACACSCommandSetResource, NewTACACSProfileResource, NewTrustSecEgressMatrixCellResource, + NewTrustSecEgressMatrixCellDefaultResource, NewTrustSecIPToSGTMappingResource, NewTrustSecIPToSGTMappingGroupResource, NewTrustSecSecurityGroupResource, @@ -331,6 +332,7 @@ func (p *IseProvider) DataSources(ctx context.Context) []func() datasource.DataS NewTACACSCommandSetDataSource, NewTACACSProfileDataSource, NewTrustSecEgressMatrixCellDataSource, + NewTrustSecEgressMatrixCellDefaultDataSource, NewTrustSecIPToSGTMappingDataSource, NewTrustSecIPToSGTMappingGroupDataSource, NewTrustSecSecurityGroupDataSource, diff --git a/internal/provider/resource_ise_active_directory_add_groups.go b/internal/provider/resource_ise_active_directory_add_groups.go index 5caadb4..82bf5c1 100644 --- a/internal/provider/resource_ise_active_directory_add_groups.go +++ b/internal/provider/resource_ise_active_directory_add_groups.go @@ -157,7 +157,8 @@ func (r *ActiveDirectoryAddGroupsResource) Create(ctx context.Context, req resou // Create object body := plan.toBody(ctx, ActiveDirectoryAddGroups{}) - res, err := r.client.Put(plan.getPath(), body) + params := "" + res, err := r.client.Put(plan.getPath()+params, body) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) return diff --git a/internal/provider/resource_ise_active_directory_join_domain_with_all_nodes.go b/internal/provider/resource_ise_active_directory_join_domain_with_all_nodes.go index ab6a0fc..d218319 100644 --- a/internal/provider/resource_ise_active_directory_join_domain_with_all_nodes.go +++ b/internal/provider/resource_ise_active_directory_join_domain_with_all_nodes.go @@ -125,7 +125,8 @@ func (r *ActiveDirectoryJoinDomainWithAllNodesResource) Create(ctx context.Conte // Create object body := plan.toBody(ctx, ActiveDirectoryJoinDomainWithAllNodes{}) - res, err := r.client.Put(plan.getPath(), body) + params := "" + res, err := r.client.Put(plan.getPath()+params, body) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) return diff --git a/internal/provider/resource_ise_trustsec_egress_matrix_cell.go b/internal/provider/resource_ise_trustsec_egress_matrix_cell.go index a8a1225..16e87f2 100644 --- a/internal/provider/resource_ise_trustsec_egress_matrix_cell.go +++ b/internal/provider/resource_ise_trustsec_egress_matrix_cell.go @@ -38,7 +38,6 @@ import ( "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/netascode/go-ise" - "github.com/tidwall/sjson" ) //template:end imports @@ -129,6 +128,7 @@ func (r *TrustSecEgressMatrixCellResource) Configure(_ context.Context, req reso //template:end configure +//template:begin create func (r *TrustSecEgressMatrixCellResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var plan TrustSecEgressMatrixCell @@ -143,30 +143,22 @@ func (r *TrustSecEgressMatrixCellResource) Create(ctx context.Context, req resou // Create object body := plan.toBody(ctx, TrustSecEgressMatrixCell{}) - if plan.DestinationSgtId.ValueString() == "92bb1950-8c01-11e6-996c-525400b48521" && plan.SourceSgtId.ValueString() == "92bb1950-8c01-11e6-996c-525400b48521" { - // Set Id - body, _ = sjson.Set(body, "EgressMatrixCell.id", "92c1a900-8c01-11e6-996c-525400b48521") - plan.Id = types.StringValue("92c1a900-8c01-11e6-996c-525400b48521") - res, err := r.client.Put(plan.getPath()+"/"+plan.Id.ValueString(), body) - if err != nil { - resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) - return - } - } else { - res, location, err := r.client.Post(plan.getPath(), body) - if err != nil { - resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) - return - } - locationElements := strings.Split(location, "/") - plan.Id = types.StringValue(locationElements[len(locationElements)-1]) + res, location, err := r.client.Post(plan.getPath(), body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) + return } + locationElements := strings.Split(location, "/") + plan.Id = types.StringValue(locationElements[len(locationElements)-1]) + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Id.ValueString())) diags = resp.State.Set(ctx, &plan) resp.Diagnostics.Append(diags...) } +//template:end create + //template:begin read func (r *TrustSecEgressMatrixCellResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var state TrustSecEgressMatrixCell @@ -237,6 +229,7 @@ func (r *TrustSecEgressMatrixCellResource) Update(ctx context.Context, req resou //template:end update +//template:begin delete func (r *TrustSecEgressMatrixCellResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var state TrustSecEgressMatrixCell @@ -249,7 +242,7 @@ func (r *TrustSecEgressMatrixCellResource) Delete(ctx context.Context, req resou tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Id.ValueString())) res, err := r.client.Delete(state.getPath() + "/" + url.QueryEscape(state.Id.ValueString())) - if err != nil && !strings.Contains(res.String(), "can not delete default egress policy matrix rule") { + if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) return } @@ -259,6 +252,8 @@ func (r *TrustSecEgressMatrixCellResource) Delete(ctx context.Context, req resou resp.State.RemoveResource(ctx) } +//template:end delete + //template:begin import func (r *TrustSecEgressMatrixCellResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) diff --git a/internal/provider/resource_ise_trustsec_egress_matrix_cell_default.go b/internal/provider/resource_ise_trustsec_egress_matrix_cell_default.go new file mode 100644 index 0000000..2ff1bda --- /dev/null +++ b/internal/provider/resource_ise_trustsec_egress_matrix_cell_default.go @@ -0,0 +1,249 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "context" + "fmt" + "net/url" + "strings" + + "github.com/CiscoDevNet/terraform-provider-ise/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringdefault" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-ise" + "github.com/tidwall/gjson" +) + +//template:end imports + +//template:begin header + +// Ensure provider defined types fully satisfy framework interfaces +var _ resource.Resource = &TrustSecEgressMatrixCellDefaultResource{} +var _ resource.ResourceWithImportState = &TrustSecEgressMatrixCellDefaultResource{} + +func NewTrustSecEgressMatrixCellDefaultResource() resource.Resource { + return &TrustSecEgressMatrixCellDefaultResource{} +} + +type TrustSecEgressMatrixCellDefaultResource struct { + client *ise.Client +} + +func (r *TrustSecEgressMatrixCellDefaultResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_trustsec_egress_matrix_cell_default" +} + +//template:end header + +//template:begin model +func (r *TrustSecEgressMatrixCellDefaultResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: helpers.NewAttributeDescription("Allows modifications to the default egress policy matrix rule").String, + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "description": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Description").String, + Optional: true, + }, + "default_rule": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Can be used only if sgacls not specified. Final Catch All Rule").AddStringEnumDescription("NONE", "DENY_IP", "PERMIT_IP").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("NONE", "DENY_IP", "PERMIT_IP"), + }, + }, + "matrix_cell_status": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Matrix Cell Status").AddStringEnumDescription("DISABLED", "ENABLED", "MONITOR").AddDefaultValueDescription("DISABLED").String, + Optional: true, + Computed: true, + Validators: []validator.String{ + stringvalidator.OneOf("DISABLED", "ENABLED", "MONITOR"), + }, + Default: stringdefault.StaticString("DISABLED"), + }, + "sgacls": schema.SetAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of TrustSec Security Groups ACLs").String, + ElementType: types.StringType, + Optional: true, + }, + }, + } +} + +//template:end model + +//template:begin configure +func (r *TrustSecEgressMatrixCellDefaultResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*IseProviderData).Client +} + +//template:end configure + +//template:begin create +func (r *TrustSecEgressMatrixCellDefaultResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan TrustSecEgressMatrixCellDefault + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Id.ValueString())) + + // Create object + body := plan.toBody(ctx, TrustSecEgressMatrixCellDefault{}) + params := "" + params += "/" + url.QueryEscape(gjson.Get(body, "EgressMatrixCell.id").String()) + res, err := r.client.Put(plan.getPath()+params, body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + plan.Id = types.StringValue(gjson.Get(body, "EgressMatrixCell.id").String()) + + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Id.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +//template:end create + +//template:begin read +func (r *TrustSecEgressMatrixCellDefaultResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state TrustSecEgressMatrixCellDefault + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Id.String())) + res, err := r.client.Get(state.getPath() + "/" + url.QueryEscape(state.Id.ValueString())) + if err != nil && strings.Contains(err.Error(), "StatusCode 404") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + // If every attribute is set to null we are dealing with an import operation and therefore reading all attributes + if state.isNull(ctx, res) { + state.fromBody(ctx, res) + } else { + state.updateFromBody(ctx, res) + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Id.ValueString())) + + diags = resp.State.Set(ctx, &state) + resp.Diagnostics.Append(diags...) +} + +//template:end read + +//template:begin update +func (r *TrustSecEgressMatrixCellDefaultResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state TrustSecEgressMatrixCellDefault + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + // Read state + diags = req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Id.ValueString())) + body := plan.toBody(ctx, state) + + res, err := r.client.Put(plan.getPath()+"/"+url.QueryEscape(plan.Id.ValueString()), body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Id.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +//template:end update + +//template:begin delete +func (r *TrustSecEgressMatrixCellDefaultResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state TrustSecEgressMatrixCellDefault + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Id.ValueString())) + + tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Id.ValueString())) + + resp.State.RemoveResource(ctx) +} + +//template:end delete + +//template:begin import +func (r *TrustSecEgressMatrixCellDefaultResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} + +//template:end import diff --git a/internal/provider/resource_ise_trustsec_egress_matrix_cell_default_test.go b/internal/provider/resource_ise_trustsec_egress_matrix_cell_default_test.go new file mode 100644 index 0000000..fc149f6 --- /dev/null +++ b/internal/provider/resource_ise_trustsec_egress_matrix_cell_default_test.go @@ -0,0 +1,80 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +//template:begin imports +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +//template:end imports + +//template:begin testAcc +func TestAccIseTrustSecEgressMatrixCellDefault(t *testing.T) { + var checks []resource.TestCheckFunc + checks = append(checks, resource.TestCheckResourceAttr("ise_trustsec_egress_matrix_cell_default.test", "description", "Default egress rule")) + checks = append(checks, resource.TestCheckResourceAttr("ise_trustsec_egress_matrix_cell_default.test", "default_rule", "PERMIT_IP")) + checks = append(checks, resource.TestCheckResourceAttr("ise_trustsec_egress_matrix_cell_default.test", "matrix_cell_status", "ENABLED")) + + var steps []resource.TestStep + steps = append(steps, resource.TestStep{ + Config: testAccIseTrustSecEgressMatrixCellDefaultConfig_all(), + Check: resource.ComposeTestCheckFunc(checks...), + }) + steps = append(steps, resource.TestStep{ + ResourceName: "ise_trustsec_egress_matrix_cell_default.test", + ImportState: true, + }) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: steps, + }) +} + +//template:end testAcc + +//template:begin testPrerequisites +//template:end testPrerequisites + +//template:begin testAccConfigMinimal +func testAccIseTrustSecEgressMatrixCellDefaultConfig_minimum() string { + config := `resource "ise_trustsec_egress_matrix_cell_default" "test" {` + "\n" + config += ` id = "92c1a900-8c01-11e6-996c-525400b48521"` + "\n" + config += `}` + "\n" + return config +} + +//template:end testAccConfigMinimal + +//template:begin testAccConfigAll +func testAccIseTrustSecEgressMatrixCellDefaultConfig_all() string { + config := `resource "ise_trustsec_egress_matrix_cell_default" "test" {` + "\n" + config += ` description = "Default egress rule"` + "\n" + config += ` default_rule = "PERMIT_IP"` + "\n" + config += ` matrix_cell_status = "ENABLED"` + "\n" + config += `}` + "\n" + return config +} + +//template:end testAccConfigAll diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index c7d75ce..59ab737 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -9,7 +9,7 @@ description: |- ## 0.2.6 (unreleased) -- Add support for default egress policy matrix rule +- Add `ise_trustsec_egress_matrix_cell_default` resource to support default egress policy matrix rule modifications ## 0.2.5