Add appliance cellular firewall rules resource and data source

docs/data-sources/appliance_cellular_firewall_rules.md

@@ -0,0 +1,45 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "meraki_appliance_cellular_firewall_rules Data Source - terraform-provider-meraki"
+subcategory: "Appliances"
+description: |-
+  This data source can read the Appliance Cellular Firewall Rules configuration.
+---
+
+# meraki_appliance_cellular_firewall_rules (Data Source)
+
+This data source can read the `Appliance Cellular Firewall Rules` configuration.
+
+## Example Usage
+
+```terraform
+data "meraki_appliance_cellular_firewall_rules" "example" {
+  network_id = "L_123456"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `network_id` (String) Network ID
+
+### Read-Only
+
+- `id` (String) The id of the object
+- `rules` (Attributes List) An ordered array of the firewall rules (not including the default rule) (see [below for nested schema](#nestedatt--rules))
+
+<a id="nestedatt--rules"></a>
+### Nested Schema for `rules`
+
+Read-Only:
+
+- `comment` (String) Description of the rule (optional)
+- `dest_cidr` (String) Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or `any`
+- `dest_port` (String) Comma-separated list of destination port(s) (integer in the range 1-65535), or `any`
+- `policy` (String) `allow` or `deny` traffic specified by this rule
+- `protocol` (String) The type of protocol (must be `tcp`, `udp`, `icmp`, `icmp6` or `any`)
+- `src_cidr` (String) Comma-separated list of source IP address(es) (in IP or CIDR notation), or `any` (note: FQDN not supported for source addresses)
+- `src_port` (String) Comma-separated list of source port(s) (integer in the range 1-65535), or `any`
+- `syslog_enabled` (Boolean) Log this rule to syslog (true or false, boolean value) - only applicable if a syslog has been configured (optional)

docs/resources/appliance_cellular_firewall_rules.md

@@ -0,0 +1,70 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "meraki_appliance_cellular_firewall_rules Resource - terraform-provider-meraki"
+subcategory: "Appliances"
+description: |-
+  This resource can manage the Appliance Cellular Firewall Rules configuration.
+---
+
+# meraki_appliance_cellular_firewall_rules (Resource)
+
+This resource can manage the `Appliance Cellular Firewall Rules` configuration.
+
+## Example Usage
+
+```terraform
+resource "meraki_appliance_cellular_firewall_rules" "example" {
+  network_id = "L_123456"
+  rules = [
+    {
+      comment        = "Allow TCP traffic to subnet with HTTP servers."
+      dest_cidr      = "192.168.1.0/24"
+      dest_port      = "443"
+      policy         = "allow"
+      protocol       = "tcp"
+      src_cidr       = "Any"
+      src_port       = "Any"
+      syslog_enabled = false
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `network_id` (String) Network ID
+- `rules` (Attributes List) An ordered array of the firewall rules (not including the default rule) (see [below for nested schema](#nestedatt--rules))
+
+### Read-Only
+
+- `id` (String) The id of the object
+
+<a id="nestedatt--rules"></a>
+### Nested Schema for `rules`
+
+Required:
+
+- `dest_cidr` (String) Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or `any`
+- `policy` (String) `allow` or `deny` traffic specified by this rule
+  - Choices: `allow`, `deny`
+- `protocol` (String) The type of protocol (must be `tcp`, `udp`, `icmp`, `icmp6` or `any`)
+  - Choices: `any`, `icmp`, `icmp6`, `tcp`, `udp`
+- `src_cidr` (String) Comma-separated list of source IP address(es) (in IP or CIDR notation), or `any` (note: FQDN not supported for source addresses)
+
+Optional:
+
+- `comment` (String) Description of the rule (optional)
+- `dest_port` (String) Comma-separated list of destination port(s) (integer in the range 1-65535), or `any`
+- `src_port` (String) Comma-separated list of source port(s) (integer in the range 1-65535), or `any`
+- `syslog_enabled` (Boolean) Log this rule to syslog (true or false, boolean value) - only applicable if a syslog has been configured (optional)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import meraki_appliance_cellular_firewall_rules.example "<network_id>"
+```

examples/data-sources/meraki_appliance_cellular_firewall_rules/data-source.tf

@@ -0,0 +1,3 @@
+data "meraki_appliance_cellular_firewall_rules" "example" {
+  network_id = "L_123456"
+}

examples/resources/meraki_appliance_cellular_firewall_rules/import.sh

@@ -0,0 +1 @@
+terraform import meraki_appliance_cellular_firewall_rules.example "<network_id>"

examples/resources/meraki_appliance_cellular_firewall_rules/resource.tf

@@ -0,0 +1,15 @@
+resource "meraki_appliance_cellular_firewall_rules" "example" {
+  network_id = "L_123456"
+  rules = [
+    {
+      comment        = "Allow TCP traffic to subnet with HTTP servers."
+      dest_cidr      = "192.168.1.0/24"
+      dest_port      = "443"
+      policy         = "allow"
+      protocol       = "tcp"
+      src_cidr       = "Any"
+      src_port       = "Any"
+      syslog_enabled = false
+    }
+  ]
+}

gen/definitions/appliance_cellular_firewall_rules.yaml

@@ -0,0 +1,70 @@
+# @endpoint: /networks/{networkId}/appliance/firewall/cellularFirewallRules
+name: Appliance Cellular Firewall Rules
+rest_endpoint: /networks/%v/appliance/firewall/cellularFirewallRules
+put_create: true
+no_delete: true
+doc_category: Appliances
+test_variables: [test_org, test_network]
+attributes:
+  - tf_name: network_id
+    type: String
+    id: true
+    reference: true
+    description: Network ID
+    example: L_123456
+    test_value: meraki_network.test.id
+  - model_name: rules
+    type: List
+    mandatory: true
+    description: An ordered array of the firewall rules (not including the default rule)
+    ordered_list: true
+    attributes:
+      - model_name: comment
+        type: String
+        description: Description of the rule (optional)
+        example: Allow TCP traffic to subnet with HTTP servers.
+      - model_name: destCidr
+        type: String
+        mandatory: true
+        description: Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or `any`
+        example: 192.168.1.0/24
+      - model_name: destPort
+        type: String
+        description: Comma-separated list of destination port(s) (integer in the range 1-65535), or `any`
+        example: "443"
+        minimum_test_value: '"443"'
+      - model_name: policy
+        type: String
+        mandatory: true
+        description: '`allow` or `deny` traffic specified by this rule'
+        example: allow
+        enum_values: [allow, deny]
+      - model_name: protocol
+        type: String
+        mandatory: true
+        description: The type of protocol (must be `tcp`, `udp`, `icmp`, `icmp6` or `any`)
+        example: tcp
+        enum_values: [any, icmp, icmp6, tcp, udp]
+      - model_name: srcCidr
+        type: String
+        mandatory: true
+        description: 'Comma-separated list of source IP address(es) (in IP or CIDR notation), or `any` (note: FQDN not supported for source addresses)'
+        example: Any
+      - model_name: srcPort
+        type: String
+        description: Comma-separated list of source port(s) (integer in the range 1-65535), or `any`
+        example: Any
+        minimum_test_value: '"Any"'
+      - model_name: syslogEnabled
+        type: Bool
+        description: Log this rule to syslog (true or false, boolean value) - only applicable if a syslog has been configured (optional)
+        example: "false"
+test_prerequisites: |
+  data "meraki_organization" "test" {
+    name = var.test_org
+  }
+  resource "meraki_network" "test" {
+    organization_id = data.meraki_organization.test.id
+    name            = var.test_network
+    product_types   = ["appliance"]
+  }

internal/provider/data_source_meraki_appliance_cellular_firewall_rules.go

@@ -0,0 +1,156 @@
+// Copyright © 2024 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Mozilla Public License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://mozilla.org/MPL/2.0/
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: MPL-2.0
+
+package provider
+
+// Section below is generated&owned by "gen/generator.go". //template:begin imports
+import (
+	"context"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+	"github.com/hashicorp/terraform-plugin-framework/datasource/schema"
+	"github.com/hashicorp/terraform-plugin-log/tflog"
+	"github.com/netascode/go-meraki"
+	"github.com/tidwall/gjson"
+)
+
+// End of section. //template:end imports
+
+// Section below is generated&owned by "gen/generator.go". //template:begin model
+
+// Ensure the implementation satisfies the expected interfaces.
+var (
+	_ datasource.DataSource              = &ApplianceCellularFirewallRulesDataSource{}
+	_ datasource.DataSourceWithConfigure = &ApplianceCellularFirewallRulesDataSource{}
+)
+
+func NewApplianceCellularFirewallRulesDataSource() datasource.DataSource {
+	return &ApplianceCellularFirewallRulesDataSource{}
+}
+
+type ApplianceCellularFirewallRulesDataSource struct {
+	client *meraki.Client
+}
+
+func (d *ApplianceCellularFirewallRulesDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_appliance_cellular_firewall_rules"
+}
+
+func (d *ApplianceCellularFirewallRulesDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = schema.Schema{
+		// This description is used by the documentation generator and the language server.
+		MarkdownDescription: "This data source can read the `Appliance Cellular Firewall Rules` configuration.",
+
+		Attributes: map[string]schema.Attribute{
+			"id": schema.StringAttribute{
+				MarkdownDescription: "The id of the object",
+				Computed:            true,
+			},
+			"network_id": schema.StringAttribute{
+				MarkdownDescription: "Network ID",
+				Required:            true,
+			},
+			"rules": schema.ListNestedAttribute{
+				MarkdownDescription: "An ordered array of the firewall rules (not including the default rule)",
+				Computed:            true,
+				NestedObject: schema.NestedAttributeObject{
+					Attributes: map[string]schema.Attribute{
+						"comment": schema.StringAttribute{
+							MarkdownDescription: "Description of the rule (optional)",
+							Computed:            true,
+						},
+						"dest_cidr": schema.StringAttribute{
+							MarkdownDescription: "Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or `any`",
+							Computed:            true,
+						},
+						"dest_port": schema.StringAttribute{
+							MarkdownDescription: "Comma-separated list of destination port(s) (integer in the range 1-65535), or `any`",
+							Computed:            true,
+						},
+						"policy": schema.StringAttribute{
+							MarkdownDescription: "`allow` or `deny` traffic specified by this rule",
+							Computed:            true,
+						},
+						"protocol": schema.StringAttribute{
+							MarkdownDescription: "The type of protocol (must be `tcp`, `udp`, `icmp`, `icmp6` or `any`)",
+							Computed:            true,
+						},
+						"src_cidr": schema.StringAttribute{
+							MarkdownDescription: "Comma-separated list of source IP address(es) (in IP or CIDR notation), or `any` (note: FQDN not supported for source addresses)",
+							Computed:            true,
+						},
+						"src_port": schema.StringAttribute{
+							MarkdownDescription: "Comma-separated list of source port(s) (integer in the range 1-65535), or `any`",
+							Computed:            true,
+						},
+						"syslog_enabled": schema.BoolAttribute{
+							MarkdownDescription: "Log this rule to syslog (true or false, boolean value) - only applicable if a syslog has been configured (optional)",
+							Computed:            true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func (d *ApplianceCellularFirewallRulesDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) {
+	if req.ProviderData == nil {
+		return
+	}
+
+	d.client = req.ProviderData.(*MerakiProviderData).Client
+}
+
+// End of section. //template:end model
+
+// Section below is generated&owned by "gen/generator.go". //template:begin read
+
+func (d *ApplianceCellularFirewallRulesDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var config ApplianceCellularFirewallRules
+
+	// Read config
+	diags := req.Config.Get(ctx, &config)
+	resp.Diagnostics.Append(diags...)
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String()))
+
+	var res gjson.Result
+	var err error
+
+	if !res.Exists() {
+		res, err = d.client.Get(config.getPath())
+		if err != nil {
+			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err))
+			return
+		}
+	}
+
+	config.fromBody(ctx, res)
+	config.Id = config.NetworkId
+
+	tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString()))
+
+	diags = resp.State.Set(ctx, &config)
+	resp.Diagnostics.Append(diags...)
+}
+
+// End of section. //template:end read