From 2e705eb508462a6af3fb5450f6d9a87355973263 Mon Sep 17 00:00:00 2001 From: danischm Date: Tue, 19 Dec 2023 20:15:28 +0100 Subject: [PATCH] Add ipv6 device acl policy definition resource --- CHANGELOG.md | 1 + .../ipv6_device_acl_policy_definition.md | 69 ++++ docs/guides/changelog.md | 1 + .../ipv6_device_acl_policy_definition.md | 117 ++++++ .../data-source.tf | 3 + .../import.sh | 1 + .../resource.tf | 24 ++ .../ipv6_device_acl_policy_definition.yaml | 174 +++++++++ ...sdwan_ipv6_device_acl_policy_definition.go | 192 ++++++++++ ..._ipv6_device_acl_policy_definition_test.go | 76 ++++ ...sdwan_ipv6_device_acl_policy_definition.go | 345 ++++++++++++++++++ internal/provider/provider.go | 2 + ...sdwan_ipv6_device_acl_policy_definition.go | 328 +++++++++++++++++ ..._ipv6_device_acl_policy_definition_test.go | 73 ++++ templates/guides/changelog.md.tmpl | 1 + 15 files changed, 1407 insertions(+) create mode 100644 docs/data-sources/ipv6_device_acl_policy_definition.md create mode 100644 docs/resources/ipv6_device_acl_policy_definition.md create mode 100644 examples/data-sources/sdwan_ipv6_device_acl_policy_definition/data-source.tf create mode 100644 examples/resources/sdwan_ipv6_device_acl_policy_definition/import.sh create mode 100644 examples/resources/sdwan_ipv6_device_acl_policy_definition/resource.tf create mode 100644 gen/definitions/generic/ipv6_device_acl_policy_definition.yaml create mode 100644 internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition.go create mode 100644 internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition_test.go create mode 100644 internal/provider/model_sdwan_ipv6_device_acl_policy_definition.go create mode 100644 internal/provider/resource_sdwan_ipv6_device_acl_policy_definition.go create mode 100644 internal/provider/resource_sdwan_ipv6_device_acl_policy_definition_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index ca7e7c90b..b5bd4d68d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ - BREAKING CHANGE: Rename `sdwan_acl_policy_definition` resource and data source to `sdwan_ipv4_acl_policy_definition` - BREAKING CHANGE: Rename `sdwan_device_acl_policy_definition` resource and data source to `sdwan_ipv4_device_acl_policy_definition` - Add `sdwan_ipv6_acl_policy_definition` resource and data source +- Add `sdwan_ipv6_device_acl_policy_definition` resource and data source ## 0.2.11 diff --git a/docs/data-sources/ipv6_device_acl_policy_definition.md b/docs/data-sources/ipv6_device_acl_policy_definition.md new file mode 100644 index 000000000..caebd5202 --- /dev/null +++ b/docs/data-sources/ipv6_device_acl_policy_definition.md @@ -0,0 +1,69 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_ipv6_device_acl_policy_definition Data Source - terraform-provider-sdwan" +subcategory: "Localized Policies" +description: |- + This data source can read the IPv6 Device ACL Policy Definition . +--- + +# sdwan_ipv6_device_acl_policy_definition (Data Source) + +This data source can read the IPv6 Device ACL Policy Definition . + +## Example Usage + +```terraform +data "sdwan_ipv6_device_acl_policy_definition" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} +``` + + +## Schema + +### Required + +- `id` (String) The id of the object + +### Read-Only + +- `default_action` (String) Default action, either `accept` or `drop` +- `description` (String) The description of the policy definition +- `name` (String) The name of the policy definition +- `sequences` (Attributes List) List of ACL sequences (see [below for nested schema](#nestedatt--sequences)) +- `version` (Number) The version of the object + + +### Nested Schema for `sequences` + +Read-Only: + +- `action_entries` (Attributes List) List of action entries (see [below for nested schema](#nestedatt--sequences--action_entries)) +- `base_action` (String) Base action, either `accept` or `drop` +- `id` (Number) Sequence ID +- `match_entries` (Attributes List) List of match entries (see [below for nested schema](#nestedatt--sequences--match_entries)) +- `name` (String) Sequence name + + +### Nested Schema for `sequences.action_entries` + +Read-Only: + +- `counter_name` (String) Counter name +- `type` (String) Type of action entry + + + +### Nested Schema for `sequences.match_entries` + +Read-Only: + +- `destination_data_ipv6_prefix_list_id` (String) Destination data IPv6 prefix list ID +- `destination_data_ipv6_prefix_list_version` (Number) Destination data IPv6 prefix list version +- `destination_ip` (String) Destination IP prefix +- `destination_port` (Number) Destination port, only `22` and `161` supported +- `source_data_ipv6_prefix_list_id` (String) Source data IPv6 prefix list ID +- `source_data_ipv6_prefix_list_version` (Number) Source data IPv6 prefix list version +- `source_ip` (String) Source IP prefix +- `source_port` (Number) Source port +- `type` (String) Type of match entry diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index b7dc1fd63..ebd2bc30f 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -25,6 +25,7 @@ description: |- - BREAKING CHANGE: Rename `sdwan_acl_policy_definition` resource and data source to `sdwan_ipv4_acl_policy_definition` - BREAKING CHANGE: Rename `sdwan_device_acl_policy_definition` resource and data source to `sdwan_ipv4_device_acl_policy_definition` - Add `sdwan_ipv6_acl_policy_definition` resource and data source +- Add `sdwan_ipv6_device_acl_policy_definition` resource and data source ## 0.2.11 diff --git a/docs/resources/ipv6_device_acl_policy_definition.md b/docs/resources/ipv6_device_acl_policy_definition.md new file mode 100644 index 000000000..6aa15e38c --- /dev/null +++ b/docs/resources/ipv6_device_acl_policy_definition.md @@ -0,0 +1,117 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_ipv6_device_acl_policy_definition Resource - terraform-provider-sdwan" +subcategory: "Localized Policies" +description: |- + This resource can manage a IPv6 Device ACL Policy Definition . +--- + +# sdwan_ipv6_device_acl_policy_definition (Resource) + +This resource can manage a IPv6 Device ACL Policy Definition . + +## Example Usage + +```terraform +resource "sdwan_ipv6_device_acl_policy_definition" "example" { + name = "Example" + description = "My description" + default_action = "drop" + sequences = [ + { + id = 10 + name = "Sequence 10" + base_action = "accept" + match_entries = [ + { + type = "destinationPort" + destination_port = 22 + } + ] + action_entries = [ + { + type = "count" + counter_name = "count1" + } + ] + } + ] +} +``` + + +## Schema + +### Required + +- `description` (String) The description of the policy definition +- `name` (String) The name of the policy definition +- `sequences` (Attributes List) List of ACL sequences (see [below for nested schema](#nestedatt--sequences)) + +### Optional + +- `default_action` (String) Default action, either `accept` or `drop` + - Choices: `accept`, `drop` + +### Read-Only + +- `id` (String) The id of the object +- `version` (Number) The version of the object + + +### Nested Schema for `sequences` + +Required: + +- `id` (Number) Sequence ID + - Range: `1`-`65534` +- `name` (String) Sequence name + +Optional: + +- `action_entries` (Attributes List) List of action entries (see [below for nested schema](#nestedatt--sequences--action_entries)) +- `base_action` (String) Base action, either `accept` or `drop` + - Choices: `accept`, `drop` +- `match_entries` (Attributes List) List of match entries (see [below for nested schema](#nestedatt--sequences--match_entries)) + + +### Nested Schema for `sequences.action_entries` + +Required: + +- `type` (String) Type of action entry + - Choices: `count` + +Optional: + +- `counter_name` (String) Counter name + + + +### Nested Schema for `sequences.match_entries` + +Required: + +- `type` (String) Type of match entry + - Choices: `sourceIpv6`, `destinationIpv6`, `sourcePort`, `destinationPort`, `sourceDataIpv6PrefixList`, `destinationDataIpv6PrefixList` + +Optional: + +- `destination_data_ipv6_prefix_list_id` (String) Destination data IPv6 prefix list ID +- `destination_data_ipv6_prefix_list_version` (Number) Destination data IPv6 prefix list version +- `destination_ip` (String) Destination IP prefix +- `destination_port` (Number) Destination port, only `22` and `161` supported + - Range: `0`-`65535` +- `source_data_ipv6_prefix_list_id` (String) Source data IPv6 prefix list ID +- `source_data_ipv6_prefix_list_version` (Number) Source data IPv6 prefix list version +- `source_ip` (String) Source IP prefix +- `source_port` (Number) Source port + - Range: `0`-`65535` + +## Import + +Import is supported using the following syntax: + +```shell +terraform import sdwan_ipv6_device_acl_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd" +``` diff --git a/examples/data-sources/sdwan_ipv6_device_acl_policy_definition/data-source.tf b/examples/data-sources/sdwan_ipv6_device_acl_policy_definition/data-source.tf new file mode 100644 index 000000000..02228fee7 --- /dev/null +++ b/examples/data-sources/sdwan_ipv6_device_acl_policy_definition/data-source.tf @@ -0,0 +1,3 @@ +data "sdwan_ipv6_device_acl_policy_definition" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} diff --git a/examples/resources/sdwan_ipv6_device_acl_policy_definition/import.sh b/examples/resources/sdwan_ipv6_device_acl_policy_definition/import.sh new file mode 100644 index 000000000..fe27d6a23 --- /dev/null +++ b/examples/resources/sdwan_ipv6_device_acl_policy_definition/import.sh @@ -0,0 +1 @@ +terraform import sdwan_ipv6_device_acl_policy_definition.example "f6b2c44c-693c-4763-b010-895aa3d236bd" diff --git a/examples/resources/sdwan_ipv6_device_acl_policy_definition/resource.tf b/examples/resources/sdwan_ipv6_device_acl_policy_definition/resource.tf new file mode 100644 index 000000000..64f22211f --- /dev/null +++ b/examples/resources/sdwan_ipv6_device_acl_policy_definition/resource.tf @@ -0,0 +1,24 @@ +resource "sdwan_ipv6_device_acl_policy_definition" "example" { + name = "Example" + description = "My description" + default_action = "drop" + sequences = [ + { + id = 10 + name = "Sequence 10" + base_action = "accept" + match_entries = [ + { + type = "destinationPort" + destination_port = 22 + } + ] + action_entries = [ + { + type = "count" + counter_name = "count1" + } + ] + } + ] +} diff --git a/gen/definitions/generic/ipv6_device_acl_policy_definition.yaml b/gen/definitions/generic/ipv6_device_acl_policy_definition.yaml new file mode 100644 index 000000000..d1460eee2 --- /dev/null +++ b/gen/definitions/generic/ipv6_device_acl_policy_definition.yaml @@ -0,0 +1,174 @@ +--- +name: IPv6 Device ACL Policy Definition +rest_endpoint: /template/policy/definition/deviceaccesspolicyv6/ +has_version: true +id_attribute: definitionId +doc_category: Localized Policies +attributes: + - model_name: type + type: String + value: deviceaccesspolicyv6 + - model_name: name + tf_name: name + type: String + mandatory: true + description: The name of the policy definition + example: Example + - model_name: description + tf_name: description + type: String + mandatory: true + description: The description of the policy definition + example: My description + - model_name: type + tf_name: default_action + data_path: [defaultAction] + type: String + enum_values: [accept, drop] + description: Default action, either `accept` or `drop` + example: drop + - model_name: sequences + type: List + mandatory: true + description: List of ACL sequences + attributes: + - model_name: sequenceId + tf_name: id + type: Int64 + id: true + mandatory: true + description: Sequence ID + min_int: 1 + max_int: 65534 + example: 10 + - model_name: sequenceName + tf_name: name + type: String + id: true + mandatory: true + description: Sequence name + example: Sequence 10 + - model_name: sequenceType + type: String + value: deviceaccesspolicyv6 + - model_name: sequenceIpType + type: String + value: ipv6 + - model_name: baseAction + tf_name: base_action + type: String + enum_values: [accept, drop] + description: Base action, either `accept` or `drop` + example: accept + - model_name: entries + data_path: [match] + tf_name: match_entries + type: List + description: List of match entries + attributes: + - model_name: field + tf_name: type + type: String + id: true + mandatory: true + enum_values: + [ + sourceIpv6, + destinationIpv6, + sourcePort, + destinationPort, + sourceDataIpv6PrefixList, + destinationDataIpv6PrefixList, + ] + description: Type of match entry + example: destinationPort + - model_name: value + tf_name: source_ip + conditional_attribute: + name: type + value: sourceIpv6 + type: String + description: Source IP prefix + exclude_test: true + example: 2001::/8 + - model_name: value + tf_name: destination_ip + conditional_attribute: + name: type + value: destinationIpv6 + type: String + description: Destination IP prefix + exclude_test: true + example: 2001::/8 + - model_name: value + tf_name: source_port + conditional_attribute: + name: type + value: sourcePort + type: Int64 + model_type_string: true + description: Source port + exclude_test: true + min_int: 0 + max_int: 65535 + example: 8000 + - model_name: value + tf_name: destination_port + conditional_attribute: + name: type + value: destinationPort + type: Int64 + model_type_string: true + description: Destination port, only `22` and `161` supported + min_int: 0 + max_int: 65535 + example: 22 + - model_name: ref + tf_name: source_data_ipv6_prefix_list_id + conditional_attribute: + name: type + value: sourceDataIpv6PrefixList + type: String + description: Source data IPv6 prefix list ID + exclude_test: true + example: 2081c2f4-3f9f-4fee-8078-dcc8904e368d + - tf_name: source_data_ipv6_prefix_list_version + tf_only: true + type: Version + description: Source data IPv6 prefix list version + exclude_test: true + - model_name: ref + tf_name: destination_data_ipv6_prefix_list_id + conditional_attribute: + name: type + value: destinationDataIpv6PrefixList + type: String + description: Destination data IPv6 prefix list ID + exclude_test: true + example: 2081c2f4-3f9f-4fee-8078-dcc8904e368d + - tf_name: destination_data_ipv6_prefix_list_version + tf_only: true + type: Version + description: Destination data IPv6 prefix list version + exclude_test: true + - model_name: actions + tf_name: action_entries + type: List + description: List of action entries + attributes: + - model_name: type + tf_name: type + type: String + id: true + mandatory: true + enum_values: [count] + description: Type of action entry + example: count + - model_name: parameter + tf_name: counter_name + conditional_attribute: + name: type + value: count + type: String + description: Counter name + example: count1 diff --git a/internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition.go b/internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition.go new file mode 100644 index 000000000..bbfec9165 --- /dev/null +++ b/internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition.go @@ -0,0 +1,192 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ datasource.DataSource = &IPv6DeviceACLPolicyDefinitionDataSource{} + _ datasource.DataSourceWithConfigure = &IPv6DeviceACLPolicyDefinitionDataSource{} +) + +func NewIPv6DeviceACLPolicyDefinitionDataSource() datasource.DataSource { + return &IPv6DeviceACLPolicyDefinitionDataSource{} +} + +type IPv6DeviceACLPolicyDefinitionDataSource struct { + client *sdwan.Client +} + +func (d *IPv6DeviceACLPolicyDefinitionDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_ipv6_device_acl_policy_definition" +} + +func (d *IPv6DeviceACLPolicyDefinitionDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: "This data source can read the IPv6 Device ACL Policy Definition .", + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Required: true, + }, + "version": schema.Int64Attribute{ + MarkdownDescription: "The version of the object", + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "The name of the policy definition", + Computed: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "The description of the policy definition", + Computed: true, + }, + "default_action": schema.StringAttribute{ + MarkdownDescription: "Default action, either `accept` or `drop`", + Computed: true, + }, + "sequences": schema.ListNestedAttribute{ + MarkdownDescription: "List of ACL sequences", + Computed: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "id": schema.Int64Attribute{ + MarkdownDescription: "Sequence ID", + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "Sequence name", + Computed: true, + }, + "base_action": schema.StringAttribute{ + MarkdownDescription: "Base action, either `accept` or `drop`", + Computed: true, + }, + "match_entries": schema.ListNestedAttribute{ + MarkdownDescription: "List of match entries", + Computed: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "type": schema.StringAttribute{ + MarkdownDescription: "Type of match entry", + Computed: true, + }, + "source_ip": schema.StringAttribute{ + MarkdownDescription: "Source IP prefix", + Computed: true, + }, + "destination_ip": schema.StringAttribute{ + MarkdownDescription: "Destination IP prefix", + Computed: true, + }, + "source_port": schema.Int64Attribute{ + MarkdownDescription: "Source port", + Computed: true, + }, + "destination_port": schema.Int64Attribute{ + MarkdownDescription: "Destination port, only `22` and `161` supported", + Computed: true, + }, + "source_data_ipv6_prefix_list_id": schema.StringAttribute{ + MarkdownDescription: "Source data IPv6 prefix list ID", + Computed: true, + }, + "source_data_ipv6_prefix_list_version": schema.Int64Attribute{ + MarkdownDescription: "Source data IPv6 prefix list version", + Computed: true, + }, + "destination_data_ipv6_prefix_list_id": schema.StringAttribute{ + MarkdownDescription: "Destination data IPv6 prefix list ID", + Computed: true, + }, + "destination_data_ipv6_prefix_list_version": schema.Int64Attribute{ + MarkdownDescription: "Destination data IPv6 prefix list version", + Computed: true, + }, + }, + }, + }, + "action_entries": schema.ListNestedAttribute{ + MarkdownDescription: "List of action entries", + Computed: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "type": schema.StringAttribute{ + MarkdownDescription: "Type of action entry", + Computed: true, + }, + "counter_name": schema.StringAttribute{ + MarkdownDescription: "Counter name", + Computed: true, + }, + }, + }, + }, + }, + }, + }, + }, + } +} + +func (d *IPv6DeviceACLPolicyDefinitionDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + d.client = req.ProviderData.(*SdwanProviderData).Client +} + +func (d *IPv6DeviceACLPolicyDefinitionDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config IPv6DeviceACLPolicyDefinition + + // Read config + diags := req.Config.Get(ctx, &config) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String())) + + res, err := d.client.Get("/template/policy/definition/deviceaccesspolicyv6/" + config.Id.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) + return + } + + config.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) + + diags = resp.State.Set(ctx, &config) + resp.Diagnostics.Append(diags...) +} diff --git a/internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition_test.go b/internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition_test.go new file mode 100644 index 000000000..9755cd847 --- /dev/null +++ b/internal/provider/data_source_sdwan_ipv6_device_acl_policy_definition_test.go @@ -0,0 +1,76 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccDataSourceSdwanIPv6DeviceACLPolicyDefinition(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSdwanIPv6DeviceACLPolicyDefinitionConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "name", "Example"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "description", "My description"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "default_action", "drop"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.id", "10"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.name", "Sequence 10"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.base_action", "accept"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.match_entries.0.type", "destinationPort"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.match_entries.0.destination_port", "22"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.action_entries.0.type", "count"), + resource.TestCheckResourceAttr("data.sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.action_entries.0.counter_name", "count1"), + ), + }, + }, + }) +} + +const testAccDataSourceSdwanIPv6DeviceACLPolicyDefinitionConfig = ` + +resource "sdwan_ipv6_device_acl_policy_definition" "test" { + name = "Example" + description = "My description" + default_action = "drop" + sequences = [{ + id = 10 + name = "Sequence 10" + base_action = "accept" + match_entries = [{ + type = "destinationPort" + destination_port = 22 + }] + action_entries = [{ + type = "count" + counter_name = "count1" + }] + }] +} + +data "sdwan_ipv6_device_acl_policy_definition" "test" { + id = sdwan_ipv6_device_acl_policy_definition.test.id +} +` diff --git a/internal/provider/model_sdwan_ipv6_device_acl_policy_definition.go b/internal/provider/model_sdwan_ipv6_device_acl_policy_definition.go new file mode 100644 index 000000000..2a3487ac5 --- /dev/null +++ b/internal/provider/model_sdwan_ipv6_device_acl_policy_definition.go @@ -0,0 +1,345 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" +) + +type IPv6DeviceACLPolicyDefinition struct { + Id types.String `tfsdk:"id"` + Version types.Int64 `tfsdk:"version"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + DefaultAction types.String `tfsdk:"default_action"` + Sequences []IPv6DeviceACLPolicyDefinitionSequences `tfsdk:"sequences"` +} + +type IPv6DeviceACLPolicyDefinitionSequences struct { + Id types.Int64 `tfsdk:"id"` + Name types.String `tfsdk:"name"` + BaseAction types.String `tfsdk:"base_action"` + MatchEntries []IPv6DeviceACLPolicyDefinitionSequencesMatchEntries `tfsdk:"match_entries"` + ActionEntries []IPv6DeviceACLPolicyDefinitionSequencesActionEntries `tfsdk:"action_entries"` +} + +type IPv6DeviceACLPolicyDefinitionSequencesMatchEntries struct { + Type types.String `tfsdk:"type"` + SourceIp types.String `tfsdk:"source_ip"` + DestinationIp types.String `tfsdk:"destination_ip"` + SourcePort types.Int64 `tfsdk:"source_port"` + DestinationPort types.Int64 `tfsdk:"destination_port"` + SourceDataIpv6PrefixListId types.String `tfsdk:"source_data_ipv6_prefix_list_id"` + SourceDataIpv6PrefixListVersion types.Int64 `tfsdk:"source_data_ipv6_prefix_list_version"` + DestinationDataIpv6PrefixListId types.String `tfsdk:"destination_data_ipv6_prefix_list_id"` + DestinationDataIpv6PrefixListVersion types.Int64 `tfsdk:"destination_data_ipv6_prefix_list_version"` +} +type IPv6DeviceACLPolicyDefinitionSequencesActionEntries struct { + Type types.String `tfsdk:"type"` + CounterName types.String `tfsdk:"counter_name"` +} + +func (data IPv6DeviceACLPolicyDefinition) toBody(ctx context.Context) string { + body := "" + body, _ = sjson.Set(body, "type", "deviceaccesspolicyv6") + if !data.Name.IsNull() { + body, _ = sjson.Set(body, "name", data.Name.ValueString()) + } + if !data.Description.IsNull() { + body, _ = sjson.Set(body, "description", data.Description.ValueString()) + } + if !data.DefaultAction.IsNull() { + body, _ = sjson.Set(body, "defaultAction.type", data.DefaultAction.ValueString()) + } + if true { + body, _ = sjson.Set(body, "sequences", []interface{}{}) + for _, item := range data.Sequences { + itemBody := "" + if !item.Id.IsNull() { + itemBody, _ = sjson.Set(itemBody, "sequenceId", item.Id.ValueInt64()) + } + if !item.Name.IsNull() { + itemBody, _ = sjson.Set(itemBody, "sequenceName", item.Name.ValueString()) + } + itemBody, _ = sjson.Set(itemBody, "sequenceType", "deviceaccesspolicyv6") + itemBody, _ = sjson.Set(itemBody, "sequenceIpType", "ipv6") + if !item.BaseAction.IsNull() { + itemBody, _ = sjson.Set(itemBody, "baseAction", item.BaseAction.ValueString()) + } + if true { + itemBody, _ = sjson.Set(itemBody, "match.entries", []interface{}{}) + for _, childItem := range item.MatchEntries { + itemChildBody := "" + if !childItem.Type.IsNull() { + itemChildBody, _ = sjson.Set(itemChildBody, "field", childItem.Type.ValueString()) + } + if !childItem.SourceIp.IsNull() && childItem.Type.ValueString() == "sourceIpv6" { + itemChildBody, _ = sjson.Set(itemChildBody, "value", childItem.SourceIp.ValueString()) + } + if !childItem.DestinationIp.IsNull() && childItem.Type.ValueString() == "destinationIpv6" { + itemChildBody, _ = sjson.Set(itemChildBody, "value", childItem.DestinationIp.ValueString()) + } + if !childItem.SourcePort.IsNull() && childItem.Type.ValueString() == "sourcePort" { + itemChildBody, _ = sjson.Set(itemChildBody, "value", fmt.Sprint(childItem.SourcePort.ValueInt64())) + } + if !childItem.DestinationPort.IsNull() && childItem.Type.ValueString() == "destinationPort" { + itemChildBody, _ = sjson.Set(itemChildBody, "value", fmt.Sprint(childItem.DestinationPort.ValueInt64())) + } + if !childItem.SourceDataIpv6PrefixListId.IsNull() && childItem.Type.ValueString() == "sourceDataIpv6PrefixList" { + itemChildBody, _ = sjson.Set(itemChildBody, "ref", childItem.SourceDataIpv6PrefixListId.ValueString()) + } + if !childItem.DestinationDataIpv6PrefixListId.IsNull() && childItem.Type.ValueString() == "destinationDataIpv6PrefixList" { + itemChildBody, _ = sjson.Set(itemChildBody, "ref", childItem.DestinationDataIpv6PrefixListId.ValueString()) + } + itemBody, _ = sjson.SetRaw(itemBody, "match.entries.-1", itemChildBody) + } + } + if true { + itemBody, _ = sjson.Set(itemBody, "actions", []interface{}{}) + for _, childItem := range item.ActionEntries { + itemChildBody := "" + if !childItem.Type.IsNull() { + itemChildBody, _ = sjson.Set(itemChildBody, "type", childItem.Type.ValueString()) + } + if !childItem.CounterName.IsNull() && childItem.Type.ValueString() == "count" { + itemChildBody, _ = sjson.Set(itemChildBody, "parameter", childItem.CounterName.ValueString()) + } + itemBody, _ = sjson.SetRaw(itemBody, "actions.-1", itemChildBody) + } + } + body, _ = sjson.SetRaw(body, "sequences.-1", itemBody) + } + } + return body +} + +func (data *IPv6DeviceACLPolicyDefinition) fromBody(ctx context.Context, res gjson.Result) { + state := *data + if value := res.Get("name"); value.Exists() { + data.Name = types.StringValue(value.String()) + } else { + data.Name = types.StringNull() + } + if value := res.Get("description"); value.Exists() { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("defaultAction.type"); value.Exists() { + data.DefaultAction = types.StringValue(value.String()) + } else { + data.DefaultAction = types.StringNull() + } + if value := res.Get("sequences"); value.Exists() && len(value.Array()) > 0 { + data.Sequences = make([]IPv6DeviceACLPolicyDefinitionSequences, 0) + value.ForEach(func(k, v gjson.Result) bool { + item := IPv6DeviceACLPolicyDefinitionSequences{} + if cValue := v.Get("sequenceId"); cValue.Exists() { + item.Id = types.Int64Value(cValue.Int()) + } else { + item.Id = types.Int64Null() + } + if cValue := v.Get("sequenceName"); cValue.Exists() { + item.Name = types.StringValue(cValue.String()) + } else { + item.Name = types.StringNull() + } + if cValue := v.Get("baseAction"); cValue.Exists() { + item.BaseAction = types.StringValue(cValue.String()) + } else { + item.BaseAction = types.StringNull() + } + if cValue := v.Get("match.entries"); cValue.Exists() && len(cValue.Array()) > 0 { + item.MatchEntries = make([]IPv6DeviceACLPolicyDefinitionSequencesMatchEntries, 0) + cValue.ForEach(func(ck, cv gjson.Result) bool { + cItem := IPv6DeviceACLPolicyDefinitionSequencesMatchEntries{} + if ccValue := cv.Get("field"); ccValue.Exists() { + cItem.Type = types.StringValue(ccValue.String()) + } else { + cItem.Type = types.StringNull() + } + if ccValue := cv.Get("value"); ccValue.Exists() && cItem.Type.ValueString() == "sourceIpv6" { + cItem.SourceIp = types.StringValue(ccValue.String()) + } else { + cItem.SourceIp = types.StringNull() + } + if ccValue := cv.Get("value"); ccValue.Exists() && cItem.Type.ValueString() == "destinationIpv6" { + cItem.DestinationIp = types.StringValue(ccValue.String()) + } else { + cItem.DestinationIp = types.StringNull() + } + if ccValue := cv.Get("value"); ccValue.Exists() && cItem.Type.ValueString() == "sourcePort" { + cItem.SourcePort = types.Int64Value(ccValue.Int()) + } else { + cItem.SourcePort = types.Int64Null() + } + if ccValue := cv.Get("value"); ccValue.Exists() && cItem.Type.ValueString() == "destinationPort" { + cItem.DestinationPort = types.Int64Value(ccValue.Int()) + } else { + cItem.DestinationPort = types.Int64Null() + } + if ccValue := cv.Get("ref"); ccValue.Exists() && cItem.Type.ValueString() == "sourceDataIpv6PrefixList" { + cItem.SourceDataIpv6PrefixListId = types.StringValue(ccValue.String()) + } else { + cItem.SourceDataIpv6PrefixListId = types.StringNull() + } + if ccValue := cv.Get("ref"); ccValue.Exists() && cItem.Type.ValueString() == "destinationDataIpv6PrefixList" { + cItem.DestinationDataIpv6PrefixListId = types.StringValue(ccValue.String()) + } else { + cItem.DestinationDataIpv6PrefixListId = types.StringNull() + } + item.MatchEntries = append(item.MatchEntries, cItem) + return true + }) + } + if cValue := v.Get("actions"); cValue.Exists() && len(cValue.Array()) > 0 { + item.ActionEntries = make([]IPv6DeviceACLPolicyDefinitionSequencesActionEntries, 0) + cValue.ForEach(func(ck, cv gjson.Result) bool { + cItem := IPv6DeviceACLPolicyDefinitionSequencesActionEntries{} + if ccValue := cv.Get("type"); ccValue.Exists() { + cItem.Type = types.StringValue(ccValue.String()) + } else { + cItem.Type = types.StringNull() + } + if ccValue := cv.Get("parameter"); ccValue.Exists() && cItem.Type.ValueString() == "count" { + cItem.CounterName = types.StringValue(ccValue.String()) + } else { + cItem.CounterName = types.StringNull() + } + item.ActionEntries = append(item.ActionEntries, cItem) + return true + }) + } + data.Sequences = append(data.Sequences, item) + return true + }) + } + data.updateVersions(ctx, &state) +} + +func (data *IPv6DeviceACLPolicyDefinition) hasChanges(ctx context.Context, state *IPv6DeviceACLPolicyDefinition) bool { + hasChanges := false + if !data.Name.Equal(state.Name) { + hasChanges = true + } + if !data.Description.Equal(state.Description) { + hasChanges = true + } + if !data.DefaultAction.Equal(state.DefaultAction) { + hasChanges = true + } + if len(data.Sequences) != len(state.Sequences) { + hasChanges = true + } else { + for i := range data.Sequences { + if !data.Sequences[i].Id.Equal(state.Sequences[i].Id) { + hasChanges = true + } + if !data.Sequences[i].Name.Equal(state.Sequences[i].Name) { + hasChanges = true + } + if !data.Sequences[i].BaseAction.Equal(state.Sequences[i].BaseAction) { + hasChanges = true + } + if len(data.Sequences[i].MatchEntries) != len(state.Sequences[i].MatchEntries) { + hasChanges = true + } else { + for ii := range data.Sequences[i].MatchEntries { + if !data.Sequences[i].MatchEntries[ii].Type.Equal(state.Sequences[i].MatchEntries[ii].Type) { + hasChanges = true + } + if !data.Sequences[i].MatchEntries[ii].SourceIp.Equal(state.Sequences[i].MatchEntries[ii].SourceIp) { + hasChanges = true + } + if !data.Sequences[i].MatchEntries[ii].DestinationIp.Equal(state.Sequences[i].MatchEntries[ii].DestinationIp) { + hasChanges = true + } + if !data.Sequences[i].MatchEntries[ii].SourcePort.Equal(state.Sequences[i].MatchEntries[ii].SourcePort) { + hasChanges = true + } + if !data.Sequences[i].MatchEntries[ii].DestinationPort.Equal(state.Sequences[i].MatchEntries[ii].DestinationPort) { + hasChanges = true + } + if !data.Sequences[i].MatchEntries[ii].SourceDataIpv6PrefixListId.Equal(state.Sequences[i].MatchEntries[ii].SourceDataIpv6PrefixListId) { + hasChanges = true + } + if !data.Sequences[i].MatchEntries[ii].DestinationDataIpv6PrefixListId.Equal(state.Sequences[i].MatchEntries[ii].DestinationDataIpv6PrefixListId) { + hasChanges = true + } + } + } + if len(data.Sequences[i].ActionEntries) != len(state.Sequences[i].ActionEntries) { + hasChanges = true + } else { + for ii := range data.Sequences[i].ActionEntries { + if !data.Sequences[i].ActionEntries[ii].Type.Equal(state.Sequences[i].ActionEntries[ii].Type) { + hasChanges = true + } + if !data.Sequences[i].ActionEntries[ii].CounterName.Equal(state.Sequences[i].ActionEntries[ii].CounterName) { + hasChanges = true + } + } + } + } + } + return hasChanges +} + +func (data *IPv6DeviceACLPolicyDefinition) updateVersions(ctx context.Context, state *IPv6DeviceACLPolicyDefinition) { + for i := range data.Sequences { + dataKeys := [...]string{fmt.Sprintf("%v", data.Sequences[i].Id.ValueInt64()), fmt.Sprintf("%v", data.Sequences[i].Name.ValueString())} + stateIndex := -1 + for j := range state.Sequences { + stateKeys := [...]string{fmt.Sprintf("%v", state.Sequences[j].Id.ValueInt64()), fmt.Sprintf("%v", state.Sequences[j].Name.ValueString())} + if dataKeys == stateKeys { + stateIndex = j + break + } + } + for ii := range data.Sequences[i].MatchEntries { + cDataKeys := [...]string{fmt.Sprintf("%v", data.Sequences[i].MatchEntries[ii].Type.ValueString())} + cStateIndex := -1 + if stateIndex > -1 { + for jj := range state.Sequences[stateIndex].MatchEntries { + cStateKeys := [...]string{fmt.Sprintf("%v", state.Sequences[stateIndex].MatchEntries[jj].Type.ValueString())} + if cDataKeys == cStateKeys { + cStateIndex = jj + break + } + } + } + if cStateIndex > -1 { + data.Sequences[i].MatchEntries[ii].SourceDataIpv6PrefixListVersion = state.Sequences[stateIndex].MatchEntries[cStateIndex].SourceDataIpv6PrefixListVersion + } else { + data.Sequences[i].MatchEntries[ii].SourceDataIpv6PrefixListVersion = types.Int64Null() + } + if cStateIndex > -1 { + data.Sequences[i].MatchEntries[ii].DestinationDataIpv6PrefixListVersion = state.Sequences[stateIndex].MatchEntries[cStateIndex].DestinationDataIpv6PrefixListVersion + } else { + data.Sequences[i].MatchEntries[ii].DestinationDataIpv6PrefixListVersion = types.Int64Null() + } + } + } +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 0e22fb879..c263ea0af 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -296,6 +296,7 @@ func (p *SdwanProvider) Resources(ctx context.Context) []func() resource.Resourc NewIPv4DeviceACLPolicyDefinitionResource, NewIPv4PrefixListPolicyObjectResource, NewIPv6ACLPolicyDefinitionResource, + NewIPv6DeviceACLPolicyDefinitionResource, NewIPv6PrefixListPolicyObjectResource, NewLocalApplicationListPolicyObjectResource, NewLocalizedPolicyResource, @@ -388,6 +389,7 @@ func (p *SdwanProvider) DataSources(ctx context.Context) []func() datasource.Dat NewIPv4DeviceACLPolicyDefinitionDataSource, NewIPv4PrefixListPolicyObjectDataSource, NewIPv6ACLPolicyDefinitionDataSource, + NewIPv6DeviceACLPolicyDefinitionDataSource, NewIPv6PrefixListPolicyObjectDataSource, NewLocalApplicationListPolicyObjectDataSource, NewLocalizedPolicyDataSource, diff --git a/internal/provider/resource_sdwan_ipv6_device_acl_policy_definition.go b/internal/provider/resource_sdwan_ipv6_device_acl_policy_definition.go new file mode 100644 index 000000000..8ee9fb2e9 --- /dev/null +++ b/internal/provider/resource_sdwan_ipv6_device_acl_policy_definition.go @@ -0,0 +1,328 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + "strings" + "sync" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework-validators/int64validator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// Ensure provider defined types fully satisfy framework interfaces +var _ resource.Resource = &IPv6DeviceACLPolicyDefinitionResource{} +var _ resource.ResourceWithImportState = &IPv6DeviceACLPolicyDefinitionResource{} + +func NewIPv6DeviceACLPolicyDefinitionResource() resource.Resource { + return &IPv6DeviceACLPolicyDefinitionResource{} +} + +type IPv6DeviceACLPolicyDefinitionResource struct { + client *sdwan.Client + updateMutex *sync.Mutex +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_ipv6_device_acl_policy_definition" +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a IPv6 Device ACL Policy Definition .").String, + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "version": schema.Int64Attribute{ + MarkdownDescription: "The version of the object", + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("The name of the policy definition").String, + Required: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("The description of the policy definition").String, + Required: true, + }, + "default_action": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Default action, either `accept` or `drop`").AddStringEnumDescription("accept", "drop").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("accept", "drop"), + }, + }, + "sequences": schema.ListNestedAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of ACL sequences").String, + Required: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "id": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Sequence ID").AddIntegerRangeDescription(1, 65534).String, + Required: true, + Validators: []validator.Int64{ + int64validator.Between(1, 65534), + }, + }, + "name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Sequence name").String, + Required: true, + }, + "base_action": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Base action, either `accept` or `drop`").AddStringEnumDescription("accept", "drop").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("accept", "drop"), + }, + }, + "match_entries": schema.ListNestedAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of match entries").String, + Optional: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "type": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Type of match entry").AddStringEnumDescription("sourceIpv6", "destinationIpv6", "sourcePort", "destinationPort", "sourceDataIpv6PrefixList", "destinationDataIpv6PrefixList").String, + Required: true, + Validators: []validator.String{ + stringvalidator.OneOf("sourceIpv6", "destinationIpv6", "sourcePort", "destinationPort", "sourceDataIpv6PrefixList", "destinationDataIpv6PrefixList"), + }, + }, + "source_ip": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Source IP prefix").String, + Optional: true, + }, + "destination_ip": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Destination IP prefix").String, + Optional: true, + }, + "source_port": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Source port").AddIntegerRangeDescription(0, 65535).String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(0, 65535), + }, + }, + "destination_port": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Destination port, only `22` and `161` supported").AddIntegerRangeDescription(0, 65535).String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(0, 65535), + }, + }, + "source_data_ipv6_prefix_list_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Source data IPv6 prefix list ID").String, + Optional: true, + }, + "source_data_ipv6_prefix_list_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Source data IPv6 prefix list version").String, + Optional: true, + }, + "destination_data_ipv6_prefix_list_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Destination data IPv6 prefix list ID").String, + Optional: true, + }, + "destination_data_ipv6_prefix_list_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Destination data IPv6 prefix list version").String, + Optional: true, + }, + }, + }, + }, + "action_entries": schema.ListNestedAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of action entries").String, + Optional: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "type": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Type of action entry").AddStringEnumDescription("count").String, + Required: true, + Validators: []validator.String{ + stringvalidator.OneOf("count"), + }, + }, + "counter_name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Counter name").String, + Optional: true, + }, + }, + }, + }, + }, + }, + }, + }, + } +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*SdwanProviderData).Client + r.updateMutex = req.ProviderData.(*SdwanProviderData).UpdateMutex +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan IPv6DeviceACLPolicyDefinition + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Name.ValueString())) + + // Create object + body := plan.toBody(ctx) + + res, err := r.client.Post("/template/policy/definition/deviceaccesspolicyv6/", body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) + return + } + + plan.Id = types.StringValue(res.Get("definitionId").String()) + plan.Version = types.Int64Value(0) + + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state IPv6DeviceACLPolicyDefinition + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Name.String())) + + res, err := r.client.Get("/template/policy/definition/deviceaccesspolicyv6/" + state.Id.ValueString()) + if strings.Contains(res.Get("error.message").String(), "Failed to find specified resource") || strings.Contains(res.Get("error.message").String(), "Invalid template type") || strings.Contains(res.Get("error.message").String(), "Template definition not found") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + state.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Name.ValueString())) + + diags = resp.State.Set(ctx, &state) + resp.Diagnostics.Append(diags...) +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state IPv6DeviceACLPolicyDefinition + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + // Read state + diags = req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Name.ValueString())) + + if plan.hasChanges(ctx, &state) { + body := plan.toBody(ctx) + r.updateMutex.Lock() + res, err := r.client.Put("/template/policy/definition/deviceaccesspolicyv6/"+plan.Id.ValueString(), body) + r.updateMutex.Unlock() + if err != nil { + if strings.Contains(res.Get("error.message").String(), "Failed to acquire lock") { + resp.Diagnostics.AddWarning("Client Warning", "Failed to modify policy due to policy being locked by another change. Policy changes will not be applied. Re-run 'terraform apply' to try again.") + } else { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + } + } else { + tflog.Debug(ctx, fmt.Sprintf("%s: No changes detected", plan.Name.ValueString())) + } + plan.Version = types.Int64Value(state.Version.ValueInt64() + 1) + + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state IPv6DeviceACLPolicyDefinition + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Name.ValueString())) + + res, err := r.client.Delete("/template/policy/definition/deviceaccesspolicyv6/" + state.Id.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Name.ValueString())) + + resp.State.RemoveResource(ctx) +} + +func (r *IPv6DeviceACLPolicyDefinitionResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/internal/provider/resource_sdwan_ipv6_device_acl_policy_definition_test.go b/internal/provider/resource_sdwan_ipv6_device_acl_policy_definition_test.go new file mode 100644 index 000000000..2bf7754d2 --- /dev/null +++ b/internal/provider/resource_sdwan_ipv6_device_acl_policy_definition_test.go @@ -0,0 +1,73 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccSdwanIPv6DeviceACLPolicyDefinition(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccSdwanIPv6DeviceACLPolicyDefinitionConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "name", "Example"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "description", "My description"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "default_action", "drop"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.id", "10"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.name", "Sequence 10"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.base_action", "accept"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.match_entries.0.type", "destinationPort"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.match_entries.0.destination_port", "22"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.action_entries.0.type", "count"), + resource.TestCheckResourceAttr("sdwan_ipv6_device_acl_policy_definition.test", "sequences.0.action_entries.0.counter_name", "count1"), + ), + }, + }, + }) +} + +const testAccSdwanIPv6DeviceACLPolicyDefinitionConfig = ` + + +resource "sdwan_ipv6_device_acl_policy_definition" "test" { + name = "Example" + description = "My description" + default_action = "drop" + sequences = [{ + id = 10 + name = "Sequence 10" + base_action = "accept" + match_entries = [{ + type = "destinationPort" + destination_port = 22 + }] + action_entries = [{ + type = "count" + counter_name = "count1" + }] + }] +} +` diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index b7dc1fd63..ebd2bc30f 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -25,6 +25,7 @@ description: |- - BREAKING CHANGE: Rename `sdwan_acl_policy_definition` resource and data source to `sdwan_ipv4_acl_policy_definition` - BREAKING CHANGE: Rename `sdwan_device_acl_policy_definition` resource and data source to `sdwan_ipv4_device_acl_policy_definition` - Add `sdwan_ipv6_acl_policy_definition` resource and data source +- Add `sdwan_ipv6_device_acl_policy_definition` resource and data source ## 0.2.11