Update filenames and structure

README.md

@@ -59,6 +59,8 @@ fmc:
 module "fmc" {
   source  = "netascode/nac-fmc/fmc"
   version = ">= 0.1.0"
+
+  yaml_files = ["fmc.yaml", "existing.yaml"]
 }
 ```
 

examples/network_groups/README.md

@@ -73,6 +73,8 @@ fmc:
 module "fmc" {
   source  = "netascode/nac-fmc/fmc"
   version = ">= 0.1.0"
+
+  yaml_files = ["fmc.yaml", "existing.yaml"]
 }
 ```
 <!-- END_TF_DOCS -->

examples/network_groups/main.tf

@@ -1,4 +1,6 @@
 module "fmc" {
   source  = "netascode/nac-fmc/fmc"
   version = ">= 0.1.0"
+
+  yaml_files = ["fmc.yaml", "existing.yaml"]
 }

fmc_access_rules.tf

@@ -1,3 +1,21 @@
+###
+# ACCESS RULE
+###
+locals {
+  res_accessrules = flatten([
+    for domain in local.domains : [
+      for accesspolicy in try(domain.access_policies, {}) : [
+        for accessrule in try(accesspolicy.access_rules, {}) : {
+          key  = replace("${accesspolicy.name}_${accessrule.name}", " ", "")
+          acp  = accesspolicy.name
+          idx  = index(accesspolicy.access_rules, accessrule)
+          data = accessrule
+        }
+      ]
+    ]
+  ])
+}
+
 resource "fmc_access_rules" "access_rule_0" {
   for_each = { for rule in local.res_accessrules : rule.key => rule if rule.idx == 0 }
   # Mandatory

fmc_deploy.tf

@@ -12,6 +12,7 @@ locals {
     ]
   ])
 }
+
 resource "fmc_ftd_deploy" "ftd" {
   for_each = { for deploymemt in local.res_deploy : deploymemt.device => deploymemt }
   # Mandatory  

fmc_device.tf → fmc_devices.tf

@@ -178,3 +178,100 @@ resource "fmc_device_subinterfaces" "sub_interfaces" {
   priority               = try(each.value.data.priority, null)
   security_zone_id       = try(local.map_securityzones[each.value.data.security_zone].id, null)
 }
+
+###
+# IPV4 STATIC ROUTE
+###
+locals {
+  res_ipv4staticroutes = flatten([
+    for domain in local.domains : [
+      for device in try(domain.devices, []) : [
+        for ipv4staticroute in try(device.ipv4_static_routes, []) : {
+          key               = "${device.name}/${ipv4staticroute.name}"
+          device_id         = local.map_devices[device.name].id
+          gateway_id        = local.map_networkobjects[ipv4staticroute.gateway].id
+          gateway_type      = local.map_networkobjects[ipv4staticroute.gateway].type
+          gateway_name      = ipv4staticroute.gateway
+          interface_name    = ipv4staticroute.interface
+          selected_networks = ipv4staticroute.selected_networks
+        }
+      ]
+    ]
+  ])
+}
+
+resource "fmc_staticIPv4_route" "ipv4staticroute" {
+  for_each = { for ipv4staticroute in local.res_ipv4staticroutes : ipv4staticroute.key => ipv4staticroute }
+
+  # Mandatory  
+  device_id      = each.value.device_id
+  interface_name = each.value.interface_name
+  metric_value   = try(each.value.metric_value, local.defaults.fmc.domains.devices.ipv4_static_routes.metric_value)
+
+  gateway {
+    object {
+      id   = each.value.gateway_id
+      type = each.value.gateway_type
+      name = each.value.gateway_name
+    }
+  }
+
+  dynamic "selected_networks" {
+    for_each = { for obj in each.value.selected_networks : obj => obj }
+    content {
+      id   = try(local.map_networkobjects[selected_networks.value].id, null)
+      type = try(local.map_networkobjects[selected_networks.value].type, null)
+    }
+  }
+
+  # Optional
+  is_tunneled = try(each.value.tunneled, local.defaults.fmc.domains.devices.ipv4_static_routes.tunneled, null)
+
+  depends_on = [
+    fmc_device_physical_interfaces.physical_interface,
+    data.fmc_device_physical_interfaces.physical_interface,
+    fmc_device_subinterfaces.sub_interfaces,
+    data.fmc_device_subinterfaces.sub_interfaces
+  ]
+}
+
+###
+# POLICY ASSIGNMENT
+###
+locals {
+  res_policyassignments = concat(
+    flatten([
+      for domain in local.domains : [
+        for device in try(domain.devices, []) : {
+          device = device.name
+          policy = device.nat_policy
+          type   = "NAT"
+        } if contains(keys(device), "nat_policy")
+      ]
+    ]),
+    flatten([
+      for domain in local.domains : [
+        for device in try(domain.devices, []) : {
+          device = device.name
+          policy = device.access_policy
+          type   = "ACP"
+        } if(contains(keys(device), "access_policy") && contains(local.data_devices, device.name))
+      ]
+    ])
+  )
+}
+
+resource "fmc_policy_devices_assignments" "policy_assignment" {
+  for_each = { for policyassignment in local.res_policyassignments : "${policyassignment.device}/${policyassignment.type}" => policyassignment }
+
+  # Mandatory
+  target_devices {
+    id   = local.map_devices[each.value.device].id
+    type = local.map_devices[each.value.device].type
+  }
+
+  policy {
+    id   = try(local.map_accesspolicies[each.value.policy].id, local.map_natpolicies[each.value.policy].id)
+    type = try(local.map_accesspolicies[each.value.policy].type, local.map_natpolicies[each.value.policy].type)
+  }
+}

fmc_ftdmanualnatrule.tf → fmc_ftd_manual_nat_rules.tf

@@ -1,3 +1,21 @@
+###
+# FTD MANUAL NAT RULE
+###
+locals {
+  res_ftdmanualnatrules = flatten([
+    for domain in local.domains : [
+      for natpolicy in try(domain.ftd_nat_policies, []) : [
+        for ftdmanualnatrule in try(natpolicy.ftd_manual_nat_rules, []) : {
+          key        = replace("${natpolicy.name}_${ftdmanualnatrule.name}", " ", "")
+          nat_policy = natpolicy.name
+          idx        = index(natpolicy.ftd_manual_nat_rules, ftdmanualnatrule)
+          data       = ftdmanualnatrule
+        }
+      ]
+    ]
+  ])
+}
+
 resource "fmc_ftd_manualnat_rules" "manualnat_rules_0" {
   for_each = { for rule in local.res_ftdmanualnatrules : rule.key => rule if rule.idx == 0 }
   # Mandatory