Resolve issue CiscoDevNet#265

Author: seconroy

docs/data-sources/system_remote_access_profile_parcel.md

@@ -29,25 +29,21 @@ data "sdwan_system_remote_access_profile_parcel" "example" {
 
 ### Read-Only
 
-- `aaa_derive_name_domain` (String)
-- `aaa_derive_name_domain_variable` (String) Variable name
-- `aaa_derive_name_identity` (String)
-- `aaa_derive_name_identity_variable` (String) Variable name
+- `aaa_derive_name_from_peer_domain` (String)
+- `aaa_derive_name_from_peer_domain_variable` (String) Variable name
+- `aaa_derive_name_from_peer_identity` (String)
+- `aaa_derive_name_from_peer_identity_variable` (String) Variable name
 - `aaa_enable_accounting` (Boolean) Enable Accounting
 - `aaa_enable_accounting_variable` (String) Variable name
 - `aaa_specify_name_policy_name` (String)
 - `aaa_specify_name_policy_name_variable` (String) Variable name
 - `aaa_specify_name_policy_password` (String)
 - `aaa_specify_name_policy_password_variable` (String) Variable name
 - `any_connect_eap_authentication_type` (String)
-- `any_connect_eap_profile_download_status` (String)
-- `any_connect_eap_profile_download_status_variable` (String) Variable name
-- `any_connect_eap_profile_file_name` (String)
-- `any_connect_eap_profile_file_name_variable` (String) Variable name
 - `connection_type_ssl` (Boolean) Enabled SSL VPN
 - `description` (String) The description of the profile parcel
-- `enable_crl_check` (Boolean)
-- `enable_crl_check_variable` (String) Variable name
+- `enable_certificate_list_check` (Boolean)
+- `enable_certificate_list_check_variable` (String) Variable name
 - `ikev2_anti_dos_threshold` (Number) Anti-DOS Threshold
 - `ikev2_anti_dos_threshold_variable` (String) Variable name
 - `ikev2_local_ike_identity_type` (String)

docs/resources/system_remote_access_profile_parcel.md

@@ -16,29 +16,27 @@ This resource can manage a System Remote Access profile parcel.
 
 ```terraform
 resource "sdwan_system_remote_access_profile_parcel" "example" {
-  name                                    = "Example"
-  description                             = "My Example"
-  feature_profile_id                      = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
-  connection_type_ssl                     = false
-  any_connect_eap_authentication_type     = "user"
-  any_connect_eap_profile_download_status = "INITIALIZED"
-  any_connect_eap_profile_file_name       = "<form-data>"
-  ipv4_pool_size                          = 50
-  ipv6_pool_size                          = 1024
-  enable_crl_check                        = false
-  psk_authentication_type                 = "aaa"
-  psk_authentication_pre_shared_key       = "Cisco123"
-  radius_group_name                       = "radius-1"
-  aaa_derive_name_identity                = "MyPassword"
-  aaa_enable_accounting                   = false
-  ikev2_local_ike_identity_type           = "EMAIL"
-  ikev2_local_ike_identity_value          = "[email protected]"
-  ikev2_security_association_lifetime     = 86400
-  ikev2_anti_dos_threshold                = 99
-  ipsec_enable_anti_replay                = false
-  ipsec_anti_replay_window_size           = 64
-  ipsec_security_association_lifetime     = 3600
-  ipsec_enable_perfect_foward_secrecy     = false
+  name                                = "Example"
+  description                         = "My Example"
+  feature_profile_id                  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  connection_type_ssl                 = false
+  any_connect_eap_authentication_type = "user"
+  ipv4_pool_size                      = 50
+  ipv6_pool_size                      = 1024
+  enable_certificate_list_check       = false
+  psk_authentication_type             = "aaa"
+  psk_authentication_pre_shared_key   = "Cisco123"
+  radius_group_name                   = "radius-1"
+  aaa_derive_name_from_peer_identity  = "MyPassword"
+  aaa_enable_accounting               = false
+  ikev2_local_ike_identity_type       = "EMAIL"
+  ikev2_local_ike_identity_value      = "[email protected]"
+  ikev2_security_association_lifetime = 86400
+  ikev2_anti_dos_threshold            = 99
+  ipsec_enable_anti_replay            = false
+  ipsec_anti_replay_window_size       = 64
+  ipsec_security_association_lifetime = 3600
+  ipsec_enable_perfect_foward_secrecy = false
 }
 ```
 
@@ -53,27 +51,22 @@ resource "sdwan_system_remote_access_profile_parcel" "example" {
 
 ### Optional
 
-- `aaa_derive_name_domain` (String)
-- `aaa_derive_name_domain_variable` (String) Variable name
-- `aaa_derive_name_identity` (String)
-- `aaa_derive_name_identity_variable` (String) Variable name
+- `aaa_derive_name_from_peer_domain` (String)
+- `aaa_derive_name_from_peer_domain_variable` (String) Variable name
+- `aaa_derive_name_from_peer_identity` (String)
+- `aaa_derive_name_from_peer_identity_variable` (String) Variable name
 - `aaa_enable_accounting` (Boolean) Enable Accounting
   - Default value: `true`
 - `aaa_enable_accounting_variable` (String) Variable name
 - `aaa_specify_name_policy_name` (String)
 - `aaa_specify_name_policy_name_variable` (String) Variable name
 - `aaa_specify_name_policy_password` (String)
 - `aaa_specify_name_policy_password_variable` (String) Variable name
-- `any_connect_eap_profile_download_status` (String) - Choices: `NONE`, `INITIALIZED`, `INITIALIZED_ERROR`, `COMPLETE`, `COMPLETE_ERROR`
-  - Default value: `NONE`
-- `any_connect_eap_profile_download_status_variable` (String) Variable name
-- `any_connect_eap_profile_file_name` (String)
-- `any_connect_eap_profile_file_name_variable` (String) Variable name
 - `connection_type_ssl` (Boolean) Enabled SSL VPN
   - Default value: `false`
 - `description` (String) The description of the profile parcel
-- `enable_crl_check` (Boolean) - Default value: `false`
-- `enable_crl_check_variable` (String) Variable name
+- `enable_certificate_list_check` (Boolean) - Default value: `false`
+- `enable_certificate_list_check_variable` (String) Variable name
 - `feature_profile_id` (String) Feature Profile ID
 - `ikev2_anti_dos_threshold` (Number) Anti-DOS Threshold
   - Range: `10`-`1000`

examples/resources/sdwan_system_remote_access_profile_parcel/resource.tf

@@ -1,25 +1,23 @@
 resource "sdwan_system_remote_access_profile_parcel" "example" {
-  name                                    = "Example"
-  description                             = "My Example"
-  feature_profile_id                      = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
-  connection_type_ssl                     = false
-  any_connect_eap_authentication_type     = "user"
-  any_connect_eap_profile_download_status = "INITIALIZED"
-  any_connect_eap_profile_file_name       = "<form-data>"
-  ipv4_pool_size                          = 50
-  ipv6_pool_size                          = 1024
-  enable_crl_check                        = false
-  psk_authentication_type                 = "aaa"
-  psk_authentication_pre_shared_key       = "Cisco123"
-  radius_group_name                       = "radius-1"
-  aaa_derive_name_identity                = "MyPassword"
-  aaa_enable_accounting                   = false
-  ikev2_local_ike_identity_type           = "EMAIL"
-  ikev2_local_ike_identity_value          = "[email protected]"
-  ikev2_security_association_lifetime     = 86400
-  ikev2_anti_dos_threshold                = 99
-  ipsec_enable_anti_replay                = false
-  ipsec_anti_replay_window_size           = 64
-  ipsec_security_association_lifetime     = 3600
-  ipsec_enable_perfect_foward_secrecy     = false
+  name                                = "Example"
+  description                         = "My Example"
+  feature_profile_id                  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  connection_type_ssl                 = false
+  any_connect_eap_authentication_type = "user"
+  ipv4_pool_size                      = 50
+  ipv6_pool_size                      = 1024
+  enable_certificate_list_check       = false
+  psk_authentication_type             = "aaa"
+  psk_authentication_pre_shared_key   = "Cisco123"
+  radius_group_name                   = "radius-1"
+  aaa_derive_name_from_peer_identity  = "MyPassword"
+  aaa_enable_accounting               = false
+  ikev2_local_ike_identity_type       = "EMAIL"
+  ikev2_local_ike_identity_value      = "[email protected]"
+  ikev2_security_association_lifetime = 86400
+  ikev2_anti_dos_threshold            = 99
+  ipsec_enable_anti_replay            = false
+  ipsec_anti_replay_window_size       = 64
+  ipsec_security_association_lifetime = 3600
+  ipsec_enable_perfect_foward_secrecy = false
 }

gen/definitions/profile_parcels/system_remote_access.yaml

@@ -15,28 +15,38 @@ attributes:
     example: false
   - model_name: anyConnectEapAuth
     tf_name: any_connect_eap_authentication_type
-    example: user
-  - model_name: anyConnectProfileDownloadStatus
-    tf_name: any_connect_eap_profile_download_status
-    conditional_attribute:
-      name: any_connect_eap_authentication_type
-      value: device
-    example: INITIALIZED
-  - model_name: anyConnectProfileFileName
-    tf_name: any_connect_eap_profile_file_name
     conditional_attribute:
-      name: any_connect_eap_authentication_type
-      value: device
-    example: "<form-data>"
+      name: connection_type_ssl
+      value: false
+      type: Bool
+    example: user
+    # ==== Requires support for file upload ===
+  # - model_name: anyConnectProfileDownloadStatus
+  #   tf_name: any_connect_eap_profile_download_status
+  #   example: INITIALIZED
+      # conditional_attribute:
+      #     name: any_connect_eap_authentication_type
+      #     value: device
+  # - model_name: anyConnectProfileFileName
+  #   tf_name: any_connect_eap_profile_file_name
+  #   example: "<form-data>"
+      # conditional_attribute:
+      #     name: any_connect_eap_authentication_type
+      #     value: device
   - model_name: ipv4PoolSize
     example: 50
   - model_name: ipv6PoolSize
     example: 1024
   - model_name: enableCrlCheck
+    tf_name: enable_certificate_list_check
     example: false
   - model_name: pskSelection
     tf_name: psk_authentication_type
     data_path: [pskAuth]
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: aaa
   - model_name: preSharedKey
     tf_name: psk_authentication_pre_shared_key
@@ -59,44 +69,84 @@ attributes:
     exclude_test: true
     example: cisco123
   - model_name: deriveNameIdentity
-    tf_name: aaa_derive_name_identity
+    tf_name: aaa_derive_name_from_peer_identity
     data_path: [aaaPolicy]
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: MyPassword
   - model_name: deriveNameDomain
-    tf_name: aaa_derive_name_domain
+    tf_name: aaa_derive_name_from_peer_domain
     data_path: [aaaPolicy]
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     exclude_test: true
     example: MyPassword
   - model_name: enableAccounting
     tf_name: aaa_enable_accounting
     example: false
   - model_name: localIkev2IdentityType
     tf_name: ikev2_local_ike_identity_type
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: EMAIL
   - model_name: localIkev2IdentityValue
     tf_name: ikev2_local_ike_identity_value
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: [email protected]
   - model_name: ikev2SaLifetime
     tf_name: ikev2_security_association_lifetime
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: 86400
   - model_name: antiDosThreshold
     tf_name: ikev2_anti_dos_threshold
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: 99
   - model_name: enableAntiReplay
     tf_name: ipsec_enable_anti_replay
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: false
   - model_name: antiReplayWindowSize
     tf_name: ipsec_anti_replay_window_size
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: 64
   - model_name: ipSecSaLifetime
     tf_name: ipsec_security_association_lifetime
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: 3600
   - model_name: enablePFS
     tf_name: ipsec_enable_perfect_foward_secrecy
+    conditional_attribute:
+      name: connection_type_ssl
+      value: false
+      type: Bool
     example: false
 
 test_prerequisites: |
   resource "sdwan_system_feature_profile" "test" {
     name = "TF_TEST"
     description = "Terraform test"
-  }
+  }

gen/generator.go

@@ -269,6 +269,7 @@ type YamlConfigAttribute struct {
 type YamlConfigConditionalAttribute struct {
 	Name  string `yaml:"name"`
 	Value string `yaml:"value"`
+	Type  string `yaml:"type"`
 }
 
 // Templating helper function to convert TF name to GO name

gen/schema/schema.yaml

@@ -81,3 +81,4 @@ attribute:
 conditional_attribute:
   name: str() # Reference to other attribute
   value: str() # Attribute value
+  types: str()