From 8fd3f5f2ca4ee69e9e4a3a8eddcaf2c404388963 Mon Sep 17 00:00:00 2001 From: anvitha-jain Date: Fri, 1 Mar 2024 16:14:25 -0800 Subject: [PATCH] [minor_changes] Added connector_type and att_notify parameters to 'aci_function_mode' and fixed documentation for aci_function_node and and aci_connection to have a particular format for names and added examples to show these changes. --- aci/data_source_aci_vnsabsnode.go | 16 + aci/resource_aci_vnsabsnode.go | 66 +++- docs/data-sources/function_node.md | 6 +- docs/resources/connection.md | 2 +- docs/resources/function_node.md | 10 +- examples/function_node/main.tf | 216 +++++++++- examples/l4_l7_service_graph_template/main.tf | 369 +++++++++--------- 7 files changed, 483 insertions(+), 202 deletions(-) diff --git a/aci/data_source_aci_vnsabsnode.go b/aci/data_source_aci_vnsabsnode.go index 15a54934b..7dc5fd3ca 100644 --- a/aci/data_source_aci_vnsabsnode.go +++ b/aci/data_source_aci_vnsabsnode.go @@ -97,6 +97,22 @@ func dataSourceAciFunctionNode() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "l4_l7_device_interface_consumer_connector_type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "l4_l7_device_interface_provider_connector_type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "l4_l7_device_interface_consumer_att_notify": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "l4_l7_device_interface_provider_att_notify": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, }), } } diff --git a/aci/resource_aci_vnsabsnode.go b/aci/resource_aci_vnsabsnode.go index 07deeb2bb..08b9cd2c0 100644 --- a/aci/resource_aci_vnsabsnode.go +++ b/aci/resource_aci_vnsabsnode.go @@ -148,29 +148,63 @@ func resourceAciFunctionNode() *schema.Resource { }, "relation_vns_rs_node_to_abs_func_prof": &schema.Schema{ - Type: schema.TypeString, - + Type: schema.TypeString, Optional: true, }, "relation_vns_rs_node_to_l_dev": &schema.Schema{ - Type: schema.TypeString, - + Type: schema.TypeString, Optional: true, }, "relation_vns_rs_node_to_m_func": &schema.Schema{ - Type: schema.TypeString, - + Type: schema.TypeString, Optional: true, }, "relation_vns_rs_default_scope_to_term": &schema.Schema{ - Type: schema.TypeString, - + Type: schema.TypeString, Optional: true, }, "relation_vns_rs_node_to_cloud_l_dev": &schema.Schema{ - Type: schema.TypeString, - + Type: schema.TypeString, + Optional: true, + }, + "l4_l7_device_interface_consumer_connector_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{ + "none", + "redir", + }, false), + }, + "l4_l7_device_interface_provider_connector_type": &schema.Schema{ + Type: schema.TypeString, Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{ + "none", + "redir", + "dnat", + "snat", + "snat_dnat", + }, false), + }, + "l4_l7_device_interface_consumer_att_notify": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{ + "no", + "yes", + }, false), + }, + "l4_l7_device_interface_provider_att_notify": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{ + "no", + "yes", + }, false), }, }), } @@ -231,6 +265,8 @@ func getAndSetFunctionNodeRelationalAttributes(client *client.Client, dn string, } d.Set("conn_consumer_dn", vnsAbsFuncConn.DistinguishedName) d.Set("l4_l7_device_interface_consumer_name", vnsAbsFuncConn.DeviceLIfName) + d.Set("l4_l7_device_interface_consumer_connector_type", vnsAbsFuncConn.ConnType) + d.Set("l4_l7_device_interface_consumer_att_notify", vnsAbsFuncConn.AttNotify) // Provider Part provDn := fmt.Sprintf("%s/AbsFConn-provider", dn) @@ -244,6 +280,8 @@ func getAndSetFunctionNodeRelationalAttributes(client *client.Client, dn string, } d.Set("conn_provider_dn", vnsAbsFuncConn.DistinguishedName) d.Set("l4_l7_device_interface_provider_name", vnsAbsFuncConn.DeviceLIfName) + d.Set("l4_l7_device_interface_provider_connector_type", vnsAbsFuncConn.ConnType) + d.Set("l4_l7_device_interface_provider_att_notify", vnsAbsFuncConn.AttNotify) vnsRsNodeToAbsFuncProfData, err := client.ReadRelationvnsRsNodeToAbsFuncProfFromFunctionNode(dn) if err != nil { @@ -361,6 +399,8 @@ func resourceAciFunctionNodeCreate(ctx context.Context, d *schema.ResourceData, vnsAbsFuncConnAttr := models.FunctionConnectorAttributes{} vnsAbsFuncConnAttr.Annotation = "{}" vnsAbsFuncConnAttr.DeviceLIfName = d.Get("l4_l7_device_interface_consumer_name").(string) + vnsAbsFuncConnAttr.AttNotify = d.Get("l4_l7_device_interface_consumer_att_notify").(string) + vnsAbsFuncConnAttr.ConnType = d.Get("l4_l7_device_interface_consumer_connector_type").(string) vnsAbsFuncConn := models.NewFunctionConnector(fmt.Sprintf("AbsFConn-%s", "consumer"), vnsAbsNode.DistinguishedName, "", vnsAbsFuncConnAttr) err = aciClient.Save(vnsAbsFuncConn) if err != nil { @@ -369,6 +409,8 @@ func resourceAciFunctionNodeCreate(ctx context.Context, d *schema.ResourceData, d.Set("conn_consumer_dn", vnsAbsFuncConn.DistinguishedName) vnsAbsFuncConnAttr.DeviceLIfName = d.Get("l4_l7_device_interface_provider_name").(string) + vnsAbsFuncConnAttr.AttNotify = d.Get("l4_l7_device_interface_provider_att_notify").(string) + vnsAbsFuncConnAttr.ConnType = d.Get("l4_l7_device_interface_provider_connector_type").(string) vnsAbsFuncConn = models.NewFunctionConnector(fmt.Sprintf("AbsFConn-%s", "provider"), vnsAbsNode.DistinguishedName, "", vnsAbsFuncConnAttr) err = aciClient.Save(vnsAbsFuncConn) if err != nil { @@ -509,6 +551,8 @@ func resourceAciFunctionNodeUpdate(ctx context.Context, d *schema.ResourceData, vnsAbsFuncConnAttr := models.FunctionConnectorAttributes{} vnsAbsFuncConnAttr.Annotation = "{}" vnsAbsFuncConnAttr.DeviceLIfName = d.Get("l4_l7_device_interface_consumer_name").(string) + vnsAbsFuncConnAttr.AttNotify = d.Get("l4_l7_device_interface_consumer_att_notify").(string) + vnsAbsFuncConnAttr.ConnType = d.Get("l4_l7_device_interface_consumer_connector_type").(string) vnsAbsFuncConn := models.NewFunctionConnector(fmt.Sprintf("AbsFConn-%s", "consumer"), vnsAbsNode.DistinguishedName, "", vnsAbsFuncConnAttr) err = aciClient.Save(vnsAbsFuncConn) if err != nil { @@ -521,6 +565,8 @@ func resourceAciFunctionNodeUpdate(ctx context.Context, d *schema.ResourceData, vnsAbsFuncConnAttr := models.FunctionConnectorAttributes{} vnsAbsFuncConnAttr.Annotation = "{}" vnsAbsFuncConnAttr.DeviceLIfName = d.Get("l4_l7_device_interface_provider_name").(string) + vnsAbsFuncConnAttr.AttNotify = d.Get("l4_l7_device_interface_provider_att_notify").(string) + vnsAbsFuncConnAttr.ConnType = d.Get("l4_l7_device_interface_provider_connector_type").(string) vnsAbsFuncConn := models.NewFunctionConnector(fmt.Sprintf("AbsFConn-%s", "provider"), vnsAbsNode.DistinguishedName, "", vnsAbsFuncConnAttr) err = aciClient.Save(vnsAbsFuncConn) if err != nil { diff --git a/docs/data-sources/function_node.md b/docs/data-sources/function_node.md index 8380f3faf..3fe9f8499 100644 --- a/docs/data-sources/function_node.md +++ b/docs/data-sources/function_node.md @@ -53,4 +53,8 @@ data "aci_function_node" "example" { - `relation_vns_rs_node_to_l_dev` - (Read-Only) Represents the relation to Logical Device Abstraction (class vnsALDevIf). Type: String. - `relation_vns_rs_node_to_m_func` - (Read-Only) Represents the relation to Meta Function (class vnsMFunc). Type: String. - `relation_vns_rs_default_scope_to_term` - (Read-Only) Represents the relation to Terminal Abstract Class (class vnsATerm). Type: String. -- `relation_vns_rs_node_to_cloud_l_dev` - (Read-Only) Represents the relation to Cloud L4-L7 Abstract Devices (class cloudALDev). Type: String. \ No newline at end of file +- `relation_vns_rs_node_to_cloud_l_dev` - (Read-Only) Represents the relation to Cloud L4-L7 Abstract Devices (class cloudALDev). Type: String. +- `l4_l7_device_interface_consumer_connector_type` - (Read-Only) The connection type of the consumer interface. Type: String. +- `l4_l7_device_interface_provider_connector_type` - (Read-Only) The connection type of the provider interface. Type: String. +- `l4_l7_device_interface_consumer_att_notify` - (Read-Only) The consumer interface attribute notification. Type: String. +- `l4_l7_device_interface_provider_att_notify` - (Read-Only) The provider interface attribute notification. Type: String. \ No newline at end of file diff --git a/docs/resources/connection.md b/docs/resources/connection.md index f55d2146f..f5e67ce91 100644 --- a/docs/resources/connection.md +++ b/docs/resources/connection.md @@ -35,7 +35,7 @@ resource "aci_connection" "conn2" { ## Argument Reference - `l4_l7_service_graph_template_dn` - (Required) Distinguished name of parent L4-L7 Service Graph Template object. -- `name` - (Required) Name of object connection. +- `name` - (Required) Name of object connection. The valid connection name format is `CONX`, where X is a number starting with 0. Type: String. - `adj_type` - (Optional) Connector adjacency type. Allowed values are "L2", "L3". Default value is "L2". - `annotation` - (Optional) Annotation for object connection. - `description` - (Optional) Description for object connection. diff --git a/docs/resources/function_node.md b/docs/resources/function_node.md index 69b5730c6..301331e3f 100644 --- a/docs/resources/function_node.md +++ b/docs/resources/function_node.md @@ -38,13 +38,17 @@ resource "aci_function_node" "example" { share_encap = "yes" l4_l7_device_interface_consumer_name = "interface1" l4_l7_device_interface_provider_name = "interface2" + l4_l7_device_interface_consumer_connector_type = "none" + l4_l7_device_interface_provider_connector_type = "redir" + l4_l7_device_interface_consumer_att_notify = "no" + l4_l7_device_interface_provider_att_notify = "yes" } ``` ## Argument Reference - `l4_l7_service_graph_template_dn` - (Required) Distinguished name of parent L4-L7 Service Graph Template object. Type: String. -- `name` - (Required) Name of the Function Node object. Type: String. +- `name` - (Required) Name of the Function Node object. The valid function node format is `NX`, where X is a number starting with 0. Type: String. - `annotation` - (Optional) Annotation of the Function Node object. Type: String. - `description` - (Optional) Description of the Function Node object. Type: String. - `func_template_type` - (Optional) Function Template type of the Function Node object. Allowed values: "OTHER", "FW_TRANS", "FW_ROUTED", "CLOUD_VENDOR_LB", "CLOUD_VENDOR_FW", "CLOUD_NATIVE_LB", "CLOUD_NATIVE_FW", "ADC_TWO_ARM", "ADC_ONE_ARM". Default value: "OTHER". Type: String. @@ -62,6 +66,10 @@ resource "aci_function_node" "example" { - `relation_vns_rs_node_to_m_func` - (Optional) Represents the relation to Meta Function (class vnsMFunc). Type: String. - `relation_vns_rs_default_scope_to_term` - (Optional) Represents the relation to Terminal Abstract Class (class vnsATerm). Type: String. - `relation_vns_rs_node_to_cloud_l_dev` - (Optional) Represents the relation to Cloud L4-L7 Abstract Devices (class cloudALDev). Type: String. +- `l4_l7_device_interface_consumer_connector_type` - (Optional) The connection type of the consumer interface. Allowed values: "none", "redir". Default value: "none". This argument can be set only when the function node is a "network load balancer" or "third party firewall". Type: String. +- `l4_l7_device_interface_provider_connector_type` - (Optional) The connection type of the provider interface. Allowed values: "none", "redir", "dnat", "snat", "snat_dnat". This argument can be set only when the function node is a "network load balancer" or "third party firewall". Default value: "none". Type: String. +- `l4_l7_device_interface_consumer_att_notify` - (Optional) The consumer interface attribute notification. Allowed values: "no", "yes". Default value: "no". Type: String. +- `l4_l7_device_interface_provider_att_notify` - (Optional) The provider interface attribute notification. Allowed values: "no", "yes". Default value: "no". Type: String. ## Importing diff --git a/examples/function_node/main.tf b/examples/function_node/main.tf index ab328406c..7eab5343a 100644 --- a/examples/function_node/main.tf +++ b/examples/function_node/main.tf @@ -13,15 +13,209 @@ provider "aci" { insecure = true } -resource "aci_function_node" "foofunction_node" { - - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.serviceGraphTemp.id - name = "functionNodeOne" - func_template_type = "OTHER" - func_type = "None" - is_copy = "no" - managed = "no" - routing_mode = "unspecified" - sequence_number = "3" - share_encap = "yes" +data "aci_tenant" "tf_tenant" { + name = "tf_ansible_test" +} +data "aci_vrf" "tf_vrf" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_vrf" +} + +data "aci_cloud_context_profile" "ccp1" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_ccp" +} +data "aci_cloud_cidr_pool" "cidr1" { + cloud_context_profile_dn = data.aci_cloud_context_profile.ccp1.id + addr = "10.20.0.0/25" +} +data "aci_cloud_subnet" "cs1" { + cloud_cidr_pool_dn = data.aci_cloud_cidr_pool.cidr1.id + ip = "10.20.0.0/25" +} + +# Create Logical Firewall Representation (3rd party example) + +resource "aci_cloud_l4_l7_third_party_device" "third_pa_fw" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_third_party_fw" + relation_cloud_rs_ldev_to_ctx = data.aci_vrf.tf_vrf.id + interface_selectors { + allow_all = "yes" + name = "trust" + end_point_selectors { + match_expression = "custom:internal=='trust'" + name = "trust" + } + } + interface_selectors { + allow_all = "yes" + name = "untrust" + end_point_selectors { + match_expression = "custom:external=='untrust'" + name = "untrust" + } + } +} + +# Create Native Network Load Balancer for Firewall + +resource "aci_cloud_l4_l7_native_load_balancer" "cloud_nlb" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_cloud_nlb" + relation_cloud_rs_ldev_to_cloud_subnet = [data.aci_cloud_subnet.cs1.id] + allow_all = "yes" + is_static_ip = "yes" + static_ip_address = ["10.20.0.0"] + scheme = "internal" + cloud_l4l7_load_balancer_type = "network" +} + +resource "aci_l4_l7_service_graph_template" "tf_sg" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_sg_1" + l4_l7_service_graph_template_type = "cloud" +} + +resource "aci_function_node" "tf_nlb" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "N0" + func_template_type = "ADC_ONE_ARM" + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_native_load_balancer.cloud_nlb.id + managed = "yes" + func_type = "GoTo" + is_copy = "no" + sequence_number = "0" +} + +resource "aci_function_node" "tf_fw" { # does not get configured + l4_l7_service_graph_template_dn = aci_function_node.tf_nlb.l4_l7_service_graph_template_dn + name = "N1" + func_template_type = "FW_ROUTED" + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_third_party_device.third_pa_fw.id + l4_l7_device_interface_consumer_name = "trust" + l4_l7_device_interface_provider_name = "untrust" + managed = "no" +} + +# Create L4-L7 Service Graph connection with template T1 and the first node N0. +resource "aci_connection" "t1-n0" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "CON0" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_l4_l7_service_graph_template.tf_sg.term_cons_dn, + aci_function_node.tf_nlb.conn_consumer_dn + ] +} + +# Create L4-L7 Service Graph connection with current node N0 and next node N1. +resource "aci_connection" "n0-n1" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "CON1" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_nlb.conn_provider_dn, + aci_function_node.tf_fw.conn_consumer_dn + ] +} + +# Create L4-L7 Service Graph connection with the last node N1 and template T2. +resource "aci_connection" "n1-t1" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "CON2" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_fw.conn_provider_dn, + aci_l4_l7_service_graph_template.tf_sg.term_prov_dn + ] +} + + +resource "aci_l4_l7_service_graph_template" "tf_sg2" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_sg_2" + l4_l7_service_graph_template_type = "cloud" +} + +resource "aci_function_node" "tf_nlb2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "N0" + func_template_type = "ADC_ONE_ARM" + routing_mode = "Redirect" + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_native_load_balancer.cloud_nlb.id + managed = "yes" + l4_l7_device_interface_consumer_connector_type = "none" + l4_l7_device_interface_provider_connector_type = "redir" +} + +resource "aci_function_node" "tf_fw2" { # does not get configured + l4_l7_service_graph_template_dn = aci_function_node.tf_nlb2.l4_l7_service_graph_template_dn + name = "N1" + func_template_type = "FW_ROUTED" + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_third_party_device.third_pa_fw.id + l4_l7_device_interface_consumer_name = "trust" + l4_l7_device_interface_provider_name = "untrust" + l4_l7_device_interface_consumer_connector_type = "redir" + l4_l7_device_interface_provider_connector_type = "snat" + l4_l7_device_interface_consumer_att_notify = "no" + l4_l7_device_interface_provider_att_notify = "yes" + managed = "no" +} + +# Create L4-L7 Service Graph tf_sg2 connection with template T1 and the first node N0. +resource "aci_connection" "t1-n0-2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "CON0" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_l4_l7_service_graph_template.tf_sg2.term_cons_dn, + aci_function_node.tf_nlb2.conn_consumer_dn + ] +} + +# Create L4-L7 Service Graph tf_sg2 connection with current node N0 and next node N1. +resource "aci_connection" "n0-n1-2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "CON1" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_nlb2.conn_provider_dn, + aci_function_node.tf_fw2.conn_consumer_dn + ] +} + +# Create L4-L7 Service Graph tf_sg2 connection with the last node N1 and template T2. +resource "aci_connection" "n1-t1-2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "CON2" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_fw2.conn_provider_dn, + aci_l4_l7_service_graph_template.tf_sg2.term_prov_dn + ] } diff --git a/examples/l4_l7_service_graph_template/main.tf b/examples/l4_l7_service_graph_template/main.tf index c5b68bb58..19ee3e5c4 100644 --- a/examples/l4_l7_service_graph_template/main.tf +++ b/examples/l4_l7_service_graph_template/main.tf @@ -5,226 +5,239 @@ terraform { } } } +# provider "aci" { #azure 26 +# username = "admin" +# password = "C!sco123456$" +# url = "https://172.167.14.72/" +# insecure = true +# } provider "aci" { - username = "" - password = "" - url = "" + username = "ansible_github_ci" + password = "sJ94G92#8dq2hx*K4qh" + url = "https://20.253.151.162" insecure = true } -resource "aci_tenant" "tf_tenant" { - name = "tf_tenant" -} -# VRF setup part -resource "aci_vrf" "vrf1" { - tenant_dn = aci_tenant.tf_tenant.id - name = "vrf-1" -} -# AAA Domain setup part -resource "aci_aaa_domain" "aaa_domain_1" { - name = "aaa_domain_1" +data "aci_tenant" "tf_tenant" { + name = "ansible_test_anv" } - -resource "aci_cloud_context_profile" "ctx1" { - name = "tf_ctx1" - tenant_dn = aci_tenant.tf_tenant.id - primary_cidr = "10.1.0.0/16" - region = "westus" - cloud_vendor = "azure" - relation_cloud_rs_to_ctx = aci_vrf.vrf1.id - hub_network = "uni/tn-infra/gwrouterp-default" +data "aci_vrf" "tf_vrf" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "vrf_anv" } -resource "aci_cloud_cidr_pool" "cloud_cidr_pool" { - cloud_context_profile_dn = aci_cloud_context_profile.ctx1.id - addr = "10.1.0.0/16" +data "aci_cloud_context_profile" "ccp1" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "ccp" } - -data "aci_cloud_provider_profile" "cloud_profile" { - vendor = "azure" +data "aci_cloud_cidr_pool" "cidr1" { + cloud_context_profile_dn = data.aci_cloud_context_profile.ccp1.id + addr = "10.20.0.0/25" } - -data "aci_cloud_providers_region" "cloud_region" { - cloud_provider_profile_dn = data.aci_cloud_provider_profile.cloud_profile.id - name = "westus" +data "aci_cloud_subnet" "cs1" { + cloud_cidr_pool_dn = data.aci_cloud_cidr_pool.cidr1.id + ip = "10.20.0.0/25" } -data "aci_cloud_availability_zone" "region_availability_zone" { - cloud_providers_region_dn = data.aci_cloud_providers_region.cloud_region.id - name = "default" +data "aci_cloud_context_profile" "ccp2" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "ccp_anv2" } - -resource "aci_cloud_subnet" "cloud_subnet" { - cloud_cidr_pool_dn = aci_cloud_cidr_pool.cloud_cidr_pool.id - ip = "10.1.1.0/24" - usage = "gateway" - zone = data.aci_cloud_availability_zone.region_availability_zone.id - scope = ["shared", "private", "public"] +data "aci_cloud_cidr_pool" "cidr2" { + cloud_context_profile_dn = data.aci_cloud_context_profile.ccp2.id + addr = "10.40.20.0/16" } - -# Application Load Balancer -resource "aci_cloud_l4_l7_native_load_balancer" "cloud_native_alb" { - tenant_dn = aci_tenant.tf_tenant.id - name = "cloud_native_alb" - aaa_domain_dn = [ - aci_aaa_domain.aaa_domain_1.id - ] - relation_cloud_rs_ldev_to_cloud_subnet = [ - aci_cloud_subnet.cloud_subnet.id - ] - cloud_l4l7_load_balancer_type = "application" - is_static_ip = "yes" - static_ip_address = ["10.1.1.0"] +data "aci_cloud_subnet" "cs2" { + cloud_cidr_pool_dn = data.aci_cloud_cidr_pool.cidr2.id + ip = "10.40.20.0/24" } -# Third-Party Firewall -resource "aci_cloud_l4_l7_third_party_device" "cloud_third_party_fw" { - tenant_dn = aci_tenant.tf_tenant.id - name = "cloud_third_party_fw" - service_type = "FW" - aaa_domain_dn = [ - aci_aaa_domain.aaa_domain_1.id - ] - relation_cloud_rs_ldev_to_ctx = aci_vrf.vrf1.id +# Create Logical Firewall Representation (3rd party example) + +resource "aci_cloud_l4_l7_third_party_device" "third_pa_fw" { + # tenant_dn = data.aci_tenant.infra_tenant.id + tenant_dn = data.aci_tenant.tf_tenant.id # aci_tenant.tf_tenant.id + name = "tf_third_party_fw" + # relation_cloud_rs_ldev_to_ctx = data.aci_vrf.services_vrf.id + relation_cloud_rs_ldev_to_ctx = data.aci_vrf.tf_vrf.id #aci_vrf.vrf1.id interface_selectors { - allow_all = "no" - name = "Interface_1" - end_point_selectors { - match_expression = "IP=='1.1.1.21/24'" - name = "Interface_1_ep_1" - } + allow_all = "yes" + name = "trust" end_point_selectors { - match_expression = "custom:Name1=='admin-ep1'" - name = "Interface_1_ep_2" + match_expression = "custom:internal=='trust'" + name = "trust" } } interface_selectors { - allow_all = "no" - name = "Interface_2" + allow_all = "yes" + name = "untrust" end_point_selectors { - match_expression = "IP=='1.1.1.21/24'" - name = "Interface_2_ep_1" - } - end_point_selectors { - match_expression = "custom:Name1=='admin-ep1'" - name = "Interface_2_ep_2" + match_expression = "custom:external=='untrust'" + name = "untrust" } } } -# Third-Party Load Balancer -resource "aci_cloud_l4_l7_third_party_device" "cloud_third_party_lb" { - tenant_dn = aci_tenant.tf_tenant.id - name = "cloud_third_party_lb" - service_type = "ADC" - - aaa_domain_dn = [ - aci_aaa_domain.aaa_domain_1.id - ] - relation_cloud_rs_ldev_to_ctx = aci_vrf.vrf1.id +# Create Native Network Load Balancer for Firewall - interface_selectors { - allow_all = "no" - name = "Interface_1" - end_point_selectors { - match_expression = "IP=='1.1.1.21/24'" - name = "Interface_1_ep_1" - } - end_point_selectors { - match_expression = "custom:Name1=='admin-ep1'" - name = "Interface_1_ep_2" - } - } +resource "aci_cloud_l4_l7_native_load_balancer" "cloud_nlb" { + # tenant_dn = data.aci_tenant.infra_tenant.id + tenant_dn = data.aci_tenant.tf_tenant.id # aci_tenant.tf_tenant.id + name = "tf_cloud_nlb" + # relation_cloud_rs_ldev_to_cloud_subnet = [data.aci_cloud_subnet.cs1.id, data.aci_cloud_subnet.cs2.id] + relation_cloud_rs_ldev_to_cloud_subnet = [data.aci_cloud_subnet.cs1.id] + allow_all = "yes" + is_static_ip = "yes" + # static_ip_address = ["10.40.20.0", "10.20.0.0"] + static_ip_address = ["10.20.0.0"] + scheme = "internal" + cloud_l4l7_load_balancer_type = "network" } -# Service Graph Part -resource "aci_l4_l7_service_graph_template" "cloud_service_graph" { - tenant_dn = aci_tenant.tf_tenant.id - name = "cloud_service_graph" +resource "aci_l4_l7_service_graph_template" "tf_sg" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_sg_1" l4_l7_service_graph_template_type = "cloud" } -resource "aci_function_node" "function_node_0" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id +resource "aci_function_node" "tf_nlb" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id name = "N0" func_template_type = "ADC_ONE_ARM" - managed = "yes" - relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_native_load_balancer.cloud_native_alb.id + # routing_mode = "Redirect" # No option to set Redirect on consumer and provider connector types + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_native_load_balancer.cloud_nlb.id + managed = "yes" } -resource "aci_function_node" "function_node_1" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id - name = "N2" - func_template_type = "OTHER" - managed = "no" - relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_third_party_device.cloud_third_party_lb.id +resource "aci_function_node" "tf_fw" { # does not get configured + l4_l7_service_graph_template_dn = aci_function_node.tf_nlb.l4_l7_service_graph_template_dn + name = "N1" + func_template_type = "FW_ROUTED" + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_third_party_device.third_pa_fw.id + l4_l7_device_interface_consumer_name = "trust" + l4_l7_device_interface_provider_name = "untrust" + managed = "no" +} + +# Create L4-L7 Service Graph template T1 connection. +resource "aci_connection" "t1-n0" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "CON0" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_l4_l7_service_graph_template.tf_sg.term_cons_dn, + aci_function_node.tf_nlb.conn_consumer_dn + ] +} + +resource "aci_connection" "n0-n1" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "CON1" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_nlb.conn_provider_dn, + aci_function_node.tf_fw.conn_consumer_dn + ] +} + +resource "aci_connection" "n1-t1" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg.id + name = "CON2" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_fw.conn_provider_dn, + aci_l4_l7_service_graph_template.tf_sg.term_prov_dn + ] +} + + +resource "aci_l4_l7_service_graph_template" "tf_sg2" { + tenant_dn = data.aci_tenant.tf_tenant.id + name = "tf_sg_2" + l4_l7_service_graph_template_type = "cloud" +} + +resource "aci_function_node" "tf_nlb2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "N0" + func_template_type = "ADC_ONE_ARM" + routing_mode = "Redirect" + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_native_load_balancer.cloud_nlb.id + managed = "yes" + l4_l7_device_interface_consumer_connector_type = "none" + l4_l7_device_interface_provider_connector_type = "redir" } -resource "aci_function_node" "function_node_2" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id +resource "aci_function_node" "tf_fw2" { # does not get configured + l4_l7_service_graph_template_dn = aci_function_node.tf_nlb2.l4_l7_service_graph_template_dn name = "N1" func_template_type = "FW_ROUTED" - managed = "no" - relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_third_party_device.cloud_third_party_fw.id - l4_l7_device_interface_consumer_name = "Interface_1" - l4_l7_device_interface_provider_name = "Interface_2" -} - -resource "aci_connection" "consumer" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id - name = "CON0" - adj_type = "L3" - conn_dir = "consumer" - conn_type = "external" - direct_connect = "yes" - unicast_route = "yes" - relation_vns_rs_abs_connection_conns = [ - aci_l4_l7_service_graph_template.cloud_service_graph.term_cons_dn, - aci_function_node.function_node_0.conn_consumer_dn, - ] -} - -resource "aci_connection" "consumer_provider_1" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id - name = "CON1" - adj_type = "L3" - conn_type = "external" - direct_connect = "yes" - unicast_route = "yes" - relation_vns_rs_abs_connection_conns = [ - aci_function_node.function_node_1.conn_consumer_dn, - aci_function_node.function_node_0.conn_provider_dn - ] -} - -resource "aci_connection" "consumer_provider_2" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id - name = "CON2" - adj_type = "L3" - conn_type = "external" - direct_connect = "yes" - unicast_route = "yes" - relation_vns_rs_abs_connection_conns = [ - aci_function_node.function_node_1.conn_provider_dn, - aci_function_node.function_node_2.conn_consumer_dn - ] -} - -resource "aci_connection" "provider" { - l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.cloud_service_graph.id - name = "CON3" - adj_type = "L3" - conn_dir = "provider" - conn_type = "external" - direct_connect = "yes" - unicast_route = "yes" - relation_vns_rs_abs_connection_conns = [ - aci_l4_l7_service_graph_template.cloud_service_graph.term_prov_dn, - aci_function_node.function_node_2.conn_provider_dn - ] + relation_vns_rs_node_to_cloud_l_dev = aci_cloud_l4_l7_third_party_device.third_pa_fw.id + l4_l7_device_interface_consumer_name = "trust" + l4_l7_device_interface_provider_name = "untrust" + l4_l7_device_interface_consumer_connector_type = "redir" + l4_l7_device_interface_provider_connector_type = "snat" + l4_l7_device_interface_consumer_att_notify = "no" + l4_l7_device_interface_provider_att_notify = "yes" + managed = "no" +} + +# Create L4-L7 Service Graph template T1 connection. +resource "aci_connection" "t1-n0-2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "CON0" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_l4_l7_service_graph_template.tf_sg2.term_cons_dn, + aci_function_node.tf_nlb2.conn_consumer_dn + ] +} + +resource "aci_connection" "n0-n1-2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "CON1" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_nlb2.conn_provider_dn, + aci_function_node.tf_fw2.conn_consumer_dn + ] +} + +resource "aci_connection" "n1-t1-2" { + l4_l7_service_graph_template_dn = aci_l4_l7_service_graph_template.tf_sg2.id + name = "CON2" + adj_type = "L3" + conn_dir = "provider" + conn_type = "external" + direct_connect = "no" + unicast_route = "yes" + relation_vns_rs_abs_connection_conns = [ + aci_function_node.tf_fw2.conn_provider_dn, + aci_l4_l7_service_graph_template.tf_sg2.term_prov_dn + ] } \ No newline at end of file