Add acl references to missing features (#372)

CiscoDevNet · Nov 25, 2024 · 7e90956 · 7e90956
1 parent a07075e
commit 7e90956
Show file tree

Hide file tree

Showing 36 changed files with 1,624 additions and 121 deletions.
diff --git a/docs/data-sources/service_lan_vpn_interface_svi_feature.md b/docs/data-sources/service_lan_vpn_interface_svi_feature.md
@@ -31,6 +31,10 @@ data "sdwan_service_lan_vpn_interface_svi_feature" "example" {
 
 ### Read-Only
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds
 - `arp_timeout_variable` (String) Variable name
 - `arps` (Attributes List) Configure static ARP entries (see [below for nested schema](#nestedatt--arps))

diff --git a/docs/data-sources/transport_wan_vpn_interface_cellular_feature.md b/docs/data-sources/transport_wan_vpn_interface_cellular_feature.md
@@ -31,6 +31,10 @@ data "sdwan_transport_wan_vpn_interface_cellular_feature" "example" {
 
 ### Read-Only
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `arps` (Attributes List) Configure ARP entries (see [below for nested schema](#nestedatt--arps))
 - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps
 - `bandwidth_downstream_variable` (String) Variable name

diff --git a/docs/data-sources/transport_wan_vpn_interface_ethernet_feature.md b/docs/data-sources/transport_wan_vpn_interface_ethernet_feature.md
@@ -31,6 +31,10 @@ data "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" {
 
 ### Read-Only
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds
 - `arp_timeout_variable` (String) Variable name
 - `arps` (Attributes List) Configure ARP entries (see [below for nested schema](#nestedatt--arps))

diff --git a/docs/data-sources/transport_wan_vpn_interface_t1_e1_serial_feature.md b/docs/data-sources/transport_wan_vpn_interface_t1_e1_serial_feature.md
@@ -31,6 +31,10 @@ data "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" {
 
 ### Read-Only
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `bandwidth` (Number) Interface bandwidth capacity, in kbps
 - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps
 - `bandwidth_downstream_variable` (String) Variable name

diff --git a/docs/resources/service_lan_vpn_interface_svi_feature.md b/docs/resources/service_lan_vpn_interface_svi_feature.md
@@ -46,6 +46,8 @@ resource "sdwan_service_lan_vpn_interface_svi_feature" "example" {
       vpn     = 1
     }
   ]
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
   arps = [
     {
       ip_address  = "1.2.3.4"
@@ -114,6 +116,10 @@ resource "sdwan_service_lan_vpn_interface_svi_feature" "example" {
 
 ### Optional
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds
   - Range: `0`-`2678400`
   - Default value: `1200`

diff --git a/docs/resources/transport_wan_vpn_interface_cellular_feature.md b/docs/resources/transport_wan_vpn_interface_cellular_feature.md
@@ -70,9 +70,13 @@ resource "sdwan_transport_wan_vpn_interface_cellular_feature" "example" {
       weight        = 250
     }
   ]
-  nat_ipv4        = true
-  nat_udp_timeout = 1
-  nat_tcp_timeout = 60
+  nat_ipv4                    = true
+  nat_udp_timeout             = 1
+  nat_tcp_timeout             = 60
+  qos_adaptive                = false
+  qos_shaping_rate            = 16
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
   arps = [
     {
       ip_address  = "1.2.3.4"
@@ -98,6 +102,10 @@ resource "sdwan_transport_wan_vpn_interface_cellular_feature" "example" {
 
 ### Optional
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `arps` (Attributes List) Configure ARP entries (see [below for nested schema](#nestedatt--arps))
 - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps
   - Range: `1`-`2147483647`

diff --git a/docs/resources/transport_wan_vpn_interface_ethernet_feature.md b/docs/resources/transport_wan_vpn_interface_ethernet_feature.md
@@ -107,6 +107,10 @@ resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" {
       source_vpn_id            = 4
     }
   ]
+  qos_adaptive                = false
+  qos_shaping_rate            = 16
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
   arps = [
     {
       ip_address  = "1.2.3.4"
@@ -142,6 +146,10 @@ resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" {
 
 ### Optional
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds
   - Range: `0`-`2147483`
   - Default value: `1200`

diff --git a/docs/resources/transport_wan_vpn_interface_t1_e1_serial_feature.md b/docs/resources/transport_wan_vpn_interface_t1_e1_serial_feature.md
@@ -72,10 +72,12 @@ resource "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" {
       weight        = 250
     }
   ]
-  tcp_mss        = 1460
-  mtu            = 1500
-  ip_mtu         = 1500
-  tloc_extension = "tloc"
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  tcp_mss                     = 1460
+  mtu                         = 1500
+  ip_mtu                      = 1500
+  tloc_extension              = "tloc"
 }
 ```
 
@@ -89,6 +91,10 @@ resource "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" {
 
 ### Optional
 
+- `acl_ipv4_egress_feature_id` (String)
+- `acl_ipv4_ingress_feature_id` (String)
+- `acl_ipv6_egress_feature_id` (String)
+- `acl_ipv6_ingress_feature_id` (String)
 - `bandwidth` (Number) Interface bandwidth capacity, in kbps
   - Range: `1`-`200000000`
 - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps

diff --git a/examples/resources/sdwan_service_lan_vpn_interface_svi_feature/resource.tf b/examples/resources/sdwan_service_lan_vpn_interface_svi_feature/resource.tf
@@ -29,6 +29,8 @@ resource "sdwan_service_lan_vpn_interface_svi_feature" "example" {
       vpn     = 1
     }
   ]
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
   arps = [
     {
       ip_address  = "1.2.3.4"

diff --git a/examples/resources/sdwan_transport_wan_vpn_interface_cellular_feature/resource.tf b/examples/resources/sdwan_transport_wan_vpn_interface_cellular_feature/resource.tf
@@ -53,9 +53,13 @@ resource "sdwan_transport_wan_vpn_interface_cellular_feature" "example" {
       weight        = 250
     }
   ]
-  nat_ipv4        = true
-  nat_udp_timeout = 1
-  nat_tcp_timeout = 60
+  nat_ipv4                    = true
+  nat_udp_timeout             = 1
+  nat_tcp_timeout             = 60
+  qos_adaptive                = false
+  qos_shaping_rate            = 16
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
   arps = [
     {
       ip_address  = "1.2.3.4"

diff --git a/examples/resources/sdwan_transport_wan_vpn_interface_ethernet_feature/resource.tf b/examples/resources/sdwan_transport_wan_vpn_interface_ethernet_feature/resource.tf
@@ -90,6 +90,10 @@ resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" {
       source_vpn_id            = 4
     }
   ]
+  qos_adaptive                = false
+  qos_shaping_rate            = 16
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
   arps = [
     {
       ip_address  = "1.2.3.4"

diff --git a/examples/resources/sdwan_transport_wan_vpn_interface_t1_e1_serial_feature/resource.tf b/examples/resources/sdwan_transport_wan_vpn_interface_t1_e1_serial_feature/resource.tf
@@ -55,8 +55,10 @@ resource "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" {
       weight        = 250
     }
   ]
-  tcp_mss        = 1460
-  mtu            = 1500
-  ip_mtu         = 1500
-  tloc_extension = "tloc"
+  acl_ipv4_egress_feature_id  = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  tcp_mss                     = 1460
+  mtu                         = 1500
+  ip_mtu                      = 1500
+  tloc_extension              = "tloc"
 }
diff --git a/gen/definitions/profile_parcels/service_lan_vpn_interface_svi.yaml b/gen/definitions/profile_parcels/service_lan_vpn_interface_svi.yaml
@@ -79,31 +79,34 @@ attributes:
       example: 2001:0:0:1::0
     - model_name: vpn
       example: 1
-  # ==== ACL IPv4 and ACL IPv6 Not Supported By Provider (Being Worked On) ====
-  # - model_name: refId
-  #   tf_name: acl_ipv4_egress_reference_id
-  #   data_path: [aclQos, ipv4AclEgress]
-  #   type: String
-  #   exclude_test: true
-  #   example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
-  # - model_name: refId
-  #   tf_name: acl_ipv4_ingress_reference_id
-  #   data_path: [aclQos, ipv4AclIngress]
-  #   type: String
-  #   exclude_test: true
-  #   example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
-  # - model_name: refId
-  #   tf_name: acl_ipv6_egress_reference_id
-  #   data_path: [aclQos, ipv6AclEgress]
-  #   type: String
-  #   exclude_test: true
-  #   example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
-  # - model_name: refId
-  #   tf_name: acl_ipv6_ingress_reference_id
-  #   data_path: [aclQos, ipv6AclIngress]
-  #   type: String
-  #   exclude_test: true
-  #   example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
+  - model_name: refId
+    tf_name: acl_ipv4_egress_feature_id
+    data_path: [aclQos, ipv4AclEgress]
+    type: String
+    ignore_mandatory: true
+    example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
+    test_value: sdwan_service_ipv4_acl_feature.test.id
+  - model_name: refId
+    tf_name: acl_ipv4_ingress_feature_id
+    data_path: [aclQos, ipv4AclIngress]
+    type: String
+    ignore_mandatory: true
+    exclude_test: true
+    example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
+  - model_name: refId
+    tf_name: acl_ipv6_egress_feature_id
+    data_path: [aclQos, ipv6AclEgress]
+    type: String
+    ignore_mandatory: true
+    exclude_test: true
+    example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
+  - model_name: refId
+    tf_name: acl_ipv6_ingress_feature_id
+    data_path: [aclQos, ipv6AclIngress]
+    type: String
+    ignore_mandatory: true
+    example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
+    test_value: sdwan_service_ipv6_acl_feature.test.id
   - model_name: arp
     tf_name: arps
     attributes:
@@ -226,4 +229,72 @@ test_prerequisites: |
     threshold             = 300
     endpoint_tracker_type = "static-route"
     tracker_type          = "endpoint"
-  }
+  }
+
+  resource "sdwan_service_ipv4_acl_feature" "test" {
+    name               = "TF_TEST_ACL_IPV4"
+    description        = "Terraform Test"
+    feature_profile_id = sdwan_service_feature_profile.test.id
+    default_action     = "drop"
+    sequences = [
+      {
+        sequence_id   = 1
+        sequence_name = "AccessControlList1"
+        match_entries = [
+          {
+            dscps         = [16]
+            packet_length = 1500
+            protocols     = [1]
+            source_ports = [
+              {
+                port = 8000
+              }
+            ]
+            tcp_state = "syn"
+          }
+        ]
+        actions = [
+          {
+            accept_set_dscp     = 60
+            accept_counter_name = "COUNTER_1"
+            accept_log          = false
+            accept_set_next_hop = "1.2.3.4"
+          }
+        ]
+      }
+    ]
+  }
+
+  resource "sdwan_service_ipv6_acl_feature" "test" {
+    name               = "TF_TEST_ACL_IPV6"
+    description        = "Terraform Test"
+    feature_profile_id = sdwan_service_feature_profile.test.id
+      default_action     = "drop"
+      sequences = [
+        {
+          sequence_id   = 1
+          sequence_name = "AccessControlList1"
+          match_entries = [
+            {
+              next_header   = 10
+              packet_length = 1500
+              source_ports = [
+                {
+                  port = 8000
+                }
+              ]
+              tcp_state     = "syn"
+              traffic_class = [10]
+            }
+          ]
+          actions = [
+            {
+              accept_counter_name  = "COUNTER_1"
+              accept_log           = false
+              accept_set_next_hop  = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
+              accept_traffic_class = 10
+            }
+          ]
+        }
+      ]
+    }