From 7e90956319de3a57d00d7207f422f9d70b385099 Mon Sep 17 00:00:00 2001 From: Sean Conroy <141843633+seconroy@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:55:31 +0000 Subject: [PATCH] Add acl references to missing features (#372) --- .../service_lan_vpn_interface_svi_feature.md | 4 + ...port_wan_vpn_interface_cellular_feature.md | 4 + ...port_wan_vpn_interface_ethernet_feature.md | 4 + ..._wan_vpn_interface_t1_e1_serial_feature.md | 4 + .../service_lan_vpn_interface_svi_feature.md | 6 + ...port_wan_vpn_interface_cellular_feature.md | 14 +- ...port_wan_vpn_interface_ethernet_feature.md | 8 ++ ..._wan_vpn_interface_t1_e1_serial_feature.md | 14 +- .../resource.tf | 2 + .../resource.tf | 10 +- .../resource.tf | 4 + .../resource.tf | 10 +- .../service_lan_vpn_interface_svi.yaml | 123 +++++++++++++---- .../transport_wan_vpn_interface_cellular.yaml | 125 ++++++++++++++---- .../transport_wan_vpn_interface_ethernet.yaml | 125 ++++++++++++++---- ...nsport_wan_vpn_interface_t1_e1_serial.yaml | 121 +++++++++++++---- ...n_service_lan_vpn_interface_svi_feature.go | 16 +++ ...vice_lan_vpn_interface_svi_feature_test.go | 70 ++++++++++ ...port_wan_vpn_interface_cellular_feature.go | 16 +++ ...wan_vpn_interface_cellular_feature_test.go | 74 +++++++++++ ...port_wan_vpn_interface_ethernet_feature.go | 16 +++ ...wan_vpn_interface_ethernet_feature_test.go | 73 ++++++++++ ..._wan_vpn_interface_t1_e1_serial_feature.go | 16 +++ ...vpn_interface_t1_e1_serial_feature_test.go | 70 ++++++++++ ...n_service_lan_vpn_interface_svi_feature.go | 104 +++++++++++++++ ...port_wan_vpn_interface_cellular_feature.go | 104 +++++++++++++++ ...port_wan_vpn_interface_ethernet_feature.go | 104 +++++++++++++++ ..._wan_vpn_interface_t1_e1_serial_feature.go | 104 +++++++++++++++ ...n_service_lan_vpn_interface_svi_feature.go | 28 ++++ ...vice_lan_vpn_interface_svi_feature_test.go | 70 ++++++++++ ...port_wan_vpn_interface_cellular_feature.go | 29 ++++ ...wan_vpn_interface_cellular_feature_test.go | 74 +++++++++++ ...port_wan_vpn_interface_ethernet_feature.go | 28 ++++ ...wan_vpn_interface_ethernet_feature_test.go | 73 ++++++++++ ..._wan_vpn_interface_t1_e1_serial_feature.go | 28 ++++ ...vpn_interface_t1_e1_serial_feature_test.go | 70 ++++++++++ 36 files changed, 1624 insertions(+), 121 deletions(-) diff --git a/docs/data-sources/service_lan_vpn_interface_svi_feature.md b/docs/data-sources/service_lan_vpn_interface_svi_feature.md index 93cebe1f..22b8e487 100644 --- a/docs/data-sources/service_lan_vpn_interface_svi_feature.md +++ b/docs/data-sources/service_lan_vpn_interface_svi_feature.md @@ -31,6 +31,10 @@ data "sdwan_service_lan_vpn_interface_svi_feature" "example" { ### Read-Only +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds - `arp_timeout_variable` (String) Variable name - `arps` (Attributes List) Configure static ARP entries (see [below for nested schema](#nestedatt--arps)) diff --git a/docs/data-sources/transport_wan_vpn_interface_cellular_feature.md b/docs/data-sources/transport_wan_vpn_interface_cellular_feature.md index 104bd9b7..054d0ccf 100644 --- a/docs/data-sources/transport_wan_vpn_interface_cellular_feature.md +++ b/docs/data-sources/transport_wan_vpn_interface_cellular_feature.md @@ -31,6 +31,10 @@ data "sdwan_transport_wan_vpn_interface_cellular_feature" "example" { ### Read-Only +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `arps` (Attributes List) Configure ARP entries (see [below for nested schema](#nestedatt--arps)) - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps - `bandwidth_downstream_variable` (String) Variable name diff --git a/docs/data-sources/transport_wan_vpn_interface_ethernet_feature.md b/docs/data-sources/transport_wan_vpn_interface_ethernet_feature.md index d45d31eb..7e12e72b 100644 --- a/docs/data-sources/transport_wan_vpn_interface_ethernet_feature.md +++ b/docs/data-sources/transport_wan_vpn_interface_ethernet_feature.md @@ -31,6 +31,10 @@ data "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" { ### Read-Only +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds - `arp_timeout_variable` (String) Variable name - `arps` (Attributes List) Configure ARP entries (see [below for nested schema](#nestedatt--arps)) diff --git a/docs/data-sources/transport_wan_vpn_interface_t1_e1_serial_feature.md b/docs/data-sources/transport_wan_vpn_interface_t1_e1_serial_feature.md index 6e714f44..2fb23d87 100644 --- a/docs/data-sources/transport_wan_vpn_interface_t1_e1_serial_feature.md +++ b/docs/data-sources/transport_wan_vpn_interface_t1_e1_serial_feature.md @@ -31,6 +31,10 @@ data "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" { ### Read-Only +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `bandwidth` (Number) Interface bandwidth capacity, in kbps - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps - `bandwidth_downstream_variable` (String) Variable name diff --git a/docs/resources/service_lan_vpn_interface_svi_feature.md b/docs/resources/service_lan_vpn_interface_svi_feature.md index d9220be4..19475583 100644 --- a/docs/resources/service_lan_vpn_interface_svi_feature.md +++ b/docs/resources/service_lan_vpn_interface_svi_feature.md @@ -46,6 +46,8 @@ resource "sdwan_service_lan_vpn_interface_svi_feature" "example" { vpn = 1 } ] + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" arps = [ { ip_address = "1.2.3.4" @@ -114,6 +116,10 @@ resource "sdwan_service_lan_vpn_interface_svi_feature" "example" { ### Optional +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds - Range: `0`-`2678400` - Default value: `1200` diff --git a/docs/resources/transport_wan_vpn_interface_cellular_feature.md b/docs/resources/transport_wan_vpn_interface_cellular_feature.md index 557c5b7a..fd6362dd 100644 --- a/docs/resources/transport_wan_vpn_interface_cellular_feature.md +++ b/docs/resources/transport_wan_vpn_interface_cellular_feature.md @@ -70,9 +70,13 @@ resource "sdwan_transport_wan_vpn_interface_cellular_feature" "example" { weight = 250 } ] - nat_ipv4 = true - nat_udp_timeout = 1 - nat_tcp_timeout = 60 + nat_ipv4 = true + nat_udp_timeout = 1 + nat_tcp_timeout = 60 + qos_adaptive = false + qos_shaping_rate = 16 + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" arps = [ { ip_address = "1.2.3.4" @@ -98,6 +102,10 @@ resource "sdwan_transport_wan_vpn_interface_cellular_feature" "example" { ### Optional +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `arps` (Attributes List) Configure ARP entries (see [below for nested schema](#nestedatt--arps)) - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps - Range: `1`-`2147483647` diff --git a/docs/resources/transport_wan_vpn_interface_ethernet_feature.md b/docs/resources/transport_wan_vpn_interface_ethernet_feature.md index fe4f4b64..54ea40e4 100644 --- a/docs/resources/transport_wan_vpn_interface_ethernet_feature.md +++ b/docs/resources/transport_wan_vpn_interface_ethernet_feature.md @@ -107,6 +107,10 @@ resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" { source_vpn_id = 4 } ] + qos_adaptive = false + qos_shaping_rate = 16 + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" arps = [ { ip_address = "1.2.3.4" @@ -142,6 +146,10 @@ resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" { ### Optional +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `arp_timeout` (Number) Timeout value for dynamically learned ARP entries, <0..2678400> seconds - Range: `0`-`2147483` - Default value: `1200` diff --git a/docs/resources/transport_wan_vpn_interface_t1_e1_serial_feature.md b/docs/resources/transport_wan_vpn_interface_t1_e1_serial_feature.md index a86f5934..984d4647 100644 --- a/docs/resources/transport_wan_vpn_interface_t1_e1_serial_feature.md +++ b/docs/resources/transport_wan_vpn_interface_t1_e1_serial_feature.md @@ -72,10 +72,12 @@ resource "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" { weight = 250 } ] - tcp_mss = 1460 - mtu = 1500 - ip_mtu = 1500 - tloc_extension = "tloc" + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + tcp_mss = 1460 + mtu = 1500 + ip_mtu = 1500 + tloc_extension = "tloc" } ``` @@ -89,6 +91,10 @@ resource "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" { ### Optional +- `acl_ipv4_egress_feature_id` (String) +- `acl_ipv4_ingress_feature_id` (String) +- `acl_ipv6_egress_feature_id` (String) +- `acl_ipv6_ingress_feature_id` (String) - `bandwidth` (Number) Interface bandwidth capacity, in kbps - Range: `1`-`200000000` - `bandwidth_downstream` (Number) Interface downstream bandwidth capacity, in kbps diff --git a/examples/resources/sdwan_service_lan_vpn_interface_svi_feature/resource.tf b/examples/resources/sdwan_service_lan_vpn_interface_svi_feature/resource.tf index a606577b..73218d25 100644 --- a/examples/resources/sdwan_service_lan_vpn_interface_svi_feature/resource.tf +++ b/examples/resources/sdwan_service_lan_vpn_interface_svi_feature/resource.tf @@ -29,6 +29,8 @@ resource "sdwan_service_lan_vpn_interface_svi_feature" "example" { vpn = 1 } ] + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" arps = [ { ip_address = "1.2.3.4" diff --git a/examples/resources/sdwan_transport_wan_vpn_interface_cellular_feature/resource.tf b/examples/resources/sdwan_transport_wan_vpn_interface_cellular_feature/resource.tf index ea2ece7e..9f6ebe02 100644 --- a/examples/resources/sdwan_transport_wan_vpn_interface_cellular_feature/resource.tf +++ b/examples/resources/sdwan_transport_wan_vpn_interface_cellular_feature/resource.tf @@ -53,9 +53,13 @@ resource "sdwan_transport_wan_vpn_interface_cellular_feature" "example" { weight = 250 } ] - nat_ipv4 = true - nat_udp_timeout = 1 - nat_tcp_timeout = 60 + nat_ipv4 = true + nat_udp_timeout = 1 + nat_tcp_timeout = 60 + qos_adaptive = false + qos_shaping_rate = 16 + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" arps = [ { ip_address = "1.2.3.4" diff --git a/examples/resources/sdwan_transport_wan_vpn_interface_ethernet_feature/resource.tf b/examples/resources/sdwan_transport_wan_vpn_interface_ethernet_feature/resource.tf index 60d35b05..a15250c5 100644 --- a/examples/resources/sdwan_transport_wan_vpn_interface_ethernet_feature/resource.tf +++ b/examples/resources/sdwan_transport_wan_vpn_interface_ethernet_feature/resource.tf @@ -90,6 +90,10 @@ resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "example" { source_vpn_id = 4 } ] + qos_adaptive = false + qos_shaping_rate = 16 + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" arps = [ { ip_address = "1.2.3.4" diff --git a/examples/resources/sdwan_transport_wan_vpn_interface_t1_e1_serial_feature/resource.tf b/examples/resources/sdwan_transport_wan_vpn_interface_t1_e1_serial_feature/resource.tf index 62aa6a3b..46d05183 100644 --- a/examples/resources/sdwan_transport_wan_vpn_interface_t1_e1_serial_feature/resource.tf +++ b/examples/resources/sdwan_transport_wan_vpn_interface_t1_e1_serial_feature/resource.tf @@ -55,8 +55,10 @@ resource "sdwan_transport_wan_vpn_interface_t1_e1_serial_feature" "example" { weight = 250 } ] - tcp_mss = 1460 - mtu = 1500 - ip_mtu = 1500 - tloc_extension = "tloc" + acl_ipv4_egress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + acl_ipv6_ingress_feature_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + tcp_mss = 1460 + mtu = 1500 + ip_mtu = 1500 + tloc_extension = "tloc" } diff --git a/gen/definitions/profile_parcels/service_lan_vpn_interface_svi.yaml b/gen/definitions/profile_parcels/service_lan_vpn_interface_svi.yaml index 9b497567..928d3f73 100644 --- a/gen/definitions/profile_parcels/service_lan_vpn_interface_svi.yaml +++ b/gen/definitions/profile_parcels/service_lan_vpn_interface_svi.yaml @@ -79,31 +79,34 @@ attributes: example: 2001:0:0:1::0 - model_name: vpn example: 1 - # ==== ACL IPv4 and ACL IPv6 Not Supported By Provider (Being Worked On) ==== - # - model_name: refId - # tf_name: acl_ipv4_egress_reference_id - # data_path: [aclQos, ipv4AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv4_ingress_reference_id - # data_path: [aclQos, ipv4AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_egress_reference_id - # data_path: [aclQos, ipv6AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_ingress_reference_id - # data_path: [aclQos, ipv6AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv4_egress_feature_id + data_path: [aclQos, ipv4AclEgress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_service_ipv4_acl_feature.test.id + - model_name: refId + tf_name: acl_ipv4_ingress_feature_id + data_path: [aclQos, ipv4AclIngress] + type: String + ignore_mandatory: true + exclude_test: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_egress_feature_id + data_path: [aclQos, ipv6AclEgress] + type: String + ignore_mandatory: true + exclude_test: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_ingress_feature_id + data_path: [aclQos, ipv6AclIngress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_service_ipv6_acl_feature.test.id - model_name: arp tf_name: arps attributes: @@ -226,4 +229,72 @@ test_prerequisites: | threshold = 300 endpoint_tracker_type = "static-route" tracker_type = "endpoint" - } \ No newline at end of file + } + + resource "sdwan_service_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_service_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] + } + + resource "sdwan_service_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_service_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] + } \ No newline at end of file diff --git a/gen/definitions/profile_parcels/transport_wan_vpn_interface_cellular.yaml b/gen/definitions/profile_parcels/transport_wan_vpn_interface_cellular.yaml index f2411d0e..1ecd6731 100644 --- a/gen/definitions/profile_parcels/transport_wan_vpn_interface_cellular.yaml +++ b/gen/definitions/profile_parcels/transport_wan_vpn_interface_cellular.yaml @@ -221,9 +221,8 @@ attributes: - model_name: adaptiveQoS tf_name: qos_adaptive data_path: [aclQos] - exclude_test: true exclude_null: true - example: true + example: false - model_name: adaptPeriod tf_name: qos_adaptive_period data_path: [aclQos] @@ -308,34 +307,36 @@ attributes: - model_name: shapingRate tf_name: qos_shaping_rate data_path: [aclQos] - exclude_test: true exclude_null: true example: 16 - # ==== ACL IPv4 and ACL IPv6 Not Supported By Provider (Being Worked On) ==== - # - model_name: refId - # tf_name: acl_ipv4_egress_reference_id - # data_path: [aclQos, ipv4AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv4_ingress_reference_id - # data_path: [aclQos, ipv4AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_egress_reference_id - # data_path: [aclQos, ipv6AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_ingress_reference_id - # data_path: [aclQos, ipv6AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv4_egress_feature_id + data_path: [aclQos, ipv4AclEgress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_transport_ipv4_acl_feature.test.id + - model_name: refId + tf_name: acl_ipv4_ingress_feature_id + data_path: [aclQos, ipv4AclIngress] + type: String + ignore_mandatory: true + exclude_test: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_egress_feature_id + data_path: [aclQos, ipv6AclEgress] + type: String + ignore_mandatory: true + exclude_test: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_ingress_feature_id + data_path: [aclQos, ipv6AclIngress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_transport_ipv6_acl_feature.test.id - model_name: arp tf_name: arps attributes: @@ -425,4 +426,72 @@ test_prerequisites: | nat64_v4_pool_overload = false } ] + } + + resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] + } + + resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] } \ No newline at end of file diff --git a/gen/definitions/profile_parcels/transport_wan_vpn_interface_ethernet.yaml b/gen/definitions/profile_parcels/transport_wan_vpn_interface_ethernet.yaml index 8b4cd7e5..5e1ecf2d 100644 --- a/gen/definitions/profile_parcels/transport_wan_vpn_interface_ethernet.yaml +++ b/gen/definitions/profile_parcels/transport_wan_vpn_interface_ethernet.yaml @@ -419,9 +419,8 @@ attributes: - model_name: adaptiveQoS tf_name: qos_adaptive data_path: [aclQos] - exclude_test: true exclude_null: true - example: true + example: false - model_name: adaptPeriod tf_name: qos_adaptive_period data_path: [aclQos] @@ -506,34 +505,36 @@ attributes: - model_name: shapingRate tf_name: qos_shaping_rate data_path: [aclQos] - exclude_test: true exclude_null: true example: 16 - # ==== ACL IPv4 and ACL IPv6 Not Supported By Provider (Being Worked On) ==== - # - model_name: refId - # tf_name: acl_ipv4_egress_reference_id - # data_path: [aclQos, ipv4AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv4_ingress_reference_id - # data_path: [aclQos, ipv4AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_egress_reference_id - # data_path: [aclQos, ipv6AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_ingress_reference_id - # data_path: [aclQos, ipv6AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv4_egress_feature_id + data_path: [aclQos, ipv4AclEgress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_transport_ipv4_acl_feature.test.id + - model_name: refId + tf_name: acl_ipv4_ingress_feature_id + data_path: [aclQos, ipv4AclIngress] + type: String + exclude_test: true + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_egress_feature_id + data_path: [aclQos, ipv6AclEgress] + type: String + exclude_test: true + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_ingress_feature_id + data_path: [aclQos, ipv6AclIngress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_transport_ipv6_acl_feature.test.id - model_name: arp tf_name: arps attributes: @@ -655,3 +656,71 @@ test_prerequisites: | } ] } + + resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] + } + + resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] + } \ No newline at end of file diff --git a/gen/definitions/profile_parcels/transport_wan_vpn_interface_t1_e1_serial.yaml b/gen/definitions/profile_parcels/transport_wan_vpn_interface_t1_e1_serial.yaml index 5e6434e5..c0c377e1 100644 --- a/gen/definitions/profile_parcels/transport_wan_vpn_interface_t1_e1_serial.yaml +++ b/gen/definitions/profile_parcels/transport_wan_vpn_interface_t1_e1_serial.yaml @@ -220,31 +220,34 @@ attributes: exclude_test: true exclude_null: true example: 16 - # ==== ACL IPv4 and ACL IPv6 Not Supported By Provider (Being Worked On) ==== - # - model_name: refId - # tf_name: acl_ipv4_egress_reference_id - # data_path: [aclQos, ipv4AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv4_ingress_reference_id - # data_path: [aclQos, ipv4AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_egress_reference_id - # data_path: [aclQos, ipv6AclEgress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac - # - model_name: refId - # tf_name: acl_ipv6_ingress_reference_id - # data_path: [aclQos, ipv6AclIngress] - # type: String - # exclude_test: true - # example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv4_egress_feature_id + data_path: [aclQos, ipv4AclEgress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_transport_ipv4_acl_feature.test.id + - model_name: refId + tf_name: acl_ipv4_ingress_feature_id + data_path: [aclQos, ipv4AclIngress] + type: String + exclude_test: true + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_egress_feature_id + data_path: [aclQos, ipv6AclEgress] + type: String + exclude_test: true + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + - model_name: refId + tf_name: acl_ipv6_ingress_feature_id + data_path: [aclQos, ipv6AclIngress] + type: String + ignore_mandatory: true + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: sdwan_transport_ipv6_acl_feature.test.id - model_name: tcpMssAdjust tf_name: tcp_mss data_path: [advanced] @@ -319,4 +322,72 @@ test_prerequisites: | nat64_v4_pool_overload = false } ] + } + + resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] + } + + resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] } \ No newline at end of file diff --git a/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature.go b/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature.go index acf50959..06d5f2ee 100644 --- a/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature.go +++ b/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature.go @@ -220,6 +220,22 @@ func (d *ServiceLANVPNInterfaceSVIProfileParcelDataSource) Schema(ctx context.Co }, }, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, "arps": schema.ListNestedAttribute{ MarkdownDescription: "Configure static ARP entries", Computed: true, diff --git a/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature_test.go b/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature_test.go index 830b499a..a33377c1 100644 --- a/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature_test.go +++ b/internal/provider/data_source_sdwan_service_lan_vpn_interface_svi_feature_test.go @@ -112,6 +112,74 @@ resource "sdwan_service_tracker_feature" "test" { endpoint_tracker_type = "static-route" tracker_type = "endpoint" } + +resource "sdwan_service_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_service_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_service_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_service_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] + } ` // End of section. //template:end testPrerequisites @@ -143,6 +211,8 @@ func testAccDataSourceSdwanServiceLANVPNInterfaceSVIProfileParcelConfig() string config += ` address = "2001:0:0:1::0"` + "\n" config += ` vpn = 1` + "\n" config += ` }]` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_service_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_service_ipv6_acl_feature.test.id` + "\n" config += ` arps = [{` + "\n" config += ` ip_address = "1.2.3.4"` + "\n" config += ` mac_address = "00-B0-D0-63-C2-26"` + "\n" diff --git a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature.go b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature.go index bc8a7edb..b38d8782 100644 --- a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature.go +++ b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature.go @@ -553,6 +553,22 @@ func (d *TransportWANVPNInterfaceCellularProfileParcelDataSource) Schema(ctx con MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, Computed: true, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, "arps": schema.ListNestedAttribute{ MarkdownDescription: "Configure ARP entries", Computed: true, diff --git a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature_test.go b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature_test.go index 99d9a1a3..2974581a 100644 --- a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature_test.go +++ b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_cellular_feature_test.go @@ -80,6 +80,8 @@ func TestAccDataSourceSdwanTransportWANVPNInterfaceCellularProfileParcel(t *test checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "nat_ipv4", "true")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "nat_udp_timeout", "1")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "nat_tcp_timeout", "60")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "qos_adaptive", "false")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "qos_shaping_rate", "16")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "arps.0.ip_address", "1.2.3.4")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "arps.0.mac_address", "00-B0-D0-63-C2-26")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_cellular_feature.test", "ip_mtu", "1500")) @@ -164,6 +166,74 @@ resource "sdwan_transport_wan_vpn_feature" "test" { } ] } + +resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] +} ` // End of section. //template:end testPrerequisites @@ -226,6 +296,10 @@ func testAccDataSourceSdwanTransportWANVPNInterfaceCellularProfileParcelConfig() config += ` nat_ipv4 = true` + "\n" config += ` nat_udp_timeout = 1` + "\n" config += ` nat_tcp_timeout = 60` + "\n" + config += ` qos_adaptive = false` + "\n" + config += ` qos_shaping_rate = 16` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_transport_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_transport_ipv6_acl_feature.test.id` + "\n" config += ` arps = [{` + "\n" config += ` ip_address = "1.2.3.4"` + "\n" config += ` mac_address = "00-B0-D0-63-C2-26"` + "\n" diff --git a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature.go b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature.go index b7824d23..cd9b8d67 100644 --- a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature.go +++ b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature.go @@ -825,6 +825,22 @@ func (d *TransportWANVPNInterfaceEthernetProfileParcelDataSource) Schema(ctx con MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, Computed: true, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, "arps": schema.ListNestedAttribute{ MarkdownDescription: "Configure ARP entries", Computed: true, diff --git a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go index 2fc7c655..c1655a6b 100644 --- a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go +++ b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go @@ -100,6 +100,8 @@ func TestAccDataSourceSdwanTransportWANVPNInterfaceEthernetProfileParcel(t *test checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "static_nat66.0.source_prefix", "2001:0db8:85a3::/48")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "static_nat66.0.translated_source_prefix", "abcd:1234:5678::/48")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "static_nat66.0.source_vpn_id", "4")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "qos_adaptive", "false")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "qos_shaping_rate", "16")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "arps.0.ip_address", "1.2.3.4")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "arps.0.mac_address", "00-B0-D0-63-C2-26")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_transport_wan_vpn_interface_ethernet_feature.test", "icmp_redirect_disable", "true")) @@ -195,6 +197,73 @@ resource "sdwan_transport_wan_vpn_feature" "test" { ] } +resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] +} ` // End of section. //template:end testPrerequisites @@ -285,6 +354,10 @@ func testAccDataSourceSdwanTransportWANVPNInterfaceEthernetProfileParcelConfig() config += ` translated_source_prefix = "abcd:1234:5678::/48"` + "\n" config += ` source_vpn_id = 4` + "\n" config += ` }]` + "\n" + config += ` qos_adaptive = false` + "\n" + config += ` qos_shaping_rate = 16` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_transport_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_transport_ipv6_acl_feature.test.id` + "\n" config += ` arps = [{` + "\n" config += ` ip_address = "1.2.3.4"` + "\n" config += ` mac_address = "00-B0-D0-63-C2-26"` + "\n" diff --git a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go index 03ee2412..42c357c5 100644 --- a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go +++ b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go @@ -476,6 +476,22 @@ func (d *TransportWANVPNInterfaceT1E1SerialProfileParcelDataSource) Schema(ctx c MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, Computed: true, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: "", + Computed: true, + }, "tcp_mss": schema.Int64Attribute{ MarkdownDescription: "TCP MSS on SYN packets, in bytes", Computed: true, diff --git a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go index e72a19ad..64d8c0e3 100644 --- a/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go +++ b/internal/provider/data_source_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go @@ -159,6 +159,74 @@ resource "sdwan_transport_wan_vpn_feature" "test" { } ] } + +resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] +} ` // End of section. //template:end testPrerequisites @@ -220,6 +288,8 @@ func testAccDataSourceSdwanTransportWANVPNInterfaceT1E1SerialProfileParcelConfig config += ` preference = 4294967` + "\n" config += ` weight = 250` + "\n" config += ` }]` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_transport_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_transport_ipv6_acl_feature.test.id` + "\n" config += ` tcp_mss = 1460` + "\n" config += ` mtu = 1500` + "\n" config += ` ip_mtu = 1500` + "\n" diff --git a/internal/provider/model_sdwan_service_lan_vpn_interface_svi_feature.go b/internal/provider/model_sdwan_service_lan_vpn_interface_svi_feature.go index 69f37df0..f9a030fd 100644 --- a/internal/provider/model_sdwan_service_lan_vpn_interface_svi_feature.go +++ b/internal/provider/model_sdwan_service_lan_vpn_interface_svi_feature.go @@ -61,6 +61,10 @@ type ServiceLANVPNInterfaceSVI struct { Ipv6AddressVariable types.String `tfsdk:"ipv6_address_variable"` Ipv6SecondaryAddresses []ServiceLANVPNInterfaceSVIIpv6SecondaryAddresses `tfsdk:"ipv6_secondary_addresses"` Ipv6DhcpHelpers []ServiceLANVPNInterfaceSVIIpv6DhcpHelpers `tfsdk:"ipv6_dhcp_helpers"` + AclIpv4EgressFeatureId types.String `tfsdk:"acl_ipv4_egress_feature_id"` + AclIpv4IngressFeatureId types.String `tfsdk:"acl_ipv4_ingress_feature_id"` + AclIpv6EgressFeatureId types.String `tfsdk:"acl_ipv6_egress_feature_id"` + AclIpv6IngressFeatureId types.String `tfsdk:"acl_ipv6_ingress_feature_id"` Arps []ServiceLANVPNInterfaceSVIArps `tfsdk:"arps"` Ipv4Vrrps []ServiceLANVPNInterfaceSVIIpv4Vrrps `tfsdk:"ipv4_vrrps"` Ipv6Vrrps []ServiceLANVPNInterfaceSVIIpv6Vrrps `tfsdk:"ipv6_vrrps"` @@ -413,6 +417,30 @@ func (data ServiceLANVPNInterfaceSVI) toBody(ctx context.Context) string { body, _ = sjson.SetRaw(body, path+"ipv6.dhcpHelperV6.-1", itemBody) } } + if !data.AclIpv4EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.value", data.AclIpv4EgressFeatureId.ValueString()) + } + } + if !data.AclIpv4IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.value", data.AclIpv4IngressFeatureId.ValueString()) + } + } + if !data.AclIpv6EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.value", data.AclIpv6EgressFeatureId.ValueString()) + } + } + if !data.AclIpv6IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.value", data.AclIpv6IngressFeatureId.ValueString()) + } + } if true { body, _ = sjson.Set(body, path+"arp", []interface{}{}) for _, item := range data.Arps { @@ -1027,6 +1055,38 @@ func (data *ServiceLANVPNInterfaceSVI) fromBody(ctx context.Context, res gjson.R return true }) } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } if value := res.Get(path + "arp"); value.Exists() { data.Arps = make([]ServiceLANVPNInterfaceSVIArps, 0) value.ForEach(func(k, v gjson.Result) bool { @@ -1592,6 +1652,38 @@ func (data *ServiceLANVPNInterfaceSVI) updateFromBody(ctx context.Context, res g } } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } for i := range data.Arps { keys := [...]string{"ipAddress", "macAddress"} keyValues := [...]string{data.Arps[i].IpAddress.ValueString(), data.Arps[i].MacAddress.ValueString()} @@ -2143,6 +2235,18 @@ func (data *ServiceLANVPNInterfaceSVI) isNull(ctx context.Context, res gjson.Res if len(data.Ipv6DhcpHelpers) > 0 { return false } + if !data.AclIpv4EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv4IngressFeatureId.IsNull() { + return false + } + if !data.AclIpv6EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv6IngressFeatureId.IsNull() { + return false + } if len(data.Arps) > 0 { return false } diff --git a/internal/provider/model_sdwan_transport_wan_vpn_interface_cellular_feature.go b/internal/provider/model_sdwan_transport_wan_vpn_interface_cellular_feature.go index 06c1e01d..85b5f62f 100644 --- a/internal/provider/model_sdwan_transport_wan_vpn_interface_cellular_feature.go +++ b/internal/provider/model_sdwan_transport_wan_vpn_interface_cellular_feature.go @@ -150,6 +150,10 @@ type TransportWANVPNInterfaceCellular struct { QosAdaptiveDefaultDownstreamVariable types.String `tfsdk:"qos_adaptive_default_downstream_variable"` QosShapingRate types.Int64 `tfsdk:"qos_shaping_rate"` QosShapingRateVariable types.String `tfsdk:"qos_shaping_rate_variable"` + AclIpv4EgressFeatureId types.String `tfsdk:"acl_ipv4_egress_feature_id"` + AclIpv4IngressFeatureId types.String `tfsdk:"acl_ipv4_ingress_feature_id"` + AclIpv6EgressFeatureId types.String `tfsdk:"acl_ipv6_egress_feature_id"` + AclIpv6IngressFeatureId types.String `tfsdk:"acl_ipv6_ingress_feature_id"` Arps []TransportWANVPNInterfaceCellularArps `tfsdk:"arps"` IpMtu types.Int64 `tfsdk:"ip_mtu"` IpMtuVariable types.String `tfsdk:"ip_mtu_variable"` @@ -1123,6 +1127,30 @@ func (data TransportWANVPNInterfaceCellular) toBody(ctx context.Context) string body, _ = sjson.Set(body, path+"aclQos.shapingRate.value", data.QosShapingRate.ValueInt64()) } } + if !data.AclIpv4EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.value", data.AclIpv4EgressFeatureId.ValueString()) + } + } + if !data.AclIpv4IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.value", data.AclIpv4IngressFeatureId.ValueString()) + } + } + if !data.AclIpv6EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.value", data.AclIpv6EgressFeatureId.ValueString()) + } + } + if !data.AclIpv6IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.value", data.AclIpv6IngressFeatureId.ValueString()) + } + } if true { body, _ = sjson.Set(body, path+"arp", []interface{}{}) for _, item := range data.Arps { @@ -1878,6 +1906,38 @@ func (data *TransportWANVPNInterfaceCellular) fromBody(ctx context.Context, res data.QosShapingRate = types.Int64Value(va.Int()) } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } if value := res.Get(path + "arp"); value.Exists() { data.Arps = make([]TransportWANVPNInterfaceCellularArps, 0) value.ForEach(func(k, v gjson.Result) bool { @@ -2599,6 +2659,38 @@ func (data *TransportWANVPNInterfaceCellular) updateFromBody(ctx context.Context data.QosShapingRate = types.Int64Value(va.Int()) } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } for i := range data.Arps { keys := [...]string{"ipAddress", "macAddress"} keyValues := [...]string{data.Arps[i].IpAddress.ValueString(), data.Arps[i].MacAddress.ValueString()} @@ -3054,6 +3146,18 @@ func (data *TransportWANVPNInterfaceCellular) isNull(ctx context.Context, res gj if !data.QosShapingRateVariable.IsNull() { return false } + if !data.AclIpv4EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv4IngressFeatureId.IsNull() { + return false + } + if !data.AclIpv6EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv6IngressFeatureId.IsNull() { + return false + } if len(data.Arps) > 0 { return false } diff --git a/internal/provider/model_sdwan_transport_wan_vpn_interface_ethernet_feature.go b/internal/provider/model_sdwan_transport_wan_vpn_interface_ethernet_feature.go index bc9b410d..6de8ba29 100644 --- a/internal/provider/model_sdwan_transport_wan_vpn_interface_ethernet_feature.go +++ b/internal/provider/model_sdwan_transport_wan_vpn_interface_ethernet_feature.go @@ -192,6 +192,10 @@ type TransportWANVPNInterfaceEthernet struct { QosAdaptiveDefaultDownstreamVariable types.String `tfsdk:"qos_adaptive_default_downstream_variable"` QosShapingRate types.Int64 `tfsdk:"qos_shaping_rate"` QosShapingRateVariable types.String `tfsdk:"qos_shaping_rate_variable"` + AclIpv4EgressFeatureId types.String `tfsdk:"acl_ipv4_egress_feature_id"` + AclIpv4IngressFeatureId types.String `tfsdk:"acl_ipv4_ingress_feature_id"` + AclIpv6EgressFeatureId types.String `tfsdk:"acl_ipv6_egress_feature_id"` + AclIpv6IngressFeatureId types.String `tfsdk:"acl_ipv6_ingress_feature_id"` Arps []TransportWANVPNInterfaceEthernetArps `tfsdk:"arps"` IcmpRedirectDisable types.Bool `tfsdk:"icmp_redirect_disable"` IcmpRedirectDisableVariable types.String `tfsdk:"icmp_redirect_disable_variable"` @@ -1647,6 +1651,30 @@ func (data TransportWANVPNInterfaceEthernet) toBody(ctx context.Context) string body, _ = sjson.Set(body, path+"aclQos.shapingRate.value", data.QosShapingRate.ValueInt64()) } } + if !data.AclIpv4EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.value", data.AclIpv4EgressFeatureId.ValueString()) + } + } + if !data.AclIpv4IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.value", data.AclIpv4IngressFeatureId.ValueString()) + } + } + if !data.AclIpv6EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.value", data.AclIpv6EgressFeatureId.ValueString()) + } + } + if !data.AclIpv6IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.value", data.AclIpv6IngressFeatureId.ValueString()) + } + } if true { body, _ = sjson.Set(body, path+"arp", []interface{}{}) for _, item := range data.Arps { @@ -2904,6 +2932,38 @@ func (data *TransportWANVPNInterfaceEthernet) fromBody(ctx context.Context, res data.QosShapingRate = types.Int64Value(va.Int()) } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } if value := res.Get(path + "arp"); value.Exists() { data.Arps = make([]TransportWANVPNInterfaceEthernetArps, 0) value.ForEach(func(k, v gjson.Result) bool { @@ -4167,6 +4227,38 @@ func (data *TransportWANVPNInterfaceEthernet) updateFromBody(ctx context.Context data.QosShapingRate = types.Int64Value(va.Int()) } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } for i := range data.Arps { keys := [...]string{"ipAddress", "macAddress"} keyValues := [...]string{data.Arps[i].IpAddress.ValueString(), data.Arps[i].MacAddress.ValueString()} @@ -4848,6 +4940,18 @@ func (data *TransportWANVPNInterfaceEthernet) isNull(ctx context.Context, res gj if !data.QosShapingRateVariable.IsNull() { return false } + if !data.AclIpv4EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv4IngressFeatureId.IsNull() { + return false + } + if !data.AclIpv6EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv6IngressFeatureId.IsNull() { + return false + } if len(data.Arps) > 0 { return false } diff --git a/internal/provider/model_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go b/internal/provider/model_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go index 51089138..c634407a 100644 --- a/internal/provider/model_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go +++ b/internal/provider/model_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go @@ -132,6 +132,10 @@ type TransportWANVPNInterfaceT1E1Serial struct { TunnelInterfaceEncapsulations []TransportWANVPNInterfaceT1E1SerialTunnelInterfaceEncapsulations `tfsdk:"tunnel_interface_encapsulations"` QosShapingRate types.Int64 `tfsdk:"qos_shaping_rate"` QosShapingRateVariable types.String `tfsdk:"qos_shaping_rate_variable"` + AclIpv4EgressFeatureId types.String `tfsdk:"acl_ipv4_egress_feature_id"` + AclIpv4IngressFeatureId types.String `tfsdk:"acl_ipv4_ingress_feature_id"` + AclIpv6EgressFeatureId types.String `tfsdk:"acl_ipv6_egress_feature_id"` + AclIpv6IngressFeatureId types.String `tfsdk:"acl_ipv6_ingress_feature_id"` TcpMss types.Int64 `tfsdk:"tcp_mss"` TcpMssVariable types.String `tfsdk:"tcp_mss_variable"` Mtu types.Int64 `tfsdk:"mtu"` @@ -967,6 +971,30 @@ func (data TransportWANVPNInterfaceT1E1Serial) toBody(ctx context.Context) strin body, _ = sjson.Set(body, path+"aclQos.shapingRate.value", data.QosShapingRate.ValueInt64()) } } + if !data.AclIpv4EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclEgress.refId.value", data.AclIpv4EgressFeatureId.ValueString()) + } + } + if !data.AclIpv4IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv4AclIngress.refId.value", data.AclIpv4IngressFeatureId.ValueString()) + } + } + if !data.AclIpv6EgressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclEgress.refId.value", data.AclIpv6EgressFeatureId.ValueString()) + } + } + if !data.AclIpv6IngressFeatureId.IsNull() { + if true { + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.optionType", "global") + body, _ = sjson.Set(body, path+"aclQos.ipv6AclIngress.refId.value", data.AclIpv6IngressFeatureId.ValueString()) + } + } if !data.TcpMssVariable.IsNull() { if true { @@ -1543,6 +1571,38 @@ func (data *TransportWANVPNInterfaceT1E1Serial) fromBody(ctx context.Context, re data.QosShapingRate = types.Int64Value(va.Int()) } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } data.TcpMss = types.Int64Null() data.TcpMssVariable = types.StringNull() if t := res.Get(path + "advanced.tcpMssAdjust.optionType"); t.Exists() { @@ -2112,6 +2172,38 @@ func (data *TransportWANVPNInterfaceT1E1Serial) updateFromBody(ctx context.Conte data.QosShapingRate = types.Int64Value(va.Int()) } } + data.AclIpv4EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv4EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv4IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv4AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv4AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv4IngressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6EgressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclEgress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclEgress.refId.value") + if t.String() == "global" { + data.AclIpv6EgressFeatureId = types.StringValue(va.String()) + } + } + data.AclIpv6IngressFeatureId = types.StringNull() + + if t := res.Get(path + "aclQos.ipv6AclIngress.refId.optionType"); t.Exists() { + va := res.Get(path + "aclQos.ipv6AclIngress.refId.value") + if t.String() == "global" { + data.AclIpv6IngressFeatureId = types.StringValue(va.String()) + } + } data.TcpMss = types.Int64Null() data.TcpMssVariable = types.StringNull() if t := res.Get(path + "advanced.tcpMssAdjust.optionType"); t.Exists() { @@ -2440,6 +2532,18 @@ func (data *TransportWANVPNInterfaceT1E1Serial) isNull(ctx context.Context, res if !data.QosShapingRateVariable.IsNull() { return false } + if !data.AclIpv4EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv4IngressFeatureId.IsNull() { + return false + } + if !data.AclIpv6EgressFeatureId.IsNull() { + return false + } + if !data.AclIpv6IngressFeatureId.IsNull() { + return false + } if !data.TcpMss.IsNull() { return false } diff --git a/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature.go b/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature.go index 78c9af47..699cc55c 100644 --- a/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature.go +++ b/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature.go @@ -259,6 +259,34 @@ func (r *ServiceLANVPNInterfaceSVIProfileParcelResource) Schema(ctx context.Cont }, }, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, "arps": schema.ListNestedAttribute{ MarkdownDescription: helpers.NewAttributeDescription("Configure static ARP entries").String, Optional: true, diff --git a/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature_test.go b/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature_test.go index a591c3f1..15e8496f 100644 --- a/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature_test.go +++ b/internal/provider/resource_sdwan_service_lan_vpn_interface_svi_feature_test.go @@ -115,6 +115,74 @@ resource "sdwan_service_tracker_feature" "test" { endpoint_tracker_type = "static-route" tracker_type = "endpoint" } + +resource "sdwan_service_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_service_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_service_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_service_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] + } ` // End of section. //template:end testPrerequisites @@ -162,6 +230,8 @@ func testAccSdwanServiceLANVPNInterfaceSVIProfileParcelConfig_all() string { config += ` address = "2001:0:0:1::0"` + "\n" config += ` vpn = 1` + "\n" config += ` }]` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_service_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_service_ipv6_acl_feature.test.id` + "\n" config += ` arps = [{` + "\n" config += ` ip_address = "1.2.3.4"` + "\n" config += ` mac_address = "00-B0-D0-63-C2-26"` + "\n" diff --git a/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature.go b/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature.go index e2d73d95..648795d5 100644 --- a/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature.go +++ b/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "net/url" + "regexp" "strings" "sync" @@ -644,6 +645,34 @@ func (r *TransportWANVPNInterfaceCellularProfileParcelResource) Schema(ctx conte MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, Optional: true, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, "arps": schema.ListNestedAttribute{ MarkdownDescription: helpers.NewAttributeDescription("Configure ARP entries").String, Optional: true, diff --git a/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature_test.go b/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature_test.go index 0e9eddc9..f123909e 100644 --- a/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature_test.go +++ b/internal/provider/resource_sdwan_transport_wan_vpn_interface_cellular_feature_test.go @@ -80,6 +80,8 @@ func TestAccSdwanTransportWANVPNInterfaceCellularProfileParcel(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "nat_ipv4", "true")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "nat_udp_timeout", "1")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "nat_tcp_timeout", "60")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "qos_adaptive", "false")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "qos_shaping_rate", "16")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "arps.0.ip_address", "1.2.3.4")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "arps.0.mac_address", "00-B0-D0-63-C2-26")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_cellular_feature.test", "ip_mtu", "1500")) @@ -167,6 +169,74 @@ resource "sdwan_transport_wan_vpn_feature" "test" { } ] } + +resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] +} ` // End of section. //template:end testPrerequisites @@ -244,6 +314,10 @@ func testAccSdwanTransportWANVPNInterfaceCellularProfileParcelConfig_all() strin config += ` nat_ipv4 = true` + "\n" config += ` nat_udp_timeout = 1` + "\n" config += ` nat_tcp_timeout = 60` + "\n" + config += ` qos_adaptive = false` + "\n" + config += ` qos_shaping_rate = 16` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_transport_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_transport_ipv6_acl_feature.test.id` + "\n" config += ` arps = [{` + "\n" config += ` ip_address = "1.2.3.4"` + "\n" config += ` mac_address = "00-B0-D0-63-C2-26"` + "\n" diff --git a/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature.go b/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature.go index fb91b565..a0c6a036 100644 --- a/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature.go +++ b/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature.go @@ -966,6 +966,34 @@ func (r *TransportWANVPNInterfaceEthernetProfileParcelResource) Schema(ctx conte MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, Optional: true, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, "arps": schema.ListNestedAttribute{ MarkdownDescription: helpers.NewAttributeDescription("Configure ARP entries").String, Optional: true, diff --git a/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go b/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go index e5d9f2eb..329aa56e 100644 --- a/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go +++ b/internal/provider/resource_sdwan_transport_wan_vpn_interface_ethernet_feature_test.go @@ -100,6 +100,8 @@ func TestAccSdwanTransportWANVPNInterfaceEthernetProfileParcel(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "static_nat66.0.source_prefix", "2001:0db8:85a3::/48")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "static_nat66.0.translated_source_prefix", "abcd:1234:5678::/48")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "static_nat66.0.source_vpn_id", "4")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "qos_adaptive", "false")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "qos_shaping_rate", "16")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "arps.0.ip_address", "1.2.3.4")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "arps.0.mac_address", "00-B0-D0-63-C2-26")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_transport_wan_vpn_interface_ethernet_feature.test", "icmp_redirect_disable", "true")) @@ -198,6 +200,73 @@ resource "sdwan_transport_wan_vpn_feature" "test" { ] } +resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] +} ` // End of section. //template:end testPrerequisites @@ -305,6 +374,10 @@ func testAccSdwanTransportWANVPNInterfaceEthernetProfileParcelConfig_all() strin config += ` translated_source_prefix = "abcd:1234:5678::/48"` + "\n" config += ` source_vpn_id = 4` + "\n" config += ` }]` + "\n" + config += ` qos_adaptive = false` + "\n" + config += ` qos_shaping_rate = 16` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_transport_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_transport_ipv6_acl_feature.test.id` + "\n" config += ` arps = [{` + "\n" config += ` ip_address = "1.2.3.4"` + "\n" config += ` mac_address = "00-B0-D0-63-C2-26"` + "\n" diff --git a/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go b/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go index 20918bf3..58f9b710 100644 --- a/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go +++ b/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature.go @@ -548,6 +548,34 @@ func (r *TransportWANVPNInterfaceT1E1SerialProfileParcelResource) Schema(ctx con MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, Optional: true, }, + "acl_ipv4_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv4_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_egress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, + "acl_ipv6_ingress_feature_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), + }, + }, "tcp_mss": schema.Int64Attribute{ MarkdownDescription: helpers.NewAttributeDescription("TCP MSS on SYN packets, in bytes").AddIntegerRangeDescription(500, 1460).String, Optional: true, diff --git a/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go b/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go index 80b8da72..6035748c 100644 --- a/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go +++ b/internal/provider/resource_sdwan_transport_wan_vpn_interface_t1_e1_serial_feature_test.go @@ -162,6 +162,74 @@ resource "sdwan_transport_wan_vpn_feature" "test" { } ] } + +resource "sdwan_transport_ipv4_acl_feature" "test" { + name = "TF_TEST_ACL_IPV4" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + dscps = [16] + packet_length = 1500 + protocols = [1] + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + } + ] + actions = [ + { + accept_set_dscp = 60 + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "1.2.3.4" + } + ] + } + ] +} + +resource "sdwan_transport_ipv6_acl_feature" "test" { + name = "TF_TEST_ACL_IPV6" + description = "Terraform Test" + feature_profile_id = sdwan_transport_feature_profile.test.id + default_action = "drop" + sequences = [ + { + sequence_id = 1 + sequence_name = "AccessControlList1" + match_entries = [ + { + next_header = 10 + packet_length = 1500 + source_ports = [ + { + port = 8000 + } + ] + tcp_state = "syn" + traffic_class = [10] + } + ] + actions = [ + { + accept_counter_name = "COUNTER_1" + accept_log = false + accept_set_next_hop = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" + accept_traffic_class = 10 + } + ] + } + ] +} ` // End of section. //template:end testPrerequisites @@ -239,6 +307,8 @@ func testAccSdwanTransportWANVPNInterfaceT1E1SerialProfileParcelConfig_all() str config += ` preference = 4294967` + "\n" config += ` weight = 250` + "\n" config += ` }]` + "\n" + config += ` acl_ipv4_egress_feature_id = sdwan_transport_ipv4_acl_feature.test.id` + "\n" + config += ` acl_ipv6_ingress_feature_id = sdwan_transport_ipv6_acl_feature.test.id` + "\n" config += ` tcp_mss = 1460` + "\n" config += ` mtu = 1500` + "\n" config += ` ip_mtu = 1500` + "\n"