Skip to content

Commit

Permalink
azurerm_palo_alto_next_generation_firewall_* - support the property…
Browse files Browse the repository at this point in the history
… `trustedRanges` (hashicorp#24459)

* azurerm_palo_alto_next_generation_firewall_* - support the property trustedRanges

* update code

* update code

* update code

* update code

* update code
  • Loading branch information
neil-yechenwei authored Jan 31, 2024
1 parent 1e91cda commit f4227ed
Show file tree
Hide file tree
Showing 9 changed files with 63 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_local_rulestack
network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id
public_ip_address_ids = [azurerm_public_ip.test.id]
egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
trusted_address_ranges = ["20.22.92.11"]
}
dns_settings {
Expand Down Expand Up @@ -240,6 +241,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_local_rulestack
virtual_hub_id = azurerm_virtual_hub.test.id
network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id
public_ip_address_ids = [azurerm_public_ip.test.id]
trusted_address_ranges = ["20.22.92.11", "20.23.92.11"]
}
dns_settings {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_panorama" "test
network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id
public_ip_address_ids = [azurerm_public_ip.test.id]
egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
trusted_address_ranges = ["20.22.92.11"]
}
dns_settings {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_local_rules
network_profile {
public_ip_address_ids = [azurerm_public_ip.test.id]
egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
trusted_address_ranges = ["20.22.92.11", "20.23.92.11"]
vnet_configuration {
virtual_network_id = azurerm_virtual_network.test.id
Expand Down Expand Up @@ -245,6 +246,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_local_rules
network_profile {
public_ip_address_ids = [azurerm_public_ip.test.id]
egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
trusted_address_ranges = ["20.22.92.11", "20.23.92.11"]
vnet_configuration {
virtual_network_id = azurerm_virtual_network.test.id
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_panorama" "
network_profile {
public_ip_address_ids = [azurerm_public_ip.test.id]
egress_nat_ip_address_ids = [azurerm_public_ip.egress.id]
trusted_address_ranges = ["20.22.92.11"]
vnet_configuration {
virtual_network_id = azurerm_virtual_network.test.id
Expand Down
49 changes: 49 additions & 0 deletions internal/services/paloalto/schema/network_profile.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/hashicorp/go-azure-sdk/resource-manager/paloaltonetworks/2023-09-01/firewalls"
networkValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/validate"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
"github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation"
)

type NetworkProfileVnet struct {
Expand All @@ -17,6 +18,7 @@ type NetworkProfileVnet struct {

// Optional
EgressNatIPIDs []string `tfschema:"egress_nat_ip_address_ids"`
TrustedRanges []string `tfschema:"trusted_address_ranges"`
VnetConfiguration []VnetConfiguration `tfschema:"vnet_configuration"`

// Computed
Expand All @@ -30,6 +32,7 @@ type NetworkProfileVHub struct {

// Optional
EgressNatIPIDs []string `tfschema:"egress_nat_ip_address_ids"`
TrustedRanges []string `tfschema:"trusted_address_ranges"`

// Computed
PublicIPs []string `tfschema:"public_ip_addresses"`
Expand Down Expand Up @@ -67,6 +70,18 @@ func VnetNetworkProfileSchema() *pluginsdk.Schema {
},
},

"trusted_address_ranges": {
Type: pluginsdk.TypeList,
Optional: true,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateFunc: validation.Any(
validation.IsCIDR,
validation.IsIPv4Address,
),
},
},

"vnet_configuration": VnetConfigurationSchema(),

// Computed
Expand Down Expand Up @@ -95,6 +110,7 @@ func ExpandNetworkProfileVnet(input []NetworkProfileVnet) firewalls.NetworkProfi
result := firewalls.NetworkProfile{
EnableEgressNat: firewalls.EgressNatDISABLED,
NetworkType: firewalls.NetworkTypeVNET,
TrustedRanges: &[]string{},
}

if len(input) == 0 {
Expand Down Expand Up @@ -124,6 +140,10 @@ func ExpandNetworkProfileVnet(input []NetworkProfileVnet) firewalls.NetworkProfi
result.EgressNatIP = pointer.To(egressNatIPs)
}

if len(profile.TrustedRanges) > 0 {
result.TrustedRanges = pointer.To(profile.TrustedRanges)
}

vnet := profile.VnetConfiguration[0]
result.VnetConfiguration = &firewalls.VnetConfiguration{
TrustSubnet: firewalls.IPAddressSpace{
Expand Down Expand Up @@ -171,6 +191,12 @@ func FlattenNetworkProfileVnet(input firewalls.NetworkProfile) []NetworkProfileV
result.EgressNatIPIDs = egressIds
result.EgressNatIP = egressIPs

trustedRanges := make([]string, 0)
if v := input.TrustedRanges; v != nil {
trustedRanges = pointer.From(v)
}
result.TrustedRanges = trustedRanges

if v := input.VnetConfiguration; v != nil {
vNet := VnetConfiguration{}

Expand Down Expand Up @@ -229,6 +255,18 @@ func VHubNetworkProfileSchema() *pluginsdk.Schema {
},
},

"trusted_address_ranges": {
Type: pluginsdk.TypeList,
Optional: true,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateFunc: validation.Any(
validation.IsCIDR,
validation.IsIPv4Address,
),
},
},

"trusted_subnet_id": {
Type: pluginsdk.TypeString,
Computed: true,
Expand Down Expand Up @@ -268,6 +306,7 @@ func ExpandNetworkProfileVHub(input []NetworkProfileVHub) firewalls.NetworkProfi
result := firewalls.NetworkProfile{
EnableEgressNat: firewalls.EgressNatDISABLED,
EgressNatIP: &[]firewalls.IPAddress{},
TrustedRanges: &[]string{},
}
if len(input) == 0 {
return result
Expand Down Expand Up @@ -297,6 +336,10 @@ func ExpandNetworkProfileVHub(input []NetworkProfileVHub) firewalls.NetworkProfi
result.EgressNatIP = pointer.To(egressNatIPs)
}

if len(profile.TrustedRanges) > 0 {
result.TrustedRanges = pointer.To(profile.TrustedRanges)
}

result.NetworkType = firewalls.NetworkTypeVWAN

result.VwanConfiguration = &firewalls.VwanConfiguration{
Expand Down Expand Up @@ -340,6 +383,12 @@ func FlattenNetworkProfileVHub(input firewalls.NetworkProfile) (*NetworkProfileV
result.EgressNatIPIDs = egressIds
result.EgressNatIP = egressIPs

trustedRanges := make([]string, 0)
if v := input.TrustedRanges; v != nil {
trustedRanges = pointer.From(v)
}
result.TrustedRanges = trustedRanges

if v := input.VwanConfiguration; v != nil {

result.VHubID = pointer.From(v.VHub.ResourceId)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,8 @@ A `network_profile` block supports the following:

* `egress_nat_ip_address_ids` - (Optional) Specifies a list of Public IP IDs to use for Egress NAT.

* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.

## Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,8 @@ A `network_profile` block supports the following:

* `egress_nat_ip_address_ids` - (Optional) Specifies a list of Public IP IDs to use for Egress NAT.

* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.

## Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,8 @@ A `network_profile` block supports the following:

* `egress_nat_ip_address_ids` - (Optional) Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.

* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.

---

A `vnet_configuration` block supports the following:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ A `network_profile` block supports the following:

* `egress_nat_ip_address_ids` - (Optional) Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation.

* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network.

---

A `vnet_configuration` block supports the following:
Expand Down

0 comments on commit f4227ed

Please sign in to comment.