From 1750c7671d9ffe01a883e681e575f0169dad3c97 Mon Sep 17 00:00:00 2001 From: Sean Conroy Date: Thu, 21 Nov 2024 12:52:12 +0000 Subject: [PATCH] Fix testing issue --- ...olicy_object_unified_tls_ssl_decryption.md | 2 +- .../resource.tf | 2 +- ...t_unified_advanced_inspection_profile.yaml | 23 ++++++++----------- ...icy_object_unified_tls_ssl_decryption.yaml | 6 ++--- ...nified_advanced_inspection_profile_test.go | 23 ++++++++----------- ..._object_unified_tls_ssl_decryption_test.go | 4 ++-- ...olicy_object_unified_tls_ssl_decryption.go | 2 +- ...nified_advanced_inspection_profile_test.go | 23 ++++++++----------- ..._object_unified_tls_ssl_decryption_test.go | 4 ++-- 9 files changed, 40 insertions(+), 49 deletions(-) diff --git a/docs/resources/policy_object_unified_tls_ssl_decryption.md b/docs/resources/policy_object_unified_tls_ssl_decryption.md index af3d2620..aa7bb879 100644 --- a/docs/resources/policy_object_unified_tls_ssl_decryption.md +++ b/docs/resources/policy_object_unified_tls_ssl_decryption.md @@ -23,7 +23,7 @@ resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" { untrusted_certificate = "drop" certificate_revocation_status = "ocsp" unknown_revocation_status = "decrypt" - unsupported_protocol_versions = "drop" + unsupported_protocol_versions = "no-decrypt" unsupported_cipher_suites = "drop" failure_mode = "close" default_ca_certificate_bundle = true diff --git a/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf b/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf index 86e48f19..8aed866c 100644 --- a/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf +++ b/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf @@ -6,7 +6,7 @@ resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" { untrusted_certificate = "drop" certificate_revocation_status = "ocsp" unknown_revocation_status = "decrypt" - unsupported_protocol_versions = "drop" + unsupported_protocol_versions = "no-decrypt" unsupported_cipher_suites = "drop" failure_mode = "close" default_ca_certificate_bundle = true diff --git a/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml b/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml index 6af9a37f..b8f73bda 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml @@ -68,18 +68,15 @@ test_prerequisites: | ] } - resource "sdwan_policy_object_unified_url_filtering" "test" { - name = "TF_TEST_URL_FILTERING" + resource "sdwan_policy_object_unified_url_filtering" "example" { + name = "Example" description = "My Example" feature_profile_id = sdwan_policy_object_feature_profile.test.id web_categories_action = "block" web_categories = ["confirmed-spam-sources"] web_reputation = "suspicious" - url_allow_list_id = sdwan_policy_object_security_url_allow_list.test.id - url_block_list_id = sdwan_policy_object_security_url_block_list.test.id block_page_action = "text" block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" - redirect_url = "www.example.com" enable_alerts = true alerts = ["blacklist"] } @@ -97,14 +94,14 @@ test_prerequisites: | } resource "sdwan_policy_object_unified_intrusion_prevention" "test" { - name = "TF_TEST_INTRUSION" - description = "My Example" - feature_profile_id = sdwan_policy_object_feature_profile.test.id - signature_set = "balanced" - inspection_mode = "detection" - ips_signature_list_id = sdwan_policy_object_security_ips_signature.test.id - log_level = "error" - custom_signature = false + name = "TF_TEST_INTRUSION" + description = "My Example" + feature_profile_id = sdwan_policy_object_feature_profile.test.id + signature_set = "balanced" + inspection_mode = "detection" + ips_signature_allow_list_id = sdwan_policy_object_security_ips_signature.test.id + log_level = "error" + custom_signature = false } resource "sdwan_policy_object_unified_advanced_malware_protection" "test" { diff --git a/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml b/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml index 4801eaad..ca27b2ac 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml @@ -14,10 +14,8 @@ attributes: example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac test_value: sdwan_policy_object_feature_profile.test.id - model_name: sslEnable - tf_name: enable_ssl value: true value_type: "global" - example: true - model_name: expiredCertificate example: drop @@ -25,6 +23,7 @@ attributes: example: drop - model_name: certificateRevocationStatus + tf_name: certificate_revocation_status example: ocsp - model_name: unknownStatus tf_name: unknown_revocation_status @@ -36,7 +35,7 @@ attributes: - model_name: unsupportedProtocolVersions - example: drop + example: no-decrypt - model_name: unsupportedCipherSuites example: drop - model_name: failureMode @@ -72,6 +71,7 @@ attributes: example: TLSv1.2 - model_name: caTpLabel + value_type: "global" value: PROXY-SIGNING-CA test_prerequisites: | diff --git a/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go b/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go index 5d26b518..6abc01c2 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go @@ -77,18 +77,15 @@ resource "sdwan_policy_object_security_url_block_list" "test" { ] } -resource "sdwan_policy_object_unified_url_filtering" "test" { - name = "TF_TEST_URL_FILTERING" +resource "sdwan_policy_object_unified_url_filtering" "example" { + name = "Example" description = "My Example" feature_profile_id = sdwan_policy_object_feature_profile.test.id web_categories_action = "block" web_categories = ["confirmed-spam-sources"] web_reputation = "suspicious" - url_allow_list_id = sdwan_policy_object_security_url_allow_list.test.id - url_block_list_id = sdwan_policy_object_security_url_block_list.test.id block_page_action = "text" block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" - redirect_url = "www.example.com" enable_alerts = true alerts = ["blacklist"] } @@ -106,14 +103,14 @@ resource "sdwan_policy_object_security_ips_signature" "test" { } resource "sdwan_policy_object_unified_intrusion_prevention" "test" { - name = "TF_TEST_INTRUSION" - description = "My Example" - feature_profile_id = sdwan_policy_object_feature_profile.test.id - signature_set = "balanced" - inspection_mode = "detection" - ips_signature_list_id = sdwan_policy_object_security_ips_signature.test.id - log_level = "error" - custom_signature = false + name = "TF_TEST_INTRUSION" + description = "My Example" + feature_profile_id = sdwan_policy_object_feature_profile.test.id + signature_set = "balanced" + inspection_mode = "detection" + ips_signature_allow_list_id = sdwan_policy_object_security_ips_signature.test.id + log_level = "error" + custom_signature = false } resource "sdwan_policy_object_unified_advanced_malware_protection" "test" { diff --git a/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go b/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go index 4df6545f..2caae294 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go @@ -37,7 +37,7 @@ func TestAccDataSourceSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcel(t *t checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "untrusted_certificate", "drop")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "certificate_revocation_status", "ocsp")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unknown_revocation_status", "decrypt")) - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "drop")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "no-decrypt")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_cipher_suites", "drop")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "failure_mode", "close")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "default_ca_certificate_bundle", "true")) @@ -79,7 +79,7 @@ func testAccDataSourceSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcelConfi config += ` untrusted_certificate = "drop"` + "\n" config += ` certificate_revocation_status = "ocsp"` + "\n" config += ` unknown_revocation_status = "decrypt"` + "\n" - config += ` unsupported_protocol_versions = "drop"` + "\n" + config += ` unsupported_protocol_versions = "no-decrypt"` + "\n" config += ` unsupported_cipher_suites = "drop"` + "\n" config += ` failure_mode = "close"` + "\n" config += ` default_ca_certificate_bundle = true` + "\n" diff --git a/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go b/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go index f8e8767c..8d1a4dd2 100644 --- a/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go +++ b/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go @@ -164,7 +164,7 @@ func (data PolicyObjectUnifiedTLSSSLDecryption) toBody(ctx context.Context) stri } } if true { - body, _ = sjson.Set(body, path+"caTpLabel.optionType", "default") + body, _ = sjson.Set(body, path+"caTpLabel.optionType", "global") body, _ = sjson.Set(body, path+"caTpLabel.value", "PROXY-SIGNING-CA") } return body diff --git a/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go b/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go index d2ea4462..2cafe419 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go @@ -78,18 +78,15 @@ resource "sdwan_policy_object_security_url_block_list" "test" { ] } -resource "sdwan_policy_object_unified_url_filtering" "test" { - name = "TF_TEST_URL_FILTERING" +resource "sdwan_policy_object_unified_url_filtering" "example" { + name = "Example" description = "My Example" feature_profile_id = sdwan_policy_object_feature_profile.test.id web_categories_action = "block" web_categories = ["confirmed-spam-sources"] web_reputation = "suspicious" - url_allow_list_id = sdwan_policy_object_security_url_allow_list.test.id - url_block_list_id = sdwan_policy_object_security_url_block_list.test.id block_page_action = "text" block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" - redirect_url = "www.example.com" enable_alerts = true alerts = ["blacklist"] } @@ -107,14 +104,14 @@ resource "sdwan_policy_object_security_ips_signature" "test" { } resource "sdwan_policy_object_unified_intrusion_prevention" "test" { - name = "TF_TEST_INTRUSION" - description = "My Example" - feature_profile_id = sdwan_policy_object_feature_profile.test.id - signature_set = "balanced" - inspection_mode = "detection" - ips_signature_list_id = sdwan_policy_object_security_ips_signature.test.id - log_level = "error" - custom_signature = false + name = "TF_TEST_INTRUSION" + description = "My Example" + feature_profile_id = sdwan_policy_object_feature_profile.test.id + signature_set = "balanced" + inspection_mode = "detection" + ips_signature_allow_list_id = sdwan_policy_object_security_ips_signature.test.id + log_level = "error" + custom_signature = false } resource "sdwan_policy_object_unified_advanced_malware_protection" "test" { diff --git a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go index 35a8e2bc..ce9ccf98 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go @@ -37,7 +37,7 @@ func TestAccSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcel(t *testing.T) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "untrusted_certificate", "drop")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "certificate_revocation_status", "ocsp")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unknown_revocation_status", "decrypt")) - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "drop")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "no-decrypt")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_cipher_suites", "drop")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "failure_mode", "close")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "default_ca_certificate_bundle", "true")) @@ -84,7 +84,7 @@ func testAccSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcelConfig_all() st config += ` untrusted_certificate = "drop"` + "\n" config += ` certificate_revocation_status = "ocsp"` + "\n" config += ` unknown_revocation_status = "decrypt"` + "\n" - config += ` unsupported_protocol_versions = "drop"` + "\n" + config += ` unsupported_protocol_versions = "no-decrypt"` + "\n" config += ` unsupported_cipher_suites = "drop"` + "\n" config += ` failure_mode = "close"` + "\n" config += ` default_ca_certificate_bundle = true` + "\n"