Skip to content

Commit

Permalink
Merge branch 'main' into policy-objects
Browse files Browse the repository at this point in the history
  • Loading branch information
seconroy committed Jul 18, 2024
2 parents a4b8573 + acf71c6 commit 607219f
Show file tree
Hide file tree
Showing 30 changed files with 229 additions and 117 deletions.
25 changes: 16 additions & 9 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,17 +1,24 @@
## 0.3.12 (unreleased)
## 0.3.13

- Add workaround for issue when concurrently deleting security policy objects where the reference count is not updated
- BREAKING CHANGE: Remove default value of `failure_mode` attribute of `sdwan_security_policy` resource
- Add `sdwan_policy_object_feature_profile` resource and data source
- Add `sdwan_policy_object_class_map_profile_parcel` resource and data source
- Add `sdwan_policy_object_color_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_ipv6_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_tloc_profile_parcel` resource and data source
- Add `sdwan_policy_object_expanded_community_profile_parcel` resource and data source
- Add `sdwan_policy_object_extended_community_profile_parcel` resource and data source
- Add `sdwan_policy_object_color_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_ipv6_prefix_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_ipv4_prefix_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_tloc_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_expanded_community_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_extended_community_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_mirror_profile_parcel` resource and data source
- Add `sdwan_policy_object_policer_profile_parcel` resource and data source
- Add `sdwan_policy_object_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_ipv6_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_ipv4_prefix_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_ipv6_prefix_list_profile_parcel` resource and data source

## 0.3.12

- Add `protocol_type` attribute to `sdwan_zone_based_firewall_policy_definition` resource and data source
- Fix payload issue with `sdwan_cisco_sig_credentials_feature_template` resource, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/247)

## 0.3.11

Expand Down
2 changes: 1 addition & 1 deletion docs/data-sources/device.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ This data source can read the Device .

```terraform
data "sdwan_device" "example" {
serial_number = "AEB355490B954ABAB3A430797E9F4A78"
serial_number = "12B53B6E42654E01B98C77C347CE216E"
name = "Controller01"
}
```
Expand Down
1 change: 1 addition & 0 deletions docs/data-sources/zone_based_firewall_policy_definition.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ Read-Only:
Read-Only:

- `policy_id` (String) policy id for selected match entry
- `protocol_type` (String) Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.
- `type` (String) Type of match entry
- `value` (String) value for selected match entry
- `value_variable` (String) variable value for selected match entry if it has variable option (sourceIp & destinationIp)
45 changes: 26 additions & 19 deletions docs/guides/changelog.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,33 @@
---
subcategory: "Guides"
page_title: "Changelog"
description: |-
Changelog
---

# Changelog

## 0.3.12 (unreleased)
---
subcategory: "Guides"
page_title: "Changelog"
description: |-
Changelog
---

# Changelog

## 0.3.13

- Add workaround for issue when concurrently deleting security policy objects where the reference count is not updated
- BREAKING CHANGE: Remove default value of `failure_mode` attribute of `sdwan_security_policy` resource
- Add `sdwan_policy_object_feature_profile` resource and data source
- Add `sdwan_policy_object_class_map_profile_parcel` resource and data source
- Add `sdwan_policy_object_color_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_ipv6_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_tloc_profile_parcel` resource and data source
- Add `sdwan_policy_object_expanded_community_profile_parcel` resource and data source
- Add `sdwan_policy_object_extended_community_profile_parcel` resource and data source
- Add `sdwan_policy_object_color_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_ipv6_prefix_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_data_ipv4_prefix_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_tloc_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_expanded_community_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_extended_community_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_mirror_profile_parcel` resource and data source
- Add `sdwan_policy_object_policer_profile_parcel` resource and data source
- Add `sdwan_policy_object_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_ipv6_prefix_profile_parcel` resource and data source
- Add `sdwan_policy_object_ipv4_prefix_list_profile_parcel` resource and data source
- Add `sdwan_policy_object_ipv6_prefix_list_profile_parcel` resource and data source

## 0.3.12

- Add `protocol_type` attribute to `sdwan_zone_based_firewall_policy_definition` resource and data source
- Fix payload issue with `sdwan_cisco_sig_credentials_feature_template` resource, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/247)

## 0.3.11

Expand Down Expand Up @@ -295,4 +302,4 @@ description: |-
## 0.1.0 (July 23, 2021)

- Initial Release


2 changes: 1 addition & 1 deletion docs/resources/dns_security_policy_definition.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ resource "sdwan_dns_security_policy_definition" "example" {
match_all_vpn = true
dnscrypt = true
umbrella_dns_default = true
cisco_sig_credentials_feature_template_id = "aed8498e-4714-42dc-9425-b17624c7acb4"
cisco_sig_credentials_feature_template_id = "3ac6eef9-bd8f-458d-96a7-a932c90b1e75"
}
```

Expand Down
1 change: 0 additions & 1 deletion docs/resources/security_policy.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ resource "sdwan_security_policy" "example" {
- Choices: `allow`, `deny`
- `failure_mode` (String) Failure mode
- Choices: `open`, `close`
- Default value: `open`
- `high_speed_logging_server_ip` (String) High Speed Logging Server IP
- `high_speed_logging_server_port` (String) High Speed Logging Port
- `high_speed_logging_vpn` (String) High Speed Logging VPN
Expand Down
21 changes: 11 additions & 10 deletions docs/resources/zone_based_firewall_policy_definition.md
Original file line number Diff line number Diff line change
Expand Up @@ -80,13 +80,22 @@ Required:

- `base_action` (String) Base action
- Choices: `pass`, `drop`, `inspect`
- `match_entries` (Attributes List) List of match entries (see [below for nested schema](#nestedatt--rules--match_entries))
- `rule_name` (String) Rule name
- `rule_order` (Number) Rule

Optional:

- `action_entries` (Attributes List) List of actions entries (see [below for nested schema](#nestedatt--rules--action_entries))
- `match_entries` (Attributes List) List of match entries (see [below for nested schema](#nestedatt--rules--match_entries))

<a id="nestedatt--rules--action_entries"></a>
### Nested Schema for `rules.action_entries`

Optional:

- `type` (String) Type of action entry
- Choices: `log`, `connectionEvents`


<a id="nestedatt--rules--match_entries"></a>
### Nested Schema for `rules.match_entries`
Expand All @@ -99,18 +108,10 @@ Required:
Optional:

- `policy_id` (String) policy id for selected match entry
- `protocol_type` (String) Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.
- `value` (String) value for selected match entry
- `value_variable` (String) variable value for selected match entry if it has variable option (sourceIp & destinationIp)


<a id="nestedatt--rules--action_entries"></a>
### Nested Schema for `rules.action_entries`

Optional:

- `type` (String) Type of action entry
- Choices: `log`, `connectionEvents`

## Import

Import is supported using the following syntax:
Expand Down
2 changes: 1 addition & 1 deletion examples/data-sources/sdwan_device/data-source.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
data "sdwan_device" "example" {
serial_number = "AEB355490B954ABAB3A430797E9F4A78"
serial_number = "12B53B6E42654E01B98C77C347CE216E"
name = "Controller01"
}
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,5 @@ resource "sdwan_dns_security_policy_definition" "example" {
match_all_vpn = true
dnscrypt = true
umbrella_dns_default = true
cisco_sig_credentials_feature_template_id = "aed8498e-4714-42dc-9425-b17624c7acb4"
cisco_sig_credentials_feature_template_id = "3ac6eef9-bd8f-458d-96a7-a932c90b1e75"
}
7 changes: 7 additions & 0 deletions gen/definitions/feature_templates/cisco_sig_credentials.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,18 +6,22 @@ attributes:
- model_name: organization
tf_name: zscaler_organization
exclude_ignore: true
requires_const_and_var: true
example: org1
- model_name: partner-base-uri
tf_name: zscaler_partner_base_uri
exclude_ignore: true
requires_const_and_var: true
example: abc
- model_name: username
tf_name: zscaler_username
exclude_ignore: true
requires_const_and_var: true
example: user1
- model_name: password
tf_name: zscaler_password
exclude_ignore: true
requires_const_and_var: true
example: password123
- model_name: cloud-gateway
tf_name: zscaler_cloud_name
Expand All @@ -26,14 +30,17 @@ attributes:
- model_name: partner-id
tf_name: zscaler_partner_username
exclude_ignore: true
requires_const_and_var: true
example: partner1
- model_name: partner-secret
tf_name: zscaler_partner_password
exclude_ignore: true
requires_const_and_var: true
example: password123
- model_name: partner-key
tf_name: zscaler_partner_api_key
exclude_ignore: true
requires_const_and_var: true
example: key123
- model_name: api-key
tf_name: umbrella_api_key
Expand Down
6 changes: 3 additions & 3 deletions gen/definitions/generic/device.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ attributes:
tf_name: serial_number
type: String
description: Serial number for device. Could be board or virtual identifier
example: AEB355490B954ABAB3A430797E9F4A78
example: 12B53B6E42654E01B98C77C347CE216E
query_param: true
- model_name: host-name
tf_name: name
Expand All @@ -32,7 +32,7 @@ attributes:
type: String
description: Unique identifier for device
id: true
example: 8d2f2f23-6e0f-4086-81de-cc3e749faf64
example: cfbf9a9f-801a-4ba9-9d72-9f4e4e7ccdb9
- model_name: site-id
tf_name: site_id
type: String
Expand All @@ -42,7 +42,7 @@ attributes:
tf_name: serial_number
type: String
description: Serial number for device. Could be board or virtual identifier
example: AEB355490B954ABAB3A430797E9F4A78
example: 12B53B6E42654E01B98C77C347CE216E
- model_name: host-name
tf_name: hostname
type: String
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ attributes:
id: true
mandatory: true
description: Credentials feature template ID
example: "aed8498e-4714-42dc-9425-b17624c7acb4"
example: "3ac6eef9-bd8f-458d-96a7-a932c90b1e75"
- tf_name: cisco_sig_credentials_feature_template_version
tf_only: true
type: Version
Expand Down
2 changes: 1 addition & 1 deletion gen/definitions/generic/security_policy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ get_rest_endpoint: /template/policy/security/definition/
has_version: true
id_from_query_path: data
id_from_query_path_attribute: policyId
delete_mutex: true
doc_category: Security Policies
attributes:
- model_name: policyType
Expand Down Expand Up @@ -95,7 +96,6 @@ attributes:
data_path: [policyDefinition, settings]
tf_name: failure_mode
type: String
default_value: open
enum_values: [open, close]
description: Failure mode
example: close
Expand Down
8 changes: 4 additions & 4 deletions gen/definitions/generic/vedge_inventory.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,23 +16,23 @@ attributes:
type: String
description: Chassis Number
id: true
example: C8K-A5032213-D3C7-C452-187E-38CCE4C5AF87
example: C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B
- model_name: site-id
tf_name: site_id
type: String
description: Site id for respective device
example: 2101
example: 1
exclude_test: true
- model_name: serialNumber
tf_name: serial_number
type: String
description: Serial number for device. Could be board or virtual identifier
example: 7d81a6b0983e4f99b862fb3a36018912
example: 52FD47D8
- model_name: host-name
tf_name: hostname
type: String
description: Hostname for respective device
example: SITE2101-C8KV-01
example: Edge1
exclude_test: true
- model_name: validity
type: String
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,6 @@ attributes:
tf_name: match_entries
data_path: [match]
type: List
mandatory: true
min_list: 1
description: List of match entries
attributes:
Expand All @@ -109,6 +108,12 @@ attributes:
description: value for selected match entry
exclude_test: true
example: 2
- model_name: app
tf_name: protocol_type
type: String
description: Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.
exclude_test: true
example: dns
- model_name: vipVariableName
tf_name: value_variable
type: String
Expand All @@ -118,6 +123,7 @@ attributes:
- model_name: actions
tf_name: action_entries
type: List
min_list: 1
description: List of actions entries
attributes:
- model_name: type
Expand Down
1 change: 1 addition & 0 deletions gen/generator.go
Original file line number Diff line number Diff line change
Expand Up @@ -264,6 +264,7 @@ type YamlConfigAttribute struct {
QueryParam bool `yaml:"query_param"`
NoAugmentConfig bool `yaml:"no_augment_config"`
TestTags []string `yaml:"test_tags"`
RequiresConstAndVar bool `yaml:"requires_const_and_var"`
}

type YamlConfigConditionalAttribute struct {
Expand Down
1 change: 1 addition & 0 deletions gen/schema/schema.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ attribute:
query_param: bool(required=False) # Set to true if attribute is a query parameter to be included in request url
no_augment_config: bool(required=False) # If true do not augment with model data
test_tags: list(str(), required=False) # List of test tags, attribute is only included in acceptance tests if an environment variable with one of these tags is configured
requires_const_and_var: bool(required=False) # If true will include both constant and variable values in payload

conditional_attribute:
name: str() # Reference to other attribute
Expand Down
Loading

0 comments on commit 607219f

Please sign in to comment.