diff --git a/docs/data-sources/policy_object_security_protocol_list.md b/docs/data-sources/policy_object_security_protocol_list.md index 93a054d3..da078f1d 100644 --- a/docs/data-sources/policy_object_security_protocol_list.md +++ b/docs/data-sources/policy_object_security_protocol_list.md @@ -39,4 +39,4 @@ data "sdwan_policy_object_security_protocol_list" "example" { Read-Only: -- `protocol_names` (String) +- `protocol_name` (String) diff --git a/docs/data-sources/policy_object_unified_advanced_malware_protection.md b/docs/data-sources/policy_object_unified_advanced_malware_protection.md index 7488853b..1b550ce6 100644 --- a/docs/data-sources/policy_object_unified_advanced_malware_protection.md +++ b/docs/data-sources/policy_object_unified_advanced_malware_protection.md @@ -37,6 +37,5 @@ data "sdwan_policy_object_unified_advanced_malware_protection" "example" { - `file_analysis_alert_log_level` (String) - `file_analysis_cloud_region` (String) - `file_analysis_file_types` (Set of String) -- `match_all_vpn` (Boolean) - `name` (String) The name of the Policy_object - `version` (Number) The version of the Policy_object diff --git a/docs/data-sources/policy_object_unified_intrusion_prevention.md b/docs/data-sources/policy_object_unified_intrusion_prevention.md index b2694adf..7163816c 100644 --- a/docs/data-sources/policy_object_unified_intrusion_prevention.md +++ b/docs/data-sources/policy_object_unified_intrusion_prevention.md @@ -32,7 +32,7 @@ data "sdwan_policy_object_unified_intrusion_prevention" "example" { - `custom_signature` (Boolean) Can be one of the enum value - `description` (String) The description of the Policy_object - `inspection_mode` (String) Can be one of the enum value -- `ips_signature_list_id` (String) +- `ips_signature_allow_list_id` (String) - `log_level` (String) Can be one of the enum value - `name` (String) The name of the Policy_object - `signature_set` (String) Can be one of the enum value diff --git a/docs/data-sources/policy_object_unified_tls_ssl_decryption.md b/docs/data-sources/policy_object_unified_tls_ssl_decryption.md index 3f535ee7..c65afd1d 100644 --- a/docs/data-sources/policy_object_unified_tls_ssl_decryption.md +++ b/docs/data-sources/policy_object_unified_tls_ssl_decryption.md @@ -35,7 +35,6 @@ data "sdwan_policy_object_unified_tls_ssl_decryption" "example" { - `default_ca_certificate_bundle` (Boolean) - `description` (String) The description of the Policy_object - `ec_key_type` (String) -- `enable_ssl` (Boolean) If false, no other fields should be provided, if true all fields should be provided - `expired_certificate` (String) - `failure_mode` (String) - `file_name` (String) diff --git a/docs/resources/policy_object_security_protocol_list.md b/docs/resources/policy_object_security_protocol_list.md index 83f3c7c5..012fc595 100644 --- a/docs/resources/policy_object_security_protocol_list.md +++ b/docs/resources/policy_object_security_protocol_list.md @@ -21,7 +21,7 @@ resource "sdwan_policy_object_security_protocol_list" "example" { feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" entries = [ { - protocol_names = "aol" + protocol_name = "aol" } ] } @@ -50,7 +50,7 @@ resource "sdwan_policy_object_security_protocol_list" "example" { Optional: -- `protocol_names` (String) - Choices: `snmp`, `icmp`, `tcp`, `udp`, `echo`, `telnet`, `wins`, `n2h2server`, `nntp`, `pptp`, `rtsp`, `bootpc`, `gdoi`, `tacacs`, `gopher`, `icabrowser`, `skinny`, `sunrpc`, `biff`, `router`, `ircs`, `orasrv`, `ms-cluster-net`, `kermit`, `isakmp`, `sshell`, `realsecure`, `ircu`, `appleqtc`, `pwdgen`, `rdb-dbs-disp`, `creativepartnr`, `finger`, `ftps`, `giop`, `rsvd`, `hp-alarm-mgr`, `uucp`, `kerberos`, `imap`, `time`, `bootps`, `tftp`, `oracle`, `snmptrap`, `http`, `qmtp`, `radius`, `oracle-em-vp`, `tarantella`, `pcanywheredata`, `ldap`, `mgcp`, `sqlsrv`, `hsrp`, `cisco-net-mgmt`, `smtp`, `pcanywherestat`, `exec`, `send`, `stun`, `syslog`, `ms-sql-m`, `citrix`, `creativeserver`, `cifs`, `cisco-sys`, `cisco-tna`, `ms-dotnetster`, `gtpv1`, `gtpv0`, `imap3`, `fcip-port`, `netbios-dgm`, `sip-tls`, `pop3s`, `cisco-fna`, `802-11-iapp`, `oem-agent`, `cisco-tdp`, `tr-rsrb`, `r-winsock`, `sql-net`, `syslog-conn`, `tacacs-ds`, `h225ras`, `ace-svr`, `dhcp-failover`, `igmpv3lite`, `irc-serv`, `entrust-svcs`, `dbcontrol_agent`, `cisco-svcs`, `ipsec-msft`, `microsoft-ds`, `ms-sna`, `rsvp_tunnel`, `rsvp-encap`, `hp-collector`, `netbios-ns`, `msexch-routing`, `h323`, `l2tp`, `ldap-admin`, `pop3`, `h323callsigalt`, `ms-sql`, `iscsi-target`, `webster`, `lotusnote`, `ipx`, `entrust-svc-hand`, `citriximaclient`, `rtc-pm-port`, `ftp`, `aol`, `xdmcp`, `oraclenames`, `login`, `iscsi`, `ttc`, `imaps`, `socks`, `ssh`, `dnsix`, `daytime`, `sip`, `discard`, `ntp`, `ldaps`, `https`, `vdolive`, `ica`, `net8-cman`, `cuseeme`, `netstat`, `sms`, `streamworks`, `rtelnet`, `who`, `kazaa`, `ssp`, `dbase`, `timed`, `cddbp`, `telnets`, `ymsgr`, `ident`, `bgp`, `ddns-v3`, `vqp`, `irc`, `ipass`, `x11`, `dns`, `lotusmtap`, `mysql`, `nfs`, `msnmsgr`, `netshow`, `sqlserv`, `hp-managed-node`, `ncp`, `shell`, `realmedia`, `msrpc`, `clp` +- `protocol_name` (String) - Choices: `snmp`, `icmp`, `tcp`, `udp`, `echo`, `telnet`, `wins`, `n2h2server`, `nntp`, `pptp`, `rtsp`, `bootpc`, `gdoi`, `tacacs`, `gopher`, `icabrowser`, `skinny`, `sunrpc`, `biff`, `router`, `ircs`, `orasrv`, `ms-cluster-net`, `kermit`, `isakmp`, `sshell`, `realsecure`, `ircu`, `appleqtc`, `pwdgen`, `rdb-dbs-disp`, `creativepartnr`, `finger`, `ftps`, `giop`, `rsvd`, `hp-alarm-mgr`, `uucp`, `kerberos`, `imap`, `time`, `bootps`, `tftp`, `oracle`, `snmptrap`, `http`, `qmtp`, `radius`, `oracle-em-vp`, `tarantella`, `pcanywheredata`, `ldap`, `mgcp`, `sqlsrv`, `hsrp`, `cisco-net-mgmt`, `smtp`, `pcanywherestat`, `exec`, `send`, `stun`, `syslog`, `ms-sql-m`, `citrix`, `creativeserver`, `cifs`, `cisco-sys`, `cisco-tna`, `ms-dotnetster`, `gtpv1`, `gtpv0`, `imap3`, `fcip-port`, `netbios-dgm`, `sip-tls`, `pop3s`, `cisco-fna`, `802-11-iapp`, `oem-agent`, `cisco-tdp`, `tr-rsrb`, `r-winsock`, `sql-net`, `syslog-conn`, `tacacs-ds`, `h225ras`, `ace-svr`, `dhcp-failover`, `igmpv3lite`, `irc-serv`, `entrust-svcs`, `dbcontrol_agent`, `cisco-svcs`, `ipsec-msft`, `microsoft-ds`, `ms-sna`, `rsvp_tunnel`, `rsvp-encap`, `hp-collector`, `netbios-ns`, `msexch-routing`, `h323`, `l2tp`, `ldap-admin`, `pop3`, `h323callsigalt`, `ms-sql`, `iscsi-target`, `webster`, `lotusnote`, `ipx`, `entrust-svc-hand`, `citriximaclient`, `rtc-pm-port`, `ftp`, `aol`, `xdmcp`, `oraclenames`, `login`, `iscsi`, `ttc`, `imaps`, `socks`, `ssh`, `dnsix`, `daytime`, `sip`, `discard`, `ntp`, `ldaps`, `https`, `vdolive`, `ica`, `net8-cman`, `cuseeme`, `netstat`, `sms`, `streamworks`, `rtelnet`, `who`, `kazaa`, `ssp`, `dbase`, `timed`, `cddbp`, `telnets`, `ymsgr`, `ident`, `bgp`, `ddns-v3`, `vqp`, `irc`, `ipass`, `x11`, `dns`, `lotusmtap`, `mysql`, `nfs`, `msnmsgr`, `netshow`, `sqlserv`, `hp-managed-node`, `ncp`, `shell`, `realmedia`, `msrpc`, `clp` ## Import diff --git a/docs/resources/policy_object_unified_advanced_inspection_profile.md b/docs/resources/policy_object_unified_advanced_inspection_profile.md index bc0e803f..c1283910 100644 --- a/docs/resources/policy_object_unified_advanced_inspection_profile.md +++ b/docs/resources/policy_object_unified_advanced_inspection_profile.md @@ -32,17 +32,17 @@ resource "sdwan_policy_object_unified_advanced_inspection_profile" "example" { ### Required -- `advanced_malware_protection_list_id` (String) - `feature_profile_id` (String) Feature Profile ID -- `intrusion_prevention_list_id` (String) - `name` (String) The name of the Policy_object - `tls_decryption_action` (String) - Choices: `decrypt`, `neverDecrypt`, `skipDecrypt` -- `tls_ssl_profile_list_id` (String) -- `url_filtering_list_id` (String) ### Optional +- `advanced_malware_protection_list_id` (String) - `description` (String) The description of the Policy_object +- `intrusion_prevention_list_id` (String) +- `tls_ssl_profile_list_id` (String) +- `url_filtering_list_id` (String) ### Read-Only diff --git a/docs/resources/policy_object_unified_advanced_malware_protection.md b/docs/resources/policy_object_unified_advanced_malware_protection.md index 9fbbcaa0..c9f8eaa3 100644 --- a/docs/resources/policy_object_unified_advanced_malware_protection.md +++ b/docs/resources/policy_object_unified_advanced_malware_protection.md @@ -19,7 +19,6 @@ resource "sdwan_policy_object_unified_advanced_malware_protection" "example" { name = "Example" description = "My Example" feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" - match_all_vpn = true amp_cloud_region = "nam" amp_cloud_region_est_server = "nam" alert_log_level = "critical" @@ -40,15 +39,16 @@ resource "sdwan_policy_object_unified_advanced_malware_protection" "example" { - `amp_cloud_region_est_server` (String) - Choices: `nam`, `eur`, `apjc` - `feature_profile_id` (String) Feature Profile ID - `file_analysis` (Boolean) -- `file_analysis_alert_log_level` (String) - Choices: `critical`, `warning`, `info` -- `file_analysis_cloud_region` (String) - Choices: `nam`, `eur` -- `file_analysis_file_types` (Set of String) -- `match_all_vpn` (Boolean) - `name` (String) The name of the Policy_object ### Optional - `description` (String) The description of the Policy_object +- `file_analysis_alert_log_level` (String) , Attribute conditional on `file_analysis` being equal to `true` + - Choices: `critical`, `warning`, `info` +- `file_analysis_cloud_region` (String) , Attribute conditional on `file_analysis` being equal to `true` + - Choices: `nam`, `eur` +- `file_analysis_file_types` (Set of String) , Attribute conditional on `file_analysis` being equal to `true` ### Read-Only diff --git a/docs/resources/policy_object_unified_intrusion_prevention.md b/docs/resources/policy_object_unified_intrusion_prevention.md index 3ce12093..0e3df5e4 100644 --- a/docs/resources/policy_object_unified_intrusion_prevention.md +++ b/docs/resources/policy_object_unified_intrusion_prevention.md @@ -16,14 +16,14 @@ This resource can manage a Policy Object Unified Intrusion Prevention Policy_obj ```terraform resource "sdwan_policy_object_unified_intrusion_prevention" "example" { - name = "Example" - description = "My Example" - feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" - signature_set = "balanced" - inspection_mode = "detection" - ips_signature_list_id = "2ad58d78-59ee-46d3-86dd-7b6b7ca09f38" - log_level = "error" - custom_signature = false + name = "Example" + description = "My Example" + feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + signature_set = "balanced" + inspection_mode = "detection" + ips_signature_allow_list_id = "2ad58d78-59ee-46d3-86dd-7b6b7ca09f38" + log_level = "error" + custom_signature = false } ``` @@ -32,11 +32,9 @@ resource "sdwan_policy_object_unified_intrusion_prevention" "example" { ### Required -- `custom_signature` (Boolean) Can be one of the enum value - `feature_profile_id` (String) Feature Profile ID - `inspection_mode` (String) Can be one of the enum value - Choices: `detection`, `protection` -- `ips_signature_list_id` (String) - `log_level` (String) Can be one of the enum value - Choices: `emergency`, `alert`, `critical`, `error`, `warning`, `notice`, `info`, `debug` - `name` (String) The name of the Policy_object @@ -45,7 +43,9 @@ resource "sdwan_policy_object_unified_intrusion_prevention" "example" { ### Optional +- `custom_signature` (Boolean) Can be one of the enum value - `description` (String) The description of the Policy_object +- `ips_signature_allow_list_id` (String) ### Read-Only diff --git a/docs/resources/policy_object_unified_tls_ssl_decryption.md b/docs/resources/policy_object_unified_tls_ssl_decryption.md index e298d7e4..35a2c01d 100644 --- a/docs/resources/policy_object_unified_tls_ssl_decryption.md +++ b/docs/resources/policy_object_unified_tls_ssl_decryption.md @@ -19,12 +19,11 @@ resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" { name = "Example" description = "My Example" feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" - enable_ssl = true expired_certificate = "drop" untrusted_certificate = "drop" certificate_revocation_status = "ocsp" unknown_revocation_status = "decrypt" - unsupported_protocol_versions = "no-decrypt" + unsupported_protocol_versions = "drop" unsupported_cipher_suites = "drop" failure_mode = "close" default_ca_certificate_bundle = true @@ -44,15 +43,12 @@ resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" { - `certificate_revocation_status` (String) If value is none unknown status not required, if value is ocsp then unknown status is required - Choices: `ocsp`, `none` - `ec_key_type` (String) - Choices: `P256`, `P384`, `P521` -- `enable_ssl` (Boolean) If false, no other fields should be provided, if true all fields should be provided - `expired_certificate` (String) - Choices: `decrypt`, `drop` - `failure_mode` (String) - Choices: `close`, `open` - `feature_profile_id` (String) Feature Profile ID - `minimal_tls_ver` (String) - Choices: `TLSv1`, `TLSv1.1`, `TLSv1.2` - `name` (String) The name of the Policy_object - `rsa_keypair_modules` (String) - Choices: `1024`, `2048`, `4096` -- `unknown_revocation_status` (String) Only required if certificateRevocationStatus is oscp, if value is none then field shouldn't be here - - Choices: `decrypt`, `drop` - `unsupported_cipher_suites` (String) - Choices: `no-decrypt`, `drop` - `unsupported_protocol_versions` (String) - Choices: `no-decrypt`, `drop` - `untrusted_certificate` (String) - Choices: `decrypt`, `drop` @@ -63,6 +59,8 @@ resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" { - `default_ca_certificate_bundle` (Boolean) - `description` (String) The description of the Policy_object - `file_name` (String) +- `unknown_revocation_status` (String) Only required if certificateRevocationStatus is oscp, if value is none then field shouldn't be here, Attribute conditional on `certificate_revocation_status` being equal to `ocsp` + - Choices: `decrypt`, `drop` ### Read-Only diff --git a/docs/resources/policy_object_unified_tls_ssl_profile.md b/docs/resources/policy_object_unified_tls_ssl_profile.md index da157cfc..a5d8ede0 100644 --- a/docs/resources/policy_object_unified_tls_ssl_profile.md +++ b/docs/resources/policy_object_unified_tls_ssl_profile.md @@ -37,20 +37,22 @@ resource "sdwan_policy_object_unified_tls_ssl_profile" "example" { ### Required - `decrypt_categories` (Set of String) -- `decrypt_threshold` (String) - Choices: `high-risk`, `low-risk`, `moderate-risk`, `suspicious`, `trustworthy` - `fail_decrypt` (Boolean) - `feature_profile_id` (String) Feature Profile ID - `name` (String) The name of the Policy_object - `no_decrypt_categories` (Set of String) - `pass_through_categories` (Set of String) - `reputation` (Boolean) -- `threshold_categories` (String) - Choices: `high-risk`, `low-risk`, `moderate-risk`, `suspicious`, `trustworthy` -- `url_allow_list_id` (String) -- `url_block_list_id` (String) ### Optional +- `decrypt_threshold` (String) , Attribute conditional on `reputation` being equal to `true` + - Choices: `high-risk`, `low-risk`, `moderate-risk`, `suspicious`, `trustworthy` - `description` (String) The description of the Policy_object +- `threshold_categories` (String) , Attribute conditional on `reputation` being equal to `true` + - Choices: `high-risk`, `low-risk`, `moderate-risk`, `suspicious`, `trustworthy` +- `url_allow_list_id` (String) +- `url_block_list_id` (String) ### Read-Only diff --git a/docs/resources/policy_object_unified_url_filtering.md b/docs/resources/policy_object_unified_url_filtering.md index 40d5587e..a2b545ba 100644 --- a/docs/resources/policy_object_unified_url_filtering.md +++ b/docs/resources/policy_object_unified_url_filtering.md @@ -26,7 +26,6 @@ resource "sdwan_policy_object_unified_url_filtering" "example" { url_block_list_id = "2ad58d78-59ee-46d3-86dd-7b6b7ca09f38" block_page_action = "text" block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" - redirect_url = "www.example.com" enable_alerts = true alerts = ["blacklist"] } @@ -37,22 +36,22 @@ resource "sdwan_policy_object_unified_url_filtering" "example" { ### Required -- `alerts` (Set of String) - `block_page_action` (String) - Choices: `text`, `redirect-url` -- `block_page_contents` (String) - `enable_alerts` (Boolean) - `feature_profile_id` (String) Feature Profile ID - `name` (String) The name of the Policy_object -- `redirect_url` (String) -- `url_allow_list_id` (String) -- `url_block_list_id` (String) - `web_categories` (Set of String) - `web_categories_action` (String) - Choices: `block`, `allow` - `web_reputation` (String) - Choices: `high-risk`, `low-risk`, `moderate-risk`, `suspicious`, `trustworthy` ### Optional +- `alerts` (Set of String) , Attribute conditional on `enable_alerts` being equal to `true` +- `block_page_contents` (String) , Attribute conditional on `block_page_action` being equal to `text` - `description` (String) The description of the Policy_object +- `redirect_url` (String) , Attribute conditional on `block_page_action` being equal to `redirect-url` +- `url_allow_list_id` (String) +- `url_block_list_id` (String) ### Read-Only diff --git a/examples/resources/sdwan_policy_object_security_protocol_list/resource.tf b/examples/resources/sdwan_policy_object_security_protocol_list/resource.tf index d19b8042..5d6a8ef1 100644 --- a/examples/resources/sdwan_policy_object_security_protocol_list/resource.tf +++ b/examples/resources/sdwan_policy_object_security_protocol_list/resource.tf @@ -4,7 +4,7 @@ resource "sdwan_policy_object_security_protocol_list" "example" { feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" entries = [ { - protocol_names = "aol" + protocol_name = "aol" } ] } diff --git a/examples/resources/sdwan_policy_object_unified_advanced_malware_protection/resource.tf b/examples/resources/sdwan_policy_object_unified_advanced_malware_protection/resource.tf index f52ef471..2e018f02 100644 --- a/examples/resources/sdwan_policy_object_unified_advanced_malware_protection/resource.tf +++ b/examples/resources/sdwan_policy_object_unified_advanced_malware_protection/resource.tf @@ -2,7 +2,6 @@ resource "sdwan_policy_object_unified_advanced_malware_protection" "example" { name = "Example" description = "My Example" feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" - match_all_vpn = true amp_cloud_region = "nam" amp_cloud_region_est_server = "nam" alert_log_level = "critical" diff --git a/examples/resources/sdwan_policy_object_unified_intrusion_prevention/resource.tf b/examples/resources/sdwan_policy_object_unified_intrusion_prevention/resource.tf index 4c344961..18d4cb38 100644 --- a/examples/resources/sdwan_policy_object_unified_intrusion_prevention/resource.tf +++ b/examples/resources/sdwan_policy_object_unified_intrusion_prevention/resource.tf @@ -1,10 +1,10 @@ resource "sdwan_policy_object_unified_intrusion_prevention" "example" { - name = "Example" - description = "My Example" - feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" - signature_set = "balanced" - inspection_mode = "detection" - ips_signature_list_id = "2ad58d78-59ee-46d3-86dd-7b6b7ca09f38" - log_level = "error" - custom_signature = false + name = "Example" + description = "My Example" + feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" + signature_set = "balanced" + inspection_mode = "detection" + ips_signature_allow_list_id = "2ad58d78-59ee-46d3-86dd-7b6b7ca09f38" + log_level = "error" + custom_signature = false } diff --git a/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf b/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf index 23a90771..86e48f19 100644 --- a/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf +++ b/examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf @@ -2,12 +2,11 @@ resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" { name = "Example" description = "My Example" feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac" - enable_ssl = true expired_certificate = "drop" untrusted_certificate = "drop" certificate_revocation_status = "ocsp" unknown_revocation_status = "decrypt" - unsupported_protocol_versions = "no-decrypt" + unsupported_protocol_versions = "drop" unsupported_cipher_suites = "drop" failure_mode = "close" default_ca_certificate_bundle = true diff --git a/examples/resources/sdwan_policy_object_unified_url_filtering/resource.tf b/examples/resources/sdwan_policy_object_unified_url_filtering/resource.tf index 553a6a0e..c38f09cf 100644 --- a/examples/resources/sdwan_policy_object_unified_url_filtering/resource.tf +++ b/examples/resources/sdwan_policy_object_unified_url_filtering/resource.tf @@ -9,7 +9,6 @@ resource "sdwan_policy_object_unified_url_filtering" "example" { url_block_list_id = "2ad58d78-59ee-46d3-86dd-7b6b7ca09f38" block_page_action = "text" block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator" - redirect_url = "www.example.com" enable_alerts = true alerts = ["blacklist"] } diff --git a/gen/definitions/profile_parcels/policy_object_security_protocol_list.yaml b/gen/definitions/profile_parcels/policy_object_security_protocol_list.yaml index 023636c4..77ae9978 100644 --- a/gen/definitions/profile_parcels/policy_object_security_protocol_list.yaml +++ b/gen/definitions/profile_parcels/policy_object_security_protocol_list.yaml @@ -17,7 +17,7 @@ attributes: mandatory: true attributes: - model_name: protocolName - tf_name: protocol_names + tf_name: protocol_name id: true mandatory: true example: aol diff --git a/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml b/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml index b8065cf9..6af9a37f 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_advanced_inspection_profile.yaml @@ -18,21 +18,25 @@ attributes: - model_name: refId tf_name: intrusion_prevention_list_id data_path: [intrusionPrevention] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_unified_intrusion_prevention.test.id - model_name: refId tf_name: url_filtering_list_id data_path: [urlFiltering] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_security_url_allow_list.test.id - model_name: refId tf_name: advanced_malware_protection_list_id data_path: [advancedMalwareProtection] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_unified_advanced_malware_protection.test.id - model_name: refId tf_name: tls_ssl_profile_list_id data_path: [sslDecryptionProfile] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_unified_tls_ssl_profile.test.id @@ -107,7 +111,6 @@ test_prerequisites: | name = "TF_TEST_ADVANCED_MALWARE" description = "My Example" feature_profile_id = sdwan_policy_object_feature_profile.test.id - match_all_vpn = true amp_cloud_region = "nam" amp_cloud_region_est_server = "nam" alert_log_level = "critical" diff --git a/gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml b/gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml index 99b17f3f..66014b18 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml @@ -15,27 +15,48 @@ attributes: test_value: sdwan_policy_object_feature_profile.test.id - model_name: matchAllVpn tf_name: match_all_vpn + value: true + value_type: "global" example: true - model_name: fileReputationCloudServer tf_name: amp_cloud_region + mandatory: true example: nam - model_name: fileReputationEstServer tf_name: amp_cloud_region_est_server + mandatory: true example: nam - model_name: fileReputationAlert tf_name: alert_log_level + mandatory: true example: critical - model_name: fileAnalysisEnabled tf_name: file_analysis + mandatory: true example: true - model_name: fileAnalysisCloudServer tf_name: file_analysis_cloud_region + ignore_mandatory: true + conditional_attribute: + name: file_analysis + value: true + type: Bool example: nam - model_name: fileAnalysisFileTypes tf_name: file_analysis_file_types + ignore_mandatory: true + conditional_attribute: + name: file_analysis + value: true + type: Bool example: pdf - model_name: fileAnalysisAlert tf_name: file_analysis_alert_log_level + ignore_mandatory: true + conditional_attribute: + name: file_analysis + value: true + type: Bool example: critical test_prerequisites: | diff --git a/gen/definitions/profile_parcels/policy_object_unified_intrusion_prevention.yaml b/gen/definitions/profile_parcels/policy_object_unified_intrusion_prevention.yaml index 0654a333..57d4f098 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_intrusion_prevention.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_intrusion_prevention.yaml @@ -18,13 +18,15 @@ attributes: - model_name: inspectionMode example: detection - model_name: refId - tf_name: ips_signature_list_id + tf_name: ips_signature_allow_list_id data_path: [signatureAllowedList] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_security_ips_signature.test.id - model_name: logLevel example: error - model_name: customSignature + ignore_mandatory: true example: false test_prerequisites: | diff --git a/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml b/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml index bbe1e470..4801eaad 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml @@ -15,18 +15,28 @@ attributes: test_value: sdwan_policy_object_feature_profile.test.id - model_name: sslEnable tf_name: enable_ssl + value: true + value_type: "global" example: true + - model_name: expiredCertificate example: drop - model_name: untrustedCertificate example: drop + - model_name: certificateRevocationStatus example: ocsp - model_name: unknownStatus tf_name: unknown_revocation_status + ignore_mandatory: true + conditional_attribute: + name: certificate_revocation_status + value: ocsp example: decrypt + + - model_name: unsupportedProtocolVersions - example: no-decrypt + example: drop - model_name: unsupportedCipherSuites example: drop - model_name: failureMode @@ -35,25 +45,32 @@ attributes: tf_name: default_ca_certificate_bundle data_path: [caCertBundle] example: true + - model_name: fileName data_path: [caCertBundle] + ignore_mandatory: true exclude_test: true example: dummy.pem - model_name: bundleString data_path: [caCertBundle] + ignore_mandatory: true exclude_test: true example: testString + - model_name: keyModulus tf_name: rsa_keypair_modules example: 2048 + - model_name: eckeyType tf_name: ec_key_type example: P384 - model_name: certificateLifetime example: 1 + - model_name: minTlsVer tf_name: minimal_tls_ver example: TLSv1.2 + - model_name: caTpLabel value: PROXY-SIGNING-CA diff --git a/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_profile.yaml b/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_profile.yaml index 33b43120..cb942448 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_profile.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_tls_ssl_profile.yaml @@ -24,20 +24,32 @@ attributes: - model_name: reputation example: true - model_name: decryptThreshold + ignore_mandatory: true + conditional_attribute: + name: reputation + value: true + type: Bool example: moderate-risk - model_name: skipDecryptThreshold tf_name: threshold_categories + ignore_mandatory: true + conditional_attribute: + name: reputation + value: true + type: Bool example: moderate-risk - model_name: failDecrypt example: true - model_name: refId tf_name: url_allow_list_id data_path: [urlAllowedList] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_security_url_allow_list.test.id - model_name: refId tf_name: url_block_list_id data_path: [urlBlockedList] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_security_url_block_list.test.id diff --git a/gen/definitions/profile_parcels/policy_object_unified_url_filtering.yaml b/gen/definitions/profile_parcels/policy_object_unified_url_filtering.yaml index 95325943..f3c05f37 100644 --- a/gen/definitions/profile_parcels/policy_object_unified_url_filtering.yaml +++ b/gen/definitions/profile_parcels/policy_object_unified_url_filtering.yaml @@ -14,30 +14,51 @@ attributes: example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac test_value: sdwan_policy_object_feature_profile.test.id - model_name: webCategoriesAction + mandatory: true example: block - model_name: webCategories + mandatory: true example: confirmed-spam-sources - model_name: webReputation + mandatory: true example: suspicious - model_name: refId tf_name: url_allow_list_id data_path: [urlAllowedList] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_security_url_allow_list.test.id - model_name: refId tf_name: url_block_list_id data_path: [urlBlockedList] + ignore_mandatory: true example: 2ad58d78-59ee-46d3-86dd-7b6b7ca09f38 test_value: sdwan_policy_object_security_url_block_list.test.id - model_name: blockPageAction example: text - model_name: blockPageContents + ignore_mandatory: true + conditional_attribute: + name: block_page_action + value: text example: Access to the requested page has been denied. Please contact your Network Administrator - model_name: redirectUrl + ignore_mandatory: true + conditional_attribute: + name: block_page_action + value: redirect-url + exclude_test: true example: www.example.com - model_name: enableAlerts example: true - model_name: alerts + ignore_mandatory: true + conditional_attribute: + name: enable_alerts + value: true + type: Bool + enum_values: ["blacklist", "whitelist", "categories-reputation"] + ignore_enum: true example: blacklist test_prerequisites: | diff --git a/gen/generator.go b/gen/generator.go index e6e56108..08d779a9 100644 --- a/gen/generator.go +++ b/gen/generator.go @@ -231,6 +231,7 @@ type YamlConfigAttribute struct { Reference bool `yaml:"reference"` Variable bool `yaml:"variable"` Mandatory bool `yaml:"mandatory"` + IgnoreMandatory bool `yaml:"ignore_mandatory"` Optional bool `yaml:"optional"` WriteOnly bool `yaml:"write_only"` TfOnly bool `yaml:"tf_only"` @@ -256,6 +257,7 @@ type YamlConfigAttribute struct { DefaultValuePresent bool `yaml:"default_value_present"` DefaultValueEmptyString bool `yaml:"default_value_empty_string"` Value string `yaml:"value"` + ValueType string `yaml:"value_type"` TestValue string `yaml:"test_value"` SecondaryTestValue string `yaml:"secondary_test_value"` MinimumTestValue string `yaml:"minimum_test_value"` @@ -863,6 +865,7 @@ func parseProfileParcelAttribute(attr *YamlConfigAttribute, model gjson.Result, } else { if noGlobal { attr.Value = value.String() + attr.ValueType = "default" } else { attr.DefaultValue = value.String() } @@ -873,6 +876,7 @@ func parseProfileParcelAttribute(attr *YamlConfigAttribute, model gjson.Result, } else { if noGlobal { attr.Value = value.String() + attr.ValueType = "default" } else { attr.DefaultValue = value.String() } @@ -880,6 +884,7 @@ func parseProfileParcelAttribute(attr *YamlConfigAttribute, model gjson.Result, } else if value := d.Get("properties.value.minimum"); value.Exists() { if noGlobal { attr.Value = value.String() + attr.ValueType = "default" } else { attr.DefaultValue = value.String() } @@ -887,7 +892,7 @@ func parseProfileParcelAttribute(attr *YamlConfigAttribute, model gjson.Result, } else if isOneOfAttribute { attr.ExcludeNull = true } else { - if !attr.Variable { + if !attr.Variable && !attr.IgnoreMandatory { attr.Mandatory = true } } diff --git a/gen/schema/schema.yaml b/gen/schema/schema.yaml index 7b7f9be9..b8d03388 100644 --- a/gen/schema/schema.yaml +++ b/gen/schema/schema.yaml @@ -44,6 +44,7 @@ attribute: reference: bool(required=False) # Indicates that the attribute is being used in the url path variable: bool(required=False) # Indicates that this attribute can be provided as a feature template or profile parcel variable mandatory: bool(required=False) # Set to true if the attribute is mandatory + ignore_mandatory: bool(required=False) # Set to true if schema mandatory value should be ignored optional: bool(required=False) # Set to true if the attribute is optional write_only: bool(required=False) # Set to true if the attribute is write-only, meaning we cannot read the value tf_only: bool(required=False) # Set to true if this attribute is only used in Terraform but not added to payload @@ -69,6 +70,7 @@ attribute: default_value_present: bool(required=False) # Set to true if profile parcel has default value in schema default_value_empty_string: bool(required=False) # Set to true if default value should be an empty string value: any(str(), int(), bool(), required=False) # Hardcoded value for the attribute + value_type: str(required=False) # Hardcoded value for the attribute test_value: str(required=False) # Value used for acceptance test secondary_test_value: str(required=False) # Value used for acceptance test minimum_test_value: any(str(), int(), bool(), num(), required=False) # Value used for "minimum" resource acceptance test diff --git a/gen/templates/profile_parcels/model.go b/gen/templates/profile_parcels/model.go index 146d4019..6cbda242 100644 --- a/gen/templates/profile_parcels/model.go +++ b/gen/templates/profile_parcels/model.go @@ -165,7 +165,7 @@ func (data {{camelCase .Name}}) toBody(ctx context.Context) string { {{- range .Attributes}} {{- if .Value}} if true{{if ne .ConditionalAttribute.Name ""}} {{if eq .ConditionalAttribute.Type "Bool"}} && data.{{toGoName .ConditionalAttribute.Name}}.ValueBool() == {{.ConditionalAttribute.Value}} {{else}} && data.{{toGoName .ConditionalAttribute.Name}}.ValueString() == "{{.ConditionalAttribute.Value}}" {{end}}{{end}} { - body, _ = sjson.Set(body, path+"{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", "default") + body, _ = sjson.Set(body, path+"{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", {{if .ValueType}}"{{.ValueType}}"{{else}}"default"{{end}}) body, _ = sjson.Set(body, path+"{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.value", {{if eq .Type "String"}}"{{end}}{{.Value}}{{if eq .Type "String"}}"{{end}}) } {{- else if and (or (eq .Type "String") (eq .Type "Int64") (eq .Type "Float64") (eq .Type "Bool") (isListSet .)) (not .Reference)}} @@ -202,7 +202,7 @@ func (data {{camelCase .Name}}) toBody(ctx context.Context) string { {{- range .Attributes}} {{- if .Value}} if true{{if ne .ConditionalAttribute.Name ""}} {{if eq .ConditionalAttribute.Type "Bool"}} && item.{{toGoName .ConditionalAttribute.Name}}.ValueBool() == {{.ConditionalAttribute.Value}} {{else}} && item.{{toGoName .ConditionalAttribute.Name}}.ValueString() == "{{.ConditionalAttribute.Value}}" {{end}}{{end}} { - itemBody, _ = sjson.Set(itemBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", "default") + itemBody, _ = sjson.Set(itemBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", {{if .ValueType}}"{{.ValueType}}"{{else}}"default"{{end}}) itemBody, _ = sjson.Set(itemBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.value", {{if eq .Type "String"}}"{{end}}{{.Value}}{{if eq .Type "String"}}"{{end}}) } {{- else if or (eq .Type "String") (eq .Type "Int64") (eq .Type "Float64") (eq .Type "Bool") (isListSet .)}} @@ -239,7 +239,7 @@ func (data {{camelCase .Name}}) toBody(ctx context.Context) string { {{- range .Attributes}} {{- if .Value}} if true{{if ne .ConditionalAttribute.Name ""}} {{if eq .ConditionalAttribute.Type "Bool"}} && childItem.{{toGoName .ConditionalAttribute.Name}}.ValueBool() == {{.ConditionalAttribute.Value}} {{else}} && childItem.{{toGoName .ConditionalAttribute.Name}}.ValueString() == "{{.ConditionalAttribute.Value}}" {{end}}{{end}} { - itemChildBody, _ = sjson.Set(itemChildBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", "default") + itemChildBody, _ = sjson.Set(itemChildBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", {{if .ValueType}}"{{.ValueType}}"{{else}}"default"{{end}}) itemChildBody, _ = sjson.Set(itemChildBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.value", {{if eq .Type "String"}}"{{end}}{{.Value}}{{if eq .Type "String"}}"{{end}}) } {{- else if or (eq .Type "String") (eq .Type "Int64") (eq .Type "Float64") (eq .Type "Bool") (isListSet .)}} @@ -276,7 +276,7 @@ func (data {{camelCase .Name}}) toBody(ctx context.Context) string { {{- range .Attributes}} {{- if .Value}} if true{{if ne .ConditionalAttribute.Name ""}} {{if eq .ConditionalAttribute.Type "Bool"}} && childChildItem.{{toGoName .ConditionalAttribute.Name}}.ValueBool() == {{.ConditionalAttribute.Value}} {{else}} && childChildItem.{{toGoName .ConditionalAttribute.Name}}.ValueString() == "{{.ConditionalAttribute.Value}}" {{end}}{{end}} { - itemChildChildBody, _ = sjson.Set(itemChildChildBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", "default") + itemChildChildBody, _ = sjson.Set(itemChildChildBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.optionType", {{if .ValueType}}"{{.ValueType}}"{{else}}"default"{{end}}) itemChildChildBody, _ = sjson.Set(itemChildChildBody, "{{range .DataPath}}{{.}}.{{end}}{{.ModelName}}.value", {{if eq .Type "String"}}"{{end}}{{.Value}}{{if eq .Type "String"}}"{{end}}) } {{- else if or (eq .Type "String") (eq .Type "Int64") (eq .Type "Float64") (eq .Type "Bool") (isListSet .)}} diff --git a/internal/provider/data_source_sdwan_policy_object_security_protocol_list.go b/internal/provider/data_source_sdwan_policy_object_security_protocol_list.go index 9c9cf9a8..9e3d0069 100644 --- a/internal/provider/data_source_sdwan_policy_object_security_protocol_list.go +++ b/internal/provider/data_source_sdwan_policy_object_security_protocol_list.go @@ -82,7 +82,7 @@ func (d *PolicyObjectSecurityProtocolListProfileParcelDataSource) Schema(ctx con Computed: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ - "protocol_names": schema.StringAttribute{ + "protocol_name": schema.StringAttribute{ MarkdownDescription: "", Computed: true, }, diff --git a/internal/provider/data_source_sdwan_policy_object_security_protocol_list_test.go b/internal/provider/data_source_sdwan_policy_object_security_protocol_list_test.go index 63318c0a..6d790819 100644 --- a/internal/provider/data_source_sdwan_policy_object_security_protocol_list_test.go +++ b/internal/provider/data_source_sdwan_policy_object_security_protocol_list_test.go @@ -33,7 +33,7 @@ func TestAccDataSourceSdwanPolicyObjectSecurityProtocolListProfileParcel(t *test t.Skip("skipping test, set environment variable SDWAN_2012") } var checks []resource.TestCheckFunc - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_security_protocol_list.test", "entries.0.protocol_names", "aol")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_security_protocol_list.test", "entries.0.protocol_name", "aol")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -65,7 +65,7 @@ func testAccDataSourceSdwanPolicyObjectSecurityProtocolListProfileParcelConfig() config += ` description = "Terraform integration test"` + "\n" config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" config += ` entries = [{` + "\n" - config += ` protocol_names = "aol"` + "\n" + config += ` protocol_name = "aol"` + "\n" config += ` }]` + "\n" config += `}` + "\n" diff --git a/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go b/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go index 559fcaea..5d26b518 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_advanced_inspection_profile_test.go @@ -120,7 +120,6 @@ resource "sdwan_policy_object_unified_advanced_malware_protection" "test" { name = "TF_TEST_ADVANCED_MALWARE" description = "My Example" feature_profile_id = sdwan_policy_object_feature_profile.test.id - match_all_vpn = true amp_cloud_region = "nam" amp_cloud_region_est_server = "nam" alert_log_level = "critical" diff --git a/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection.go b/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection.go index bdac27de..c578487d 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection.go @@ -78,10 +78,6 @@ func (d *PolicyObjectUnifiedAdvancedMalwareProtectionProfileParcelDataSource) Sc MarkdownDescription: "Feature Profile ID", Required: true, }, - "match_all_vpn": schema.BoolAttribute{ - MarkdownDescription: "", - Computed: true, - }, "amp_cloud_region": schema.StringAttribute{ MarkdownDescription: "", Computed: true, diff --git a/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection_test.go b/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection_test.go index 430083a8..5f7c783e 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_advanced_malware_protection_test.go @@ -33,7 +33,6 @@ func TestAccDataSourceSdwanPolicyObjectUnifiedAdvancedMalwareProtectionProfilePa t.Skip("skipping test, set environment variable SDWAN_2012") } var checks []resource.TestCheckFunc - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_advanced_malware_protection.test", "match_all_vpn", "true")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_advanced_malware_protection.test", "amp_cloud_region", "nam")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_advanced_malware_protection.test", "amp_cloud_region_est_server", "nam")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_advanced_malware_protection.test", "alert_log_level", "critical")) @@ -71,7 +70,6 @@ func testAccDataSourceSdwanPolicyObjectUnifiedAdvancedMalwareProtectionProfilePa config += ` name = "TF_TEST"` + "\n" config += ` description = "Terraform integration test"` + "\n" config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" - config += ` match_all_vpn = true` + "\n" config += ` amp_cloud_region = "nam"` + "\n" config += ` amp_cloud_region_est_server = "nam"` + "\n" config += ` alert_log_level = "critical"` + "\n" diff --git a/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention.go b/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention.go index 87ef4d45..6327ed41 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention.go @@ -85,7 +85,7 @@ func (d *PolicyObjectUnifiedIntrusionPreventionProfileParcelDataSource) Schema(c MarkdownDescription: "Can be one of the enum value", Computed: true, }, - "ips_signature_list_id": schema.StringAttribute{ + "ips_signature_allow_list_id": schema.StringAttribute{ MarkdownDescription: "", Computed: true, }, diff --git a/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention_test.go b/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention_test.go index 6da50085..2ceae697 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_intrusion_prevention_test.go @@ -82,7 +82,7 @@ func testAccDataSourceSdwanPolicyObjectUnifiedIntrusionPreventionProfileParcelCo config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" config += ` signature_set = "balanced"` + "\n" config += ` inspection_mode = "detection"` + "\n" - config += ` ips_signature_list_id = sdwan_policy_object_security_ips_signature.test.id` + "\n" + config += ` ips_signature_allow_list_id = sdwan_policy_object_security_ips_signature.test.id` + "\n" config += ` log_level = "error"` + "\n" config += ` custom_signature = false` + "\n" config += `}` + "\n" diff --git a/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption.go b/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption.go index 9832cb63..59a4fc86 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption.go @@ -77,10 +77,6 @@ func (d *PolicyObjectUnifiedTLSSSLDecryptionProfileParcelDataSource) Schema(ctx MarkdownDescription: "Feature Profile ID", Required: true, }, - "enable_ssl": schema.BoolAttribute{ - MarkdownDescription: "If false, no other fields should be provided, if true all fields should be provided", - Computed: true, - }, "expired_certificate": schema.StringAttribute{ MarkdownDescription: "", Computed: true, diff --git a/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go b/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go index a42c26d9..4df6545f 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_tls_ssl_decryption_test.go @@ -33,12 +33,11 @@ func TestAccDataSourceSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcel(t *t t.Skip("skipping test, set environment variable SDWAN_2012") } var checks []resource.TestCheckFunc - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "enable_ssl", "true")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "expired_certificate", "drop")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "untrusted_certificate", "drop")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "certificate_revocation_status", "ocsp")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unknown_revocation_status", "decrypt")) - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "no-decrypt")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "drop")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_cipher_suites", "drop")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "failure_mode", "close")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_tls_ssl_decryption.test", "default_ca_certificate_bundle", "true")) @@ -76,12 +75,11 @@ func testAccDataSourceSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcelConfi config += ` name = "TF_TEST"` + "\n" config += ` description = "Terraform integration test"` + "\n" config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" - config += ` enable_ssl = true` + "\n" config += ` expired_certificate = "drop"` + "\n" config += ` untrusted_certificate = "drop"` + "\n" config += ` certificate_revocation_status = "ocsp"` + "\n" config += ` unknown_revocation_status = "decrypt"` + "\n" - config += ` unsupported_protocol_versions = "no-decrypt"` + "\n" + config += ` unsupported_protocol_versions = "drop"` + "\n" config += ` unsupported_cipher_suites = "drop"` + "\n" config += ` failure_mode = "close"` + "\n" config += ` default_ca_certificate_bundle = true` + "\n" diff --git a/internal/provider/data_source_sdwan_policy_object_unified_url_filtering_test.go b/internal/provider/data_source_sdwan_policy_object_unified_url_filtering_test.go index 4ea0ddae..098b6e30 100644 --- a/internal/provider/data_source_sdwan_policy_object_unified_url_filtering_test.go +++ b/internal/provider/data_source_sdwan_policy_object_unified_url_filtering_test.go @@ -37,7 +37,6 @@ func TestAccDataSourceSdwanPolicyObjectUnifiedURLFilteringProfileParcel(t *testi checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_url_filtering.test", "web_reputation", "suspicious")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_url_filtering.test", "block_page_action", "text")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_url_filtering.test", "block_page_contents", "Access to the requested page has been denied. Please contact your Network Administrator")) - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_url_filtering.test", "redirect_url", "www.example.com")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_object_unified_url_filtering.test", "enable_alerts", "true")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -98,7 +97,6 @@ func testAccDataSourceSdwanPolicyObjectUnifiedURLFilteringProfileParcelConfig() config += ` url_block_list_id = sdwan_policy_object_security_url_block_list.test.id` + "\n" config += ` block_page_action = "text"` + "\n" config += ` block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator"` + "\n" - config += ` redirect_url = "www.example.com"` + "\n" config += ` enable_alerts = true` + "\n" config += ` alerts = ["blacklist"]` + "\n" config += `}` + "\n" diff --git a/internal/provider/model_sdwan_policy_object_security_protocol_list.go b/internal/provider/model_sdwan_policy_object_security_protocol_list.go index faa1fb3c..51cc7fd0 100644 --- a/internal/provider/model_sdwan_policy_object_security_protocol_list.go +++ b/internal/provider/model_sdwan_policy_object_security_protocol_list.go @@ -41,7 +41,7 @@ type PolicyObjectSecurityProtocolList struct { } type PolicyObjectSecurityProtocolListEntries struct { - ProtocolNames types.String `tfsdk:"protocol_names"` + ProtocolName types.String `tfsdk:"protocol_name"` } // End of section. //template:end types @@ -70,10 +70,10 @@ func (data PolicyObjectSecurityProtocolList) toBody(ctx context.Context) string for _, item := range data.Entries { itemBody := "" - if !item.ProtocolNames.IsNull() { + if !item.ProtocolName.IsNull() { if true { itemBody, _ = sjson.Set(itemBody, "protocolName.optionType", "global") - itemBody, _ = sjson.Set(itemBody, "protocolName.value", item.ProtocolNames.ValueString()) + itemBody, _ = sjson.Set(itemBody, "protocolName.value", item.ProtocolName.ValueString()) } } body, _ = sjson.SetRaw(body, path+"entries.-1", itemBody) @@ -97,12 +97,12 @@ func (data *PolicyObjectSecurityProtocolList) fromBody(ctx context.Context, res data.Entries = make([]PolicyObjectSecurityProtocolListEntries, 0) value.ForEach(func(k, v gjson.Result) bool { item := PolicyObjectSecurityProtocolListEntries{} - item.ProtocolNames = types.StringNull() + item.ProtocolName = types.StringNull() if t := v.Get("protocolName.optionType"); t.Exists() { va := v.Get("protocolName.value") if t.String() == "global" { - item.ProtocolNames = types.StringValue(va.String()) + item.ProtocolName = types.StringValue(va.String()) } } data.Entries = append(data.Entries, item) @@ -124,7 +124,7 @@ func (data *PolicyObjectSecurityProtocolList) updateFromBody(ctx context.Context path := "payload.data." for i := range data.Entries { keys := [...]string{"protocolName"} - keyValues := [...]string{data.Entries[i].ProtocolNames.ValueString()} + keyValues := [...]string{data.Entries[i].ProtocolName.ValueString()} keyValuesVariables := [...]string{""} var r gjson.Result @@ -151,12 +151,12 @@ func (data *PolicyObjectSecurityProtocolList) updateFromBody(ctx context.Context return true }, ) - data.Entries[i].ProtocolNames = types.StringNull() + data.Entries[i].ProtocolName = types.StringNull() if t := r.Get("protocolName.optionType"); t.Exists() { va := r.Get("protocolName.value") if t.String() == "global" { - data.Entries[i].ProtocolNames = types.StringValue(va.String()) + data.Entries[i].ProtocolName = types.StringValue(va.String()) } } } diff --git a/internal/provider/model_sdwan_policy_object_unified_advanced_malware_protection.go b/internal/provider/model_sdwan_policy_object_unified_advanced_malware_protection.go index 3bc71a08..306fc680 100644 --- a/internal/provider/model_sdwan_policy_object_unified_advanced_malware_protection.go +++ b/internal/provider/model_sdwan_policy_object_unified_advanced_malware_protection.go @@ -38,7 +38,6 @@ type PolicyObjectUnifiedAdvancedMalwareProtection struct { Name types.String `tfsdk:"name"` Description types.String `tfsdk:"description"` FeatureProfileId types.String `tfsdk:"feature_profile_id"` - MatchAllVpn types.Bool `tfsdk:"match_all_vpn"` AmpCloudRegion types.String `tfsdk:"amp_cloud_region"` AmpCloudRegionEstServer types.String `tfsdk:"amp_cloud_region_est_server"` AlertLogLevel types.String `tfsdk:"alert_log_level"` @@ -70,11 +69,9 @@ func (data PolicyObjectUnifiedAdvancedMalwareProtection) toBody(ctx context.Cont body, _ = sjson.Set(body, "name", data.Name.ValueString()) body, _ = sjson.Set(body, "description", data.Description.ValueString()) path := "data." - if !data.MatchAllVpn.IsNull() { - if true { - body, _ = sjson.Set(body, path+"matchAllVpn.optionType", "global") - body, _ = sjson.Set(body, path+"matchAllVpn.value", data.MatchAllVpn.ValueBool()) - } + if true { + body, _ = sjson.Set(body, path+"matchAllVpn.optionType", "global") + body, _ = sjson.Set(body, path+"matchAllVpn.value", true) } if !data.AmpCloudRegion.IsNull() { if true { @@ -101,13 +98,13 @@ func (data PolicyObjectUnifiedAdvancedMalwareProtection) toBody(ctx context.Cont } } if !data.FileAnalysisCloudRegion.IsNull() { - if true { + if true && data.FileAnalysis.ValueBool() == true { body, _ = sjson.Set(body, path+"fileAnalysisCloudServer.optionType", "global") body, _ = sjson.Set(body, path+"fileAnalysisCloudServer.value", data.FileAnalysisCloudRegion.ValueString()) } } if !data.FileAnalysisFileTypes.IsNull() { - if true { + if true && data.FileAnalysis.ValueBool() == true { body, _ = sjson.Set(body, path+"fileAnalysisFileTypes.optionType", "global") var values []string data.FileAnalysisFileTypes.ElementsAs(ctx, &values, false) @@ -115,7 +112,7 @@ func (data PolicyObjectUnifiedAdvancedMalwareProtection) toBody(ctx context.Cont } } if !data.FileAnalysisAlertLogLevel.IsNull() { - if true { + if true && data.FileAnalysis.ValueBool() == true { body, _ = sjson.Set(body, path+"fileAnalysisAlert.optionType", "global") body, _ = sjson.Set(body, path+"fileAnalysisAlert.value", data.FileAnalysisAlertLogLevel.ValueString()) } @@ -134,14 +131,6 @@ func (data *PolicyObjectUnifiedAdvancedMalwareProtection) fromBody(ctx context.C data.Description = types.StringNull() } path := "payload.data." - data.MatchAllVpn = types.BoolNull() - - if t := res.Get(path + "matchAllVpn.optionType"); t.Exists() { - va := res.Get(path + "matchAllVpn.value") - if t.String() == "global" { - data.MatchAllVpn = types.BoolValue(va.Bool()) - } - } data.AmpCloudRegion = types.StringNull() if t := res.Get(path + "fileReputationCloudServer.optionType"); t.Exists() { @@ -211,14 +200,6 @@ func (data *PolicyObjectUnifiedAdvancedMalwareProtection) updateFromBody(ctx con data.Description = types.StringNull() } path := "payload.data." - data.MatchAllVpn = types.BoolNull() - - if t := res.Get(path + "matchAllVpn.optionType"); t.Exists() { - va := res.Get(path + "matchAllVpn.value") - if t.String() == "global" { - data.MatchAllVpn = types.BoolValue(va.Bool()) - } - } data.AmpCloudRegion = types.StringNull() if t := res.Get(path + "fileReputationCloudServer.optionType"); t.Exists() { @@ -284,9 +265,6 @@ func (data *PolicyObjectUnifiedAdvancedMalwareProtection) isNull(ctx context.Con if !data.FeatureProfileId.IsNull() { return false } - if !data.MatchAllVpn.IsNull() { - return false - } if !data.AmpCloudRegion.IsNull() { return false } diff --git a/internal/provider/model_sdwan_policy_object_unified_intrusion_prevention.go b/internal/provider/model_sdwan_policy_object_unified_intrusion_prevention.go index 9d5c9599..b6cabdf3 100644 --- a/internal/provider/model_sdwan_policy_object_unified_intrusion_prevention.go +++ b/internal/provider/model_sdwan_policy_object_unified_intrusion_prevention.go @@ -32,16 +32,16 @@ import ( // Section below is generated&owned by "gen/generator.go". //template:begin types type PolicyObjectUnifiedIntrusionPrevention struct { - Id types.String `tfsdk:"id"` - Version types.Int64 `tfsdk:"version"` - Name types.String `tfsdk:"name"` - Description types.String `tfsdk:"description"` - FeatureProfileId types.String `tfsdk:"feature_profile_id"` - SignatureSet types.String `tfsdk:"signature_set"` - InspectionMode types.String `tfsdk:"inspection_mode"` - IpsSignatureListId types.String `tfsdk:"ips_signature_list_id"` - LogLevel types.String `tfsdk:"log_level"` - CustomSignature types.Bool `tfsdk:"custom_signature"` + Id types.String `tfsdk:"id"` + Version types.Int64 `tfsdk:"version"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + FeatureProfileId types.String `tfsdk:"feature_profile_id"` + SignatureSet types.String `tfsdk:"signature_set"` + InspectionMode types.String `tfsdk:"inspection_mode"` + IpsSignatureAllowListId types.String `tfsdk:"ips_signature_allow_list_id"` + LogLevel types.String `tfsdk:"log_level"` + CustomSignature types.Bool `tfsdk:"custom_signature"` } // End of section. //template:end types @@ -78,10 +78,10 @@ func (data PolicyObjectUnifiedIntrusionPrevention) toBody(ctx context.Context) s body, _ = sjson.Set(body, path+"inspectionMode.value", data.InspectionMode.ValueString()) } } - if !data.IpsSignatureListId.IsNull() { + if !data.IpsSignatureAllowListId.IsNull() { if true { body, _ = sjson.Set(body, path+"signatureAllowedList.refId.optionType", "global") - body, _ = sjson.Set(body, path+"signatureAllowedList.refId.value", data.IpsSignatureListId.ValueString()) + body, _ = sjson.Set(body, path+"signatureAllowedList.refId.value", data.IpsSignatureAllowListId.ValueString()) } } if !data.LogLevel.IsNull() { @@ -126,12 +126,12 @@ func (data *PolicyObjectUnifiedIntrusionPrevention) fromBody(ctx context.Context data.InspectionMode = types.StringValue(va.String()) } } - data.IpsSignatureListId = types.StringNull() + data.IpsSignatureAllowListId = types.StringNull() if t := res.Get(path + "signatureAllowedList.refId.optionType"); t.Exists() { va := res.Get(path + "signatureAllowedList.refId.value") if t.String() == "global" { - data.IpsSignatureListId = types.StringValue(va.String()) + data.IpsSignatureAllowListId = types.StringValue(va.String()) } } data.LogLevel = types.StringNull() @@ -179,12 +179,12 @@ func (data *PolicyObjectUnifiedIntrusionPrevention) updateFromBody(ctx context.C data.InspectionMode = types.StringValue(va.String()) } } - data.IpsSignatureListId = types.StringNull() + data.IpsSignatureAllowListId = types.StringNull() if t := res.Get(path + "signatureAllowedList.refId.optionType"); t.Exists() { va := res.Get(path + "signatureAllowedList.refId.value") if t.String() == "global" { - data.IpsSignatureListId = types.StringValue(va.String()) + data.IpsSignatureAllowListId = types.StringValue(va.String()) } } data.LogLevel = types.StringNull() @@ -218,7 +218,7 @@ func (data *PolicyObjectUnifiedIntrusionPrevention) isNull(ctx context.Context, if !data.InspectionMode.IsNull() { return false } - if !data.IpsSignatureListId.IsNull() { + if !data.IpsSignatureAllowListId.IsNull() { return false } if !data.LogLevel.IsNull() { diff --git a/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go b/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go index c717b675..f8e8767c 100644 --- a/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go +++ b/internal/provider/model_sdwan_policy_object_unified_tls_ssl_decryption.go @@ -37,7 +37,6 @@ type PolicyObjectUnifiedTLSSSLDecryption struct { Name types.String `tfsdk:"name"` Description types.String `tfsdk:"description"` FeatureProfileId types.String `tfsdk:"feature_profile_id"` - EnableSsl types.Bool `tfsdk:"enable_ssl"` ExpiredCertificate types.String `tfsdk:"expired_certificate"` UntrustedCertificate types.String `tfsdk:"untrusted_certificate"` CertificateRevocationStatus types.String `tfsdk:"certificate_revocation_status"` @@ -76,11 +75,9 @@ func (data PolicyObjectUnifiedTLSSSLDecryption) toBody(ctx context.Context) stri body, _ = sjson.Set(body, "name", data.Name.ValueString()) body, _ = sjson.Set(body, "description", data.Description.ValueString()) path := "data." - if !data.EnableSsl.IsNull() { - if true { - body, _ = sjson.Set(body, path+"sslEnable.optionType", "global") - body, _ = sjson.Set(body, path+"sslEnable.value", data.EnableSsl.ValueBool()) - } + if true { + body, _ = sjson.Set(body, path+"sslEnable.optionType", "global") + body, _ = sjson.Set(body, path+"sslEnable.value", true) } if !data.ExpiredCertificate.IsNull() { if true { @@ -101,7 +98,7 @@ func (data PolicyObjectUnifiedTLSSSLDecryption) toBody(ctx context.Context) stri } } if !data.UnknownRevocationStatus.IsNull() { - if true { + if true && data.CertificateRevocationStatus.ValueString() == "ocsp" { body, _ = sjson.Set(body, path+"unknownStatus.optionType", "global") body, _ = sjson.Set(body, path+"unknownStatus.value", data.UnknownRevocationStatus.ValueString()) } @@ -184,14 +181,6 @@ func (data *PolicyObjectUnifiedTLSSSLDecryption) fromBody(ctx context.Context, r data.Description = types.StringNull() } path := "payload.data." - data.EnableSsl = types.BoolNull() - - if t := res.Get(path + "sslEnable.optionType"); t.Exists() { - va := res.Get(path + "sslEnable.value") - if t.String() == "global" { - data.EnableSsl = types.BoolValue(va.Bool()) - } - } data.ExpiredCertificate = types.StringNull() if t := res.Get(path + "expiredCertificate.optionType"); t.Exists() { @@ -317,14 +306,6 @@ func (data *PolicyObjectUnifiedTLSSSLDecryption) updateFromBody(ctx context.Cont data.Description = types.StringNull() } path := "payload.data." - data.EnableSsl = types.BoolNull() - - if t := res.Get(path + "sslEnable.optionType"); t.Exists() { - va := res.Get(path + "sslEnable.value") - if t.String() == "global" { - data.EnableSsl = types.BoolValue(va.Bool()) - } - } data.ExpiredCertificate = types.StringNull() if t := res.Get(path + "expiredCertificate.optionType"); t.Exists() { @@ -446,9 +427,6 @@ func (data *PolicyObjectUnifiedTLSSSLDecryption) isNull(ctx context.Context, res if !data.FeatureProfileId.IsNull() { return false } - if !data.EnableSsl.IsNull() { - return false - } if !data.ExpiredCertificate.IsNull() { return false } diff --git a/internal/provider/model_sdwan_policy_object_unified_tls_ssl_profile.go b/internal/provider/model_sdwan_policy_object_unified_tls_ssl_profile.go index 0aafb56a..3348a2e8 100644 --- a/internal/provider/model_sdwan_policy_object_unified_tls_ssl_profile.go +++ b/internal/provider/model_sdwan_policy_object_unified_tls_ssl_profile.go @@ -102,13 +102,13 @@ func (data PolicyObjectUnifiedTLSSSLProfile) toBody(ctx context.Context) string } } if !data.DecryptThreshold.IsNull() { - if true { + if true && data.Reputation.ValueBool() == true { body, _ = sjson.Set(body, path+"decryptThreshold.optionType", "global") body, _ = sjson.Set(body, path+"decryptThreshold.value", data.DecryptThreshold.ValueString()) } } if !data.ThresholdCategories.IsNull() { - if true { + if true && data.Reputation.ValueBool() == true { body, _ = sjson.Set(body, path+"skipDecryptThreshold.optionType", "global") body, _ = sjson.Set(body, path+"skipDecryptThreshold.value", data.ThresholdCategories.ValueString()) } diff --git a/internal/provider/model_sdwan_policy_object_unified_url_filtering.go b/internal/provider/model_sdwan_policy_object_unified_url_filtering.go index 93c3cc31..e641cf9a 100644 --- a/internal/provider/model_sdwan_policy_object_unified_url_filtering.go +++ b/internal/provider/model_sdwan_policy_object_unified_url_filtering.go @@ -111,13 +111,13 @@ func (data PolicyObjectUnifiedURLFiltering) toBody(ctx context.Context) string { } } if !data.BlockPageContents.IsNull() { - if true { + if true && data.BlockPageAction.ValueString() == "text" { body, _ = sjson.Set(body, path+"blockPageContents.optionType", "global") body, _ = sjson.Set(body, path+"blockPageContents.value", data.BlockPageContents.ValueString()) } } if !data.RedirectUrl.IsNull() { - if true { + if true && data.BlockPageAction.ValueString() == "redirect-url" { body, _ = sjson.Set(body, path+"redirectUrl.optionType", "global") body, _ = sjson.Set(body, path+"redirectUrl.value", data.RedirectUrl.ValueString()) } @@ -129,7 +129,7 @@ func (data PolicyObjectUnifiedURLFiltering) toBody(ctx context.Context) string { } } if !data.Alerts.IsNull() { - if true { + if true && data.EnableAlerts.ValueBool() == true { body, _ = sjson.Set(body, path+"alerts.optionType", "global") var values []string data.Alerts.ElementsAs(ctx, &values, false) diff --git a/internal/provider/resource_sdwan_policy_object_security_protocol_list.go b/internal/provider/resource_sdwan_policy_object_security_protocol_list.go index a1c13e47..f188c06f 100644 --- a/internal/provider/resource_sdwan_policy_object_security_protocol_list.go +++ b/internal/provider/resource_sdwan_policy_object_security_protocol_list.go @@ -92,7 +92,7 @@ func (r *PolicyObjectSecurityProtocolListProfileParcelResource) Schema(ctx conte Required: true, NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ - "protocol_names": schema.StringAttribute{ + "protocol_name": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("snmp", "icmp", "tcp", "udp", "echo", "telnet", "wins", "n2h2server", "nntp", "pptp", "rtsp", "bootpc", "gdoi", "tacacs", "gopher", "icabrowser", "skinny", "sunrpc", "biff", "router", "ircs", "orasrv", "ms-cluster-net", "kermit", "isakmp", "sshell", "realsecure", "ircu", "appleqtc", "pwdgen", "rdb-dbs-disp", "creativepartnr", "finger", "ftps", "giop", "rsvd", "hp-alarm-mgr", "uucp", "kerberos", "imap", "time", "bootps", "tftp", "oracle", "snmptrap", "http", "qmtp", "radius", "oracle-em-vp", "tarantella", "pcanywheredata", "ldap", "mgcp", "sqlsrv", "hsrp", "cisco-net-mgmt", "smtp", "pcanywherestat", "exec", "send", "stun", "syslog", "ms-sql-m", "citrix", "creativeserver", "cifs", "cisco-sys", "cisco-tna", "ms-dotnetster", "gtpv1", "gtpv0", "imap3", "fcip-port", "netbios-dgm", "sip-tls", "pop3s", "cisco-fna", "802-11-iapp", "oem-agent", "cisco-tdp", "tr-rsrb", "r-winsock", "sql-net", "syslog-conn", "tacacs-ds", "h225ras", "ace-svr", "dhcp-failover", "igmpv3lite", "irc-serv", "entrust-svcs", "dbcontrol_agent", "cisco-svcs", "ipsec-msft", "microsoft-ds", "ms-sna", "rsvp_tunnel", "rsvp-encap", "hp-collector", "netbios-ns", "msexch-routing", "h323", "l2tp", "ldap-admin", "pop3", "h323callsigalt", "ms-sql", "iscsi-target", "webster", "lotusnote", "ipx", "entrust-svc-hand", "citriximaclient", "rtc-pm-port", "ftp", "aol", "xdmcp", "oraclenames", "login", "iscsi", "ttc", "imaps", "socks", "ssh", "dnsix", "daytime", "sip", "discard", "ntp", "ldaps", "https", "vdolive", "ica", "net8-cman", "cuseeme", "netstat", "sms", "streamworks", "rtelnet", "who", "kazaa", "ssp", "dbase", "timed", "cddbp", "telnets", "ymsgr", "ident", "bgp", "ddns-v3", "vqp", "irc", "ipass", "x11", "dns", "lotusmtap", "mysql", "nfs", "msnmsgr", "netshow", "sqlserv", "hp-managed-node", "ncp", "shell", "realmedia", "msrpc", "clp").String, Optional: true, Validators: []validator.String{ diff --git a/internal/provider/resource_sdwan_policy_object_security_protocol_list_test.go b/internal/provider/resource_sdwan_policy_object_security_protocol_list_test.go index 70a2e6f1..8c965948 100644 --- a/internal/provider/resource_sdwan_policy_object_security_protocol_list_test.go +++ b/internal/provider/resource_sdwan_policy_object_security_protocol_list_test.go @@ -33,7 +33,7 @@ func TestAccSdwanPolicyObjectSecurityProtocolListProfileParcel(t *testing.T) { t.Skip("skipping test, set environment variable SDWAN_2012") } var checks []resource.TestCheckFunc - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_security_protocol_list.test", "entries.0.protocol_names", "aol")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_security_protocol_list.test", "entries.0.protocol_name", "aol")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -70,7 +70,7 @@ func testAccSdwanPolicyObjectSecurityProtocolListProfileParcelConfig_all() strin config += ` description = "Terraform integration test"` + "\n" config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" config += ` entries = [{` + "\n" - config += ` protocol_names = "aol"` + "\n" + config += ` protocol_name = "aol"` + "\n" config += ` }]` + "\n" config += `}` + "\n" return config diff --git a/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile.go b/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile.go index 06884f1a..d88a744e 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile.go +++ b/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile.go @@ -97,28 +97,28 @@ func (r *PolicyObjectUnifiedAdvancedInspectionProfileProfileParcelResource) Sche }, "intrusion_prevention_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, }, "url_filtering_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, }, "advanced_malware_protection_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, }, "tls_ssl_profile_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, diff --git a/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go b/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go index 3f1e7da1..d2ea4462 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_advanced_inspection_profile_test.go @@ -121,7 +121,6 @@ resource "sdwan_policy_object_unified_advanced_malware_protection" "test" { name = "TF_TEST_ADVANCED_MALWARE" description = "My Example" feature_profile_id = sdwan_policy_object_feature_profile.test.id - match_all_vpn = true amp_cloud_region = "nam" amp_cloud_region_est_server = "nam" alert_log_level = "critical" diff --git a/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection.go b/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection.go index e3aed7bf..04f60c95 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection.go +++ b/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection.go @@ -87,10 +87,6 @@ func (r *PolicyObjectUnifiedAdvancedMalwareProtectionProfileParcelResource) Sche MarkdownDescription: helpers.NewAttributeDescription("Feature Profile ID").String, Required: true, }, - "match_all_vpn": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, - }, "amp_cloud_region": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("nam", "eur", "apjc").String, Required: true, @@ -117,20 +113,20 @@ func (r *PolicyObjectUnifiedAdvancedMalwareProtectionProfileParcelResource) Sche Required: true, }, "file_analysis_cloud_region": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("nam", "eur").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `file_analysis` being equal to `true`").AddStringEnumDescription("nam", "eur").String, + Optional: true, Validators: []validator.String{ stringvalidator.OneOf("nam", "eur"), }, }, "file_analysis_file_types": schema.SetAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").String, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `file_analysis` being equal to `true`").String, ElementType: types.StringType, - Required: true, + Optional: true, }, "file_analysis_alert_log_level": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("critical", "warning", "info").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `file_analysis` being equal to `true`").AddStringEnumDescription("critical", "warning", "info").String, + Optional: true, Validators: []validator.String{ stringvalidator.OneOf("critical", "warning", "info"), }, diff --git a/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection_test.go b/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection_test.go index eb555f23..61d8b3c7 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_advanced_malware_protection_test.go @@ -33,7 +33,6 @@ func TestAccSdwanPolicyObjectUnifiedAdvancedMalwareProtectionProfileParcel(t *te t.Skip("skipping test, set environment variable SDWAN_2012") } var checks []resource.TestCheckFunc - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_advanced_malware_protection.test", "match_all_vpn", "true")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_advanced_malware_protection.test", "amp_cloud_region", "nam")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_advanced_malware_protection.test", "amp_cloud_region_est_server", "nam")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_advanced_malware_protection.test", "alert_log_level", "critical")) @@ -76,7 +75,6 @@ func testAccSdwanPolicyObjectUnifiedAdvancedMalwareProtectionProfileParcelConfig config += ` name = "TF_TEST_ALL"` + "\n" config += ` description = "Terraform integration test"` + "\n" config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" - config += ` match_all_vpn = true` + "\n" config += ` amp_cloud_region = "nam"` + "\n" config += ` amp_cloud_region_est_server = "nam"` + "\n" config += ` alert_log_level = "critical"` + "\n" diff --git a/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention.go b/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention.go index b92f9787..41309456 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention.go +++ b/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention.go @@ -102,9 +102,9 @@ func (r *PolicyObjectUnifiedIntrusionPreventionProfileParcelResource) Schema(ctx stringvalidator.OneOf("detection", "protection"), }, }, - "ips_signature_list_id": schema.StringAttribute{ + "ips_signature_allow_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, @@ -118,7 +118,7 @@ func (r *PolicyObjectUnifiedIntrusionPreventionProfileParcelResource) Schema(ctx }, "custom_signature": schema.BoolAttribute{ MarkdownDescription: helpers.NewAttributeDescription("Can be one of the enum value").String, - Required: true, + Optional: true, }, }, } diff --git a/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention_test.go b/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention_test.go index c5da0b00..9a04abba 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_intrusion_prevention_test.go @@ -87,7 +87,7 @@ func testAccSdwanPolicyObjectUnifiedIntrusionPreventionProfileParcelConfig_all() config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" config += ` signature_set = "balanced"` + "\n" config += ` inspection_mode = "detection"` + "\n" - config += ` ips_signature_list_id = sdwan_policy_object_security_ips_signature.test.id` + "\n" + config += ` ips_signature_allow_list_id = sdwan_policy_object_security_ips_signature.test.id` + "\n" config += ` log_level = "error"` + "\n" config += ` custom_signature = false` + "\n" config += `}` + "\n" diff --git a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption.go b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption.go index e64113aa..58ff8068 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption.go +++ b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption.go @@ -87,10 +87,6 @@ func (r *PolicyObjectUnifiedTLSSSLDecryptionProfileParcelResource) Schema(ctx co MarkdownDescription: helpers.NewAttributeDescription("Feature Profile ID").String, Required: true, }, - "enable_ssl": schema.BoolAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("If false, no other fields should be provided, if true all fields should be provided").String, - Required: true, - }, "expired_certificate": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("decrypt", "drop").String, Required: true, @@ -113,8 +109,8 @@ func (r *PolicyObjectUnifiedTLSSSLDecryptionProfileParcelResource) Schema(ctx co }, }, "unknown_revocation_status": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("Only required if certificateRevocationStatus is oscp, if value is none then field shouldn't be here").AddStringEnumDescription("decrypt", "drop").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription("Only required if certificateRevocationStatus is oscp, if value is none then field shouldn't be here, Attribute conditional on `certificate_revocation_status` being equal to `ocsp`").AddStringEnumDescription("decrypt", "drop").String, + Optional: true, Validators: []validator.String{ stringvalidator.OneOf("decrypt", "drop"), }, diff --git a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go index 3fd3f08b..35a8e2bc 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_decryption_test.go @@ -33,12 +33,11 @@ func TestAccSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcel(t *testing.T) t.Skip("skipping test, set environment variable SDWAN_2012") } var checks []resource.TestCheckFunc - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "enable_ssl", "true")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "expired_certificate", "drop")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "untrusted_certificate", "drop")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "certificate_revocation_status", "ocsp")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unknown_revocation_status", "decrypt")) - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "no-decrypt")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_protocol_versions", "drop")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "unsupported_cipher_suites", "drop")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "failure_mode", "close")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_tls_ssl_decryption.test", "default_ca_certificate_bundle", "true")) @@ -81,12 +80,11 @@ func testAccSdwanPolicyObjectUnifiedTLSSSLDecryptionProfileParcelConfig_all() st config += ` name = "TF_TEST_ALL"` + "\n" config += ` description = "Terraform integration test"` + "\n" config += ` feature_profile_id = sdwan_policy_object_feature_profile.test.id` + "\n" - config += ` enable_ssl = true` + "\n" config += ` expired_certificate = "drop"` + "\n" config += ` untrusted_certificate = "drop"` + "\n" config += ` certificate_revocation_status = "ocsp"` + "\n" config += ` unknown_revocation_status = "decrypt"` + "\n" - config += ` unsupported_protocol_versions = "no-decrypt"` + "\n" + config += ` unsupported_protocol_versions = "drop"` + "\n" config += ` unsupported_cipher_suites = "drop"` + "\n" config += ` failure_mode = "close"` + "\n" config += ` default_ca_certificate_bundle = true` + "\n" diff --git a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_profile.go b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_profile.go index c85d05ed..5f4d3697 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_profile.go +++ b/internal/provider/resource_sdwan_policy_object_unified_tls_ssl_profile.go @@ -108,15 +108,15 @@ func (r *PolicyObjectUnifiedTLSSSLProfileProfileParcelResource) Schema(ctx conte Required: true, }, "decrypt_threshold": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("high-risk", "low-risk", "moderate-risk", "suspicious", "trustworthy").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `reputation` being equal to `true`").AddStringEnumDescription("high-risk", "low-risk", "moderate-risk", "suspicious", "trustworthy").String, + Optional: true, Validators: []validator.String{ stringvalidator.OneOf("high-risk", "low-risk", "moderate-risk", "suspicious", "trustworthy"), }, }, "threshold_categories": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").AddStringEnumDescription("high-risk", "low-risk", "moderate-risk", "suspicious", "trustworthy").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `reputation` being equal to `true`").AddStringEnumDescription("high-risk", "low-risk", "moderate-risk", "suspicious", "trustworthy").String, + Optional: true, Validators: []validator.String{ stringvalidator.OneOf("high-risk", "low-risk", "moderate-risk", "suspicious", "trustworthy"), }, @@ -127,14 +127,14 @@ func (r *PolicyObjectUnifiedTLSSSLProfileProfileParcelResource) Schema(ctx conte }, "url_allow_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, }, "url_block_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, diff --git a/internal/provider/resource_sdwan_policy_object_unified_url_filtering.go b/internal/provider/resource_sdwan_policy_object_unified_url_filtering.go index e52ec2ee..ef212fc7 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_url_filtering.go +++ b/internal/provider/resource_sdwan_policy_object_unified_url_filtering.go @@ -109,14 +109,14 @@ func (r *PolicyObjectUnifiedURLFilteringProfileParcelResource) Schema(ctx contex }, "url_allow_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, }, "url_block_list_id": schema.StringAttribute{ MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}`), ""), }, @@ -129,12 +129,12 @@ func (r *PolicyObjectUnifiedURLFilteringProfileParcelResource) Schema(ctx contex }, }, "block_page_contents": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `block_page_action` being equal to `text`").String, + Optional: true, }, "redirect_url": schema.StringAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").String, - Required: true, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `block_page_action` being equal to `redirect-url`").String, + Optional: true, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`^(http://www\.|https://www\.|http://|https://)?[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(/.*)?$`), ""), }, @@ -144,9 +144,9 @@ func (r *PolicyObjectUnifiedURLFilteringProfileParcelResource) Schema(ctx contex Required: true, }, "alerts": schema.SetAttribute{ - MarkdownDescription: helpers.NewAttributeDescription("").String, + MarkdownDescription: helpers.NewAttributeDescription(", Attribute conditional on `enable_alerts` being equal to `true`").String, ElementType: types.StringType, - Required: true, + Optional: true, }, }, } diff --git a/internal/provider/resource_sdwan_policy_object_unified_url_filtering_test.go b/internal/provider/resource_sdwan_policy_object_unified_url_filtering_test.go index faad1e6f..609670c2 100644 --- a/internal/provider/resource_sdwan_policy_object_unified_url_filtering_test.go +++ b/internal/provider/resource_sdwan_policy_object_unified_url_filtering_test.go @@ -37,7 +37,6 @@ func TestAccSdwanPolicyObjectUnifiedURLFilteringProfileParcel(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_url_filtering.test", "web_reputation", "suspicious")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_url_filtering.test", "block_page_action", "text")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_url_filtering.test", "block_page_contents", "Access to the requested page has been denied. Please contact your Network Administrator")) - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_url_filtering.test", "redirect_url", "www.example.com")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_object_unified_url_filtering.test", "enable_alerts", "true")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, @@ -103,7 +102,6 @@ func testAccSdwanPolicyObjectUnifiedURLFilteringProfileParcelConfig_all() string config += ` url_block_list_id = sdwan_policy_object_security_url_block_list.test.id` + "\n" config += ` block_page_action = "text"` + "\n" config += ` block_page_contents = "Access to the requested page has been denied. Please contact your Network Administrator"` + "\n" - config += ` redirect_url = "www.example.com"` + "\n" config += ` enable_alerts = true` + "\n" config += ` alerts = ["blacklist"]` + "\n" config += `}` + "\n"