Add cisco vpn interface ipsec feature template resource and data source

CiscoDevNet · Jul 14, 2023 · 353140d · 353140d
1 parent e2acef1
commit 353140d
Show file tree

Hide file tree

Showing 16 changed files with 2,502 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,7 @@
 ## 0.2.1 (unreleased)
 
 - Add `sdwan_cisco_ospf_feature_template` resource and data source
+- Add `sdwan_cisco_vpn_interface_ipsec_feature_template` resource and data source
 
 ## 0.2.0
 

diff --git a/docs/data-sources/cisco_vpn_interface_ipsec_feature_template.md b/docs/data-sources/cisco_vpn_interface_ipsec_feature_template.md
@@ -0,0 +1,87 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_cisco_vpn_interface_ipsec_feature_template Data Source - terraform-provider-sdwan"
+subcategory: "Feature Templates"
+description: |-
+  This data source can read the Cisco VPN Interface IPSec feature template.
+---
+
+# sdwan_cisco_vpn_interface_ipsec_feature_template (Data Source)
+
+This data source can read the Cisco VPN Interface IPSec feature template.
+
+## Example Usage
+
+```terraform
+data "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" {
+  id = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) The id of the feature template
+
+### Read-Only
+
+- `application` (String) Enable Application Tunnel Type
+- `application_variable` (String) Variable name
+- `clear_dont_fragment` (Boolean) Enable clear dont fragment (Currently Only SDWAN Tunnel Interface)
+- `clear_dont_fragment_variable` (String) Variable name
+- `dead_peer_detection_interval` (Number) IKE keepalive interval (seconds)
+- `dead_peer_detection_interval_variable` (String) Variable name
+- `dead_peer_detection_retries` (Number) IKE keepalive retries
+- `dead_peer_detection_retries_variable` (String) Variable name
+- `description` (String) The description of the feature template
+- `device_types` (List of String) List of supported device types
+- `ike_ciphersuite` (String) IKE identity the IKE preshared secret belongs to
+- `ike_ciphersuite_variable` (String) Variable name
+- `ike_group` (String) IKE Diffie Hellman Groups
+- `ike_group_variable` (String) Variable name
+- `ike_mode` (String) IKE integrity protocol
+- `ike_mode_variable` (String) Variable name
+- `ike_pre_shared_key` (String) Use preshared key to authenticate IKE peer
+- `ike_pre_shared_key_local_id` (String) IKE ID for the local endpoint. Input IPv4 address, domain name, or email address
+- `ike_pre_shared_key_local_id_variable` (String) Variable name
+- `ike_pre_shared_key_remote_id` (String) IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address
+- `ike_pre_shared_key_remote_id_variable` (String) Variable name
+- `ike_pre_shared_key_variable` (String) Variable name
+- `ike_rekey_interval` (Number) IKE rekey interval <60..86400> seconds
+- `ike_rekey_interval_variable` (String) Variable name
+- `ike_version` (Number) IKE Version <1..2>
+- `interface_description` (String) Interface description
+- `interface_description_variable` (String) Variable name
+- `interface_name` (String) Interface name: IPsec when present
+- `interface_name_variable` (String) Variable name
+- `ip_address` (String) Assign IPv4 address
+- `ip_address_variable` (String) Variable name
+- `ipsec_ciphersuite` (String) IPsec(ESP) encryption and integrity protocol
+- `ipsec_ciphersuite_variable` (String) Variable name
+- `ipsec_perfect_forward_secrecy` (String) IPsec perfect forward secrecy settings
+- `ipsec_perfect_forward_secrecy_variable` (String) Variable name
+- `ipsec_rekey_interval` (Number) IPsec rekey interval <300..1209600> seconds
+- `ipsec_rekey_interval_variable` (String) Variable name
+- `ipsec_replay_window` (Number) Replay window size 32..8192 (must be a power of 2)
+- `ipsec_replay_window_variable` (String) Variable name
+- `mtu` (Number) Interface MTU <68..9216>, in bytes
+- `mtu_variable` (String) Variable name
+- `name` (String) The name of the feature template
+- `shutdown` (Boolean) Administrative state
+- `shutdown_variable` (String) Variable name
+- `tcp_mss_adjust` (Number) TCP MSS on SYN packets, in bytes
+- `tcp_mss_adjust_variable` (String) Variable name
+- `template_type` (String) The template type
+- `tracker` (List of String) Enable tracker for this interface
+- `tracker_variable` (String) Variable name
+- `tunnel_destination` (String) Tunnel destination IP address
+- `tunnel_destination_variable` (String) Variable name
+- `tunnel_route_via` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid
+- `tunnel_route_via_variable` (String) Variable name
+- `tunnel_source` (String) Tunnel source IP Address
+- `tunnel_source_interface` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid
+- `tunnel_source_interface_variable` (String) Variable name
+- `tunnel_source_variable` (String) Variable name
+- `version` (Number) The version of the feature template
diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md
@@ -10,6 +10,7 @@ description: |-
 ## 0.2.1 (unreleased)
 
 - Add `sdwan_cisco_ospf_feature_template` resource and data source
+- Add `sdwan_cisco_vpn_interface_ipsec_feature_template` resource and data source
 
 ## 0.2.0
 

diff --git a/docs/resources/cisco_vpn_interface_ipsec_feature_template.md b/docs/resources/cisco_vpn_interface_ipsec_feature_template.md
@@ -0,0 +1,159 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_cisco_vpn_interface_ipsec_feature_template Resource - terraform-provider-sdwan"
+subcategory: "Feature Templates"
+description: |-
+  This resource can manage a Cisco VPN Interface IPSec feature template.
+    - Minimum vManage version: 15.0.0
+---
+
+# sdwan_cisco_vpn_interface_ipsec_feature_template (Resource)
+
+This resource can manage a Cisco VPN Interface IPSec feature template.
+  - Minimum vManage version: `15.0.0`
+
+## Example Usage
+
+```terraform
+resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" {
+  name                          = "Example"
+  description                   = "My Example"
+  device_types                  = ["vedge-C8000V"]
+  interface_name                = "ipsec1"
+  shutdown                      = false
+  interface_description         = "My Description"
+  ip_address                    = "1.1.1.1/24"
+  tunnel_source                 = "1.2.3.4"
+  tunnel_source_interface       = "e1"
+  tunnel_destination            = "3.4.5.6"
+  application                   = "sig"
+  tcp_mss_adjust                = 1400
+  clear_dont_fragment           = true
+  mtu                           = 1500
+  dead_peer_detection_interval  = 100
+  dead_peer_detection_retries   = 4
+  ike_version                   = 2
+  ike_mode                      = "main"
+  ike_rekey_interval            = 20000
+  ike_ciphersuite               = "aes256-cbc-sha1"
+  ike_group                     = "20"
+  ike_pre_shared_key            = "cisco123"
+  ike_pre_shared_key_local_id   = "1"
+  ike_pre_shared_key_remote_id  = "2"
+  ipsec_rekey_interval          = 7200
+  ipsec_replay_window           = 128
+  ipsec_ciphersuite             = "aes256-cbc-sha256"
+  ipsec_perfect_forward_secrecy = "group-20"
+  tracker                       = ["TRACKER1"]
+  tunnel_route_via              = "g0/0"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `description` (String) The description of the feature template
+- `device_types` (List of String) List of supported device types
+  - Choices: `vedge-C8000V`, `vedge-C8300-1N1S-4T2X`, `vedge-C8300-1N1S-6T`, `vedge-C8300-2N2S-6T`, `vedge-C8300-2N2S-4T2X`, `vedge-C8500-12X4QC`, `vedge-C8500-12X`, `vedge-C8500-20X6C`, `vedge-C8500L-8S4X`, `vedge-C8200-1N-4T`, `vedge-C8200L-1N-4T`
+- `name` (String) The name of the feature template
+
+### Optional
+
+- `application` (String) Enable Application Tunnel Type
+  - Choices: `none`, `sig`
+  - Default value: `none`
+- `application_variable` (String) Variable name
+- `clear_dont_fragment` (Boolean) Enable clear dont fragment (Currently Only SDWAN Tunnel Interface)
+  - Default value: `false`
+- `clear_dont_fragment_variable` (String) Variable name
+- `dead_peer_detection_interval` (Number) IKE keepalive interval (seconds)
+  - Range: `10`-`3600`
+  - Default value: `10`
+- `dead_peer_detection_interval_variable` (String) Variable name
+- `dead_peer_detection_retries` (Number) IKE keepalive retries
+  - Range: `2`-`60`
+  - Default value: `3`
+- `dead_peer_detection_retries_variable` (String) Variable name
+- `ike_ciphersuite` (String) IKE identity the IKE preshared secret belongs to
+  - Choices: `aes256-cbc-sha1`, `aes256-cbc-sha2`, `aes128-cbc-sha1`, `aes128-cbc-sha2`
+  - Default value: `aes256-cbc-sha1`
+- `ike_ciphersuite_variable` (String) Variable name
+- `ike_group` (String) IKE Diffie Hellman Groups
+  - Choices: `2`, `14`, `15`, `16`, `19`, `20`, `21`, `24`
+  - Default value: `16`
+- `ike_group_variable` (String) Variable name
+- `ike_mode` (String) IKE integrity protocol
+  - Choices: `main`, `aggressive`
+  - Default value: `main`
+- `ike_mode_variable` (String) Variable name
+- `ike_pre_shared_key` (String) Use preshared key to authenticate IKE peer
+- `ike_pre_shared_key_local_id` (String) IKE ID for the local endpoint. Input IPv4 address, domain name, or email address
+- `ike_pre_shared_key_local_id_variable` (String) Variable name
+- `ike_pre_shared_key_remote_id` (String) IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address
+- `ike_pre_shared_key_remote_id_variable` (String) Variable name
+- `ike_pre_shared_key_variable` (String) Variable name
+- `ike_rekey_interval` (Number) IKE rekey interval <60..86400> seconds
+  - Range: `60`-`86400`
+  - Default value: `14400`
+- `ike_rekey_interval_variable` (String) Variable name
+- `ike_version` (Number) IKE Version <1..2>
+  - Range: `1`-`2`
+  - Default value: `1`
+- `interface_description` (String) Interface description
+- `interface_description_variable` (String) Variable name
+- `interface_name` (String) Interface name: IPsec when present
+- `interface_name_variable` (String) Variable name
+- `ip_address` (String) Assign IPv4 address
+- `ip_address_variable` (String) Variable name
+- `ipsec_ciphersuite` (String) IPsec(ESP) encryption and integrity protocol
+  - Choices: `aes256-cbc-sha1`, `aes256-cbc-sha384`, `aes256-cbc-sha256`, `aes256-cbc-sha512`, `aes256-gcm`, `null-sha1`, `null-sha384`, `null-sha256`, `null-sha512`
+  - Default value: `aes256-gcm`
+- `ipsec_ciphersuite_variable` (String) Variable name
+- `ipsec_perfect_forward_secrecy` (String) IPsec perfect forward secrecy settings
+  - Choices: `group-1`, `group-2`, `group-5`, `group-14`, `group-15`, `group-16`, `group-19`, `group-20`, `group-21`, `group-24`, `none`
+  - Default value: `group-16`
+- `ipsec_perfect_forward_secrecy_variable` (String) Variable name
+- `ipsec_rekey_interval` (Number) IPsec rekey interval <300..1209600> seconds
+  - Range: `120`-`2592000`
+  - Default value: `3600`
+- `ipsec_rekey_interval_variable` (String) Variable name
+- `ipsec_replay_window` (Number) Replay window size 32..8192 (must be a power of 2)
+  - Range: `64`-`4096`
+  - Default value: `512`
+- `ipsec_replay_window_variable` (String) Variable name
+- `mtu` (Number) Interface MTU <68..9216>, in bytes
+  - Range: `68`-`9216`
+  - Default value: `1500`
+- `mtu_variable` (String) Variable name
+- `shutdown` (Boolean) Administrative state
+  - Default value: `true`
+- `shutdown_variable` (String) Variable name
+- `tcp_mss_adjust` (Number) TCP MSS on SYN packets, in bytes
+  - Range: `500`-`1460`
+- `tcp_mss_adjust_variable` (String) Variable name
+- `tracker` (List of String) Enable tracker for this interface
+- `tracker_variable` (String) Variable name
+- `tunnel_destination` (String) Tunnel destination IP address
+- `tunnel_destination_variable` (String) Variable name
+- `tunnel_route_via` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid
+- `tunnel_route_via_variable` (String) Variable name
+- `tunnel_source` (String) Tunnel source IP Address
+- `tunnel_source_interface` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid
+- `tunnel_source_interface_variable` (String) Variable name
+- `tunnel_source_variable` (String) Variable name
+
+### Read-Only
+
+- `id` (String) The id of the feature template
+- `template_type` (String) The template type
+- `version` (Number) The version of the feature template
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import sdwan_cisco_vpn_interface_ipsec_feature_template.example "f6b2c44c-693c-4763-b010-895aa3d236bd"
+```
diff --git a/examples/data-sources/sdwan_cisco_vpn_interface_ipsec_feature_template/data-source.tf b/examples/data-sources/sdwan_cisco_vpn_interface_ipsec_feature_template/data-source.tf
@@ -0,0 +1,3 @@
+data "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" {
+  id = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+}
diff --git a/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/import.sh b/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/import.sh
@@ -0,0 +1 @@
+terraform import sdwan_cisco_vpn_interface_ipsec_feature_template.example "f6b2c44c-693c-4763-b010-895aa3d236bd"
diff --git a/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/resource.tf b/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/resource.tf
@@ -0,0 +1,32 @@
+resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" {
+  name                          = "Example"
+  description                   = "My Example"
+  device_types                  = ["vedge-C8000V"]
+  interface_name                = "ipsec1"
+  shutdown                      = false
+  interface_description         = "My Description"
+  ip_address                    = "1.1.1.1/24"
+  tunnel_source                 = "1.2.3.4"
+  tunnel_source_interface       = "e1"
+  tunnel_destination            = "3.4.5.6"
+  application                   = "sig"
+  tcp_mss_adjust                = 1400
+  clear_dont_fragment           = true
+  mtu                           = 1500
+  dead_peer_detection_interval  = 100
+  dead_peer_detection_retries   = 4
+  ike_version                   = 2
+  ike_mode                      = "main"
+  ike_rekey_interval            = 20000
+  ike_ciphersuite               = "aes256-cbc-sha1"
+  ike_group                     = "20"
+  ike_pre_shared_key            = "cisco123"
+  ike_pre_shared_key_local_id   = "1"
+  ike_pre_shared_key_remote_id  = "2"
+  ipsec_rekey_interval          = 7200
+  ipsec_replay_window           = 128
+  ipsec_ciphersuite             = "aes256-cbc-sha256"
+  ipsec_perfect_forward_secrecy = "group-20"
+  tracker                       = ["TRACKER1"]
+  tunnel_route_via              = "g0/0"
+}
diff --git a/gen/definitions/feature_templates/cisco_vpn_interface_ipsec.yaml b/gen/definitions/feature_templates/cisco_vpn_interface_ipsec.yaml
@@ -0,0 +1,67 @@
+---
+name: Cisco VPN Interface IPSec
+minimum_version: 15.0.0
+attributes:
+  - model_name: if-name
+    tf_name: interface_name
+    example: ipsec1
+  - model_name: shutdown
+    example: false
+  - model_name: description
+    tf_name: interface_description
+    example: My Description
+  - model_name: address
+    tf_name: ip_address
+    example: 1.1.1.1/24
+  - model_name: tunnel-source
+    example: 1.2.3.4
+  - model_name: tunnel-source-interface
+    example: e1
+  - model_name: tunnel-destination
+    example: 3.4.5.6
+  - model_name: application
+    example: sig
+  - model_name: tcp-mss-adjust
+    example: 1400
+  - model_name: clear-dont-fragment
+    example: true
+  - model_name: mtu
+    example: 1500
+  - model_name: dpd-interval
+    tf_name: dead_peer_detection_interval
+    example: 100
+  - model_name: dpd-retries
+    tf_name: dead_peer_detection_retries
+    example: 4
+  - model_name: ike-version
+    example: 2
+  - model_name: ike-mode
+    example: main
+  - model_name: ike-rekey-interval
+    example: 20000
+  - model_name: ike-ciphersuite
+    example: aes256-cbc-sha1
+  - model_name: ike-group
+    example: 20
+  - model_name: pre-shared-secret
+    tf_name: ike_pre_shared_key
+    example: cisco123
+  - model_name: ike-local-id
+    tf_name: ike_pre_shared_key_local_id
+    example: 1
+  - model_name: ike-remote-id
+    tf_name: ike_pre_shared_key_remote_id
+    example: 2
+  - model_name: ipsec-rekey-interval
+    example: 7200
+  - model_name: ipsec-replay-window
+    example: 128
+  - model_name: ipsec-ciphersuite
+    example: aes256-cbc-sha256
+  - model_name: perfect-forward-secrecy
+    tf_name: ipsec_perfect_forward_secrecy
+    example: group-20
+  - model_name: tracker
+    example: '["TRACKER1"]'
+  - model_name: tunnel-route-via
+    example: g0/0
diff --git a/gen/generator.go b/gen/generator.go
@@ -353,7 +353,7 @@ func parseFeatureTemplateAttribute(attr *YamlConfigAttribute, model gjson.Result
 		if r.Get("dataType").String() == "string" {
 			t = "string"
 		}
-		if contains([]string{"string", "passphrase", "restrictedPassphrase", "datetimelocal", "ip", "ipv4", "ipv6", "ipv4-prefix", "ipv6-prefix", "dnsHostName", "interfaceList", "tlocExtension", "xConnect", "mac", "remoteAS"}, t) {
+		if contains([]string{"string", "passphrase", "restrictedPassphrase", "datetimelocal", "ip", "ipv4", "ipv6", "ipv4-prefix", "ipv6-prefix", "dnsHostName", "interfaceList", "tlocExtension", "xConnect", "mac", "remoteAS", "ike"}, t) {
 			attr.Type = "String"
 			if t != "passphrase" && t != "restrictedPassphrase" {
 				if r.Get("dataType.minLength").Exists() {