-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add cisco vpn interface ipsec feature template resource and data source
- Loading branch information
Showing
16 changed files
with
2,502 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
docs/data-sources/cisco_vpn_interface_ipsec_feature_template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "sdwan_cisco_vpn_interface_ipsec_feature_template Data Source - terraform-provider-sdwan" | ||
subcategory: "Feature Templates" | ||
description: |- | ||
This data source can read the Cisco VPN Interface IPSec feature template. | ||
--- | ||
|
||
# sdwan_cisco_vpn_interface_ipsec_feature_template (Data Source) | ||
|
||
This data source can read the Cisco VPN Interface IPSec feature template. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
data "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { | ||
id = "f6b2c44c-693c-4763-b010-895aa3d236bd" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `id` (String) The id of the feature template | ||
|
||
### Read-Only | ||
|
||
- `application` (String) Enable Application Tunnel Type | ||
- `application_variable` (String) Variable name | ||
- `clear_dont_fragment` (Boolean) Enable clear dont fragment (Currently Only SDWAN Tunnel Interface) | ||
- `clear_dont_fragment_variable` (String) Variable name | ||
- `dead_peer_detection_interval` (Number) IKE keepalive interval (seconds) | ||
- `dead_peer_detection_interval_variable` (String) Variable name | ||
- `dead_peer_detection_retries` (Number) IKE keepalive retries | ||
- `dead_peer_detection_retries_variable` (String) Variable name | ||
- `description` (String) The description of the feature template | ||
- `device_types` (List of String) List of supported device types | ||
- `ike_ciphersuite` (String) IKE identity the IKE preshared secret belongs to | ||
- `ike_ciphersuite_variable` (String) Variable name | ||
- `ike_group` (String) IKE Diffie Hellman Groups | ||
- `ike_group_variable` (String) Variable name | ||
- `ike_mode` (String) IKE integrity protocol | ||
- `ike_mode_variable` (String) Variable name | ||
- `ike_pre_shared_key` (String) Use preshared key to authenticate IKE peer | ||
- `ike_pre_shared_key_local_id` (String) IKE ID for the local endpoint. Input IPv4 address, domain name, or email address | ||
- `ike_pre_shared_key_local_id_variable` (String) Variable name | ||
- `ike_pre_shared_key_remote_id` (String) IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address | ||
- `ike_pre_shared_key_remote_id_variable` (String) Variable name | ||
- `ike_pre_shared_key_variable` (String) Variable name | ||
- `ike_rekey_interval` (Number) IKE rekey interval <60..86400> seconds | ||
- `ike_rekey_interval_variable` (String) Variable name | ||
- `ike_version` (Number) IKE Version <1..2> | ||
- `interface_description` (String) Interface description | ||
- `interface_description_variable` (String) Variable name | ||
- `interface_name` (String) Interface name: IPsec when present | ||
- `interface_name_variable` (String) Variable name | ||
- `ip_address` (String) Assign IPv4 address | ||
- `ip_address_variable` (String) Variable name | ||
- `ipsec_ciphersuite` (String) IPsec(ESP) encryption and integrity protocol | ||
- `ipsec_ciphersuite_variable` (String) Variable name | ||
- `ipsec_perfect_forward_secrecy` (String) IPsec perfect forward secrecy settings | ||
- `ipsec_perfect_forward_secrecy_variable` (String) Variable name | ||
- `ipsec_rekey_interval` (Number) IPsec rekey interval <300..1209600> seconds | ||
- `ipsec_rekey_interval_variable` (String) Variable name | ||
- `ipsec_replay_window` (Number) Replay window size 32..8192 (must be a power of 2) | ||
- `ipsec_replay_window_variable` (String) Variable name | ||
- `mtu` (Number) Interface MTU <68..9216>, in bytes | ||
- `mtu_variable` (String) Variable name | ||
- `name` (String) The name of the feature template | ||
- `shutdown` (Boolean) Administrative state | ||
- `shutdown_variable` (String) Variable name | ||
- `tcp_mss_adjust` (Number) TCP MSS on SYN packets, in bytes | ||
- `tcp_mss_adjust_variable` (String) Variable name | ||
- `template_type` (String) The template type | ||
- `tracker` (List of String) Enable tracker for this interface | ||
- `tracker_variable` (String) Variable name | ||
- `tunnel_destination` (String) Tunnel destination IP address | ||
- `tunnel_destination_variable` (String) Variable name | ||
- `tunnel_route_via` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid | ||
- `tunnel_route_via_variable` (String) Variable name | ||
- `tunnel_source` (String) Tunnel source IP Address | ||
- `tunnel_source_interface` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid | ||
- `tunnel_source_interface_variable` (String) Variable name | ||
- `tunnel_source_variable` (String) Variable name | ||
- `version` (Number) The version of the feature template |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
159 changes: 159 additions & 0 deletions
159
docs/resources/cisco_vpn_interface_ipsec_feature_template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
--- | ||
# generated by https://github.com/hashicorp/terraform-plugin-docs | ||
page_title: "sdwan_cisco_vpn_interface_ipsec_feature_template Resource - terraform-provider-sdwan" | ||
subcategory: "Feature Templates" | ||
description: |- | ||
This resource can manage a Cisco VPN Interface IPSec feature template. | ||
- Minimum vManage version: 15.0.0 | ||
--- | ||
|
||
# sdwan_cisco_vpn_interface_ipsec_feature_template (Resource) | ||
|
||
This resource can manage a Cisco VPN Interface IPSec feature template. | ||
- Minimum vManage version: `15.0.0` | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { | ||
name = "Example" | ||
description = "My Example" | ||
device_types = ["vedge-C8000V"] | ||
interface_name = "ipsec1" | ||
shutdown = false | ||
interface_description = "My Description" | ||
ip_address = "1.1.1.1/24" | ||
tunnel_source = "1.2.3.4" | ||
tunnel_source_interface = "e1" | ||
tunnel_destination = "3.4.5.6" | ||
application = "sig" | ||
tcp_mss_adjust = 1400 | ||
clear_dont_fragment = true | ||
mtu = 1500 | ||
dead_peer_detection_interval = 100 | ||
dead_peer_detection_retries = 4 | ||
ike_version = 2 | ||
ike_mode = "main" | ||
ike_rekey_interval = 20000 | ||
ike_ciphersuite = "aes256-cbc-sha1" | ||
ike_group = "20" | ||
ike_pre_shared_key = "cisco123" | ||
ike_pre_shared_key_local_id = "1" | ||
ike_pre_shared_key_remote_id = "2" | ||
ipsec_rekey_interval = 7200 | ||
ipsec_replay_window = 128 | ||
ipsec_ciphersuite = "aes256-cbc-sha256" | ||
ipsec_perfect_forward_secrecy = "group-20" | ||
tracker = ["TRACKER1"] | ||
tunnel_route_via = "g0/0" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `description` (String) The description of the feature template | ||
- `device_types` (List of String) List of supported device types | ||
- Choices: `vedge-C8000V`, `vedge-C8300-1N1S-4T2X`, `vedge-C8300-1N1S-6T`, `vedge-C8300-2N2S-6T`, `vedge-C8300-2N2S-4T2X`, `vedge-C8500-12X4QC`, `vedge-C8500-12X`, `vedge-C8500-20X6C`, `vedge-C8500L-8S4X`, `vedge-C8200-1N-4T`, `vedge-C8200L-1N-4T` | ||
- `name` (String) The name of the feature template | ||
|
||
### Optional | ||
|
||
- `application` (String) Enable Application Tunnel Type | ||
- Choices: `none`, `sig` | ||
- Default value: `none` | ||
- `application_variable` (String) Variable name | ||
- `clear_dont_fragment` (Boolean) Enable clear dont fragment (Currently Only SDWAN Tunnel Interface) | ||
- Default value: `false` | ||
- `clear_dont_fragment_variable` (String) Variable name | ||
- `dead_peer_detection_interval` (Number) IKE keepalive interval (seconds) | ||
- Range: `10`-`3600` | ||
- Default value: `10` | ||
- `dead_peer_detection_interval_variable` (String) Variable name | ||
- `dead_peer_detection_retries` (Number) IKE keepalive retries | ||
- Range: `2`-`60` | ||
- Default value: `3` | ||
- `dead_peer_detection_retries_variable` (String) Variable name | ||
- `ike_ciphersuite` (String) IKE identity the IKE preshared secret belongs to | ||
- Choices: `aes256-cbc-sha1`, `aes256-cbc-sha2`, `aes128-cbc-sha1`, `aes128-cbc-sha2` | ||
- Default value: `aes256-cbc-sha1` | ||
- `ike_ciphersuite_variable` (String) Variable name | ||
- `ike_group` (String) IKE Diffie Hellman Groups | ||
- Choices: `2`, `14`, `15`, `16`, `19`, `20`, `21`, `24` | ||
- Default value: `16` | ||
- `ike_group_variable` (String) Variable name | ||
- `ike_mode` (String) IKE integrity protocol | ||
- Choices: `main`, `aggressive` | ||
- Default value: `main` | ||
- `ike_mode_variable` (String) Variable name | ||
- `ike_pre_shared_key` (String) Use preshared key to authenticate IKE peer | ||
- `ike_pre_shared_key_local_id` (String) IKE ID for the local endpoint. Input IPv4 address, domain name, or email address | ||
- `ike_pre_shared_key_local_id_variable` (String) Variable name | ||
- `ike_pre_shared_key_remote_id` (String) IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address | ||
- `ike_pre_shared_key_remote_id_variable` (String) Variable name | ||
- `ike_pre_shared_key_variable` (String) Variable name | ||
- `ike_rekey_interval` (Number) IKE rekey interval <60..86400> seconds | ||
- Range: `60`-`86400` | ||
- Default value: `14400` | ||
- `ike_rekey_interval_variable` (String) Variable name | ||
- `ike_version` (Number) IKE Version <1..2> | ||
- Range: `1`-`2` | ||
- Default value: `1` | ||
- `interface_description` (String) Interface description | ||
- `interface_description_variable` (String) Variable name | ||
- `interface_name` (String) Interface name: IPsec when present | ||
- `interface_name_variable` (String) Variable name | ||
- `ip_address` (String) Assign IPv4 address | ||
- `ip_address_variable` (String) Variable name | ||
- `ipsec_ciphersuite` (String) IPsec(ESP) encryption and integrity protocol | ||
- Choices: `aes256-cbc-sha1`, `aes256-cbc-sha384`, `aes256-cbc-sha256`, `aes256-cbc-sha512`, `aes256-gcm`, `null-sha1`, `null-sha384`, `null-sha256`, `null-sha512` | ||
- Default value: `aes256-gcm` | ||
- `ipsec_ciphersuite_variable` (String) Variable name | ||
- `ipsec_perfect_forward_secrecy` (String) IPsec perfect forward secrecy settings | ||
- Choices: `group-1`, `group-2`, `group-5`, `group-14`, `group-15`, `group-16`, `group-19`, `group-20`, `group-21`, `group-24`, `none` | ||
- Default value: `group-16` | ||
- `ipsec_perfect_forward_secrecy_variable` (String) Variable name | ||
- `ipsec_rekey_interval` (Number) IPsec rekey interval <300..1209600> seconds | ||
- Range: `120`-`2592000` | ||
- Default value: `3600` | ||
- `ipsec_rekey_interval_variable` (String) Variable name | ||
- `ipsec_replay_window` (Number) Replay window size 32..8192 (must be a power of 2) | ||
- Range: `64`-`4096` | ||
- Default value: `512` | ||
- `ipsec_replay_window_variable` (String) Variable name | ||
- `mtu` (Number) Interface MTU <68..9216>, in bytes | ||
- Range: `68`-`9216` | ||
- Default value: `1500` | ||
- `mtu_variable` (String) Variable name | ||
- `shutdown` (Boolean) Administrative state | ||
- Default value: `true` | ||
- `shutdown_variable` (String) Variable name | ||
- `tcp_mss_adjust` (Number) TCP MSS on SYN packets, in bytes | ||
- Range: `500`-`1460` | ||
- `tcp_mss_adjust_variable` (String) Variable name | ||
- `tracker` (List of String) Enable tracker for this interface | ||
- `tracker_variable` (String) Variable name | ||
- `tunnel_destination` (String) Tunnel destination IP address | ||
- `tunnel_destination_variable` (String) Variable name | ||
- `tunnel_route_via` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid | ||
- `tunnel_route_via_variable` (String) Variable name | ||
- `tunnel_source` (String) Tunnel source IP Address | ||
- `tunnel_source_interface` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid | ||
- `tunnel_source_interface_variable` (String) Variable name | ||
- `tunnel_source_variable` (String) Variable name | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The id of the feature template | ||
- `template_type` (String) The template type | ||
- `version` (Number) The version of the feature template | ||
|
||
## Import | ||
|
||
Import is supported using the following syntax: | ||
|
||
```shell | ||
terraform import sdwan_cisco_vpn_interface_ipsec_feature_template.example "f6b2c44c-693c-4763-b010-895aa3d236bd" | ||
``` |
3 changes: 3 additions & 0 deletions
3
examples/data-sources/sdwan_cisco_vpn_interface_ipsec_feature_template/data-source.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
data "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { | ||
id = "f6b2c44c-693c-4763-b010-895aa3d236bd" | ||
} |
1 change: 1 addition & 0 deletions
1
examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/import.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
terraform import sdwan_cisco_vpn_interface_ipsec_feature_template.example "f6b2c44c-693c-4763-b010-895aa3d236bd" |
32 changes: 32 additions & 0 deletions
32
examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/resource.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { | ||
name = "Example" | ||
description = "My Example" | ||
device_types = ["vedge-C8000V"] | ||
interface_name = "ipsec1" | ||
shutdown = false | ||
interface_description = "My Description" | ||
ip_address = "1.1.1.1/24" | ||
tunnel_source = "1.2.3.4" | ||
tunnel_source_interface = "e1" | ||
tunnel_destination = "3.4.5.6" | ||
application = "sig" | ||
tcp_mss_adjust = 1400 | ||
clear_dont_fragment = true | ||
mtu = 1500 | ||
dead_peer_detection_interval = 100 | ||
dead_peer_detection_retries = 4 | ||
ike_version = 2 | ||
ike_mode = "main" | ||
ike_rekey_interval = 20000 | ||
ike_ciphersuite = "aes256-cbc-sha1" | ||
ike_group = "20" | ||
ike_pre_shared_key = "cisco123" | ||
ike_pre_shared_key_local_id = "1" | ||
ike_pre_shared_key_remote_id = "2" | ||
ipsec_rekey_interval = 7200 | ||
ipsec_replay_window = 128 | ||
ipsec_ciphersuite = "aes256-cbc-sha256" | ||
ipsec_perfect_forward_secrecy = "group-20" | ||
tracker = ["TRACKER1"] | ||
tunnel_route_via = "g0/0" | ||
} |
67 changes: 67 additions & 0 deletions
67
gen/definitions/feature_templates/cisco_vpn_interface_ipsec.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
--- | ||
name: Cisco VPN Interface IPSec | ||
minimum_version: 15.0.0 | ||
attributes: | ||
- model_name: if-name | ||
tf_name: interface_name | ||
example: ipsec1 | ||
- model_name: shutdown | ||
example: false | ||
- model_name: description | ||
tf_name: interface_description | ||
example: My Description | ||
- model_name: address | ||
tf_name: ip_address | ||
example: 1.1.1.1/24 | ||
- model_name: tunnel-source | ||
example: 1.2.3.4 | ||
- model_name: tunnel-source-interface | ||
example: e1 | ||
- model_name: tunnel-destination | ||
example: 3.4.5.6 | ||
- model_name: application | ||
example: sig | ||
- model_name: tcp-mss-adjust | ||
example: 1400 | ||
- model_name: clear-dont-fragment | ||
example: true | ||
- model_name: mtu | ||
example: 1500 | ||
- model_name: dpd-interval | ||
tf_name: dead_peer_detection_interval | ||
example: 100 | ||
- model_name: dpd-retries | ||
tf_name: dead_peer_detection_retries | ||
example: 4 | ||
- model_name: ike-version | ||
example: 2 | ||
- model_name: ike-mode | ||
example: main | ||
- model_name: ike-rekey-interval | ||
example: 20000 | ||
- model_name: ike-ciphersuite | ||
example: aes256-cbc-sha1 | ||
- model_name: ike-group | ||
example: 20 | ||
- model_name: pre-shared-secret | ||
tf_name: ike_pre_shared_key | ||
example: cisco123 | ||
- model_name: ike-local-id | ||
tf_name: ike_pre_shared_key_local_id | ||
example: 1 | ||
- model_name: ike-remote-id | ||
tf_name: ike_pre_shared_key_remote_id | ||
example: 2 | ||
- model_name: ipsec-rekey-interval | ||
example: 7200 | ||
- model_name: ipsec-replay-window | ||
example: 128 | ||
- model_name: ipsec-ciphersuite | ||
example: aes256-cbc-sha256 | ||
- model_name: perfect-forward-secrecy | ||
tf_name: ipsec_perfect_forward_secrecy | ||
example: group-20 | ||
- model_name: tracker | ||
example: '["TRACKER1"]' | ||
- model_name: tunnel-route-via | ||
example: g0/0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.