diff --git a/CHANGELOG.md b/CHANGELOG.md index d5365f90..c90ecdc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ## 0.2.1 (unreleased) - Add `sdwan_cisco_ospf_feature_template` resource and data source +- Add `sdwan_cisco_vpn_interface_ipsec_feature_template` resource and data source ## 0.2.0 diff --git a/docs/data-sources/cisco_vpn_interface_ipsec_feature_template.md b/docs/data-sources/cisco_vpn_interface_ipsec_feature_template.md new file mode 100644 index 00000000..8214ba4d --- /dev/null +++ b/docs/data-sources/cisco_vpn_interface_ipsec_feature_template.md @@ -0,0 +1,87 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_cisco_vpn_interface_ipsec_feature_template Data Source - terraform-provider-sdwan" +subcategory: "Feature Templates" +description: |- + This data source can read the Cisco VPN Interface IPSec feature template. +--- + +# sdwan_cisco_vpn_interface_ipsec_feature_template (Data Source) + +This data source can read the Cisco VPN Interface IPSec feature template. + +## Example Usage + +```terraform +data "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} +``` + + +## Schema + +### Required + +- `id` (String) The id of the feature template + +### Read-Only + +- `application` (String) Enable Application Tunnel Type +- `application_variable` (String) Variable name +- `clear_dont_fragment` (Boolean) Enable clear dont fragment (Currently Only SDWAN Tunnel Interface) +- `clear_dont_fragment_variable` (String) Variable name +- `dead_peer_detection_interval` (Number) IKE keepalive interval (seconds) +- `dead_peer_detection_interval_variable` (String) Variable name +- `dead_peer_detection_retries` (Number) IKE keepalive retries +- `dead_peer_detection_retries_variable` (String) Variable name +- `description` (String) The description of the feature template +- `device_types` (List of String) List of supported device types +- `ike_ciphersuite` (String) IKE identity the IKE preshared secret belongs to +- `ike_ciphersuite_variable` (String) Variable name +- `ike_group` (String) IKE Diffie Hellman Groups +- `ike_group_variable` (String) Variable name +- `ike_mode` (String) IKE integrity protocol +- `ike_mode_variable` (String) Variable name +- `ike_pre_shared_key` (String) Use preshared key to authenticate IKE peer +- `ike_pre_shared_key_local_id` (String) IKE ID for the local endpoint. Input IPv4 address, domain name, or email address +- `ike_pre_shared_key_local_id_variable` (String) Variable name +- `ike_pre_shared_key_remote_id` (String) IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address +- `ike_pre_shared_key_remote_id_variable` (String) Variable name +- `ike_pre_shared_key_variable` (String) Variable name +- `ike_rekey_interval` (Number) IKE rekey interval <60..86400> seconds +- `ike_rekey_interval_variable` (String) Variable name +- `ike_version` (Number) IKE Version <1..2> +- `interface_description` (String) Interface description +- `interface_description_variable` (String) Variable name +- `interface_name` (String) Interface name: IPsec when present +- `interface_name_variable` (String) Variable name +- `ip_address` (String) Assign IPv4 address +- `ip_address_variable` (String) Variable name +- `ipsec_ciphersuite` (String) IPsec(ESP) encryption and integrity protocol +- `ipsec_ciphersuite_variable` (String) Variable name +- `ipsec_perfect_forward_secrecy` (String) IPsec perfect forward secrecy settings +- `ipsec_perfect_forward_secrecy_variable` (String) Variable name +- `ipsec_rekey_interval` (Number) IPsec rekey interval <300..1209600> seconds +- `ipsec_rekey_interval_variable` (String) Variable name +- `ipsec_replay_window` (Number) Replay window size 32..8192 (must be a power of 2) +- `ipsec_replay_window_variable` (String) Variable name +- `mtu` (Number) Interface MTU <68..9216>, in bytes +- `mtu_variable` (String) Variable name +- `name` (String) The name of the feature template +- `shutdown` (Boolean) Administrative state +- `shutdown_variable` (String) Variable name +- `tcp_mss_adjust` (Number) TCP MSS on SYN packets, in bytes +- `tcp_mss_adjust_variable` (String) Variable name +- `template_type` (String) The template type +- `tracker` (List of String) Enable tracker for this interface +- `tracker_variable` (String) Variable name +- `tunnel_destination` (String) Tunnel destination IP address +- `tunnel_destination_variable` (String) Variable name +- `tunnel_route_via` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid +- `tunnel_route_via_variable` (String) Variable name +- `tunnel_source` (String) Tunnel source IP Address +- `tunnel_source_interface` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid +- `tunnel_source_interface_variable` (String) Variable name +- `tunnel_source_variable` (String) Variable name +- `version` (Number) The version of the feature template diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index c3d76e3c..b3fb9792 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -10,6 +10,7 @@ description: |- ## 0.2.1 (unreleased) - Add `sdwan_cisco_ospf_feature_template` resource and data source +- Add `sdwan_cisco_vpn_interface_ipsec_feature_template` resource and data source ## 0.2.0 diff --git a/docs/resources/cisco_vpn_interface_ipsec_feature_template.md b/docs/resources/cisco_vpn_interface_ipsec_feature_template.md new file mode 100644 index 00000000..4c554086 --- /dev/null +++ b/docs/resources/cisco_vpn_interface_ipsec_feature_template.md @@ -0,0 +1,159 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_cisco_vpn_interface_ipsec_feature_template Resource - terraform-provider-sdwan" +subcategory: "Feature Templates" +description: |- + This resource can manage a Cisco VPN Interface IPSec feature template. + - Minimum vManage version: 15.0.0 +--- + +# sdwan_cisco_vpn_interface_ipsec_feature_template (Resource) + +This resource can manage a Cisco VPN Interface IPSec feature template. + - Minimum vManage version: `15.0.0` + +## Example Usage + +```terraform +resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { + name = "Example" + description = "My Example" + device_types = ["vedge-C8000V"] + interface_name = "ipsec1" + shutdown = false + interface_description = "My Description" + ip_address = "1.1.1.1/24" + tunnel_source = "1.2.3.4" + tunnel_source_interface = "e1" + tunnel_destination = "3.4.5.6" + application = "sig" + tcp_mss_adjust = 1400 + clear_dont_fragment = true + mtu = 1500 + dead_peer_detection_interval = 100 + dead_peer_detection_retries = 4 + ike_version = 2 + ike_mode = "main" + ike_rekey_interval = 20000 + ike_ciphersuite = "aes256-cbc-sha1" + ike_group = "20" + ike_pre_shared_key = "cisco123" + ike_pre_shared_key_local_id = "1" + ike_pre_shared_key_remote_id = "2" + ipsec_rekey_interval = 7200 + ipsec_replay_window = 128 + ipsec_ciphersuite = "aes256-cbc-sha256" + ipsec_perfect_forward_secrecy = "group-20" + tracker = ["TRACKER1"] + tunnel_route_via = "g0/0" +} +``` + + +## Schema + +### Required + +- `description` (String) The description of the feature template +- `device_types` (List of String) List of supported device types + - Choices: `vedge-C8000V`, `vedge-C8300-1N1S-4T2X`, `vedge-C8300-1N1S-6T`, `vedge-C8300-2N2S-6T`, `vedge-C8300-2N2S-4T2X`, `vedge-C8500-12X4QC`, `vedge-C8500-12X`, `vedge-C8500-20X6C`, `vedge-C8500L-8S4X`, `vedge-C8200-1N-4T`, `vedge-C8200L-1N-4T` +- `name` (String) The name of the feature template + +### Optional + +- `application` (String) Enable Application Tunnel Type + - Choices: `none`, `sig` + - Default value: `none` +- `application_variable` (String) Variable name +- `clear_dont_fragment` (Boolean) Enable clear dont fragment (Currently Only SDWAN Tunnel Interface) + - Default value: `false` +- `clear_dont_fragment_variable` (String) Variable name +- `dead_peer_detection_interval` (Number) IKE keepalive interval (seconds) + - Range: `10`-`3600` + - Default value: `10` +- `dead_peer_detection_interval_variable` (String) Variable name +- `dead_peer_detection_retries` (Number) IKE keepalive retries + - Range: `2`-`60` + - Default value: `3` +- `dead_peer_detection_retries_variable` (String) Variable name +- `ike_ciphersuite` (String) IKE identity the IKE preshared secret belongs to + - Choices: `aes256-cbc-sha1`, `aes256-cbc-sha2`, `aes128-cbc-sha1`, `aes128-cbc-sha2` + - Default value: `aes256-cbc-sha1` +- `ike_ciphersuite_variable` (String) Variable name +- `ike_group` (String) IKE Diffie Hellman Groups + - Choices: `2`, `14`, `15`, `16`, `19`, `20`, `21`, `24` + - Default value: `16` +- `ike_group_variable` (String) Variable name +- `ike_mode` (String) IKE integrity protocol + - Choices: `main`, `aggressive` + - Default value: `main` +- `ike_mode_variable` (String) Variable name +- `ike_pre_shared_key` (String) Use preshared key to authenticate IKE peer +- `ike_pre_shared_key_local_id` (String) IKE ID for the local endpoint. Input IPv4 address, domain name, or email address +- `ike_pre_shared_key_local_id_variable` (String) Variable name +- `ike_pre_shared_key_remote_id` (String) IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address +- `ike_pre_shared_key_remote_id_variable` (String) Variable name +- `ike_pre_shared_key_variable` (String) Variable name +- `ike_rekey_interval` (Number) IKE rekey interval <60..86400> seconds + - Range: `60`-`86400` + - Default value: `14400` +- `ike_rekey_interval_variable` (String) Variable name +- `ike_version` (Number) IKE Version <1..2> + - Range: `1`-`2` + - Default value: `1` +- `interface_description` (String) Interface description +- `interface_description_variable` (String) Variable name +- `interface_name` (String) Interface name: IPsec when present +- `interface_name_variable` (String) Variable name +- `ip_address` (String) Assign IPv4 address +- `ip_address_variable` (String) Variable name +- `ipsec_ciphersuite` (String) IPsec(ESP) encryption and integrity protocol + - Choices: `aes256-cbc-sha1`, `aes256-cbc-sha384`, `aes256-cbc-sha256`, `aes256-cbc-sha512`, `aes256-gcm`, `null-sha1`, `null-sha384`, `null-sha256`, `null-sha512` + - Default value: `aes256-gcm` +- `ipsec_ciphersuite_variable` (String) Variable name +- `ipsec_perfect_forward_secrecy` (String) IPsec perfect forward secrecy settings + - Choices: `group-1`, `group-2`, `group-5`, `group-14`, `group-15`, `group-16`, `group-19`, `group-20`, `group-21`, `group-24`, `none` + - Default value: `group-16` +- `ipsec_perfect_forward_secrecy_variable` (String) Variable name +- `ipsec_rekey_interval` (Number) IPsec rekey interval <300..1209600> seconds + - Range: `120`-`2592000` + - Default value: `3600` +- `ipsec_rekey_interval_variable` (String) Variable name +- `ipsec_replay_window` (Number) Replay window size 32..8192 (must be a power of 2) + - Range: `64`-`4096` + - Default value: `512` +- `ipsec_replay_window_variable` (String) Variable name +- `mtu` (Number) Interface MTU <68..9216>, in bytes + - Range: `68`-`9216` + - Default value: `1500` +- `mtu_variable` (String) Variable name +- `shutdown` (Boolean) Administrative state + - Default value: `true` +- `shutdown_variable` (String) Variable name +- `tcp_mss_adjust` (Number) TCP MSS on SYN packets, in bytes + - Range: `500`-`1460` +- `tcp_mss_adjust_variable` (String) Variable name +- `tracker` (List of String) Enable tracker for this interface +- `tracker_variable` (String) Variable name +- `tunnel_destination` (String) Tunnel destination IP address +- `tunnel_destination_variable` (String) Variable name +- `tunnel_route_via` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid +- `tunnel_route_via_variable` (String) Variable name +- `tunnel_source` (String) Tunnel source IP Address +- `tunnel_source_interface` (String) <1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid +- `tunnel_source_interface_variable` (String) Variable name +- `tunnel_source_variable` (String) Variable name + +### Read-Only + +- `id` (String) The id of the feature template +- `template_type` (String) The template type +- `version` (Number) The version of the feature template + +## Import + +Import is supported using the following syntax: + +```shell +terraform import sdwan_cisco_vpn_interface_ipsec_feature_template.example "f6b2c44c-693c-4763-b010-895aa3d236bd" +``` diff --git a/examples/data-sources/sdwan_cisco_vpn_interface_ipsec_feature_template/data-source.tf b/examples/data-sources/sdwan_cisco_vpn_interface_ipsec_feature_template/data-source.tf new file mode 100644 index 00000000..4e1bfc81 --- /dev/null +++ b/examples/data-sources/sdwan_cisco_vpn_interface_ipsec_feature_template/data-source.tf @@ -0,0 +1,3 @@ +data "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} diff --git a/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/import.sh b/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/import.sh new file mode 100644 index 00000000..4dcb1abe --- /dev/null +++ b/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/import.sh @@ -0,0 +1 @@ +terraform import sdwan_cisco_vpn_interface_ipsec_feature_template.example "f6b2c44c-693c-4763-b010-895aa3d236bd" diff --git a/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/resource.tf b/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/resource.tf new file mode 100644 index 00000000..d9448f92 --- /dev/null +++ b/examples/resources/sdwan_cisco_vpn_interface_ipsec_feature_template/resource.tf @@ -0,0 +1,32 @@ +resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "example" { + name = "Example" + description = "My Example" + device_types = ["vedge-C8000V"] + interface_name = "ipsec1" + shutdown = false + interface_description = "My Description" + ip_address = "1.1.1.1/24" + tunnel_source = "1.2.3.4" + tunnel_source_interface = "e1" + tunnel_destination = "3.4.5.6" + application = "sig" + tcp_mss_adjust = 1400 + clear_dont_fragment = true + mtu = 1500 + dead_peer_detection_interval = 100 + dead_peer_detection_retries = 4 + ike_version = 2 + ike_mode = "main" + ike_rekey_interval = 20000 + ike_ciphersuite = "aes256-cbc-sha1" + ike_group = "20" + ike_pre_shared_key = "cisco123" + ike_pre_shared_key_local_id = "1" + ike_pre_shared_key_remote_id = "2" + ipsec_rekey_interval = 7200 + ipsec_replay_window = 128 + ipsec_ciphersuite = "aes256-cbc-sha256" + ipsec_perfect_forward_secrecy = "group-20" + tracker = ["TRACKER1"] + tunnel_route_via = "g0/0" +} diff --git a/gen/definitions/feature_templates/cisco_vpn_interface_ipsec.yaml b/gen/definitions/feature_templates/cisco_vpn_interface_ipsec.yaml new file mode 100644 index 00000000..0e196e30 --- /dev/null +++ b/gen/definitions/feature_templates/cisco_vpn_interface_ipsec.yaml @@ -0,0 +1,67 @@ +--- +name: Cisco VPN Interface IPSec +minimum_version: 15.0.0 +attributes: + - model_name: if-name + tf_name: interface_name + example: ipsec1 + - model_name: shutdown + example: false + - model_name: description + tf_name: interface_description + example: My Description + - model_name: address + tf_name: ip_address + example: 1.1.1.1/24 + - model_name: tunnel-source + example: 1.2.3.4 + - model_name: tunnel-source-interface + example: e1 + - model_name: tunnel-destination + example: 3.4.5.6 + - model_name: application + example: sig + - model_name: tcp-mss-adjust + example: 1400 + - model_name: clear-dont-fragment + example: true + - model_name: mtu + example: 1500 + - model_name: dpd-interval + tf_name: dead_peer_detection_interval + example: 100 + - model_name: dpd-retries + tf_name: dead_peer_detection_retries + example: 4 + - model_name: ike-version + example: 2 + - model_name: ike-mode + example: main + - model_name: ike-rekey-interval + example: 20000 + - model_name: ike-ciphersuite + example: aes256-cbc-sha1 + - model_name: ike-group + example: 20 + - model_name: pre-shared-secret + tf_name: ike_pre_shared_key + example: cisco123 + - model_name: ike-local-id + tf_name: ike_pre_shared_key_local_id + example: 1 + - model_name: ike-remote-id + tf_name: ike_pre_shared_key_remote_id + example: 2 + - model_name: ipsec-rekey-interval + example: 7200 + - model_name: ipsec-replay-window + example: 128 + - model_name: ipsec-ciphersuite + example: aes256-cbc-sha256 + - model_name: perfect-forward-secrecy + tf_name: ipsec_perfect_forward_secrecy + example: group-20 + - model_name: tracker + example: '["TRACKER1"]' + - model_name: tunnel-route-via + example: g0/0 diff --git a/gen/generator.go b/gen/generator.go index 3adcbdb0..b330beae 100644 --- a/gen/generator.go +++ b/gen/generator.go @@ -353,7 +353,7 @@ func parseFeatureTemplateAttribute(attr *YamlConfigAttribute, model gjson.Result if r.Get("dataType").String() == "string" { t = "string" } - if contains([]string{"string", "passphrase", "restrictedPassphrase", "datetimelocal", "ip", "ipv4", "ipv6", "ipv4-prefix", "ipv6-prefix", "dnsHostName", "interfaceList", "tlocExtension", "xConnect", "mac", "remoteAS"}, t) { + if contains([]string{"string", "passphrase", "restrictedPassphrase", "datetimelocal", "ip", "ipv4", "ipv6", "ipv4-prefix", "ipv6-prefix", "dnsHostName", "interfaceList", "tlocExtension", "xConnect", "mac", "remoteAS", "ike"}, t) { attr.Type = "String" if t != "passphrase" && t != "restrictedPassphrase" { if r.Get("dataType.minLength").Exists() { diff --git a/internal/provider/data_source_sdwan_cisco_vpn_interface_ipsec_feature_template.go b/internal/provider/data_source_sdwan_cisco_vpn_interface_ipsec_feature_template.go new file mode 100644 index 00000000..de1a6b69 --- /dev/null +++ b/internal/provider/data_source_sdwan_cisco_vpn_interface_ipsec_feature_template.go @@ -0,0 +1,332 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ datasource.DataSource = &CiscoVPNInterfaceIPSecFeatureTemplateDataSource{} + _ datasource.DataSourceWithConfigure = &CiscoVPNInterfaceIPSecFeatureTemplateDataSource{} +) + +func NewCiscoVPNInterfaceIPSecFeatureTemplateDataSource() datasource.DataSource { + return &CiscoVPNInterfaceIPSecFeatureTemplateDataSource{} +} + +type CiscoVPNInterfaceIPSecFeatureTemplateDataSource struct { + client *sdwan.Client +} + +func (d *CiscoVPNInterfaceIPSecFeatureTemplateDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_cisco_vpn_interface_ipsec_feature_template" +} + +func (d *CiscoVPNInterfaceIPSecFeatureTemplateDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: "This data source can read the Cisco VPN Interface IPSec feature template.", + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the feature template", + Required: true, + }, + "version": schema.Int64Attribute{ + MarkdownDescription: "The version of the feature template", + Computed: true, + }, + "template_type": schema.StringAttribute{ + MarkdownDescription: "The template type", + Computed: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "The name of the feature template", + Computed: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "The description of the feature template", + Computed: true, + }, + "device_types": schema.ListAttribute{ + MarkdownDescription: "List of supported device types", + ElementType: types.StringType, + Computed: true, + }, + "interface_name": schema.StringAttribute{ + MarkdownDescription: "Interface name: IPsec when present", + Computed: true, + }, + "interface_name_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "shutdown": schema.BoolAttribute{ + MarkdownDescription: "Administrative state", + Computed: true, + }, + "shutdown_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "interface_description": schema.StringAttribute{ + MarkdownDescription: "Interface description", + Computed: true, + }, + "interface_description_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ip_address": schema.StringAttribute{ + MarkdownDescription: "Assign IPv4 address", + Computed: true, + }, + "ip_address_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "tunnel_source": schema.StringAttribute{ + MarkdownDescription: "Tunnel source IP Address", + Computed: true, + }, + "tunnel_source_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "tunnel_source_interface": schema.StringAttribute{ + MarkdownDescription: "<1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid", + Computed: true, + }, + "tunnel_source_interface_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "tunnel_destination": schema.StringAttribute{ + MarkdownDescription: "Tunnel destination IP address", + Computed: true, + }, + "tunnel_destination_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "application": schema.StringAttribute{ + MarkdownDescription: "Enable Application Tunnel Type", + Computed: true, + }, + "application_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "tcp_mss_adjust": schema.Int64Attribute{ + MarkdownDescription: "TCP MSS on SYN packets, in bytes", + Computed: true, + }, + "tcp_mss_adjust_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "clear_dont_fragment": schema.BoolAttribute{ + MarkdownDescription: "Enable clear dont fragment (Currently Only SDWAN Tunnel Interface)", + Computed: true, + }, + "clear_dont_fragment_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "mtu": schema.Int64Attribute{ + MarkdownDescription: "Interface MTU <68..9216>, in bytes", + Computed: true, + }, + "mtu_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "dead_peer_detection_interval": schema.Int64Attribute{ + MarkdownDescription: "IKE keepalive interval (seconds)", + Computed: true, + }, + "dead_peer_detection_interval_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "dead_peer_detection_retries": schema.Int64Attribute{ + MarkdownDescription: "IKE keepalive retries", + Computed: true, + }, + "dead_peer_detection_retries_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_version": schema.Int64Attribute{ + MarkdownDescription: "IKE Version <1..2>", + Computed: true, + }, + "ike_mode": schema.StringAttribute{ + MarkdownDescription: "IKE integrity protocol", + Computed: true, + }, + "ike_mode_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_rekey_interval": schema.Int64Attribute{ + MarkdownDescription: "IKE rekey interval <60..86400> seconds", + Computed: true, + }, + "ike_rekey_interval_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_ciphersuite": schema.StringAttribute{ + MarkdownDescription: "IKE identity the IKE preshared secret belongs to", + Computed: true, + }, + "ike_ciphersuite_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_group": schema.StringAttribute{ + MarkdownDescription: "IKE Diffie Hellman Groups", + Computed: true, + }, + "ike_group_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_pre_shared_key": schema.StringAttribute{ + MarkdownDescription: "Use preshared key to authenticate IKE peer", + Computed: true, + }, + "ike_pre_shared_key_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_pre_shared_key_local_id": schema.StringAttribute{ + MarkdownDescription: "IKE ID for the local endpoint. Input IPv4 address, domain name, or email address", + Computed: true, + }, + "ike_pre_shared_key_local_id_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ike_pre_shared_key_remote_id": schema.StringAttribute{ + MarkdownDescription: "IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address", + Computed: true, + }, + "ike_pre_shared_key_remote_id_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ipsec_rekey_interval": schema.Int64Attribute{ + MarkdownDescription: "IPsec rekey interval <300..1209600> seconds", + Computed: true, + }, + "ipsec_rekey_interval_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ipsec_replay_window": schema.Int64Attribute{ + MarkdownDescription: "Replay window size 32..8192 (must be a power of 2)", + Computed: true, + }, + "ipsec_replay_window_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ipsec_ciphersuite": schema.StringAttribute{ + MarkdownDescription: "IPsec(ESP) encryption and integrity protocol", + Computed: true, + }, + "ipsec_ciphersuite_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "ipsec_perfect_forward_secrecy": schema.StringAttribute{ + MarkdownDescription: "IPsec perfect forward secrecy settings", + Computed: true, + }, + "ipsec_perfect_forward_secrecy_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "tracker": schema.ListAttribute{ + MarkdownDescription: "Enable tracker for this interface", + ElementType: types.StringType, + Computed: true, + }, + "tracker_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + "tunnel_route_via": schema.StringAttribute{ + MarkdownDescription: "<1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid", + Computed: true, + }, + "tunnel_route_via_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Computed: true, + }, + }, + } +} + +func (d *CiscoVPNInterfaceIPSecFeatureTemplateDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + d.client = req.ProviderData.(*SdwanProviderData).Client +} + +func (d *CiscoVPNInterfaceIPSecFeatureTemplateDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config CiscoVPNInterfaceIPSec + + // Read config + diags := req.Config.Get(ctx, &config) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String())) + + res, err := d.client.Get("/template/feature/object/" + config.Id.ValueString()) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) + return + } + + config.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Name.ValueString())) + + diags = resp.State.Set(ctx, &config) + resp.Diagnostics.Append(diags...) +} diff --git a/internal/provider/data_source_sdwan_cisco_vpn_interface_ipsec_feature_template_test.go b/internal/provider/data_source_sdwan_cisco_vpn_interface_ipsec_feature_template_test.go new file mode 100644 index 00000000..f18ac168 --- /dev/null +++ b/internal/provider/data_source_sdwan_cisco_vpn_interface_ipsec_feature_template_test.go @@ -0,0 +1,106 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccDataSourceSdwanCiscoVPNInterfaceIPSecFeatureTemplate(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSdwanCiscoVPNInterfaceIPSecFeatureTemplateConfig, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "interface_name", "ipsec1"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "shutdown", "false"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "interface_description", "My Description"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ip_address", "1.1.1.1/24"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_source", "1.2.3.4"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_source_interface", "e1"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_destination", "3.4.5.6"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "application", "sig"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tcp_mss_adjust", "1400"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "clear_dont_fragment", "true"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "mtu", "1500"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "dead_peer_detection_interval", "100"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "dead_peer_detection_retries", "4"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_version", "2"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_mode", "main"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_rekey_interval", "20000"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_ciphersuite", "aes256-cbc-sha1"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_group", "20"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_pre_shared_key", "cisco123"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_pre_shared_key_local_id", "1"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_pre_shared_key_remote_id", "2"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_rekey_interval", "7200"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_replay_window", "128"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_ciphersuite", "aes256-cbc-sha256"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_perfect_forward_secrecy", "group-20"), + resource.TestCheckResourceAttr("data.sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_route_via", "g0/0"), + ), + }, + }, + }) +} + +const testAccDataSourceSdwanCiscoVPNInterfaceIPSecFeatureTemplateConfig = ` + +resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "test" { + name = "TF_TEST_MIN" + description = "Terraform integration test" + device_types = ["vedge-C8000V"] + interface_name = "ipsec1" + shutdown = false + interface_description = "My Description" + ip_address = "1.1.1.1/24" + tunnel_source = "1.2.3.4" + tunnel_source_interface = "e1" + tunnel_destination = "3.4.5.6" + application = "sig" + tcp_mss_adjust = 1400 + clear_dont_fragment = true + mtu = 1500 + dead_peer_detection_interval = 100 + dead_peer_detection_retries = 4 + ike_version = 2 + ike_mode = "main" + ike_rekey_interval = 20000 + ike_ciphersuite = "aes256-cbc-sha1" + ike_group = "20" + ike_pre_shared_key = "cisco123" + ike_pre_shared_key_local_id = "1" + ike_pre_shared_key_remote_id = "2" + ipsec_rekey_interval = 7200 + ipsec_replay_window = 128 + ipsec_ciphersuite = "aes256-cbc-sha256" + ipsec_perfect_forward_secrecy = "group-20" + tracker = ["TRACKER1"] + tunnel_route_via = "g0/0" +} + +data "sdwan_cisco_vpn_interface_ipsec_feature_template" "test" { + id = sdwan_cisco_vpn_interface_ipsec_feature_template.test.id +} +` diff --git a/internal/provider/model_sdwan_cisco_vpn_interface_ipsec_feature_template.go b/internal/provider/model_sdwan_cisco_vpn_interface_ipsec_feature_template.go new file mode 100644 index 00000000..6dc3c0ea --- /dev/null +++ b/internal/provider/model_sdwan_cisco_vpn_interface_ipsec_feature_template.go @@ -0,0 +1,1070 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "strconv" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" +) + +type CiscoVPNInterfaceIPSec struct { + Id types.String `tfsdk:"id"` + Version types.Int64 `tfsdk:"version"` + TemplateType types.String `tfsdk:"template_type"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + DeviceTypes types.List `tfsdk:"device_types"` + InterfaceName types.String `tfsdk:"interface_name"` + InterfaceNameVariable types.String `tfsdk:"interface_name_variable"` + Shutdown types.Bool `tfsdk:"shutdown"` + ShutdownVariable types.String `tfsdk:"shutdown_variable"` + InterfaceDescription types.String `tfsdk:"interface_description"` + InterfaceDescriptionVariable types.String `tfsdk:"interface_description_variable"` + IpAddress types.String `tfsdk:"ip_address"` + IpAddressVariable types.String `tfsdk:"ip_address_variable"` + TunnelSource types.String `tfsdk:"tunnel_source"` + TunnelSourceVariable types.String `tfsdk:"tunnel_source_variable"` + TunnelSourceInterface types.String `tfsdk:"tunnel_source_interface"` + TunnelSourceInterfaceVariable types.String `tfsdk:"tunnel_source_interface_variable"` + TunnelDestination types.String `tfsdk:"tunnel_destination"` + TunnelDestinationVariable types.String `tfsdk:"tunnel_destination_variable"` + Application types.String `tfsdk:"application"` + ApplicationVariable types.String `tfsdk:"application_variable"` + TcpMssAdjust types.Int64 `tfsdk:"tcp_mss_adjust"` + TcpMssAdjustVariable types.String `tfsdk:"tcp_mss_adjust_variable"` + ClearDontFragment types.Bool `tfsdk:"clear_dont_fragment"` + ClearDontFragmentVariable types.String `tfsdk:"clear_dont_fragment_variable"` + Mtu types.Int64 `tfsdk:"mtu"` + MtuVariable types.String `tfsdk:"mtu_variable"` + DeadPeerDetectionInterval types.Int64 `tfsdk:"dead_peer_detection_interval"` + DeadPeerDetectionIntervalVariable types.String `tfsdk:"dead_peer_detection_interval_variable"` + DeadPeerDetectionRetries types.Int64 `tfsdk:"dead_peer_detection_retries"` + DeadPeerDetectionRetriesVariable types.String `tfsdk:"dead_peer_detection_retries_variable"` + IkeVersion types.Int64 `tfsdk:"ike_version"` + IkeMode types.String `tfsdk:"ike_mode"` + IkeModeVariable types.String `tfsdk:"ike_mode_variable"` + IkeRekeyInterval types.Int64 `tfsdk:"ike_rekey_interval"` + IkeRekeyIntervalVariable types.String `tfsdk:"ike_rekey_interval_variable"` + IkeCiphersuite types.String `tfsdk:"ike_ciphersuite"` + IkeCiphersuiteVariable types.String `tfsdk:"ike_ciphersuite_variable"` + IkeGroup types.String `tfsdk:"ike_group"` + IkeGroupVariable types.String `tfsdk:"ike_group_variable"` + IkePreSharedKey types.String `tfsdk:"ike_pre_shared_key"` + IkePreSharedKeyVariable types.String `tfsdk:"ike_pre_shared_key_variable"` + IkePreSharedKeyLocalId types.String `tfsdk:"ike_pre_shared_key_local_id"` + IkePreSharedKeyLocalIdVariable types.String `tfsdk:"ike_pre_shared_key_local_id_variable"` + IkePreSharedKeyRemoteId types.String `tfsdk:"ike_pre_shared_key_remote_id"` + IkePreSharedKeyRemoteIdVariable types.String `tfsdk:"ike_pre_shared_key_remote_id_variable"` + IpsecRekeyInterval types.Int64 `tfsdk:"ipsec_rekey_interval"` + IpsecRekeyIntervalVariable types.String `tfsdk:"ipsec_rekey_interval_variable"` + IpsecReplayWindow types.Int64 `tfsdk:"ipsec_replay_window"` + IpsecReplayWindowVariable types.String `tfsdk:"ipsec_replay_window_variable"` + IpsecCiphersuite types.String `tfsdk:"ipsec_ciphersuite"` + IpsecCiphersuiteVariable types.String `tfsdk:"ipsec_ciphersuite_variable"` + IpsecPerfectForwardSecrecy types.String `tfsdk:"ipsec_perfect_forward_secrecy"` + IpsecPerfectForwardSecrecyVariable types.String `tfsdk:"ipsec_perfect_forward_secrecy_variable"` + Tracker types.List `tfsdk:"tracker"` + TrackerVariable types.String `tfsdk:"tracker_variable"` + TunnelRouteVia types.String `tfsdk:"tunnel_route_via"` + TunnelRouteViaVariable types.String `tfsdk:"tunnel_route_via_variable"` +} + +func (data CiscoVPNInterfaceIPSec) getModel() string { + return "cisco_vpn_interface_ipsec" +} + +func (data CiscoVPNInterfaceIPSec) toBody(ctx context.Context) string { + body := "" + + var device_types []string + data.DeviceTypes.ElementsAs(ctx, &device_types, false) + body, _ = sjson.Set(body, "deviceType", device_types) + body, _ = sjson.Set(body, "factoryDefault", false) + body, _ = sjson.Set(body, "templateDescription", data.Description.ValueString()) + body, _ = sjson.Set(body, "templateMinVersion", "15.0.0") + body, _ = sjson.Set(body, "templateName", data.Name.ValueString()) + body, _ = sjson.Set(body, "templateType", "cisco_vpn_interface_ipsec") + body, _ = sjson.Set(body, "templateDefinition", map[string]interface{}{}) + + path := "templateDefinition." + + if !data.InterfaceNameVariable.IsNull() { + body, _ = sjson.Set(body, path+"if-name."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"if-name."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"if-name."+"vipVariableName", data.InterfaceNameVariable.ValueString()) + } else if data.InterfaceName.IsNull() { + } else { + body, _ = sjson.Set(body, path+"if-name."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"if-name."+"vipType", "constant") + body, _ = sjson.Set(body, path+"if-name."+"vipValue", data.InterfaceName.ValueString()) + } + + if !data.ShutdownVariable.IsNull() { + body, _ = sjson.Set(body, path+"shutdown."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"shutdown."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"shutdown."+"vipVariableName", data.ShutdownVariable.ValueString()) + } else if data.Shutdown.IsNull() { + body, _ = sjson.Set(body, path+"shutdown."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"shutdown."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"shutdown."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"shutdown."+"vipType", "constant") + body, _ = sjson.Set(body, path+"shutdown."+"vipValue", strconv.FormatBool(data.Shutdown.ValueBool())) + } + + if !data.InterfaceDescriptionVariable.IsNull() { + body, _ = sjson.Set(body, path+"description."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"description."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"description."+"vipVariableName", data.InterfaceDescriptionVariable.ValueString()) + } else if data.InterfaceDescription.IsNull() { + body, _ = sjson.Set(body, path+"description."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"description."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"description."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"description."+"vipType", "constant") + body, _ = sjson.Set(body, path+"description."+"vipValue", data.InterfaceDescription.ValueString()) + } + + if !data.IpAddressVariable.IsNull() { + body, _ = sjson.Set(body, path+"ip.address."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ip.address."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ip.address."+"vipVariableName", data.IpAddressVariable.ValueString()) + } else if data.IpAddress.IsNull() { + body, _ = sjson.Set(body, path+"ip.address."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ip.address."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ip.address."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ip.address."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ip.address."+"vipValue", data.IpAddress.ValueString()) + } + + if !data.TunnelSourceVariable.IsNull() { + body, _ = sjson.Set(body, path+"tunnel-source."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-source."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"tunnel-source."+"vipVariableName", data.TunnelSourceVariable.ValueString()) + } else if data.TunnelSource.IsNull() { + } else { + body, _ = sjson.Set(body, path+"tunnel-source."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-source."+"vipType", "constant") + body, _ = sjson.Set(body, path+"tunnel-source."+"vipValue", data.TunnelSource.ValueString()) + } + + if !data.TunnelSourceInterfaceVariable.IsNull() { + body, _ = sjson.Set(body, path+"tunnel-source-interface."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-source-interface."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"tunnel-source-interface."+"vipVariableName", data.TunnelSourceInterfaceVariable.ValueString()) + } else if data.TunnelSourceInterface.IsNull() { + } else { + body, _ = sjson.Set(body, path+"tunnel-source-interface."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-source-interface."+"vipType", "constant") + body, _ = sjson.Set(body, path+"tunnel-source-interface."+"vipValue", data.TunnelSourceInterface.ValueString()) + } + + if !data.TunnelDestinationVariable.IsNull() { + body, _ = sjson.Set(body, path+"tunnel-destination."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-destination."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"tunnel-destination."+"vipVariableName", data.TunnelDestinationVariable.ValueString()) + } else if data.TunnelDestination.IsNull() { + } else { + body, _ = sjson.Set(body, path+"tunnel-destination."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-destination."+"vipType", "constant") + body, _ = sjson.Set(body, path+"tunnel-destination."+"vipValue", data.TunnelDestination.ValueString()) + } + + if !data.ApplicationVariable.IsNull() { + body, _ = sjson.Set(body, path+"application."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"application."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"application."+"vipVariableName", data.ApplicationVariable.ValueString()) + } else if data.Application.IsNull() { + } else { + body, _ = sjson.Set(body, path+"application."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"application."+"vipType", "constant") + body, _ = sjson.Set(body, path+"application."+"vipValue", data.Application.ValueString()) + } + + if !data.TcpMssAdjustVariable.IsNull() { + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipVariableName", data.TcpMssAdjustVariable.ValueString()) + } else if data.TcpMssAdjust.IsNull() { + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipType", "constant") + body, _ = sjson.Set(body, path+"tcp-mss-adjust."+"vipValue", data.TcpMssAdjust.ValueInt64()) + } + + if !data.ClearDontFragmentVariable.IsNull() { + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipVariableName", data.ClearDontFragmentVariable.ValueString()) + } else if data.ClearDontFragment.IsNull() { + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipType", "constant") + body, _ = sjson.Set(body, path+"clear-dont-fragment."+"vipValue", strconv.FormatBool(data.ClearDontFragment.ValueBool())) + } + + if !data.MtuVariable.IsNull() { + body, _ = sjson.Set(body, path+"mtu."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"mtu."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"mtu."+"vipVariableName", data.MtuVariable.ValueString()) + } else if data.Mtu.IsNull() { + body, _ = sjson.Set(body, path+"mtu."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"mtu."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"mtu."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"mtu."+"vipType", "constant") + body, _ = sjson.Set(body, path+"mtu."+"vipValue", data.Mtu.ValueInt64()) + } + + if !data.DeadPeerDetectionIntervalVariable.IsNull() { + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipVariableName", data.DeadPeerDetectionIntervalVariable.ValueString()) + } else if data.DeadPeerDetectionInterval.IsNull() { + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipType", "constant") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-interval."+"vipValue", data.DeadPeerDetectionInterval.ValueInt64()) + } + + if !data.DeadPeerDetectionRetriesVariable.IsNull() { + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipVariableName", data.DeadPeerDetectionRetriesVariable.ValueString()) + } else if data.DeadPeerDetectionRetries.IsNull() { + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipType", "constant") + body, _ = sjson.Set(body, path+"dead-peer-detection.dpd-retries."+"vipValue", data.DeadPeerDetectionRetries.ValueInt64()) + } + if data.IkeVersion.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-version."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-version."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.ike-version."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-version."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.ike-version."+"vipValue", data.IkeVersion.ValueInt64()) + } + + if !data.IkeModeVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipVariableName", data.IkeModeVariable.ValueString()) + } else if data.IkeMode.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.ike-mode."+"vipValue", data.IkeMode.ValueString()) + } + + if !data.IkeRekeyIntervalVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipVariableName", data.IkeRekeyIntervalVariable.ValueString()) + } else if data.IkeRekeyInterval.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.ike-rekey-interval."+"vipValue", data.IkeRekeyInterval.ValueInt64()) + } + + if !data.IkeCiphersuiteVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipVariableName", data.IkeCiphersuiteVariable.ValueString()) + } else if data.IkeCiphersuite.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.ike-ciphersuite."+"vipValue", data.IkeCiphersuite.ValueString()) + } + + if !data.IkeGroupVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipVariableName", data.IkeGroupVariable.ValueString()) + } else if data.IkeGroup.IsNull() { + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.ike-group."+"vipValue", data.IkeGroup.ValueString()) + } + + if !data.IkePreSharedKeyVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipVariableName", data.IkePreSharedKeyVariable.ValueString()) + } else if data.IkePreSharedKey.IsNull() { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.pre-shared-secret."+"vipValue", data.IkePreSharedKey.ValueString()) + } + + if !data.IkePreSharedKeyLocalIdVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipVariableName", data.IkePreSharedKeyLocalIdVariable.ValueString()) + } else if data.IkePreSharedKeyLocalId.IsNull() { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-local-id."+"vipValue", data.IkePreSharedKeyLocalId.ValueString()) + } + + if !data.IkePreSharedKeyRemoteIdVariable.IsNull() { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipVariableName", data.IkePreSharedKeyRemoteIdVariable.ValueString()) + } else if data.IkePreSharedKeyRemoteId.IsNull() { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ike.authentication-type.pre-shared-key.ike-remote-id."+"vipValue", data.IkePreSharedKeyRemoteId.ValueString()) + } + + if !data.IpsecRekeyIntervalVariable.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipVariableName", data.IpsecRekeyIntervalVariable.ValueString()) + } else if data.IpsecRekeyInterval.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ipsec.ipsec-rekey-interval."+"vipValue", data.IpsecRekeyInterval.ValueInt64()) + } + + if !data.IpsecReplayWindowVariable.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipVariableName", data.IpsecReplayWindowVariable.ValueString()) + } else if data.IpsecReplayWindow.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ipsec.ipsec-replay-window."+"vipValue", data.IpsecReplayWindow.ValueInt64()) + } + + if !data.IpsecCiphersuiteVariable.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipVariableName", data.IpsecCiphersuiteVariable.ValueString()) + } else if data.IpsecCiphersuite.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ipsec.ipsec-ciphersuite."+"vipValue", data.IpsecCiphersuite.ValueString()) + } + + if !data.IpsecPerfectForwardSecrecyVariable.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipVariableName", data.IpsecPerfectForwardSecrecyVariable.ValueString()) + } else if data.IpsecPerfectForwardSecrecy.IsNull() { + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipType", "constant") + body, _ = sjson.Set(body, path+"ipsec.perfect-forward-secrecy."+"vipValue", data.IpsecPerfectForwardSecrecy.ValueString()) + } + + if !data.TrackerVariable.IsNull() { + body, _ = sjson.Set(body, path+"tracker."+"vipObjectType", "list") + body, _ = sjson.Set(body, path+"tracker."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"tracker."+"vipVariableName", data.TrackerVariable.ValueString()) + } else if data.Tracker.IsNull() { + body, _ = sjson.Set(body, path+"tracker."+"vipObjectType", "list") + body, _ = sjson.Set(body, path+"tracker."+"vipType", "ignore") + } else { + body, _ = sjson.Set(body, path+"tracker."+"vipObjectType", "list") + body, _ = sjson.Set(body, path+"tracker."+"vipType", "constant") + var values []string + data.Tracker.ElementsAs(ctx, &values, false) + body, _ = sjson.Set(body, path+"tracker."+"vipValue", values) + } + + if !data.TunnelRouteViaVariable.IsNull() { + body, _ = sjson.Set(body, path+"tunnel-route-via."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-route-via."+"vipType", "variableName") + body, _ = sjson.Set(body, path+"tunnel-route-via."+"vipVariableName", data.TunnelRouteViaVariable.ValueString()) + } else if data.TunnelRouteVia.IsNull() { + } else { + body, _ = sjson.Set(body, path+"tunnel-route-via."+"vipObjectType", "object") + body, _ = sjson.Set(body, path+"tunnel-route-via."+"vipType", "constant") + body, _ = sjson.Set(body, path+"tunnel-route-via."+"vipValue", data.TunnelRouteVia.ValueString()) + } + return body +} + +func (data *CiscoVPNInterfaceIPSec) fromBody(ctx context.Context, res gjson.Result) { + if value := res.Get("deviceType"); value.Exists() { + data.DeviceTypes = helpers.GetStringList(value.Array()) + } else { + data.DeviceTypes = types.ListNull(types.StringType) + } + if value := res.Get("templateDescription"); value.Exists() && value.String() != "" { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("templateName"); value.Exists() { + data.Name = types.StringValue(value.String()) + } else { + data.Name = types.StringNull() + } + if value := res.Get("templateType"); value.Exists() { + data.TemplateType = types.StringValue(value.String()) + } else { + data.TemplateType = types.StringNull() + } + + path := "templateDefinition." + if value := res.Get(path + "if-name.vipType"); value.Exists() { + if value.String() == "variableName" { + data.InterfaceName = types.StringNull() + + v := res.Get(path + "if-name.vipVariableName") + data.InterfaceNameVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.InterfaceName = types.StringNull() + data.InterfaceNameVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "if-name.vipValue") + data.InterfaceName = types.StringValue(v.String()) + data.InterfaceNameVariable = types.StringNull() + } + } else { + data.InterfaceName = types.StringNull() + data.InterfaceNameVariable = types.StringNull() + } + if value := res.Get(path + "shutdown.vipType"); value.Exists() { + if value.String() == "variableName" { + data.Shutdown = types.BoolNull() + + v := res.Get(path + "shutdown.vipVariableName") + data.ShutdownVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.Shutdown = types.BoolNull() + data.ShutdownVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "shutdown.vipValue") + data.Shutdown = types.BoolValue(v.Bool()) + data.ShutdownVariable = types.StringNull() + } + } else { + data.Shutdown = types.BoolNull() + data.ShutdownVariable = types.StringNull() + } + if value := res.Get(path + "description.vipType"); value.Exists() { + if value.String() == "variableName" { + data.InterfaceDescription = types.StringNull() + + v := res.Get(path + "description.vipVariableName") + data.InterfaceDescriptionVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.InterfaceDescription = types.StringNull() + data.InterfaceDescriptionVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "description.vipValue") + data.InterfaceDescription = types.StringValue(v.String()) + data.InterfaceDescriptionVariable = types.StringNull() + } + } else { + data.InterfaceDescription = types.StringNull() + data.InterfaceDescriptionVariable = types.StringNull() + } + if value := res.Get(path + "ip.address.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IpAddress = types.StringNull() + + v := res.Get(path + "ip.address.vipVariableName") + data.IpAddressVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IpAddress = types.StringNull() + data.IpAddressVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ip.address.vipValue") + data.IpAddress = types.StringValue(v.String()) + data.IpAddressVariable = types.StringNull() + } + } else { + data.IpAddress = types.StringNull() + data.IpAddressVariable = types.StringNull() + } + if value := res.Get(path + "tunnel-source.vipType"); value.Exists() { + if value.String() == "variableName" { + data.TunnelSource = types.StringNull() + + v := res.Get(path + "tunnel-source.vipVariableName") + data.TunnelSourceVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.TunnelSource = types.StringNull() + data.TunnelSourceVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "tunnel-source.vipValue") + data.TunnelSource = types.StringValue(v.String()) + data.TunnelSourceVariable = types.StringNull() + } + } else { + data.TunnelSource = types.StringNull() + data.TunnelSourceVariable = types.StringNull() + } + if value := res.Get(path + "tunnel-source-interface.vipType"); value.Exists() { + if value.String() == "variableName" { + data.TunnelSourceInterface = types.StringNull() + + v := res.Get(path + "tunnel-source-interface.vipVariableName") + data.TunnelSourceInterfaceVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.TunnelSourceInterface = types.StringNull() + data.TunnelSourceInterfaceVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "tunnel-source-interface.vipValue") + data.TunnelSourceInterface = types.StringValue(v.String()) + data.TunnelSourceInterfaceVariable = types.StringNull() + } + } else { + data.TunnelSourceInterface = types.StringNull() + data.TunnelSourceInterfaceVariable = types.StringNull() + } + if value := res.Get(path + "tunnel-destination.vipType"); value.Exists() { + if value.String() == "variableName" { + data.TunnelDestination = types.StringNull() + + v := res.Get(path + "tunnel-destination.vipVariableName") + data.TunnelDestinationVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.TunnelDestination = types.StringNull() + data.TunnelDestinationVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "tunnel-destination.vipValue") + data.TunnelDestination = types.StringValue(v.String()) + data.TunnelDestinationVariable = types.StringNull() + } + } else { + data.TunnelDestination = types.StringNull() + data.TunnelDestinationVariable = types.StringNull() + } + if value := res.Get(path + "application.vipType"); value.Exists() { + if value.String() == "variableName" { + data.Application = types.StringNull() + + v := res.Get(path + "application.vipVariableName") + data.ApplicationVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.Application = types.StringNull() + data.ApplicationVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "application.vipValue") + data.Application = types.StringValue(v.String()) + data.ApplicationVariable = types.StringNull() + } + } else { + data.Application = types.StringNull() + data.ApplicationVariable = types.StringNull() + } + if value := res.Get(path + "tcp-mss-adjust.vipType"); value.Exists() { + if value.String() == "variableName" { + data.TcpMssAdjust = types.Int64Null() + + v := res.Get(path + "tcp-mss-adjust.vipVariableName") + data.TcpMssAdjustVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.TcpMssAdjust = types.Int64Null() + data.TcpMssAdjustVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "tcp-mss-adjust.vipValue") + data.TcpMssAdjust = types.Int64Value(v.Int()) + data.TcpMssAdjustVariable = types.StringNull() + } + } else { + data.TcpMssAdjust = types.Int64Null() + data.TcpMssAdjustVariable = types.StringNull() + } + if value := res.Get(path + "clear-dont-fragment.vipType"); value.Exists() { + if value.String() == "variableName" { + data.ClearDontFragment = types.BoolNull() + + v := res.Get(path + "clear-dont-fragment.vipVariableName") + data.ClearDontFragmentVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.ClearDontFragment = types.BoolNull() + data.ClearDontFragmentVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "clear-dont-fragment.vipValue") + data.ClearDontFragment = types.BoolValue(v.Bool()) + data.ClearDontFragmentVariable = types.StringNull() + } + } else { + data.ClearDontFragment = types.BoolNull() + data.ClearDontFragmentVariable = types.StringNull() + } + if value := res.Get(path + "mtu.vipType"); value.Exists() { + if value.String() == "variableName" { + data.Mtu = types.Int64Null() + + v := res.Get(path + "mtu.vipVariableName") + data.MtuVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.Mtu = types.Int64Null() + data.MtuVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "mtu.vipValue") + data.Mtu = types.Int64Value(v.Int()) + data.MtuVariable = types.StringNull() + } + } else { + data.Mtu = types.Int64Null() + data.MtuVariable = types.StringNull() + } + if value := res.Get(path + "dead-peer-detection.dpd-interval.vipType"); value.Exists() { + if value.String() == "variableName" { + data.DeadPeerDetectionInterval = types.Int64Null() + + v := res.Get(path + "dead-peer-detection.dpd-interval.vipVariableName") + data.DeadPeerDetectionIntervalVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.DeadPeerDetectionInterval = types.Int64Null() + data.DeadPeerDetectionIntervalVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "dead-peer-detection.dpd-interval.vipValue") + data.DeadPeerDetectionInterval = types.Int64Value(v.Int()) + data.DeadPeerDetectionIntervalVariable = types.StringNull() + } + } else { + data.DeadPeerDetectionInterval = types.Int64Null() + data.DeadPeerDetectionIntervalVariable = types.StringNull() + } + if value := res.Get(path + "dead-peer-detection.dpd-retries.vipType"); value.Exists() { + if value.String() == "variableName" { + data.DeadPeerDetectionRetries = types.Int64Null() + + v := res.Get(path + "dead-peer-detection.dpd-retries.vipVariableName") + data.DeadPeerDetectionRetriesVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.DeadPeerDetectionRetries = types.Int64Null() + data.DeadPeerDetectionRetriesVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "dead-peer-detection.dpd-retries.vipValue") + data.DeadPeerDetectionRetries = types.Int64Value(v.Int()) + data.DeadPeerDetectionRetriesVariable = types.StringNull() + } + } else { + data.DeadPeerDetectionRetries = types.Int64Null() + data.DeadPeerDetectionRetriesVariable = types.StringNull() + } + if value := res.Get(path + "ike.ike-version.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkeVersion = types.Int64Null() + + } else if value.String() == "ignore" { + data.IkeVersion = types.Int64Null() + + } else if value.String() == "constant" { + v := res.Get(path + "ike.ike-version.vipValue") + data.IkeVersion = types.Int64Value(v.Int()) + + } + } else { + data.IkeVersion = types.Int64Null() + + } + if value := res.Get(path + "ike.ike-mode.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkeMode = types.StringNull() + + v := res.Get(path + "ike.ike-mode.vipVariableName") + data.IkeModeVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkeMode = types.StringNull() + data.IkeModeVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.ike-mode.vipValue") + data.IkeMode = types.StringValue(v.String()) + data.IkeModeVariable = types.StringNull() + } + } else { + data.IkeMode = types.StringNull() + data.IkeModeVariable = types.StringNull() + } + if value := res.Get(path + "ike.ike-rekey-interval.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkeRekeyInterval = types.Int64Null() + + v := res.Get(path + "ike.ike-rekey-interval.vipVariableName") + data.IkeRekeyIntervalVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkeRekeyInterval = types.Int64Null() + data.IkeRekeyIntervalVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.ike-rekey-interval.vipValue") + data.IkeRekeyInterval = types.Int64Value(v.Int()) + data.IkeRekeyIntervalVariable = types.StringNull() + } + } else { + data.IkeRekeyInterval = types.Int64Null() + data.IkeRekeyIntervalVariable = types.StringNull() + } + if value := res.Get(path + "ike.ike-ciphersuite.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkeCiphersuite = types.StringNull() + + v := res.Get(path + "ike.ike-ciphersuite.vipVariableName") + data.IkeCiphersuiteVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkeCiphersuite = types.StringNull() + data.IkeCiphersuiteVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.ike-ciphersuite.vipValue") + data.IkeCiphersuite = types.StringValue(v.String()) + data.IkeCiphersuiteVariable = types.StringNull() + } + } else { + data.IkeCiphersuite = types.StringNull() + data.IkeCiphersuiteVariable = types.StringNull() + } + if value := res.Get(path + "ike.ike-group.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkeGroup = types.StringNull() + + v := res.Get(path + "ike.ike-group.vipVariableName") + data.IkeGroupVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkeGroup = types.StringNull() + data.IkeGroupVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.ike-group.vipValue") + data.IkeGroup = types.StringValue(v.String()) + data.IkeGroupVariable = types.StringNull() + } + } else { + data.IkeGroup = types.StringNull() + data.IkeGroupVariable = types.StringNull() + } + if value := res.Get(path + "ike.authentication-type.pre-shared-key.pre-shared-secret.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkePreSharedKey = types.StringNull() + + v := res.Get(path + "ike.authentication-type.pre-shared-key.pre-shared-secret.vipVariableName") + data.IkePreSharedKeyVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkePreSharedKey = types.StringNull() + data.IkePreSharedKeyVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.authentication-type.pre-shared-key.pre-shared-secret.vipValue") + data.IkePreSharedKey = types.StringValue(v.String()) + data.IkePreSharedKeyVariable = types.StringNull() + } + } else { + data.IkePreSharedKey = types.StringNull() + data.IkePreSharedKeyVariable = types.StringNull() + } + if value := res.Get(path + "ike.authentication-type.pre-shared-key.ike-local-id.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkePreSharedKeyLocalId = types.StringNull() + + v := res.Get(path + "ike.authentication-type.pre-shared-key.ike-local-id.vipVariableName") + data.IkePreSharedKeyLocalIdVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkePreSharedKeyLocalId = types.StringNull() + data.IkePreSharedKeyLocalIdVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.authentication-type.pre-shared-key.ike-local-id.vipValue") + data.IkePreSharedKeyLocalId = types.StringValue(v.String()) + data.IkePreSharedKeyLocalIdVariable = types.StringNull() + } + } else { + data.IkePreSharedKeyLocalId = types.StringNull() + data.IkePreSharedKeyLocalIdVariable = types.StringNull() + } + if value := res.Get(path + "ike.authentication-type.pre-shared-key.ike-remote-id.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IkePreSharedKeyRemoteId = types.StringNull() + + v := res.Get(path + "ike.authentication-type.pre-shared-key.ike-remote-id.vipVariableName") + data.IkePreSharedKeyRemoteIdVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IkePreSharedKeyRemoteId = types.StringNull() + data.IkePreSharedKeyRemoteIdVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ike.authentication-type.pre-shared-key.ike-remote-id.vipValue") + data.IkePreSharedKeyRemoteId = types.StringValue(v.String()) + data.IkePreSharedKeyRemoteIdVariable = types.StringNull() + } + } else { + data.IkePreSharedKeyRemoteId = types.StringNull() + data.IkePreSharedKeyRemoteIdVariable = types.StringNull() + } + if value := res.Get(path + "ipsec.ipsec-rekey-interval.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IpsecRekeyInterval = types.Int64Null() + + v := res.Get(path + "ipsec.ipsec-rekey-interval.vipVariableName") + data.IpsecRekeyIntervalVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IpsecRekeyInterval = types.Int64Null() + data.IpsecRekeyIntervalVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ipsec.ipsec-rekey-interval.vipValue") + data.IpsecRekeyInterval = types.Int64Value(v.Int()) + data.IpsecRekeyIntervalVariable = types.StringNull() + } + } else { + data.IpsecRekeyInterval = types.Int64Null() + data.IpsecRekeyIntervalVariable = types.StringNull() + } + if value := res.Get(path + "ipsec.ipsec-replay-window.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IpsecReplayWindow = types.Int64Null() + + v := res.Get(path + "ipsec.ipsec-replay-window.vipVariableName") + data.IpsecReplayWindowVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IpsecReplayWindow = types.Int64Null() + data.IpsecReplayWindowVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ipsec.ipsec-replay-window.vipValue") + data.IpsecReplayWindow = types.Int64Value(v.Int()) + data.IpsecReplayWindowVariable = types.StringNull() + } + } else { + data.IpsecReplayWindow = types.Int64Null() + data.IpsecReplayWindowVariable = types.StringNull() + } + if value := res.Get(path + "ipsec.ipsec-ciphersuite.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IpsecCiphersuite = types.StringNull() + + v := res.Get(path + "ipsec.ipsec-ciphersuite.vipVariableName") + data.IpsecCiphersuiteVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IpsecCiphersuite = types.StringNull() + data.IpsecCiphersuiteVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ipsec.ipsec-ciphersuite.vipValue") + data.IpsecCiphersuite = types.StringValue(v.String()) + data.IpsecCiphersuiteVariable = types.StringNull() + } + } else { + data.IpsecCiphersuite = types.StringNull() + data.IpsecCiphersuiteVariable = types.StringNull() + } + if value := res.Get(path + "ipsec.perfect-forward-secrecy.vipType"); value.Exists() { + if value.String() == "variableName" { + data.IpsecPerfectForwardSecrecy = types.StringNull() + + v := res.Get(path + "ipsec.perfect-forward-secrecy.vipVariableName") + data.IpsecPerfectForwardSecrecyVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.IpsecPerfectForwardSecrecy = types.StringNull() + data.IpsecPerfectForwardSecrecyVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "ipsec.perfect-forward-secrecy.vipValue") + data.IpsecPerfectForwardSecrecy = types.StringValue(v.String()) + data.IpsecPerfectForwardSecrecyVariable = types.StringNull() + } + } else { + data.IpsecPerfectForwardSecrecy = types.StringNull() + data.IpsecPerfectForwardSecrecyVariable = types.StringNull() + } + if value := res.Get(path + "tracker.vipType"); len(value.Array()) > 0 { + if value.String() == "variableName" { + data.Tracker = types.ListNull(types.StringType) + + v := res.Get(path + "tracker.vipVariableName") + data.TrackerVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.Tracker = types.ListNull(types.StringType) + data.TrackerVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "tracker.vipValue") + data.Tracker = helpers.GetStringList(v.Array()) + data.TrackerVariable = types.StringNull() + } + } else { + data.Tracker = types.ListNull(types.StringType) + data.TrackerVariable = types.StringNull() + } + if value := res.Get(path + "tunnel-route-via.vipType"); value.Exists() { + if value.String() == "variableName" { + data.TunnelRouteVia = types.StringNull() + + v := res.Get(path + "tunnel-route-via.vipVariableName") + data.TunnelRouteViaVariable = types.StringValue(v.String()) + + } else if value.String() == "ignore" { + data.TunnelRouteVia = types.StringNull() + data.TunnelRouteViaVariable = types.StringNull() + } else if value.String() == "constant" { + v := res.Get(path + "tunnel-route-via.vipValue") + data.TunnelRouteVia = types.StringValue(v.String()) + data.TunnelRouteViaVariable = types.StringNull() + } + } else { + data.TunnelRouteVia = types.StringNull() + data.TunnelRouteViaVariable = types.StringNull() + } +} + +func (data *CiscoVPNInterfaceIPSec) hasChanges(ctx context.Context, state *CiscoVPNInterfaceIPSec) bool { + hasChanges := false + if !data.InterfaceName.Equal(state.InterfaceName) { + hasChanges = true + } + if !data.Shutdown.Equal(state.Shutdown) { + hasChanges = true + } + if !data.InterfaceDescription.Equal(state.InterfaceDescription) { + hasChanges = true + } + if !data.IpAddress.Equal(state.IpAddress) { + hasChanges = true + } + if !data.TunnelSource.Equal(state.TunnelSource) { + hasChanges = true + } + if !data.TunnelSourceInterface.Equal(state.TunnelSourceInterface) { + hasChanges = true + } + if !data.TunnelDestination.Equal(state.TunnelDestination) { + hasChanges = true + } + if !data.Application.Equal(state.Application) { + hasChanges = true + } + if !data.TcpMssAdjust.Equal(state.TcpMssAdjust) { + hasChanges = true + } + if !data.ClearDontFragment.Equal(state.ClearDontFragment) { + hasChanges = true + } + if !data.Mtu.Equal(state.Mtu) { + hasChanges = true + } + if !data.DeadPeerDetectionInterval.Equal(state.DeadPeerDetectionInterval) { + hasChanges = true + } + if !data.DeadPeerDetectionRetries.Equal(state.DeadPeerDetectionRetries) { + hasChanges = true + } + if !data.IkeVersion.Equal(state.IkeVersion) { + hasChanges = true + } + if !data.IkeMode.Equal(state.IkeMode) { + hasChanges = true + } + if !data.IkeRekeyInterval.Equal(state.IkeRekeyInterval) { + hasChanges = true + } + if !data.IkeCiphersuite.Equal(state.IkeCiphersuite) { + hasChanges = true + } + if !data.IkeGroup.Equal(state.IkeGroup) { + hasChanges = true + } + if !data.IkePreSharedKey.Equal(state.IkePreSharedKey) { + hasChanges = true + } + if !data.IkePreSharedKeyLocalId.Equal(state.IkePreSharedKeyLocalId) { + hasChanges = true + } + if !data.IkePreSharedKeyRemoteId.Equal(state.IkePreSharedKeyRemoteId) { + hasChanges = true + } + if !data.IpsecRekeyInterval.Equal(state.IpsecRekeyInterval) { + hasChanges = true + } + if !data.IpsecReplayWindow.Equal(state.IpsecReplayWindow) { + hasChanges = true + } + if !data.IpsecCiphersuite.Equal(state.IpsecCiphersuite) { + hasChanges = true + } + if !data.IpsecPerfectForwardSecrecy.Equal(state.IpsecPerfectForwardSecrecy) { + hasChanges = true + } + if !data.Tracker.Equal(state.Tracker) { + hasChanges = true + } + if !data.TunnelRouteVia.Equal(state.TunnelRouteVia) { + hasChanges = true + } + return hasChanges +} diff --git a/internal/provider/provider.go b/internal/provider/provider.go index d92b34a6..7d5fbbd5 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -258,6 +258,7 @@ func (p *SdwanProvider) Resources(ctx context.Context) []func() resource.Resourc NewCiscoThousandEyesFeatureTemplateResource, NewCiscoVPNFeatureTemplateResource, NewCiscoVPNInterfaceFeatureTemplateResource, + NewCiscoVPNInterfaceIPSecFeatureTemplateResource, NewCLITemplateFeatureTemplateResource, NewAppProbeClassPolicyObjectResource, NewApplicationListPolicyObjectResource, @@ -310,6 +311,7 @@ func (p *SdwanProvider) DataSources(ctx context.Context) []func() datasource.Dat NewCiscoThousandEyesFeatureTemplateDataSource, NewCiscoVPNFeatureTemplateDataSource, NewCiscoVPNInterfaceFeatureTemplateDataSource, + NewCiscoVPNInterfaceIPSecFeatureTemplateDataSource, NewCLITemplateFeatureTemplateDataSource, NewAppProbeClassPolicyObjectDataSource, NewApplicationListPolicyObjectDataSource, diff --git a/internal/provider/resource_sdwan_cisco_vpn_interface_ipsec_feature_template.go b/internal/provider/resource_sdwan_cisco_vpn_interface_ipsec_feature_template.go new file mode 100644 index 00000000..5f52a8c2 --- /dev/null +++ b/internal/provider/resource_sdwan_cisco_vpn_interface_ipsec_feature_template.go @@ -0,0 +1,509 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "context" + "fmt" + "sync" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework-validators/int64validator" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// Ensure provider defined types fully satisfy framework interfaces +var _ resource.Resource = &CiscoVPNInterfaceIPSecFeatureTemplateResource{} +var _ resource.ResourceWithImportState = &CiscoVPNInterfaceIPSecFeatureTemplateResource{} + +func NewCiscoVPNInterfaceIPSecFeatureTemplateResource() resource.Resource { + return &CiscoVPNInterfaceIPSecFeatureTemplateResource{} +} + +type CiscoVPNInterfaceIPSecFeatureTemplateResource struct { + client *sdwan.Client + updateMutex *sync.Mutex +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_cisco_vpn_interface_ipsec_feature_template" +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a Cisco VPN Interface IPSec feature template.").AddMinimumVersionDescription("15.0.0").String, + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the feature template", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "version": schema.Int64Attribute{ + MarkdownDescription: "The version of the feature template", + Computed: true, + }, + "template_type": schema.StringAttribute{ + MarkdownDescription: "The template type", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "The name of the feature template", + Required: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "The description of the feature template", + Required: true, + }, + "device_types": schema.ListAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of supported device types").AddStringEnumDescription("vedge-C8000V", "vedge-C8300-1N1S-4T2X", "vedge-C8300-1N1S-6T", "vedge-C8300-2N2S-6T", "vedge-C8300-2N2S-4T2X", "vedge-C8500-12X4QC", "vedge-C8500-12X", "vedge-C8500-20X6C", "vedge-C8500L-8S4X", "vedge-C8200-1N-4T", "vedge-C8200L-1N-4T").String, + ElementType: types.StringType, + Required: true, + }, + "interface_name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Interface name: IPsec when present").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.LengthBetween(6, 8), + }, + }, + "interface_name_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "shutdown": schema.BoolAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Administrative state").AddDefaultValueDescription("true").String, + Optional: true, + }, + "shutdown_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "interface_description": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Interface description").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.LengthBetween(0, 240), + }, + }, + "interface_description_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ip_address": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Assign IPv4 address").String, + Optional: true, + }, + "ip_address_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "tunnel_source": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Tunnel source IP Address").String, + Optional: true, + }, + "tunnel_source_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "tunnel_source_interface": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("<1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.LengthBetween(1, 32), + }, + }, + "tunnel_source_interface_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "tunnel_destination": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Tunnel destination IP address").String, + Optional: true, + }, + "tunnel_destination_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "application": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Enable Application Tunnel Type").AddStringEnumDescription("none", "sig").AddDefaultValueDescription("none").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("none", "sig"), + }, + }, + "application_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "tcp_mss_adjust": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("TCP MSS on SYN packets, in bytes").AddIntegerRangeDescription(500, 1460).String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(500, 1460), + }, + }, + "tcp_mss_adjust_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "clear_dont_fragment": schema.BoolAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Enable clear dont fragment (Currently Only SDWAN Tunnel Interface)").AddDefaultValueDescription("false").String, + Optional: true, + }, + "clear_dont_fragment_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "mtu": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Interface MTU <68..9216>, in bytes").AddIntegerRangeDescription(68, 9216).AddDefaultValueDescription("1500").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(68, 9216), + }, + }, + "mtu_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "dead_peer_detection_interval": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE keepalive interval (seconds)").AddIntegerRangeDescription(10, 3600).AddDefaultValueDescription("10").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(10, 3600), + }, + }, + "dead_peer_detection_interval_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "dead_peer_detection_retries": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE keepalive retries").AddIntegerRangeDescription(2, 60).AddDefaultValueDescription("3").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(2, 60), + }, + }, + "dead_peer_detection_retries_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_version": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE Version <1..2>").AddIntegerRangeDescription(1, 2).AddDefaultValueDescription("1").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(1, 2), + }, + }, + "ike_mode": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE integrity protocol").AddStringEnumDescription("main", "aggressive").AddDefaultValueDescription("main").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("main", "aggressive"), + }, + }, + "ike_mode_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_rekey_interval": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE rekey interval <60..86400> seconds").AddIntegerRangeDescription(60, 86400).AddDefaultValueDescription("14400").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(60, 86400), + }, + }, + "ike_rekey_interval_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_ciphersuite": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE identity the IKE preshared secret belongs to").AddStringEnumDescription("aes256-cbc-sha1", "aes256-cbc-sha2", "aes128-cbc-sha1", "aes128-cbc-sha2").AddDefaultValueDescription("aes256-cbc-sha1").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("aes256-cbc-sha1", "aes256-cbc-sha2", "aes128-cbc-sha1", "aes128-cbc-sha2"), + }, + }, + "ike_ciphersuite_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_group": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE Diffie Hellman Groups").AddStringEnumDescription("2", "14", "15", "16", "19", "20", "21", "24").AddDefaultValueDescription("16").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("2", "14", "15", "16", "19", "20", "21", "24"), + }, + }, + "ike_group_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_pre_shared_key": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Use preshared key to authenticate IKE peer").String, + Optional: true, + }, + "ike_pre_shared_key_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_pre_shared_key_local_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE ID for the local endpoint. Input IPv4 address, domain name, or email address").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.LengthBetween(1, 63), + }, + }, + "ike_pre_shared_key_local_id_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ike_pre_shared_key_remote_id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IKE ID for the remote endpoint. Input IPv4 address, domain name, or email address").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.LengthBetween(1, 63), + }, + }, + "ike_pre_shared_key_remote_id_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ipsec_rekey_interval": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("IPsec rekey interval <300..1209600> seconds").AddIntegerRangeDescription(120, 2592000).AddDefaultValueDescription("3600").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(120, 2592000), + }, + }, + "ipsec_rekey_interval_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ipsec_replay_window": schema.Int64Attribute{ + MarkdownDescription: helpers.NewAttributeDescription("Replay window size 32..8192 (must be a power of 2)").AddIntegerRangeDescription(64, 4096).AddDefaultValueDescription("512").String, + Optional: true, + Validators: []validator.Int64{ + int64validator.Between(64, 4096), + }, + }, + "ipsec_replay_window_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ipsec_ciphersuite": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IPsec(ESP) encryption and integrity protocol").AddStringEnumDescription("aes256-cbc-sha1", "aes256-cbc-sha384", "aes256-cbc-sha256", "aes256-cbc-sha512", "aes256-gcm", "null-sha1", "null-sha384", "null-sha256", "null-sha512").AddDefaultValueDescription("aes256-gcm").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("aes256-cbc-sha1", "aes256-cbc-sha384", "aes256-cbc-sha256", "aes256-cbc-sha512", "aes256-gcm", "null-sha1", "null-sha384", "null-sha256", "null-sha512"), + }, + }, + "ipsec_ciphersuite_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "ipsec_perfect_forward_secrecy": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("IPsec perfect forward secrecy settings").AddStringEnumDescription("group-1", "group-2", "group-5", "group-14", "group-15", "group-16", "group-19", "group-20", "group-21", "group-24", "none").AddDefaultValueDescription("group-16").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.OneOf("group-1", "group-2", "group-5", "group-14", "group-15", "group-16", "group-19", "group-20", "group-21", "group-24", "none"), + }, + }, + "ipsec_perfect_forward_secrecy_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "tracker": schema.ListAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Enable tracker for this interface").String, + ElementType: types.StringType, + Optional: true, + }, + "tracker_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + "tunnel_route_via": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("<1..32 characters> Interface name: ge0/<0-..> or ge0/<0-..>.vlanid").String, + Optional: true, + Validators: []validator.String{ + stringvalidator.LengthBetween(1, 32), + }, + }, + "tunnel_route_via_variable": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Optional: true, + }, + }, + } +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*SdwanProviderData).Client + r.updateMutex = req.ProviderData.(*SdwanProviderData).UpdateMutex +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan CiscoVPNInterfaceIPSec + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Name.ValueString())) + + // Create object + body := plan.toBody(ctx) + + res, err := r.client.Post("/template/feature", body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) + return + } + + plan.Id = types.StringValue(res.Get("templateId").String()) + plan.Version = types.Int64Value(0) + plan.TemplateType = types.StringValue(plan.getModel()) + + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state CiscoVPNInterfaceIPSec + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Name.String())) + + res, err := r.client.Get("/template/feature/object/" + state.Id.ValueString()) + if res.Get("error.message").String() == "Invalid Template Id" { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + state.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Name.ValueString())) + + diags = resp.State.Set(ctx, &state) + resp.Diagnostics.Append(diags...) +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state CiscoVPNInterfaceIPSec + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + // Read state + diags = req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Name.ValueString())) + + body := plan.toBody(ctx) + r.updateMutex.Lock() + res, err := r.client.Put("/template/feature/"+plan.Id.ValueString(), body) + r.updateMutex.Unlock() + if err != nil { + if res.Get("error.message").String() == "Template locked in edit mode." { + resp.Diagnostics.AddWarning("Client Warning", fmt.Sprintf("Failed to modify template due to template being locked by another change. Template changes will not be applied. Re-run 'terraform apply' to try again.")) + } else { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + } + + if plan.hasChanges(ctx, &state) { + plan.Version = types.Int64Value(state.Version.ValueInt64() + 1) + } else { + plan.Version = state.Version + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state CiscoVPNInterfaceIPSec + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Name.ValueString())) + + res, err := r.client.Delete("/template/feature/" + state.Id.ValueString()) + if err != nil && res.Get("error.message").String() != "Invalid Template Id" { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Name.ValueString())) + + resp.State.RemoveResource(ctx) +} + +func (r *CiscoVPNInterfaceIPSecFeatureTemplateResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} diff --git a/internal/provider/resource_sdwan_cisco_vpn_interface_ipsec_feature_template_test.go b/internal/provider/resource_sdwan_cisco_vpn_interface_ipsec_feature_template_test.go new file mode 100644 index 00000000..9da81ca0 --- /dev/null +++ b/internal/provider/resource_sdwan_cisco_vpn_interface_ipsec_feature_template_test.go @@ -0,0 +1,130 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +// Code generated by "gen/generator.go"; DO NOT EDIT. + +package provider + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccSdwanCiscoVPNInterfaceIPSecFeatureTemplate(t *testing.T) { + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccSdwanCiscoVPNInterfaceIPSecFeatureTemplateConfig_minimum(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "interface_name", "ipsec1"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_source", "1.2.3.4"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_source_interface", "e1"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_destination", "3.4.5.6"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "application", "sig"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_route_via", "g0/0"), + ), + }, + { + Config: testAccSdwanCiscoVPNInterfaceIPSecFeatureTemplateConfig_all(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "interface_name", "ipsec1"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "shutdown", "false"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "interface_description", "My Description"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ip_address", "1.1.1.1/24"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_source", "1.2.3.4"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_source_interface", "e1"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_destination", "3.4.5.6"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "application", "sig"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tcp_mss_adjust", "1400"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "clear_dont_fragment", "true"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "mtu", "1500"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "dead_peer_detection_interval", "100"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "dead_peer_detection_retries", "4"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_version", "2"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_mode", "main"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_rekey_interval", "20000"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_ciphersuite", "aes256-cbc-sha1"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_group", "20"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_pre_shared_key", "cisco123"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_pre_shared_key_local_id", "1"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ike_pre_shared_key_remote_id", "2"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_rekey_interval", "7200"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_replay_window", "128"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_ciphersuite", "aes256-cbc-sha256"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "ipsec_perfect_forward_secrecy", "group-20"), + resource.TestCheckResourceAttr("sdwan_cisco_vpn_interface_ipsec_feature_template.test", "tunnel_route_via", "g0/0"), + ), + }, + }, + }) +} + +func testAccSdwanCiscoVPNInterfaceIPSecFeatureTemplateConfig_minimum() string { + return ` + resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "test" { + name = "TF_TEST_MIN" + description = "Terraform integration test" + device_types = ["vedge-C8000V"] + interface_name = "ipsec1" + tunnel_source = "1.2.3.4" + tunnel_source_interface = "e1" + tunnel_destination = "3.4.5.6" + application = "sig" + tunnel_route_via = "g0/0" + } + ` +} + +func testAccSdwanCiscoVPNInterfaceIPSecFeatureTemplateConfig_all() string { + return ` + resource "sdwan_cisco_vpn_interface_ipsec_feature_template" "test" { + name = "TF_TEST_ALL" + description = "Terraform integration test" + device_types = ["vedge-C8000V"] + interface_name = "ipsec1" + shutdown = false + interface_description = "My Description" + ip_address = "1.1.1.1/24" + tunnel_source = "1.2.3.4" + tunnel_source_interface = "e1" + tunnel_destination = "3.4.5.6" + application = "sig" + tcp_mss_adjust = 1400 + clear_dont_fragment = true + mtu = 1500 + dead_peer_detection_interval = 100 + dead_peer_detection_retries = 4 + ike_version = 2 + ike_mode = "main" + ike_rekey_interval = 20000 + ike_ciphersuite = "aes256-cbc-sha1" + ike_group = "20" + ike_pre_shared_key = "cisco123" + ike_pre_shared_key_local_id = "1" + ike_pre_shared_key_remote_id = "2" + ipsec_rekey_interval = 7200 + ipsec_replay_window = 128 + ipsec_ciphersuite = "aes256-cbc-sha256" + ipsec_perfect_forward_secrecy = "group-20" + tracker = ["TRACKER1"] + tunnel_route_via = "g0/0" + } + ` +} diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index c3d76e3c..b3fb9792 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -10,6 +10,7 @@ description: |- ## 0.2.1 (unreleased) - Add `sdwan_cisco_ospf_feature_template` resource and data source +- Add `sdwan_cisco_vpn_interface_ipsec_feature_template` resource and data source ## 0.2.0