diff --git a/assets/terraform/examples/resources/panos_syslog_profile/import.sh b/assets/terraform/examples/resources/panos_syslog_profile/import.sh new file mode 100644 index 00000000..48f0e7b2 --- /dev/null +++ b/assets/terraform/examples/resources/panos_syslog_profile/import.sh @@ -0,0 +1,12 @@ +# A syslog profile can be imported by providing the following base64 encoded object as the ID +# { +# location = { +# template = { +# name = "example-template" +# panorama_device = "localhost.localdomain" +# } +# } +# +# name = "example-syslog-profile" +# } +terraform import panos_syslog_profile.example $(echo '{"location":{"template":{"name":"example-template","panorama_device":"localhost.localdomain"}},"name":"example-syslog-profile"}' | base64) diff --git a/assets/terraform/examples/resources/panos_syslog_profile/resource.tf b/assets/terraform/examples/resources/panos_syslog_profile/resource.tf new file mode 100644 index 00000000..999a1ce6 --- /dev/null +++ b/assets/terraform/examples/resources/panos_syslog_profile/resource.tf @@ -0,0 +1,42 @@ +resource "panos_template" "example" { + location = { panorama = {} } + name = "example-template" +} + +resource "panos_syslog_profile" "example" { + location = { + template = { + name = panos_template.example.name + } + } + + name = "example-syslog-profile" + + servers = [ + { + name = "server1" + server = "10.0.0.1" + transport = "UDP" + port = 514 + facility = "LOG_USER" + format = "IETF" + }, + { + name = "server2" + server = "syslog.example.com" + transport = "SSL" + port = 6514 + facility = "LOG_LOCAL1" + format = "BSD" + } + ] + + format = { + auth = "auth-format" + traffic = "traffic-format" + escaping = { + escape_character = "\\" + escaped_characters = "'" + } + } +} diff --git a/assets/terraform/test/resource_syslog_profile_test.go b/assets/terraform/test/resource_syslog_profile_test.go new file mode 100644 index 00000000..95a35702 --- /dev/null +++ b/assets/terraform/test/resource_syslog_profile_test.go @@ -0,0 +1,147 @@ +package provider_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/config" + "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/statecheck" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" +) + +func TestAccSyslogProfile(t *testing.T) { + t.Parallel() + + nameSuffix := acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum) + prefix := fmt.Sprintf("test-acc-%s", nameSuffix) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProviders, + Steps: []resource.TestStep{ + { + Config: syslogProfileTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "servers": config.ListVariable( + config.ObjectVariable(map[string]config.Variable{ + "name": config.StringVariable("server1"), + "server": config.StringVariable("10.0.0.1"), + "transport": config.StringVariable("UDP"), + "port": config.IntegerVariable(514), + "facility": config.StringVariable("LOG_USER"), + "format": config.StringVariable("IETF"), + }), + ), + "format": config.ObjectVariable(map[string]config.Variable{ + "traffic": config.StringVariable("traffic-fmt"), + }), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("name"), + knownvalue.StringExact(prefix), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("servers").AtSliceIndex(0).AtMapKey("name"), + knownvalue.StringExact("server1"), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("format").AtMapKey("traffic"), + knownvalue.StringExact("traffic-fmt"), + ), + }, + }, + { + Config: syslogProfileTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "servers": config.ListVariable( + config.ObjectVariable(map[string]config.Variable{ + "name": config.StringVariable("server1-upd"), + "server": config.StringVariable("10.0.0.1"), + "transport": config.StringVariable("TCP"), + "port": config.IntegerVariable(514), + "facility": config.StringVariable("LOG_LOCAL0"), + "format": config.StringVariable("BSD"), + }), + config.ObjectVariable(map[string]config.Variable{ + "name": config.StringVariable("server2"), + "server": config.StringVariable("10.0.0.2"), + "transport": config.StringVariable("SSL"), + "port": config.IntegerVariable(6514), + "facility": config.StringVariable("LOG_LOCAL1"), + "format": config.StringVariable("IETF"), + }), + ), + "format": config.ObjectVariable(map[string]config.Variable{ + "traffic": config.StringVariable("traffic-fmt-upd"), + "system": config.StringVariable("system-fmt"), + "escaping": config.ObjectVariable(map[string]config.Variable{ + "escape_character": config.StringVariable("\\"), + "escaped_characters": config.StringVariable(`'"`), + }), + }), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("servers").AtSliceIndex(0).AtMapKey("name"), + knownvalue.StringExact("server1-upd"), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("servers").AtSliceIndex(0).AtMapKey("transport"), + knownvalue.StringExact("TCP"), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("servers").AtSliceIndex(1).AtMapKey("name"), + knownvalue.StringExact("server2"), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("format").AtMapKey("traffic"), + knownvalue.StringExact("traffic-fmt-upd"), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("format").AtMapKey("system"), + knownvalue.StringExact("system-fmt"), + ), + statecheck.ExpectKnownValue( + "panos_syslog_profile.profile", + tfjsonpath.New("format").AtMapKey("escaping").AtMapKey("escape_character"), + knownvalue.StringExact("\\"), + ), + }, + }, + }, + }) +} + +const syslogProfileTmpl = ` +variable "prefix" { type = string } +variable "servers" { type = any } +variable "format" { type = any } + +resource "panos_template" "tmpl" { + location = { panorama = {} } + + name = var.prefix +} + +resource "panos_syslog_profile" "profile" { + location = { template = { name = panos_template.tmpl.name } } + + name = var.prefix + servers = var.servers + format = var.format +} +` diff --git a/specs/device/profiles/syslog.yaml b/specs/device/profiles/syslog.yaml new file mode 100644 index 00000000..a5158935 --- /dev/null +++ b/specs/device/profiles/syslog.yaml @@ -0,0 +1,594 @@ +name: syslog-profile +terraform_provider_config: + description: Syslog Server Profile + skip_resource: false + skip_datasource: false + resource_type: entry + resource_variants: + - singular + suffix: syslog_profile + plural_suffix: '' + plural_name: '' + plural_description: '' +go_sdk_config: + skip: false + package: + - device + - profiles + - syslog +panos_xpath: + path: + - log-settings + - syslog + vars: [] +locations: +- name: panorama + xpath: + path: + - config + - panorama + vars: [] + description: Located in a panorama. + validators: [] + required: false + read_only: false +- name: vsys + xpath: + path: + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: ngfw_device + description: The NGFW device name + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The Virtual System name + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys name cannot be "shared". Use the "shared" location instead + type: entry + description: Located in a specific Virtual System + devices: + - ngfw + validators: [] + required: false + read_only: false +- name: template + xpath: + path: + - config + - devices + - $panorama_device + - template + - $template + - config + - shared + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template + description: Specific Panorama template + required: true + validators: [] + type: entry + description: A shared resource located within a specific template + devices: + - panorama + validators: [] + required: false + read_only: false +- name: template-vsys + xpath: + path: + - config + - devices + - $panorama_device + - template + - $template + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template + description: Specific Panorama template + required: true + validators: [] + type: entry + - name: ngfw_device + description: The NGFW device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The vsys. + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys cannot be "shared". + type: entry + description: Located in a specific template, device and vsys. + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +- name: template-stack + xpath: + path: + - config + - devices + - $panorama_device + - template-stack + - $template_stack + - config + - shared + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template_stack + description: The template stack + required: true + validators: [] + type: entry + description: Located in a specific template + devices: + - panorama + validators: [] + required: false + read_only: false +- name: template-stack-vsys + xpath: + path: + - config + - devices + - $panorama_device + - template-stack + - $template_stack + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template_stack + description: The template stack + required: true + validators: [] + type: entry + - name: ngfw_device + description: The NGFW device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The vsys. + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys cannot be "shared". + type: entry + description: Located in a specific template, device and vsys. + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +entries: +- name: name + description: '' + validators: [] +imports: [] +spec: + params: + - name: format + type: object + profiles: + - xpath: + - format + validators: [] + spec: + params: + - name: auth + type: string + profiles: + - xpath: + - auth + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: config + type: string + profiles: + - xpath: + - config + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: correlation + type: string + profiles: + - xpath: + - correlation + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: data + type: string + profiles: + - xpath: + - data + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: decryption + type: string + profiles: + - xpath: + - decryption + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: escaping + type: object + profiles: + - xpath: + - escaping + validators: [] + spec: + params: + - name: escape-character + type: string + profiles: + - xpath: + - escape-character + validators: + - type: length + spec: + min: 1 + max: 1 + spec: {} + description: Escape character + required: false + - name: escaped-characters + type: string + profiles: + - xpath: + - escaped-characters + validators: + - type: length + spec: + max: 255 + spec: {} + description: List of characters to be escaped + required: false + variants: [] + description: '' + required: false + - name: globalprotect + type: string + profiles: + - xpath: + - globalprotect + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: gtp + type: string + profiles: + - xpath: + - gtp + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: hip-match + type: string + profiles: + - xpath: + - hip-match + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: iptag + type: string + profiles: + - xpath: + - iptag + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: sctp + type: string + profiles: + - xpath: + - sctp + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: system + type: string + profiles: + - xpath: + - system + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: threat + type: string + profiles: + - xpath: + - threat + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: traffic + type: string + profiles: + - xpath: + - traffic + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: tunnel + type: string + profiles: + - xpath: + - tunnel + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: url + type: string + profiles: + - xpath: + - url + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: userid + type: string + profiles: + - xpath: + - userid + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + - name: wildfire + type: string + profiles: + - xpath: + - wildfire + validators: + - type: length + spec: + max: 2048 + spec: {} + description: '' + required: false + variants: [] + description: custom formats for forwarded logs + required: false + - name: server + type: list + profiles: + - xpath: + - server + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: server + type: string + profiles: + - xpath: + - server + validators: + - type: length + spec: + max: 63 + spec: {} + description: IP address or FQDN of SYSLOG server to use + required: false + - name: transport + type: enum + profiles: + - xpath: + - transport + validators: + - type: values + spec: + values: + - UDP + - TCP + - SSL + spec: + default: UDP + values: + - value: UDP + - value: TCP + - value: SSL + description: '' + required: false + - name: port + type: int64 + profiles: + - xpath: + - port + validators: + - type: length + spec: + min: 1 + max: 65535 + spec: {} + description: Port number (Standard Syslog ports UDP:514, SSL:6514) + required: false + - name: format + type: enum + profiles: + - xpath: + - format + validators: + - type: values + spec: + values: + - BSD + - IETF + spec: + default: BSD + values: + - value: BSD + - value: IETF + description: Format of the Syslog message + required: false + - name: facility + type: enum + profiles: + - xpath: + - facility + validators: + - type: values + spec: + values: + - LOG_USER + - LOG_LOCAL0 + - LOG_LOCAL1 + - LOG_LOCAL2 + - LOG_LOCAL3 + - LOG_LOCAL4 + - LOG_LOCAL5 + - LOG_LOCAL6 + - LOG_LOCAL7 + spec: + default: LOG_USER + values: + - value: LOG_USER + - value: LOG_LOCAL0 + - value: LOG_LOCAL1 + - value: LOG_LOCAL2 + - value: LOG_LOCAL3 + - value: LOG_LOCAL4 + - value: LOG_LOCAL5 + - value: LOG_LOCAL6 + - value: LOG_LOCAL7 + description: '' + required: false + variants: [] + description: '' + required: false + codegen_overrides: + terraform: + name: servers + variants: []