diff --git a/assets/terraform/examples/resources/panos_globalprotect_log_settings/import.sh b/assets/terraform/examples/resources/panos_globalprotect_log_settings/import.sh new file mode 100644 index 00000000..2be1f391 --- /dev/null +++ b/assets/terraform/examples/resources/panos_globalprotect_log_settings/import.sh @@ -0,0 +1,12 @@ +# A globalprotect log setting can be imported by providing the following base64 encoded object as the ID +# { +# location = { +# template = { +# name = "example-template" +# panorama_device = "localhost.localdomain" +# } +# } +# +# name = "example-gp-settings" +# } +terraform import panos_globalprotect_log_settings.example $(echo '{"location":{"template":{"name":"example-template","panorama_device":"localhost.localdomain"}},"name":"example-gp-settings"}' | base64) diff --git a/assets/terraform/examples/resources/panos_globalprotect_log_settings/resource.tf b/assets/terraform/examples/resources/panos_globalprotect_log_settings/resource.tf new file mode 100644 index 00000000..4e07a6e2 --- /dev/null +++ b/assets/terraform/examples/resources/panos_globalprotect_log_settings/resource.tf @@ -0,0 +1,33 @@ +resource "panos_template" "example" { + location = { panorama = {} } + name = "example-template" +} + +resource "panos_globalprotect_log_settings" "example" { + location = { + template = { + name = panos_template.example.name + } + } + + name = "example-gp-settings" + description = "globalprotect log settings example" + filter = "(severity eq high)" + send_to_panorama = true + + actions = [ + { + name = "tag-action" + type = { + tagging = { + action = "add-tag" + target = "source-address" + tags = ["tag1", "tag2"] + registration = { + panorama = {} + } + } + } + } + ] +} diff --git a/assets/terraform/test/resource_globalprotect_log_settings_test.go b/assets/terraform/test/resource_globalprotect_log_settings_test.go new file mode 100644 index 00000000..a1857eed --- /dev/null +++ b/assets/terraform/test/resource_globalprotect_log_settings_test.go @@ -0,0 +1,120 @@ +package provider_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/config" + "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/statecheck" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" +) + +func TestAccGlobalprotectLogSettings(t *testing.T) { + t.Parallel() + + nameSuffix := acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum) + prefix := fmt.Sprintf("test-acc-%s", nameSuffix) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProviders, + Steps: []resource.TestStep{ + { + Config: globalprotectLogSettingsTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "description": config.StringVariable("test description"), + "filter": config.StringVariable("(severity eq high)"), + "send_to_panorama": config.BoolVariable(true), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_globalprotect_log_settings.settings", + tfjsonpath.New("description"), + knownvalue.StringExact("test description"), + ), + // statecheck.ExpectKnownValue( + // "panos_globalprotect_log_settings.settings", + // tfjsonpath.New("filter"), + // knownvalue.StringExact("(severity eq high)"), + // ), + statecheck.ExpectKnownValue( + "panos_globalprotect_log_settings.settings", + tfjsonpath.New("send_to_panorama"), + knownvalue.Bool(true), + ), + }, + }, + { + Config: globalprotectLogSettingsTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "description": config.StringVariable("updated description"), + "filter": config.StringVariable("(status eq 200)"), + "send_to_panorama": config.BoolVariable(false), + "actions": config.ListVariable(config.ObjectVariable(map[string]config.Variable{ + "name": config.StringVariable("tag-action"), + "type": config.ObjectVariable(map[string]config.Variable{ + "tagging": config.ObjectVariable(map[string]config.Variable{ + "action": config.StringVariable("add-tag"), + "target": config.StringVariable("source-address"), + "tags": config.ListVariable(config.StringVariable("tag1"), config.StringVariable("tag2")), + }), + }), + })), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_globalprotect_log_settings.settings", + tfjsonpath.New("description"), + knownvalue.StringExact("updated description"), + ), + // statecheck.ExpectKnownValue( + // "panos_globalprotect_log_settings.settings", + // tfjsonpath.New("filter"), + // knownvalue.StringExact("(severity eq critical)"), + // ), + statecheck.ExpectKnownValue( + "panos_globalprotect_log_settings.settings", + tfjsonpath.New("send_to_panorama"), + knownvalue.Bool(false), + ), + statecheck.ExpectKnownValue( + "panos_globalprotect_log_settings.settings", + tfjsonpath.New("actions").AtSliceIndex(0).AtMapKey("name"), + knownvalue.StringExact("tag-action"), + ), + }, + }, + }, + }) +} + +const globalprotectLogSettingsTmpl = ` +variable "prefix" { type = string } +variable "description" { type = string } +variable "filter" { type = string } +variable "send_to_panorama" { type = bool } +variable "actions" { + type = any + default = [] +} + + +resource "panos_template" "tmpl" { + location = { panorama = {} } + name = var.prefix +} + +resource "panos_globalprotect_log_settings" "settings" { + location = { template = { name = panos_template.tmpl.name } } + name = var.prefix + description = var.description + #filter = var.filter + send_to_panorama = var.send_to_panorama + actions = var.actions +} +` diff --git a/specs/device/log-settings/globalprotect.yaml b/specs/device/log-settings/globalprotect.yaml new file mode 100644 index 00000000..26ca6781 --- /dev/null +++ b/specs/device/log-settings/globalprotect.yaml @@ -0,0 +1,490 @@ +name: globalprotect-log-settings +terraform_provider_config: + description: Global Protect Log Settings + skip_resource: false + skip_datasource: false + resource_type: entry + resource_variants: + - singular + suffix: globalprotect_log_settings + plural_suffix: '' + plural_name: '' + plural_description: '' +go_sdk_config: + skip: false + package: + - device + - logsettings + - globalprotect +panos_xpath: + path: + - log-settings + - globalprotect + - match-list + vars: [] +locations: +- name: panorama + xpath: + path: + - config + - panorama + vars: [] + description: Located in a panorama. + validators: [] + required: false + read_only: false +- name: template + xpath: + path: + - config + - devices + - $panorama_device + - template + - $template + - config + - shared + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template + description: Specific Panorama template + required: true + validators: [] + type: entry + description: A shared resource located within a specific template + devices: + - panorama + validators: [] + required: false + read_only: false +- name: template-vsys + xpath: + path: + - config + - devices + - $panorama_device + - template + - $template + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template + description: Specific Panorama template + required: true + validators: [] + type: entry + - name: ngfw_device + description: The NGFW device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The vsys. + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys cannot be "shared". + type: entry + description: Located in a specific template, device and vsys. + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +- name: template-stack + xpath: + path: + - config + - devices + - $panorama_device + - template-stack + - $template_stack + - config + - shared + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template_stack + description: The template stack + required: true + validators: [] + type: entry + description: Located in a specific template + devices: + - panorama + validators: [] + required: false + read_only: false +- name: template-stack-vsys + xpath: + path: + - config + - devices + - $panorama_device + - template-stack + - $template_stack + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template_stack + description: The template stack + required: true + validators: [] + type: entry + - name: ngfw_device + description: The NGFW device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The vsys. + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys cannot be "shared". + type: entry + description: Located in a specific template, device and vsys. + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +entries: +- name: name + description: '' + validators: [] +imports: [] +spec: + params: + - name: actions + type: list + profiles: + - xpath: + - actions + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: type + type: object + profiles: + - xpath: + - type + validators: [] + spec: + params: [] + variants: + - name: integration + type: object + profiles: + - xpath: + - integration + validators: [] + spec: + params: + - name: action + type: enum + profiles: + - xpath: + - action + validators: + - type: values + spec: + values: + - Azure-Security-Center-Integration + spec: + default: Azure-Security-Center-Integration + values: + - value: Azure-Security-Center-Integration + description: '' + required: false + variants: [] + description: '' + required: false + - name: tagging + type: object + profiles: + - xpath: + - tagging + validators: [] + spec: + params: + - name: target + type: enum + profiles: + - xpath: + - target + validators: + - type: values + spec: + values: + - source-address + - destination-address + - xff-address + - user + spec: + default: source-address + values: + - value: source-address + - value: destination-address + - value: xff-address + - value: user + description: '' + required: false + - name: action + type: enum + profiles: + - xpath: + - action + validators: + - type: values + spec: + values: + - add-tag + - remove-tag + spec: + default: add-tag + values: + - value: add-tag + - value: remove-tag + description: '' + required: false + - name: timeout + type: int64 + profiles: + - xpath: + - timeout + validators: + - type: length + spec: + min: 0 + max: 43200 + spec: + default: 0 + description: timeout in minutes + required: false + - name: registration + type: object + profiles: + - xpath: + - registration + validators: [] + spec: + params: [] + variants: + - name: localhost + type: object + profiles: + - xpath: + - localhost + validators: [] + spec: + params: [] + variants: [] + description: Local User-ID + required: false + - name: panorama + type: object + profiles: + - xpath: + - panorama + validators: [] + spec: + params: [] + variants: [] + description: Panorama User-ID + required: false + - name: remote + type: object + profiles: + - xpath: + - remote + validators: [] + spec: + params: + - name: http-profile + type: string + profiles: + - xpath: + - http-profile + validators: [] + spec: {} + description: '' + required: false + variants: [] + description: Remote User-ID + required: false + description: '' + required: false + - name: tags + type: list + profiles: + - xpath: + - tags + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + variants: [] + description: '' + required: false + description: '' + required: false + variants: [] + description: '' + required: false + - name: description + type: string + profiles: + - xpath: + - description + validators: + - type: length + spec: + min: 0 + max: 1023 + spec: {} + description: '' + required: false + - name: filter + type: string + profiles: + - xpath: + - filter + validators: + - type: length + spec: + max: 1024 + spec: {} + description: '' + required: false + - name: quarantine + type: bool + profiles: + - xpath: + - quarantine + validators: [] + spec: {} + description: '' + required: false + - name: send-email + type: list + profiles: + - xpath: + - send-email + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: email-profiles + - name: send-http + type: list + profiles: + - xpath: + - send-http + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: http-profile + - name: send-snmptrap + type: list + profiles: + - xpath: + - send-snmptrap + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: snmp-profiles + - name: send-syslog + type: list + profiles: + - xpath: + - send-syslog + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: syslog-profiles + - name: send-to-panorama + type: bool + profiles: + - xpath: + - send-to-panorama + validators: [] + spec: {} + description: '' + required: false + variants: []