From 9bfdf12af3094f799c61dcb436dcb2dab8cc6787 Mon Sep 17 00:00:00 2001 From: adambar Date: Mon, 9 Sep 2024 12:01:33 +0300 Subject: [PATCH] adding terraform support --- CHANGELOG.md | 18 +- ...urce_checkpoint_management_infinity_idp.go | 124 +++++ ...eckpoint_management_infinity_idp_object.go | 146 ++++++ ...t_management_mobile_access_profile_rule.go | 148 ++++++ ...agement_mobile_access_profile_rule_test.go | 52 ++ ...anagement_mobile_access_profile_section.go | 95 ++++ ...ment_mobile_access_profile_section_test.go | 49 ++ ...heckpoint_management_mobile_access_rule.go | 185 ++++++++ ...oint_management_mobile_access_rule_test.go | 49 ++ ...kpoint_management_mobile_access_section.go | 96 ++++ ...t_management_mobile_access_section_test.go | 49 ++ ...rce_checkpoint_management_network_probe.go | 236 ++++++++++ checkpoint/provider.go | 14 + ..._management_command_delete_infinity_idp.go | 83 ++++ ...ment_command_delete_infinity_idp_object.go | 83 ++++ ...t_management_mobile_access_profile_rule.go | 380 +++++++++++++++ ...agement_mobile_access_profile_rule_test.go | 121 +++++ ...anagement_mobile_access_profile_section.go | 277 +++++++++++ ...ment_mobile_access_profile_section_test.go | 104 ++++ ...heckpoint_management_mobile_access_rule.go | 421 +++++++++++++++++ ...oint_management_mobile_access_rule_test.go | 106 +++++ ...kpoint_management_mobile_access_section.go | 278 +++++++++++ ...t_management_mobile_access_section_test.go | 104 ++++ ...rce_checkpoint_management_network_probe.go | 443 ++++++++++++++++++ ...heckpoint_management_network_probe_test.go | 116 +++++ website/checkpoint.erb | 44 +- ...oint_management_infinity_idp.html.markdown | 37 ++ ...nagement_infinity_idp_object.html.markdown | 40 ++ ...t_mobile_access_profile_rule.html.markdown | 41 ++ ...obile_access_profile_section.html.markdown | 32 ++ ...anagement_mobile_access_rule.html.markdown | 40 ++ ...gement_mobile_access_section.html.markdown | 33 ++ ...int_management_network_probe.html.markdown | 54 +++ ...nagement_delete_infinity_idp.html.markdown | 35 ++ ...t_delete_infinity_idp_object.html.markdown | 35 ++ ...t_mobile_access_profile_rule.html.markdown | 44 ++ ...obile_access_profile_section.html.markdown | 38 ++ ...anagement_mobile_access_rule.html.markdown | 46 ++ ...gement_mobile_access_section.html.markdown | 38 ++ ...int_management_network_probe.html.markdown | 53 +++ 40 files changed, 4384 insertions(+), 3 deletions(-) create mode 100644 checkpoint/data_source_checkpoint_management_infinity_idp.go create mode 100644 checkpoint/data_source_checkpoint_management_infinity_idp_object.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_profile_rule.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_profile_rule_test.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_profile_section.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_profile_section_test.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_rule.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_rule_test.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_section.go create mode 100644 checkpoint/data_source_checkpoint_management_mobile_access_section_test.go create mode 100644 checkpoint/data_source_checkpoint_management_network_probe.go create mode 100644 checkpoint/resource_checkpoint_management_command_delete_infinity_idp.go create mode 100644 checkpoint/resource_checkpoint_management_command_delete_infinity_idp_object.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_profile_rule.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_profile_rule_test.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_profile_section.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_profile_section_test.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_rule.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_rule_test.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_section.go create mode 100644 checkpoint/resource_checkpoint_management_mobile_access_section_test.go create mode 100644 checkpoint/resource_checkpoint_management_network_probe.go create mode 100644 checkpoint/resource_checkpoint_management_network_probe_test.go create mode 100644 website/docs/d/checkpoint_management_infinity_idp.html.markdown create mode 100644 website/docs/d/checkpoint_management_infinity_idp_object.html.markdown create mode 100644 website/docs/d/checkpoint_management_mobile_access_profile_rule.html.markdown create mode 100644 website/docs/d/checkpoint_management_mobile_access_profile_section.html.markdown create mode 100644 website/docs/d/checkpoint_management_mobile_access_rule.html.markdown create mode 100644 website/docs/d/checkpoint_management_mobile_access_section.html.markdown create mode 100644 website/docs/d/checkpoint_management_network_probe.html.markdown create mode 100644 website/docs/r/checkpoint_management_delete_infinity_idp.html.markdown create mode 100644 website/docs/r/checkpoint_management_delete_infinity_idp_object.html.markdown create mode 100644 website/docs/r/checkpoint_management_mobile_access_profile_rule.html.markdown create mode 100644 website/docs/r/checkpoint_management_mobile_access_profile_section.html.markdown create mode 100644 website/docs/r/checkpoint_management_mobile_access_rule.html.markdown create mode 100644 website/docs/r/checkpoint_management_mobile_access_section.html.markdown create mode 100644 website/docs/r/checkpoint_management_network_probe.html.markdown diff --git a/CHANGELOG.md b/CHANGELOG.md index b175b0dd..fe434ea2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,13 @@ -## 2.7.1 +## 2.8.0 FEATURES - +* **New Resource:** `checkpoint_management_delete_infinity_idp_object` +* **New Resource:** `checkpoint_management_delete_infinity_idp` +* **New Resource:** `checkpoint_management_mobile_access_section` +* **New Resource:** `checkpoint_management_mobile_access_rule` +* **New Resource:** `checkpoint_management_mobile_access_profile_section` +* **New Resource:** `checkpoint_management_mobile_access_profile_rule` +* **New Resource:** `checkpoint_management_network_probe` * **New Resource:** `checkpoint_management_override_categorization` * **New Resource:** `checkpoint_management_interface` * **New Resource:** `checkpoint_management_resource_smtp` @@ -26,6 +32,14 @@ FEATURES * **New Resource:** `checkpoint_management_data_type_group` * **New Resource:** `checkpoint_management_data_type_traditional_group` * **New Resource:** `checkpoint_management_data_type_compound_group` + +* **New Data Source:** `checkpoint_management_infinity_idp_object` +* **New Data Source:** `checkpoint_management_infinity_idp` +* **New Data Source:** `checkpoint_management_mobile_access_section` +* **New Data Source:** `checkpoint_management_mobile_access_rule` +* **New Data Source:** `checkpoint_management_mobile_access_profile_section` +* **New Data Source:** `checkpoint_management_mobile_access_profile_rule` +* **New Data Source:** `checkpoint_management_network_probe` * **New Data Source:** `checkpoint_management_override_categorization` * **New Data Source:** `checkpoint_management_interface` * **New Data Source:** `checkpoint_management_resource_smtp` diff --git a/checkpoint/data_source_checkpoint_management_infinity_idp.go b/checkpoint/data_source_checkpoint_management_infinity_idp.go new file mode 100644 index 00000000..100a5cc4 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_infinity_idp.go @@ -0,0 +1,124 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementInfinityIdp() *schema.Resource { + return &schema.Resource{ + + Read: dataSourceManagementDeleteInfinityIdpRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "idp_domains": { + Type: schema.TypeList, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "idp_id": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + "idp_name": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + "idp_type": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} +func dataSourceManagementDeleteInfinityIdpRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showInfinityIdpRes, err := client.ApiCall("show-infinity-idp", payload, client.GetSessionID(), true, client.IsProxyUsed()) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showInfinityIdpRes.Success { + return fmt.Errorf(showInfinityIdpRes.ErrorMsg) + } + + infinityIdp := showInfinityIdpRes.GetData() + + log.Println("Read Infinity-Idp - Show JSON = ", infinityIdp) + + if v := infinityIdp["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := infinityIdp["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := infinityIdp["idp-domains"]; v != nil { + _ = d.Set("idp_domains", v.([]interface{})) + } + if v := infinityIdp["idp-id"]; v != nil { + _ = d.Set("idp_id", v) + } + if v := infinityIdp["idp-name"]; v != nil { + _ = d.Set("idp_name", v) + } + if v := infinityIdp["idp-type"]; v != nil { + _ = d.Set("idp_type", v) + } + + if infinityIdp["tags"] != nil { + tagsJson := infinityIdp["tags"].([]interface{}) + var tagsIds = make([]string, 0) + if len(tagsJson) > 0 { + // Create slice of tag names + for _, tag := range tagsJson { + tag := tag.(map[string]interface{}) + tagsIds = append(tagsIds, tag["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } else { + _ = d.Set("tags", nil) + } + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_infinity_idp_object.go b/checkpoint/data_source_checkpoint_management_infinity_idp_object.go new file mode 100644 index 00000000..8ea2f8e4 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_infinity_idp_object.go @@ -0,0 +1,146 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementInfinityIdpObject() *schema.Resource { + return &schema.Resource{ + + Read: dataSourceManagementDeleteInfinityIdpObjectRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "description": { + Type: schema.TypeString, + Computed: true, + Description: "Description string.", + }, + "display_name": { + Type: schema.TypeString, + Computed: true, + Description: "Entity name in the Management Server.", + }, + "ext_id": { + Type: schema.TypeString, + Computed: true, + Description: "Entity unique identifier in the Identity Provider.", + }, + "idp_display_name": { + Type: schema.TypeString, + Computed: true, + Description: "Identity Provider name in Management Server.", + }, + "idp_id": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + "idp_name": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + "object_type": { + Type: schema.TypeString, + Computed: true, + Description: "Entity type - can be user/group/machine.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementDeleteInfinityIdpObjectRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showInfinityIdpRes, err := client.ApiCall("show-infinity-idp-object", payload, client.GetSessionID(), true, client.IsProxyUsed()) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showInfinityIdpRes.Success { + return fmt.Errorf(showInfinityIdpRes.ErrorMsg) + } + + infinityIdp := showInfinityIdpRes.GetData() + + log.Println("Read Infinity-Idp-Object - Show JSON = ", infinityIdp) + + if v := infinityIdp["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := infinityIdp["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := infinityIdp["description"]; v != nil { + _ = d.Set("description", v) + } + if v := infinityIdp["display-name"]; v != nil { + _ = d.Set("display_name", v) + } + if v := infinityIdp["ext-id"]; v != nil { + _ = d.Set("ext_id", v) + } + if v := infinityIdp["idp-display-name"]; v != nil { + _ = d.Set("idp_display_name", v) + } + if v := infinityIdp["idp-id"]; v != nil { + _ = d.Set("idp_id", v) + } + if v := infinityIdp["idp-name"]; v != nil { + _ = d.Set("idp_name", v) + } + if v := infinityIdp["object-type"]; v != nil { + _ = d.Set("object_type", v) + } + + if infinityIdp["tags"] != nil { + tagsJson := infinityIdp["tags"].([]interface{}) + var tagsIds = make([]string, 0) + if len(tagsJson) > 0 { + // Create slice of tag names + for _, tag := range tagsJson { + tag := tag.(map[string]interface{}) + tagsIds = append(tagsIds, tag["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } else { + _ = d.Set("tags", nil) + } + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_profile_rule.go b/checkpoint/data_source_checkpoint_management_mobile_access_profile_rule.go new file mode 100644 index 00000000..0f86ec27 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_profile_rule.go @@ -0,0 +1,148 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementMobileAccessProfileRule() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementMobileAccessProfileRuleRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "mobile_profile": { + Type: schema.TypeString, + Computed: true, + Description: "Profile configuration for User groups - identified by the name or UID.", + }, + "user_groups": { + Type: schema.TypeSet, + Computed: true, + Description: "User groups that will be configured with the profile object - identified by the name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enabled": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable/Disable the rule.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + }, + } +} +func dataSourceManagementMobileAccessProfileRuleRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showMobileAccessProfileRuleRes, err := client.ApiCall("show-mobile-access-profile-rule", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessProfileRuleRes.Success { + if objectNotFound(showMobileAccessProfileRuleRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessProfileRuleRes.ErrorMsg) + } + + mobileAccessProfileRule := showMobileAccessProfileRuleRes.GetData() + + log.Println("Read MobileAccessProfileRule - Show JSON = ", mobileAccessProfileRule) + + if v := mobileAccessProfileRule["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := mobileAccessProfileRule["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := mobileAccessProfileRule["mobile-profile"]; v != nil { + profileObj := v.(map[string]interface{}) + if v := profileObj["name"]; v != nil { + _ = d.Set("mobile_profile", v) + } + } + + if mobileAccessProfileRule["user-groups"] != nil { + userGroupsJson, ok := mobileAccessProfileRule["user-groups"].([]interface{}) + if ok { + userGroupsNames := make([]string, 0) + if len(userGroupsJson) > 0 { + for _, user_groups := range userGroupsJson { + Obj := user_groups.(map[string]interface{}) + name := Obj["name"].(string) + userGroupsNames = append(userGroupsNames, name) + } + } + _ = d.Set("user_groups", userGroupsNames) + } + } else { + _ = d.Set("user_groups", nil) + } + + if v := mobileAccessProfileRule["enabled"]; v != nil { + _ = d.Set("enabled", v) + } + + if mobileAccessProfileRule["tags"] != nil { + tagsJson, ok := mobileAccessProfileRule["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := mobileAccessProfileRule["comments"]; v != nil { + _ = d.Set("comments", v) + } + + return nil + +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_profile_rule_test.go b/checkpoint/data_source_checkpoint_management_mobile_access_profile_rule_test.go new file mode 100644 index 00000000..e3131592 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_profile_rule_test.go @@ -0,0 +1,52 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementMobileAccessProfileRule_basic(t *testing.T) { + objName := "tfTestManagementMobileAccessProfile_" + acctest.RandString(6) + resourceName := "checkpoint_management_mobile_access_profile_rule.test" + dataSourceName := "data.checkpoint_management_mobile_access_profile_rule.data" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementMobileAccessProfileRuleConfig(objName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementMobileAccessProfileRuleConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_profile_rule" "test" { + + + name = "%s" + position = {top = "top"} + enabled = true +} + +data "checkpoint_management_mobile_access_profile_rule" "data" { + name = "${checkpoint_management_mobile_access_profile_rule.test.name}" +} + +`, name) +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_profile_section.go b/checkpoint/data_source_checkpoint_management_mobile_access_profile_section.go new file mode 100644 index 00000000..6930df25 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_profile_section.go @@ -0,0 +1,95 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementMobileAccessProfileSection() *schema.Resource { + return &schema.Resource{ + + Read: dataSourceManagementMobileAccessProfileSectionRead, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} +func dataSourceManagementMobileAccessProfileSectionRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showMobileAccessProfileSectionRes, err := client.ApiCall("show-mobile-access-profile-section", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessProfileSectionRes.Success { + if objectNotFound(showMobileAccessProfileSectionRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessProfileSectionRes.ErrorMsg) + } + + mobileAccessProfileSection := showMobileAccessProfileSectionRes.GetData() + + log.Println("Read MobileAccessProfileSection - Show JSON = ", mobileAccessProfileSection) + + if v := mobileAccessProfileSection["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := mobileAccessProfileSection["name"]; v != nil { + _ = d.Set("name", v) + } + + if mobileAccessProfileSection["tags"] != nil { + tagsJson, ok := mobileAccessProfileSection["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + return nil + +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_profile_section_test.go b/checkpoint/data_source_checkpoint_management_mobile_access_profile_section_test.go new file mode 100644 index 00000000..5e6e62cf --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_profile_section_test.go @@ -0,0 +1,49 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementMobileAccessProfileSection_basic(t *testing.T) { + objName := "tfTestManagementMobileAccessProfile_" + acctest.RandString(6) + resourceName := "checkpoint_management_mobile_access_profile_section.test" + dataSourceName := "data.checkpoint_management_mobile_access_profile_section.data" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementMobileAccessProfileSectionConfig(objName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementMobileAccessProfileSectionConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_profile_section" "test" { + name = "%s" + position = {top = "top"} + +} +data "checkpoint_management_mobile_access_profile_section" "data" { + uid = "${checkpoint_management_mobile_access_profile_section.test.id}" +} + +`, name) +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_rule.go b/checkpoint/data_source_checkpoint_management_mobile_access_rule.go new file mode 100644 index 00000000..f53f09a1 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_rule.go @@ -0,0 +1,185 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementMobileAccessRule() *schema.Resource { + return &schema.Resource{ + + Read: dataManagementMobileAccessRuleRead, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "user_groups": { + Type: schema.TypeSet, + Computed: true, + Description: "User groups that will be associated with the apps - identified by the name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "applications": { + Type: schema.TypeSet, + Computed: true, + Description: "Available apps that will be associated with the user groups - identified by the name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enabled": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable/Disable the rule.", + }, + "install_on": { + Type: schema.TypeSet, + Computed: true, + Description: "Which Gateways identified by the name or UID to install the policy on.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + }, + } +} +func dataManagementMobileAccessRuleRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showMobileAccessRuleRes, err := client.ApiCall("show-mobile-access-rule", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessRuleRes.Success { + if objectNotFound(showMobileAccessRuleRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessRuleRes.ErrorMsg) + } + + mobileAccessRule := showMobileAccessRuleRes.GetData() + + log.Println("Read MobileAccessRule - Show JSON = ", mobileAccessRule) + + if v := mobileAccessRule["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := mobileAccessRule["name"]; v != nil { + _ = d.Set("name", v) + } + + if mobileAccessRule["user-groups"] != nil { + userGroupsJson, ok := mobileAccessRule["user-groups"].([]interface{}) + if ok { + userGroupsIds := make([]string, 0) + if len(userGroupsJson) > 0 { + for _, user_groups := range userGroupsJson { + user_groups := user_groups.(map[string]interface{}) + userGroupsIds = append(userGroupsIds, user_groups["name"].(string)) + } + } + _ = d.Set("user_groups", userGroupsIds) + } + } else { + _ = d.Set("user_groups", nil) + } + + if mobileAccessRule["applications"] != nil { + applicationsJson, ok := mobileAccessRule["applications"].([]interface{}) + if ok { + applicationsIds := make([]string, 0) + if len(applicationsJson) > 0 { + for _, applications := range applicationsJson { + applications := applications.(map[string]interface{}) + applicationsIds = append(applicationsIds, applications["name"].(string)) + } + } + _ = d.Set("applications", applicationsIds) + } + } else { + _ = d.Set("applications", nil) + } + + if v := mobileAccessRule["enabled"]; v != nil { + _ = d.Set("enabled", v) + } + + if mobileAccessRule["install-on"] != nil { + installOnJson, ok := mobileAccessRule["install-on"].([]interface{}) + if ok { + installOnIds := make([]string, 0) + if len(installOnJson) > 0 { + for _, install_on := range installOnJson { + install_on := install_on.(map[string]interface{}) + installOnIds = append(installOnIds, install_on["name"].(string)) + } + } + _ = d.Set("install_on", installOnIds) + } + } else { + _ = d.Set("install_on", nil) + } + + if mobileAccessRule["tags"] != nil { + tagsJson, ok := mobileAccessRule["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := mobileAccessRule["comments"]; v != nil { + _ = d.Set("comments", v) + } + + return nil + +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_rule_test.go b/checkpoint/data_source_checkpoint_management_mobile_access_rule_test.go new file mode 100644 index 00000000..30ae4109 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_rule_test.go @@ -0,0 +1,49 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementMobileAccessRule_basic(t *testing.T) { + objName := "tfTestManagementMobileAccessRule_" + acctest.RandString(6) + resourceName := "checkpoint_management_mobile_access_rule.test" + dataSourceName := "data.checkpoint_management_mobile_access_rule.data" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementMobileAccessRuleConfig(objName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementMobileAccessRuleConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_rule" "test" { + name = "%s" + position = {bottom = "bottom"} + +} + +data "checkpoint_management_mobile_access_rule" "data" { + uid = "${checkpoint_management_mobile_access_rule.test.id}" +} +`, name) +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_section.go b/checkpoint/data_source_checkpoint_management_mobile_access_section.go new file mode 100644 index 00000000..702fb0a9 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_section.go @@ -0,0 +1,96 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementMobileAccessSection() *schema.Resource { + return &schema.Resource{ + + Read: dataSourceManagementMobileAccessSectionRead, + + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementMobileAccessSectionRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showMobileAccessSectionRes, err := client.ApiCall("show-mobile-access-section", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessSectionRes.Success { + if objectNotFound(showMobileAccessSectionRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessSectionRes.ErrorMsg) + } + + mobileAccessSection := showMobileAccessSectionRes.GetData() + + log.Println("Read MobileAccessSection - Show JSON = ", mobileAccessSection) + + if v := mobileAccessSection["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := mobileAccessSection["name"]; v != nil { + _ = d.Set("name", v) + } + + if mobileAccessSection["tags"] != nil { + tagsJson, ok := mobileAccessSection["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + return nil + +} diff --git a/checkpoint/data_source_checkpoint_management_mobile_access_section_test.go b/checkpoint/data_source_checkpoint_management_mobile_access_section_test.go new file mode 100644 index 00000000..146a7972 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_mobile_access_section_test.go @@ -0,0 +1,49 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementMobileAccessSection_basic(t *testing.T) { + objName := "tfTestManagementMobileAccessSection_" + acctest.RandString(6) + resourceName := "checkpoint_management_mobile_access_section.test" + dataSourceName := "data.checkpoint_management_mobile_access_section.data" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementMobileAccessSectionConfig(objName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementMobileAccessSectionConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_section" "test" { + name = "%s" + position = {top = "top"} + +} +data "checkpoint_management_mobile_access_section" "data" { + uid = "${checkpoint_management_mobile_access_section.test.id}" +} + +`, name) +} diff --git a/checkpoint/data_source_checkpoint_management_network_probe.go b/checkpoint/data_source_checkpoint_management_network_probe.go new file mode 100644 index 00000000..f984d627 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_network_probe.go @@ -0,0 +1,236 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementNetworkProbe() *schema.Resource { + return &schema.Resource{ + + Read: dataSourceManagementNetworkProbeRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "http_options": { + Type: schema.TypeMap, + Computed: true, + Description: "Additional options when [protocol] is set to \"http\".", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "destination": { + Type: schema.TypeString, + Computed: true, + Description: "The destination URL.", + }, + }, + }, + }, + "icmp_options": { + Type: schema.TypeMap, + Computed: true, + Description: "Additional options when [protocol] is set to \"icmp\".", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "destination": { + Type: schema.TypeString, + Computed: true, + Description: "One of these:
- Name or UID of an existing object with a unicast IPv4 address (Host, Security Gateway, and so on).
- A unicast IPv4 address string (if you do not want to create such an object).", + }, + "source": { + Type: schema.TypeString, + Computed: true, + Description: "One of these:
- The string \"main-ip\" (the probe uses the main IPv4 address of the Security Gateway objects you specified in the parameter [install-on]).
- Name or UID of an existing object of type 'Host' with a unicast IPv4 address.
- A unicast IPv4 address string (if you do not want to create such an object).", + }, + }, + }, + }, + "install_on": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of Check Point Security Gateways that generate the probe, identified by name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "protocol": { + Type: schema.TypeString, + Computed: true, + Description: "The probing protocol to use.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "interval": { + Type: schema.TypeInt, + Computed: true, + Description: "The time interval (in seconds) between each probe request.
Best Practice - The interval value should be lower than the timeout value.", + }, + "timeout": { + Type: schema.TypeInt, + Computed: true, + Description: "The probe expiration timeout (in seconds). If there is not a single reply within this time, the status of the probe changes to \"Down\".", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the object. Should be one of existing colors.", + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + }, + } +} + +func dataSourceManagementNetworkProbeRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showNetworkProbeRes, err := client.ApiCall("show-network-probe", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showNetworkProbeRes.Success { + if objectNotFound(showNetworkProbeRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showNetworkProbeRes.ErrorMsg) + } + + networkProbe := showNetworkProbeRes.GetData() + + log.Println("Read NetworkProbe - Show JSON = ", networkProbe) + + if v := networkProbe["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := networkProbe["name"]; v != nil { + _ = d.Set("name", v) + } + + if networkProbe["http-options"] != nil { + + httpOptionsMap := networkProbe["http-options"].(map[string]interface{}) + + httpOptionsMapToReturn := make(map[string]interface{}) + + if v, _ := httpOptionsMap["destination"]; v != nil { + httpOptionsMapToReturn["destination"] = v + } + _ = d.Set("http_options", httpOptionsMapToReturn) + } else { + _ = d.Set("http_options", nil) + } + + if networkProbe["icmp-options"] != nil { + + icmpOptionsMap := networkProbe["icmp-options"].(map[string]interface{}) + + icmpOptionsMapToReturn := make(map[string]interface{}) + + if v, _ := icmpOptionsMap["destination"]; v != nil { + icmpOptionsMapToReturn["destination"] = v + } + if v, _ := icmpOptionsMap["source"]; v != nil { + icmpOptionsMapToReturn["source"] = v + } + _ = d.Set("icmp_options", icmpOptionsMapToReturn) + } else { + _ = d.Set("icmp_options", nil) + } + + if networkProbe["install-on"] != nil { + installOnJson, ok := networkProbe["install-on"].([]interface{}) + if ok { + installOnIds := make([]string, 0) + if len(installOnJson) > 0 { + for _, install_on := range installOnJson { + install_on := install_on.(map[string]interface{}) + installOnIds = append(installOnIds, install_on["name"].(string)) + } + } + _ = d.Set("install_on", installOnIds) + } + } else { + _ = d.Set("install_on", nil) + } + + if v := networkProbe["protocol"]; v != nil { + _ = d.Set("protocol", v) + } + + if networkProbe["tags"] != nil { + tagsJson, ok := networkProbe["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := networkProbe["interval"]; v != nil { + _ = d.Set("interval", v) + } + + if v := networkProbe["timeout"]; v != nil { + _ = d.Set("timeout", v) + } + + if v := networkProbe["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := networkProbe["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if v := networkProbe["ignore-warnings"]; v != nil { + _ = d.Set("ignore_warnings", v) + } + + if v := networkProbe["ignore-errors"]; v != nil { + _ = d.Set("ignore_errors", v) + } + + return nil + +} diff --git a/checkpoint/provider.go b/checkpoint/provider.go index c68b0326..838078a7 100644 --- a/checkpoint/provider.go +++ b/checkpoint/provider.go @@ -111,6 +111,13 @@ func Provider() terraform.ResourceProvider { }, }, ResourcesMap: map[string]*schema.Resource{ + "checkpoint_management_delete_infinity_idp_object": resourceManagementDeleteInfinityIdpObject(), + "checkpoint_management_delete_infinity_idp": resourceManagementDeleteInfinityIdp(), + "checkpoint_management_mobile_access_section": resourceManagementMobileAccessSection(), + "checkpoint_management_mobile_access_rule": resourceManagementMobileAccessRule(), + "checkpoint_management_mobile_access_profile_section": resourceManagementMobileAccessProfileSection(), + "checkpoint_management_mobile_access_profile_rule": resourceManagementMobileAccessProfileRule(), + "checkpoint_management_network_probe": resourceManagementNetworkProbe(), "checkpoint_management_override_categorization": resourceManagementOverrideCategorization(), "checkpoint_management_interface": resourceManagementInterface(), "checkpoint_management_resource_cifs": resourceManagementResourceCifs(), @@ -316,6 +323,13 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_cme_gw_configurations_gcp": resourceManagementCMEGWConfigurationsGCP(), }, DataSourcesMap: map[string]*schema.Resource{ + "checkpoint_management_infinity_idp_object": dataSourceManagementInfinityIdpObject(), + "checkpoint_management_infinity_idp": dataSourceManagementInfinityIdp(), + "checkpoint_management_mobile_access_section": dataSourceManagementMobileAccessSection(), + "checkpoint_management_mobile_access_rule": dataSourceManagementMobileAccessRule(), + "checkpoint_management_mobile_access_profile_section": dataSourceManagementMobileAccessProfileSection(), + "checkpoint_management_mobile_access_profile_rule": dataSourceManagementMobileAccessProfileRule(), + "checkpoint_management_network_probe": dataSourceManagementNetworkProbe(), "checkpoint_management_override_categorization": dataSourceManagementOverrideCategorization(), "checkpoint_management_interface": dataSourceManagementInterface(), "checkpoint_management_resource_cifs": dataSourceManagementResourceCifs(), diff --git a/checkpoint/resource_checkpoint_management_command_delete_infinity_idp.go b/checkpoint/resource_checkpoint_management_command_delete_infinity_idp.go new file mode 100644 index 00000000..08d2c7d5 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_command_delete_infinity_idp.go @@ -0,0 +1,83 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" +) + +func resourceManagementDeleteInfinityIdp() *schema.Resource { + return &schema.Resource{ + Create: createManagementDeleteInfinityIdp, + Read: readManagementDeleteInfinityIdp, + Delete: deleteManagementDeleteInfinityIdp, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Object UID.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Apply changes ignoring warnings.", + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + }, + }, + } +} + +func createManagementDeleteInfinityIdp(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + var payload = map[string]interface{}{} + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } else { + if v, ok := d.GetOk("uid"); ok { + payload["uid"] = v.(string) + } + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + payload["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + payload["ignore-errors"] = v.(bool) + } + + DeleteInfinityIdpRes, _ := client.ApiCall("delete-infinity-idp", payload, client.GetSessionID(), true, false) + if !DeleteInfinityIdpRes.Success { + return fmt.Errorf(DeleteInfinityIdpRes.ErrorMsg) + } + + d.SetId("delete-infinity-idp-" + acctest.RandString(10)) + return readManagementDeleteInfinityIdp(d, m) +} + +func readManagementDeleteInfinityIdp(d *schema.ResourceData, m interface{}) error { + + return nil +} + +func deleteManagementDeleteInfinityIdp(d *schema.ResourceData, m interface{}) error { + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_command_delete_infinity_idp_object.go b/checkpoint/resource_checkpoint_management_command_delete_infinity_idp_object.go new file mode 100644 index 00000000..11ea0455 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_command_delete_infinity_idp_object.go @@ -0,0 +1,83 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" +) + +func resourceManagementDeleteInfinityIdpObject() *schema.Resource { + return &schema.Resource{ + Create: createManagementDeleteInfinityIdpObject, + Read: readManagementDeleteInfinityIdpObject, + Delete: deleteManagementDeleteInfinityIdpObject, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: "Object UID.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Apply changes ignoring warnings.", + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + }, + }, + } +} + +func createManagementDeleteInfinityIdpObject(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + var payload = map[string]interface{}{} + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } else { + if v, ok := d.GetOk("uid"); ok { + payload["uid"] = v.(string) + } + } + if v, ok := d.GetOkExists("ignore_warnings"); ok { + payload["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + payload["ignore-errors"] = v.(bool) + } + + DeleteInfinityIdpObjectRes, _ := client.ApiCall("delete-infinity-idp-object", payload, client.GetSessionID(), true, false) + if !DeleteInfinityIdpObjectRes.Success { + return fmt.Errorf(DeleteInfinityIdpObjectRes.ErrorMsg) + } + + d.SetId("delete-infinity-idp-object-" + acctest.RandString(10)) + + return readManagementDeleteInfinityIdpObject(d, m) +} + +func readManagementDeleteInfinityIdpObject(d *schema.ResourceData, m interface{}) error { + + return nil +} + +func deleteManagementDeleteInfinityIdpObject(d *schema.ResourceData, m interface{}) error { + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_profile_rule.go b/checkpoint/resource_checkpoint_management_mobile_access_profile_rule.go new file mode 100644 index 00000000..7f5c2643 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_profile_rule.go @@ -0,0 +1,380 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementMobileAccessProfileRule() *schema.Resource { + return &schema.Resource{ + Create: createManagementMobileAccessProfileRule, + Read: readManagementMobileAccessProfileRule, + Update: updateManagementMobileAccessProfileRule, + Delete: deleteManagementMobileAccessProfileRule, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + "mobile_profile": { + Type: schema.TypeString, + Optional: true, + Description: "Profile configuration for User groups - identified by the name or UID.", + Default: "Default_Profile", + }, + "user_groups": { + Type: schema.TypeSet, + Optional: true, + Description: "User groups that will be configured with the profile object - identified by the name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enabled": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable/Disable the rule.", + Default: true, + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + "position": &schema.Schema{ + Type: schema.TypeMap, + Required: true, + Description: "Position in the rulebase.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "top": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "above": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "below": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "bottom": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + }, + }, + }, + }, + } +} + +func createManagementMobileAccessProfileRule(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + mobileAccessProfileRule := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + mobileAccessProfileRule["name"] = v.(string) + } + + if v, ok := d.GetOk("mobile_profile"); ok { + mobileAccessProfileRule["mobile-profile"] = v.(string) + } + + if v, ok := d.GetOk("user_groups"); ok { + mobileAccessProfileRule["user-groups"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOkExists("enabled"); ok { + mobileAccessProfileRule["enabled"] = v.(bool) + } + + if v, ok := d.GetOk("tags"); ok { + mobileAccessProfileRule["tags"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("comments"); ok { + mobileAccessProfileRule["comments"] = v.(string) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessProfileRule["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessProfileRule["ignore-errors"] = v.(bool) + } + + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessProfileRule["position"] = "top" // entire rule-base + } else { + mobileAccessProfileRule["position"] = map[string]interface{}{"top": v.(string)} // section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessProfileRule["position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessProfileRule["position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessProfileRule["position"] = "bottom" // entire rule-base + } else { + mobileAccessProfileRule["position"] = map[string]interface{}{"bottom": v.(string)} // section-name + } + } + } + + log.Println("Create MobileAccessProfileRule - Map = ", mobileAccessProfileRule) + + addMobileAccessProfileRuleRes, err := client.ApiCall("add-mobile-access-profile-rule", mobileAccessProfileRule, client.GetSessionID(), true, false) + if err != nil || !addMobileAccessProfileRuleRes.Success { + if addMobileAccessProfileRuleRes.ErrorMsg != "" { + return fmt.Errorf(addMobileAccessProfileRuleRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addMobileAccessProfileRuleRes.GetData()["uid"].(string)) + + return readManagementMobileAccessProfileRule(d, m) +} + +func readManagementMobileAccessProfileRule(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showMobileAccessProfileRuleRes, err := client.ApiCall("show-mobile-access-profile-rule", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessProfileRuleRes.Success { + if objectNotFound(showMobileAccessProfileRuleRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessProfileRuleRes.ErrorMsg) + } + + mobileAccessProfileRule := showMobileAccessProfileRuleRes.GetData() + + log.Println("Read MobileAccessProfileRule - Show JSON = ", mobileAccessProfileRule) + + if v := mobileAccessProfileRule["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := mobileAccessProfileRule["mobile-profile"]; v != nil { + profileObj := v.(map[string]interface{}) + if v := profileObj["name"]; v != nil { + _ = d.Set("mobile_profile", v) + } + } + + if mobileAccessProfileRule["user-groups"] != nil { + userGroupsJson, ok := mobileAccessProfileRule["user-groups"].([]interface{}) + if ok { + userGroupsNames := make([]string, 0) + if len(userGroupsJson) > 0 { + for _, user_groups := range userGroupsJson { + Obj := user_groups.(map[string]interface{}) + name := Obj["name"].(string) + userGroupsNames = append(userGroupsNames, name) + } + } + _ = d.Set("user_groups", userGroupsNames) + } + } else { + _ = d.Set("user_groups", nil) + } + + if v := mobileAccessProfileRule["enabled"]; v != nil { + _ = d.Set("enabled", v) + } + + if mobileAccessProfileRule["tags"] != nil { + tagsJson, ok := mobileAccessProfileRule["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := mobileAccessProfileRule["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if v := mobileAccessProfileRule["ignore-warnings"]; v != nil { + _ = d.Set("ignore_warnings", v) + } + + if v := mobileAccessProfileRule["ignore-errors"]; v != nil { + _ = d.Set("ignore_errors", v) + } + + return nil + +} + +func updateManagementMobileAccessProfileRule(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + mobileAccessProfileRule := make(map[string]interface{}) + + if ok := d.HasChange("name"); ok { + oldName, newName := d.GetChange("name") + mobileAccessProfileRule["name"] = oldName + mobileAccessProfileRule["new-name"] = newName + } else { + mobileAccessProfileRule["name"] = d.Get("name") + } + + if ok := d.HasChange("mobile_profile"); ok { + mobileAccessProfileRule["mobile-profile"] = d.Get("mobile_profile") + } + + if d.HasChange("user_groups") { + if v, ok := d.GetOk("user_groups"); ok { + mobileAccessProfileRule["user-groups"] = v.(*schema.Set).List() + } else { + oldUser_Groups, _ := d.GetChange("user_groups") + mobileAccessProfileRule["user-groups"] = map[string]interface{}{"remove": oldUser_Groups.(*schema.Set).List()} + } + } + + if v, ok := d.GetOkExists("enabled"); ok { + mobileAccessProfileRule["enabled"] = v.(bool) + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + mobileAccessProfileRule["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + mobileAccessProfileRule["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if ok := d.HasChange("comments"); ok { + mobileAccessProfileRule["comments"] = d.Get("comments") + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessProfileRule["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessProfileRule["ignore-errors"] = v.(bool) + } + + if d.HasChange("position") { + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessProfileRule["new-position"] = "top" // entire rule-base + } else { + mobileAccessProfileRule["new-position"] = map[string]interface{}{"top": v.(string)} // specific section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessProfileRule["new-position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessProfileRule["new-position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessProfileRule["new-position"] = "bottom" // entire rule-base + } else { + mobileAccessProfileRule["new-position"] = map[string]interface{}{"bottom": v.(string)} // specific section-name + } + } + } + } + + log.Println("Update MobileAccessProfileRule - Map = ", mobileAccessProfileRule) + + updateMobileAccessProfileRuleRes, err := client.ApiCall("set-mobile-access-profile-rule", mobileAccessProfileRule, client.GetSessionID(), true, false) + if err != nil || !updateMobileAccessProfileRuleRes.Success { + if updateMobileAccessProfileRuleRes.ErrorMsg != "" { + return fmt.Errorf(updateMobileAccessProfileRuleRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementMobileAccessProfileRule(d, m) +} + +func deleteManagementMobileAccessProfileRule(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + mobileAccessProfileRulePayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete MobileAccessProfileRule") + + deleteMobileAccessProfileRuleRes, err := client.ApiCall("delete-mobile-access-profile-rule", mobileAccessProfileRulePayload, client.GetSessionID(), true, false) + if err != nil || !deleteMobileAccessProfileRuleRes.Success { + if deleteMobileAccessProfileRuleRes.ErrorMsg != "" { + return fmt.Errorf(deleteMobileAccessProfileRuleRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_profile_rule_test.go b/checkpoint/resource_checkpoint_management_mobile_access_profile_rule_test.go new file mode 100644 index 00000000..e0f0e5e5 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_profile_rule_test.go @@ -0,0 +1,121 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "strings" + "testing" +) + +func TestAccCheckpointManagementMobileAccessProfileRule_basic(t *testing.T) { + + var mobileAccessProfileRuleMap map[string]interface{} + resourceName := "checkpoint_management_mobile_access_profile_rule.test" + objName := "tfTestManagementMobileAccessProfileRule_" + acctest.RandString(6) + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementMobileAccessProfileRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementMobileAccessProfileRuleConfig(objName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementMobileAccessProfileRuleExists(resourceName, &mobileAccessProfileRuleMap), + testAccCheckCheckpointManagementMobileAccessProfileRuleAttributes(&mobileAccessProfileRuleMap, objName), + ), + }, + }, + }) +} + +func testAccCheckpointManagementMobileAccessProfileRuleDestroy(s *terraform.State) error { + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_mobile_access_profile_rule" { + continue + } + if rs.Primary.ID != "" { + res, _ := client.ApiCall("show-mobile-access-profile-rule", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if res.Success { + return fmt.Errorf("MobileAccessProfileRule object (%s) still exists", rs.Primary.ID) + } + } + return nil + } + return nil +} + +func testAccCheckCheckpointManagementMobileAccessProfileRuleExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("Resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("MobileAccessProfileRule ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + + response, err := client.ApiCall("show-mobile-access-profile-rule", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if !response.Success { + return err + } + + *res = response.GetData() + + return nil + } +} + +func testAccCheckCheckpointManagementMobileAccessProfileRuleAttributes(mobileAccessProfileRuleMap *map[string]interface{}, name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + + mobileAccessProfileRuleName := (*mobileAccessProfileRuleMap)["name"].(string) + if !strings.EqualFold(mobileAccessProfileRuleName, name) { + return fmt.Errorf("name is %s, expected %s", name, mobileAccessProfileRuleName) + } + + userGroupsJson := (*mobileAccessProfileRuleMap)["user-groups"].([]interface{}) + var userGroupsIds = make([]string, 0) + if len(userGroupsJson) > 0 { + for _, userGroups := range userGroupsJson { + userGroupsTry1, ok := userGroups.(map[string]interface{}) + if ok { + userGroupsIds = append([]string{userGroupsTry1["name"].(string)}, userGroupsIds...) + } else { + userGroupsTry2 := userGroups.(string) + userGroupsIds = append([]string{userGroupsTry2}, userGroupsIds...) + } + } + } + + return nil + } +} + +func testAccManagementMobileAccessProfileRuleConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_profile_rule" "test" { + name = "%s" + position = {top = "top"} + + +} +`, name) +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_profile_section.go b/checkpoint/resource_checkpoint_management_mobile_access_profile_section.go new file mode 100644 index 00000000..3c97d9a0 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_profile_section.go @@ -0,0 +1,277 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementMobileAccessProfileSection() *schema.Resource { + return &schema.Resource{ + Create: createManagementMobileAccessProfileSection, + Read: readManagementMobileAccessProfileSection, + Update: updateManagementMobileAccessProfileSection, + Delete: deleteManagementMobileAccessProfileSection, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + "position": &schema.Schema{ + Type: schema.TypeMap, + Required: true, + Description: "Position in the rulebase.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "top": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "above": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "below": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "bottom": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + }, + }, + }, + }, + } +} + +func createManagementMobileAccessProfileSection(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + mobileAccessProfileSection := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + mobileAccessProfileSection["name"] = v.(string) + } + + if v, ok := d.GetOk("tags"); ok { + mobileAccessProfileSection["tags"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessProfileSection["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessProfileSection["ignore-errors"] = v.(bool) + } + + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessProfileSection["position"] = "top" // entire rule-base + } else { + mobileAccessProfileSection["position"] = map[string]interface{}{"top": v.(string)} // section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessProfileSection["position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessProfileSection["position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessProfileSection["position"] = "bottom" // entire rule-base + } else { + mobileAccessProfileSection["position"] = map[string]interface{}{"bottom": v.(string)} // section-name + } + } + } + log.Println("Create MobileAccessProfileSection - Map = ", mobileAccessProfileSection) + + addMobileAccessProfileSectionRes, err := client.ApiCall("add-mobile-access-profile-section", mobileAccessProfileSection, client.GetSessionID(), true, false) + if err != nil || !addMobileAccessProfileSectionRes.Success { + if addMobileAccessProfileSectionRes.ErrorMsg != "" { + return fmt.Errorf(addMobileAccessProfileSectionRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addMobileAccessProfileSectionRes.GetData()["uid"].(string)) + + return readManagementMobileAccessProfileSection(d, m) +} + +func readManagementMobileAccessProfileSection(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showMobileAccessProfileSectionRes, err := client.ApiCall("show-mobile-access-profile-section", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessProfileSectionRes.Success { + if objectNotFound(showMobileAccessProfileSectionRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessProfileSectionRes.ErrorMsg) + } + + mobileAccessProfileSection := showMobileAccessProfileSectionRes.GetData() + + log.Println("Read MobileAccessProfileSection - Show JSON = ", mobileAccessProfileSection) + + if v := mobileAccessProfileSection["name"]; v != nil { + _ = d.Set("name", v) + } + + if mobileAccessProfileSection["tags"] != nil { + tagsJson, ok := mobileAccessProfileSection["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + return nil + +} + +func updateManagementMobileAccessProfileSection(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + mobileAccessProfileSection := make(map[string]interface{}) + + if ok := d.HasChange("name"); ok { + oldName, newName := d.GetChange("name") + mobileAccessProfileSection["name"] = oldName + mobileAccessProfileSection["new-name"] = newName + } else { + mobileAccessProfileSection["name"] = d.Get("name") + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + mobileAccessProfileSection["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + mobileAccessProfileSection["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessProfileSection["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessProfileSection["ignore-errors"] = v.(bool) + } + + if d.HasChange("position") { + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessProfileSection["new-position"] = "top" // entire rule-base + } else { + mobileAccessProfileSection["new-position"] = map[string]interface{}{"top": v.(string)} // specific section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessProfileSection["new-position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessProfileSection["new-position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessProfileSection["new-position"] = "bottom" // entire rule-base + } else { + mobileAccessProfileSection["new-position"] = map[string]interface{}{"bottom": v.(string)} // specific section-name + } + } + } + } + + log.Println("Update MobileAccessProfileSection - Map = ", mobileAccessProfileSection) + + updateMobileAccessProfileSectionRes, err := client.ApiCall("set-mobile-access-profile-section", mobileAccessProfileSection, client.GetSessionID(), true, false) + if err != nil || !updateMobileAccessProfileSectionRes.Success { + if updateMobileAccessProfileSectionRes.ErrorMsg != "" { + return fmt.Errorf(updateMobileAccessProfileSectionRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementMobileAccessProfileSection(d, m) +} + +func deleteManagementMobileAccessProfileSection(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + mobileAccessProfileSectionPayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete MobileAccessProfileSection") + + deleteMobileAccessProfileSectionRes, err := client.ApiCall("delete-mobile-access-profile-section", mobileAccessProfileSectionPayload, client.GetSessionID(), true, false) + if err != nil || !deleteMobileAccessProfileSectionRes.Success { + if deleteMobileAccessProfileSectionRes.ErrorMsg != "" { + return fmt.Errorf(deleteMobileAccessProfileSectionRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_profile_section_test.go b/checkpoint/resource_checkpoint_management_mobile_access_profile_section_test.go new file mode 100644 index 00000000..845d3137 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_profile_section_test.go @@ -0,0 +1,104 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "strings" + "testing" +) + +func TestAccCheckpointManagementMobileAccessProfileSection_basic(t *testing.T) { + + var mobileAccessProfileSectionMap map[string]interface{} + resourceName := "checkpoint_management_mobile_access_profile_section.test" + objName := "tfTestManagementMobileAccessProfileSection_" + acctest.RandString(6) + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementMobileAccessProfileSectionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementMobileAccessProfileSectionConfig(objName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementMobileAccessProfileSectionExists(resourceName, &mobileAccessProfileSectionMap), + testAccCheckCheckpointManagementMobileAccessProfileSectionAttributes(&mobileAccessProfileSectionMap, objName), + ), + }, + }, + }) +} + +func testAccCheckpointManagementMobileAccessProfileSectionDestroy(s *terraform.State) error { + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_mobile_access_profile_section" { + continue + } + if rs.Primary.ID != "" { + res, _ := client.ApiCall("show-mobile-access-profile-section", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if res.Success { + return fmt.Errorf("MobileAccessProfileSection object (%s) still exists", rs.Primary.ID) + } + } + return nil + } + return nil +} + +func testAccCheckCheckpointManagementMobileAccessProfileSectionExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("Resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("MobileAccessProfileSection ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + + response, err := client.ApiCall("show-mobile-access-profile-section", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if !response.Success { + return err + } + + *res = response.GetData() + + return nil + } +} + +func testAccCheckCheckpointManagementMobileAccessProfileSectionAttributes(mobileAccessProfileSectionMap *map[string]interface{}, name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + + mobileAccessProfileSectionName := (*mobileAccessProfileSectionMap)["name"].(string) + if !strings.EqualFold(mobileAccessProfileSectionName, name) { + return fmt.Errorf("name is %s, expected %s", name, mobileAccessProfileSectionName) + } + return nil + } +} + +func testAccManagementMobileAccessProfileSectionConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_profile_section" "test" { + name = "%s" + position = {top = "top"} +} +`, name) +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_rule.go b/checkpoint/resource_checkpoint_management_mobile_access_rule.go new file mode 100644 index 00000000..fa6c7220 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_rule.go @@ -0,0 +1,421 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementMobileAccessRule() *schema.Resource { + return &schema.Resource{ + Create: createManagementMobileAccessRule, + Read: readManagementMobileAccessRule, + Update: updateManagementMobileAccessRule, + Delete: deleteManagementMobileAccessRule, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + "user_groups": { + Type: schema.TypeSet, + Optional: true, + Description: "User groups that will be associated with the apps - identified by the name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "applications": { + Type: schema.TypeSet, + Optional: true, + Description: "Available apps that will be associated with the user groups - identified by the name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "enabled": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable/Disable the rule.", + }, + "install_on": { + Type: schema.TypeSet, + Optional: true, + Description: "Which Gateways identified by the name or UID to install the policy on.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + "position": &schema.Schema{ + Type: schema.TypeMap, + Required: true, + Description: "Position in the rulebase.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "top": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "above": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "below": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "bottom": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + }, + }, + }, + }, + } +} + +func createManagementMobileAccessRule(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + mobileAccessRule := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + mobileAccessRule["name"] = v.(string) + } + + if v, ok := d.GetOk("user_groups"); ok { + mobileAccessRule["user-groups"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("applications"); ok { + mobileAccessRule["applications"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOkExists("enabled"); ok { + mobileAccessRule["enabled"] = v.(bool) + } + + if v, ok := d.GetOk("install_on"); ok { + mobileAccessRule["install-on"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("tags"); ok { + mobileAccessRule["tags"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("comments"); ok { + mobileAccessRule["comments"] = v.(string) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessRule["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessRule["ignore-errors"] = v.(bool) + } + + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessRule["position"] = "top" // entire rule-base + } else { + mobileAccessRule["position"] = map[string]interface{}{"top": v.(string)} // section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessRule["position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessRule["position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessRule["position"] = "bottom" // entire rule-base + } else { + mobileAccessRule["position"] = map[string]interface{}{"bottom": v.(string)} // section-name + } + } + } + log.Println("Create MobileAccessRule - Map = ", mobileAccessRule) + + addMobileAccessRuleRes, err := client.ApiCall("add-mobile-access-rule", mobileAccessRule, client.GetSessionID(), true, false) + if err != nil || !addMobileAccessRuleRes.Success { + if addMobileAccessRuleRes.ErrorMsg != "" { + return fmt.Errorf(addMobileAccessRuleRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addMobileAccessRuleRes.GetData()["uid"].(string)) + + return readManagementMobileAccessRule(d, m) +} + +func readManagementMobileAccessRule(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showMobileAccessRuleRes, err := client.ApiCall("show-mobile-access-rule", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessRuleRes.Success { + if objectNotFound(showMobileAccessRuleRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessRuleRes.ErrorMsg) + } + + mobileAccessRule := showMobileAccessRuleRes.GetData() + + log.Println("Read MobileAccessRule - Show JSON = ", mobileAccessRule) + + if v := mobileAccessRule["name"]; v != nil { + _ = d.Set("name", v) + } + + if mobileAccessRule["user-groups"] != nil { + userGroupsJson, ok := mobileAccessRule["user-groups"].([]interface{}) + if ok { + userGroupsIds := make([]string, 0) + if len(userGroupsJson) > 0 { + for _, user_groups := range userGroupsJson { + user_groups := user_groups.(map[string]interface{}) + userGroupsIds = append(userGroupsIds, user_groups["name"].(string)) + } + } + _ = d.Set("user_groups", userGroupsIds) + } + } else { + _ = d.Set("user_groups", nil) + } + + if mobileAccessRule["applications"] != nil { + applicationsJson, ok := mobileAccessRule["applications"].([]interface{}) + if ok { + applicationsIds := make([]string, 0) + if len(applicationsJson) > 0 { + for _, applications := range applicationsJson { + applications := applications.(map[string]interface{}) + applicationsIds = append(applicationsIds, applications["name"].(string)) + } + } + _ = d.Set("applications", applicationsIds) + } + } else { + _ = d.Set("applications", nil) + } + + if v := mobileAccessRule["enabled"]; v != nil { + _ = d.Set("enabled", v) + } + + if mobileAccessRule["install-on"] != nil { + installOnJson, ok := mobileAccessRule["install-on"].([]interface{}) + if ok { + installOnIds := make([]string, 0) + if len(installOnJson) > 0 { + for _, install_on := range installOnJson { + install_on := install_on.(map[string]interface{}) + installOnIds = append(installOnIds, install_on["name"].(string)) + } + } + _ = d.Set("install_on", installOnIds) + } + } else { + _ = d.Set("install_on", nil) + } + + if mobileAccessRule["tags"] != nil { + tagsJson, ok := mobileAccessRule["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := mobileAccessRule["comments"]; v != nil { + _ = d.Set("comments", v) + } + + return nil + +} + +func updateManagementMobileAccessRule(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + mobileAccessRule := make(map[string]interface{}) + + if ok := d.HasChange("name"); ok { + oldName, newName := d.GetChange("name") + mobileAccessRule["name"] = oldName + mobileAccessRule["new-name"] = newName + } else { + mobileAccessRule["name"] = d.Get("name") + } + + if d.HasChange("user_groups") { + if v, ok := d.GetOk("user_groups"); ok { + mobileAccessRule["user-groups"] = v.(*schema.Set).List() + } else { + oldUser_Groups, _ := d.GetChange("user_groups") + mobileAccessRule["user-groups"] = map[string]interface{}{"remove": oldUser_Groups.(*schema.Set).List()} + } + } + + if d.HasChange("applications") { + if v, ok := d.GetOk("applications"); ok { + mobileAccessRule["applications"] = v.(*schema.Set).List() + } else { + oldApplications, _ := d.GetChange("applications") + mobileAccessRule["applications"] = map[string]interface{}{"remove": oldApplications.(*schema.Set).List()} + } + } + + if v, ok := d.GetOkExists("enabled"); ok { + mobileAccessRule["enabled"] = v.(bool) + } + + if d.HasChange("install_on") { + if v, ok := d.GetOk("install_on"); ok { + mobileAccessRule["install-on"] = v.(*schema.Set).List() + } else { + oldInstall_On, _ := d.GetChange("install_on") + mobileAccessRule["install-on"] = map[string]interface{}{"remove": oldInstall_On.(*schema.Set).List()} + } + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + mobileAccessRule["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + mobileAccessRule["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if ok := d.HasChange("comments"); ok { + mobileAccessRule["comments"] = d.Get("comments") + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessRule["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessRule["ignore-errors"] = v.(bool) + } + + if d.HasChange("position") { + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessRule["new-position"] = "top" // entire rule-base + } else { + mobileAccessRule["new-position"] = map[string]interface{}{"top": v.(string)} // specific section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessRule["new-position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessRule["new-position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessRule["new-position"] = "bottom" // entire rule-base + } else { + mobileAccessRule["new-position"] = map[string]interface{}{"bottom": v.(string)} // specific section-name + } + } + } + } + log.Println("Update MobileAccessRule - Map = ", mobileAccessRule) + + updateMobileAccessRuleRes, err := client.ApiCall("set-mobile-access-rule", mobileAccessRule, client.GetSessionID(), true, false) + if err != nil || !updateMobileAccessRuleRes.Success { + if updateMobileAccessRuleRes.ErrorMsg != "" { + return fmt.Errorf(updateMobileAccessRuleRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementMobileAccessRule(d, m) +} + +func deleteManagementMobileAccessRule(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + mobileAccessRulePayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete MobileAccessRule") + + deleteMobileAccessRuleRes, err := client.ApiCall("delete-mobile-access-rule", mobileAccessRulePayload, client.GetSessionID(), true, false) + if err != nil || !deleteMobileAccessRuleRes.Success { + if deleteMobileAccessRuleRes.ErrorMsg != "" { + return fmt.Errorf(deleteMobileAccessRuleRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_rule_test.go b/checkpoint/resource_checkpoint_management_mobile_access_rule_test.go new file mode 100644 index 00000000..749f7998 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_rule_test.go @@ -0,0 +1,106 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "strings" + "testing" +) + +func TestAccCheckpointManagementMobileAccessRule_basic(t *testing.T) { + + var mobileAccessRuleMap map[string]interface{} + resourceName := "checkpoint_management_mobile_access_rule.test" + objName := "tfTestManagementMobileAccessRule_" + acctest.RandString(6) + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementMobileAccessRuleDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementMobileAccessRuleConfig(objName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementMobileAccessRuleExists(resourceName, &mobileAccessRuleMap), + testAccCheckCheckpointManagementMobileAccessRuleAttributes(&mobileAccessRuleMap, objName), + ), + }, + }, + }) +} + +func testAccCheckpointManagementMobileAccessRuleDestroy(s *terraform.State) error { + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_mobile_access_rule" { + continue + } + if rs.Primary.ID != "" { + res, _ := client.ApiCall("show-mobile-access-rule", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if res.Success { + return fmt.Errorf("MobileAccessRule object (%s) still exists", rs.Primary.ID) + } + } + return nil + } + return nil +} + +func testAccCheckCheckpointManagementMobileAccessRuleExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("Resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("MobileAccessRule ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + + response, err := client.ApiCall("show-mobile-access-rule", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if !response.Success { + return err + } + + *res = response.GetData() + + return nil + } +} + +func testAccCheckCheckpointManagementMobileAccessRuleAttributes(mobileAccessRuleMap *map[string]interface{}, name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + + mobileAccessRuleName := (*mobileAccessRuleMap)["name"].(string) + if !strings.EqualFold(mobileAccessRuleName, name) { + return fmt.Errorf("name is %s, expected %s", name, mobileAccessRuleName) + } + + return nil + } +} + +func testAccManagementMobileAccessRuleConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_rule" "test" { + name = "%s" + position = {top = "top"} + +} +`, name) +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_section.go b/checkpoint/resource_checkpoint_management_mobile_access_section.go new file mode 100644 index 00000000..b98c892b --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_section.go @@ -0,0 +1,278 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementMobileAccessSection() *schema.Resource { + return &schema.Resource{ + Create: createManagementMobileAccessSection, + Read: readManagementMobileAccessSection, + Update: updateManagementMobileAccessSection, + Delete: deleteManagementMobileAccessSection, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + "position": &schema.Schema{ + Type: schema.TypeMap, + Required: true, + Description: "Position in the rulebase.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "top": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "above": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "below": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + "bottom": { + Type: schema.TypeString, + Optional: true, + Description: "N/A", + }, + }, + }, + }, + }, + } +} + +func createManagementMobileAccessSection(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + mobileAccessSection := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + mobileAccessSection["name"] = v.(string) + } + + if v, ok := d.GetOk("tags"); ok { + mobileAccessSection["tags"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessSection["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessSection["ignore-errors"] = v.(bool) + } + + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessSection["position"] = "top" // entire rule-base + } else { + mobileAccessSection["position"] = map[string]interface{}{"top": v.(string)} // section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessSection["position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessSection["position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessSection["position"] = "bottom" // entire rule-base + } else { + mobileAccessSection["position"] = map[string]interface{}{"bottom": v.(string)} // section-name + } + } + } + + log.Println("Create MobileAccessSection - Map = ", mobileAccessSection) + + addMobileAccessSectionRes, err := client.ApiCall("add-mobile-access-section", mobileAccessSection, client.GetSessionID(), true, false) + if err != nil || !addMobileAccessSectionRes.Success { + if addMobileAccessSectionRes.ErrorMsg != "" { + return fmt.Errorf(addMobileAccessSectionRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addMobileAccessSectionRes.GetData()["uid"].(string)) + + return readManagementMobileAccessSection(d, m) +} + +func readManagementMobileAccessSection(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showMobileAccessSectionRes, err := client.ApiCall("show-mobile-access-section", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showMobileAccessSectionRes.Success { + if objectNotFound(showMobileAccessSectionRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showMobileAccessSectionRes.ErrorMsg) + } + + mobileAccessSection := showMobileAccessSectionRes.GetData() + + log.Println("Read MobileAccessSection - Show JSON = ", mobileAccessSection) + + if v := mobileAccessSection["name"]; v != nil { + _ = d.Set("name", v) + } + + if mobileAccessSection["tags"] != nil { + tagsJson, ok := mobileAccessSection["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + return nil + +} + +func updateManagementMobileAccessSection(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + mobileAccessSection := make(map[string]interface{}) + + if ok := d.HasChange("name"); ok { + oldName, newName := d.GetChange("name") + mobileAccessSection["name"] = oldName + mobileAccessSection["new-name"] = newName + } else { + mobileAccessSection["name"] = d.Get("name") + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + mobileAccessSection["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + mobileAccessSection["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + mobileAccessSection["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + mobileAccessSection["ignore-errors"] = v.(bool) + } + + if d.HasChange("position") { + if _, ok := d.GetOk("position"); ok { + + if v, ok := d.GetOk("position.top"); ok { + if v.(string) == "top" { + mobileAccessSection["new-position"] = "top" // entire rule-base + } else { + mobileAccessSection["new-position"] = map[string]interface{}{"top": v.(string)} // specific section-name + } + } + + if v, ok := d.GetOk("position.above"); ok { + mobileAccessSection["new-position"] = map[string]interface{}{"above": v.(string)} + } + + if v, ok := d.GetOk("position.below"); ok { + mobileAccessSection["new-position"] = map[string]interface{}{"below": v.(string)} + } + + if v, ok := d.GetOk("position.bottom"); ok { + if v.(string) == "bottom" { + mobileAccessSection["new-position"] = "bottom" // entire rule-base + } else { + mobileAccessSection["new-position"] = map[string]interface{}{"bottom": v.(string)} // specific section-name + } + } + } + } + + log.Println("Update MobileAccessSection - Map = ", mobileAccessSection) + + updateMobileAccessSectionRes, err := client.ApiCall("set-mobile-access-section", mobileAccessSection, client.GetSessionID(), true, false) + if err != nil || !updateMobileAccessSectionRes.Success { + if updateMobileAccessSectionRes.ErrorMsg != "" { + return fmt.Errorf(updateMobileAccessSectionRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementMobileAccessSection(d, m) +} + +func deleteManagementMobileAccessSection(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + mobileAccessSectionPayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete MobileAccessSection") + + deleteMobileAccessSectionRes, err := client.ApiCall("delete-mobile-access-section", mobileAccessSectionPayload, client.GetSessionID(), true, false) + if err != nil || !deleteMobileAccessSectionRes.Success { + if deleteMobileAccessSectionRes.ErrorMsg != "" { + return fmt.Errorf(deleteMobileAccessSectionRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/checkpoint/resource_checkpoint_management_mobile_access_section_test.go b/checkpoint/resource_checkpoint_management_mobile_access_section_test.go new file mode 100644 index 00000000..f0be638b --- /dev/null +++ b/checkpoint/resource_checkpoint_management_mobile_access_section_test.go @@ -0,0 +1,104 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "strings" + "testing" +) + +func TestAccCheckpointManagementMobileAccessSection_basic(t *testing.T) { + + var mobileAccessSectionMap map[string]interface{} + resourceName := "checkpoint_management_mobile_access_section.test" + objName := "tfTestManagementMobileAccessSection_" + acctest.RandString(6) + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementMobileAccessSectionDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementMobileAccessSectionConfig(objName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementMobileAccessSectionExists(resourceName, &mobileAccessSectionMap), + testAccCheckCheckpointManagementMobileAccessSectionAttributes(&mobileAccessSectionMap, objName), + ), + }, + }, + }) +} + +func testAccCheckpointManagementMobileAccessSectionDestroy(s *terraform.State) error { + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_mobile_access_section" { + continue + } + if rs.Primary.ID != "" { + res, _ := client.ApiCall("show-mobile-access-section", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if res.Success { + return fmt.Errorf("MobileAccessSection object (%s) still exists", rs.Primary.ID) + } + } + return nil + } + return nil +} + +func testAccCheckCheckpointManagementMobileAccessSectionExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("Resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("MobileAccessSection ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + + response, err := client.ApiCall("show-mobile-access-section", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if !response.Success { + return err + } + + *res = response.GetData() + + return nil + } +} + +func testAccCheckCheckpointManagementMobileAccessSectionAttributes(mobileAccessSectionMap *map[string]interface{}, name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + + mobileAccessSectionName := (*mobileAccessSectionMap)["name"].(string) + if !strings.EqualFold(mobileAccessSectionName, name) { + return fmt.Errorf("name is %s, expected %s", name, mobileAccessSectionName) + } + return nil + } +} + +func testAccManagementMobileAccessSectionConfig(name string) string { + return fmt.Sprintf(` +resource "checkpoint_management_mobile_access_section" "test" { + name = "%s" + position = {top = "top"} +} +`, name) +} diff --git a/checkpoint/resource_checkpoint_management_network_probe.go b/checkpoint/resource_checkpoint_management_network_probe.go new file mode 100644 index 00000000..11a1d861 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_network_probe.go @@ -0,0 +1,443 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementNetworkProbe() *schema.Resource { + return &schema.Resource{ + Create: createManagementNetworkProbe, + Read: readManagementNetworkProbe, + Update: updateManagementNetworkProbe, + Delete: deleteManagementNetworkProbe, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + "http_options": { + Type: schema.TypeMap, + Optional: true, + Description: "Additional options when [protocol] is set to \"http\".", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "destination": { + Type: schema.TypeString, + Optional: true, + Description: "The destination URL.", + }, + }, + }, + }, + "icmp_options": { + Type: schema.TypeMap, + Optional: true, + Description: "Additional options when [protocol] is set to \"icmp\".", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "destination": { + Type: schema.TypeString, + Optional: true, + Description: "One of these:
- Name or UID of an existing object with a unicast IPv4 address (Host, Security Gateway, and so on).
- A unicast IPv4 address string (if you do not want to create such an object).", + }, + "source": { + Type: schema.TypeString, + Optional: true, + Description: "One of these:
- The string \"main-ip\" (the probe uses the main IPv4 address of the Security Gateway objects you specified in the parameter [install-on]).
- Name or UID of an existing object of type 'Host' with a unicast IPv4 address.
- A unicast IPv4 address string (if you do not want to create such an object).", + Default: "main-ip", + }, + }, + }, + }, + "install_on": { + Type: schema.TypeSet, + Required: true, + Description: "Collection of Check Point Security Gateways that generate the probe, identified by name or UID.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "protocol": { + Type: schema.TypeString, + Optional: true, + Description: "The probing protocol to use.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "interval": { + Type: schema.TypeInt, + Optional: true, + Description: "The time interval (in seconds) between each probe request.
Best Practice - The interval value should be lower than the timeout value.", + Default: 10, + }, + "timeout": { + Type: schema.TypeInt, + Optional: true, + Description: "The probe expiration timeout (in seconds). If there is not a single reply within this time, the status of the probe changes to \"Down\".", + Default: 20, + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the object. Should be one of existing colors.", + Default: "black", + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + }, + } +} + +func createManagementNetworkProbe(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + networkProbe := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + networkProbe["name"] = v.(string) + } + + if _, ok := d.GetOk("http_options"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("http_options.destination"); ok { + res["destination"] = v.(string) + } + networkProbe["http-options"] = res + } + + if _, ok := d.GetOk("icmp_options"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("icmp_options.destination"); ok { + res["destination"] = v.(string) + } + if v, ok := d.GetOk("icmp_options.source"); ok { + res["source"] = v.(string) + } + networkProbe["icmp-options"] = res + } + + if v, ok := d.GetOk("install_on"); ok { + networkProbe["install-on"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("protocol"); ok { + networkProbe["protocol"] = v.(string) + } + + if v, ok := d.GetOk("tags"); ok { + networkProbe["tags"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("interval"); ok { + networkProbe["interval"] = v.(int) + } + + if v, ok := d.GetOk("timeout"); ok { + networkProbe["timeout"] = v.(int) + } + + if v, ok := d.GetOk("color"); ok { + networkProbe["color"] = v.(string) + } + + if v, ok := d.GetOk("comments"); ok { + networkProbe["comments"] = v.(string) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + networkProbe["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + networkProbe["ignore-errors"] = v.(bool) + } + + log.Println("Create NetworkProbe - Map = ", networkProbe) + + addNetworkProbeRes, err := client.ApiCall("add-network-probe", networkProbe, client.GetSessionID(), true, false) + if err != nil || !addNetworkProbeRes.Success { + if addNetworkProbeRes.ErrorMsg != "" { + return fmt.Errorf(addNetworkProbeRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addNetworkProbeRes.GetData()["uid"].(string)) + + return readManagementNetworkProbe(d, m) +} + +func readManagementNetworkProbe(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showNetworkProbeRes, err := client.ApiCall("show-network-probe", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showNetworkProbeRes.Success { + if objectNotFound(showNetworkProbeRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showNetworkProbeRes.ErrorMsg) + } + + networkProbe := showNetworkProbeRes.GetData() + + log.Println("Read NetworkProbe - Show JSON = ", networkProbe) + + if v := networkProbe["name"]; v != nil { + _ = d.Set("name", v) + } + + if networkProbe["http-options"] != nil { + + httpOptionsMap := networkProbe["http-options"].(map[string]interface{}) + + httpOptionsMapToReturn := make(map[string]interface{}) + + if v, _ := httpOptionsMap["destination"]; v != nil { + httpOptionsMapToReturn["destination"] = v + } + _ = d.Set("http_options", httpOptionsMapToReturn) + } else { + _ = d.Set("http_options", nil) + } + + if networkProbe["icmp-options"] != nil { + + icmpOptionsMap := networkProbe["icmp-options"].(map[string]interface{}) + + icmpOptionsMapToReturn := make(map[string]interface{}) + + if v, _ := icmpOptionsMap["destination"]; v != nil { + icmpOptionsMapToReturn["destination"] = v + } + if v, _ := icmpOptionsMap["source"]; v != nil { + icmpOptionsMapToReturn["source"] = v + } + _ = d.Set("icmp_options", icmpOptionsMapToReturn) + } else { + _ = d.Set("icmp_options", nil) + } + + if networkProbe["install-on"] != nil { + installOnJson, ok := networkProbe["install-on"].([]interface{}) + if ok { + installOnIds := make([]string, 0) + if len(installOnJson) > 0 { + for _, install_on := range installOnJson { + install_on := install_on.(map[string]interface{}) + installOnIds = append(installOnIds, install_on["name"].(string)) + } + } + _ = d.Set("install_on", installOnIds) + } + } else { + _ = d.Set("install_on", nil) + } + + if v := networkProbe["protocol"]; v != nil { + _ = d.Set("protocol", v) + } + + if networkProbe["tags"] != nil { + tagsJson, ok := networkProbe["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := networkProbe["interval"]; v != nil { + _ = d.Set("interval", v) + } + + if v := networkProbe["timeout"]; v != nil { + _ = d.Set("timeout", v) + } + + if v := networkProbe["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := networkProbe["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if v := networkProbe["ignore-warnings"]; v != nil { + _ = d.Set("ignore_warnings", v) + } + + if v := networkProbe["ignore-errors"]; v != nil { + _ = d.Set("ignore_errors", v) + } + + return nil + +} + +func updateManagementNetworkProbe(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + networkProbe := make(map[string]interface{}) + + if ok := d.HasChange("name"); ok { + oldName, newName := d.GetChange("name") + networkProbe["name"] = oldName + networkProbe["new-name"] = newName + } else { + networkProbe["name"] = d.Get("name") + } + + if d.HasChange("http_options") { + + if _, ok := d.GetOk("http_options"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("http_options.destination"); ok { + res["destination"] = v.(string) + } + networkProbe["http-options"] = res + } + } + + if d.HasChange("icmp_options") { + + if _, ok := d.GetOk("icmp_options"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("icmp_options.destination"); ok { + res["destination"] = v.(string) + } + if d.HasChange("icmp_options.source") { + res["source"] = d.Get("icmp_options.source") + } + networkProbe["icmp-options"] = res + } + } + + if d.HasChange("install_on") { + if v, ok := d.GetOk("install_on"); ok { + networkProbe["install-on"] = v.(*schema.Set).List() + } else { + oldInstall_On, _ := d.GetChange("install_on") + networkProbe["install-on"] = map[string]interface{}{"remove": oldInstall_On.(*schema.Set).List()} + } + } + + if ok := d.HasChange("protocol"); ok { + networkProbe["protocol"] = d.Get("protocol") + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + networkProbe["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + networkProbe["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if ok := d.HasChange("interval"); ok { + networkProbe["interval"] = d.Get("interval") + } + + if ok := d.HasChange("timeout"); ok { + networkProbe["timeout"] = d.Get("timeout") + } + + if ok := d.HasChange("color"); ok { + networkProbe["color"] = d.Get("color") + } + + if ok := d.HasChange("comments"); ok { + networkProbe["comments"] = d.Get("comments") + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + networkProbe["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + networkProbe["ignore-errors"] = v.(bool) + } + + log.Println("Update NetworkProbe - Map = ", networkProbe) + + updateNetworkProbeRes, err := client.ApiCall("set-network-probe", networkProbe, client.GetSessionID(), true, false) + if err != nil || !updateNetworkProbeRes.Success { + if updateNetworkProbeRes.ErrorMsg != "" { + return fmt.Errorf(updateNetworkProbeRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementNetworkProbe(d, m) +} + +func deleteManagementNetworkProbe(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + networkProbePayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete NetworkProbe") + + deleteNetworkProbeRes, err := client.ApiCall("delete-network-probe", networkProbePayload, client.GetSessionID(), true, false) + if err != nil || !deleteNetworkProbeRes.Success { + if deleteNetworkProbeRes.ErrorMsg != "" { + return fmt.Errorf(deleteNetworkProbeRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/checkpoint/resource_checkpoint_management_network_probe_test.go b/checkpoint/resource_checkpoint_management_network_probe_test.go new file mode 100644 index 00000000..4fd35904 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_network_probe_test.go @@ -0,0 +1,116 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "strings" + "testing" +) + +func TestAccCheckpointManagementNetworkProbe_basic(t *testing.T) { + + var networkProbeMap map[string]interface{} + resourceName := "checkpoint_management_network_probe.test" + objName := "tfTestManagementNetworkProbe_" + acctest.RandString(6) + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementNetworkProbeDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementNetworkProbeConfig(objName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementNetworkProbeExists(resourceName, &networkProbeMap), + testAccCheckCheckpointManagementNetworkProbeAttributes(&networkProbeMap, objName), + ), + }, + }, + }) +} + +func testAccCheckpointManagementNetworkProbeDestroy(s *terraform.State) error { + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_network_probe" { + continue + } + if rs.Primary.ID != "" { + res, _ := client.ApiCall("show-network-probe", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if res.Success { + return fmt.Errorf("NetworkProbe object (%s) still exists", rs.Primary.ID) + } + } + return nil + } + return nil +} + +func testAccCheckCheckpointManagementNetworkProbeExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("Resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("NetworkProbe ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + + response, err := client.ApiCall("show-network-probe", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if !response.Success { + return err + } + + *res = response.GetData() + + return nil + } +} + +func testAccCheckCheckpointManagementNetworkProbeAttributes(networkProbeMap *map[string]interface{}, name string) resource.TestCheckFunc { + return func(s *terraform.State) error { + + networkProbeName := (*networkProbeMap)["name"].(string) + if !strings.EqualFold(networkProbeName, name) { + return fmt.Errorf("name is %s, expected %s", name, networkProbeName) + } + return nil + } +} + +func testAccManagementNetworkProbeConfig(name string) string { + return fmt.Sprintf(` + resource "checkpoint_management_simple_gateway" "example" { + name = "gw4" + ipv4_address = "192.0.2.14" +vpn =true +} + +resource "checkpoint_management_network_probe" "test" { + name = "%s" + install_on = ["${checkpoint_management_simple_gateway.example.name}"] + icmp_options = { + source = "10.10.10.10" + destination = "25.20.20.20" + } + interval = "20" + protocol = "icmp" +} +`, name) +} diff --git a/website/checkpoint.erb b/website/checkpoint.erb index 8969b4bb..e2077f2a 100644 --- a/website/checkpoint.erb +++ b/website/checkpoint.erb @@ -619,6 +619,27 @@ > checkpoint_management_override_categorization + > + checkpoint_management_network_probe + + > + checkpoint_management_mobile_access_profile_rule + + > + checkpoint_management_mobile_access_profile_section + + > + checkpoint_management_mobile_access_section + + > + checkpoint_management_mobile_access_rule + + > + checkpoint_management_delete_infinity_idp + + > + checkpoint_management_delete_infinity_idp_object + @@ -1119,7 +1140,28 @@ > checkpoint_management_override_categorization - + + > + checkpoint_management_network_probe + + > + checkpoint_management_mobile_access_profile_rule + + > + checkpoint_management_mobile_access_profile_section + + > + checkpoint_management_mobile_access_rule + + > + checkpoint_management_mobile_access_section + + > + checkpoint_management_infinity_idp + + > + checkpoint_management_infinity_idp_object + diff --git a/website/docs/d/checkpoint_management_infinity_idp.html.markdown b/website/docs/d/checkpoint_management_infinity_idp.html.markdown new file mode 100644 index 00000000..8203b920 --- /dev/null +++ b/website/docs/d/checkpoint_management_infinity_idp.html.markdown @@ -0,0 +1,37 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_delete_infinity_idp" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-delete-infinity-idp" +description: |- +Use this data source to get information on an existing Check Point Delete Infinity Idp. +--- + +# Data Source: checkpoint_management_delete_infinity_idp + +Use this data source to get information on an existing Check Point Delete Infinity Idp. + +## Example Usage + + +```hcl +data "checkpoint_management_infinity_idp" "data" { + name = "object-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. +* `uid` - (Optional) Object unique identifier. +* `idp_domains` - List of domains configured in the Infinity Identity Provider object in Infinity Portal. +* `idp_id` - Identity Provider unique identifier in Infinity Portal. +* `idp_name` - Identity Provider name in Infinity Portal. +* `idp_type` - Identity Provider type in Infinity Portal. +* `tags` - Collection of tag identifiers. + +## How To Use +Make sure this command will be executed in the right execution order. +note: terraform execution is not sequential. + diff --git a/website/docs/d/checkpoint_management_infinity_idp_object.html.markdown b/website/docs/d/checkpoint_management_infinity_idp_object.html.markdown new file mode 100644 index 00000000..465aace0 --- /dev/null +++ b/website/docs/d/checkpoint_management_infinity_idp_object.html.markdown @@ -0,0 +1,40 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_delete_infinity_idp_object" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-delete-infinity-idp-object" +description: |- +Use this data source to get information on an Check Point Delete Infinity Idp Object. +--- + +# Data Source: checkpoint_management_delete_infinity_idp_object + +Use this data source to get information on an Check Point Delete Infinity Idp Object. + +## Example Usage + + +```hcl +resource "checkpoint_management_infinity_idp_object" "example" { + name = "object-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. +* `uid` - (Optional) Object unique identifier. +* `description` - Description string. +* `display_name` - Entity name in the Management Server. +* `ext_id` - Entity unique identifier in the Identity Provider. +* `idp_display_name` - Identity Provider name in Management Server. +* `idp_id` - Identity Provider unique identifier in Infinity Portal. +* `idp_name` - Identity Provider name in Infinity Portal. +* `object_type` - Entity type - can be user/group/machine. +* `tags` - Collection of tag identifiers. + +## How To Use +Make sure this command will be executed in the right execution order. +note: terraform execution is not sequential. + diff --git a/website/docs/d/checkpoint_management_mobile_access_profile_rule.html.markdown b/website/docs/d/checkpoint_management_mobile_access_profile_rule.html.markdown new file mode 100644 index 00000000..533f5802 --- /dev/null +++ b/website/docs/d/checkpoint_management_mobile_access_profile_rule.html.markdown @@ -0,0 +1,41 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_profile_rule" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-profile-rule" +description: |- +Use this data source to get information on an existing Mobile Access Profile Rule. +--- + +# Data Source: checkpoint_management_mobile_access_profile_rule + +Use this data source to get information on an existing Check Point Mobile Access Profile Rule. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_profile_rule" "example" { + name = "Rule 1" + mobile_profile = "Default_Profile" + user_groups = ["my_group",] + position = {top = "top"} +} + +data "checkpoint_management_mobile_access_profile_rule" "data" { + name = "${checkpoint_management_mobile_access_profile_rule.example.name}" +} + +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. Should be unique in the domain. +* `uid` - (Optional) Object unique identifier. +* `mobile_profile` - Profile configuration for User groups - identified by the name or UID. +* `user_groups` - User groups that will be configured with the profile object - identified by the name or UID.user_groups blocks are documented below. +* `enabled` - Enable/Disable the rule. +* `tags` - Collection of tag identifiers.tags blocks are documented below. +* `comments` - Comments string. + diff --git a/website/docs/d/checkpoint_management_mobile_access_profile_section.html.markdown b/website/docs/d/checkpoint_management_mobile_access_profile_section.html.markdown new file mode 100644 index 00000000..01187518 --- /dev/null +++ b/website/docs/d/checkpoint_management_mobile_access_profile_section.html.markdown @@ -0,0 +1,32 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_profile_section" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-profile-section" +description: |- +Use this data source to get information on an existing Check Point Mobile Access Profile Section. +--- + +# Data Source: checkpoint_management_mobile_access_profile_section + +Use this data source to get information on an existing Check Point Mobile Access Profile Section. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_profile_section" "example" { + name = "New Section 1" + position = {top = "top"} +} +data "checkpoint_management_mobile_access_profile_section" "data" { + uid = "${checkpoint_management_mobile_access_profile_section.example.id}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. Should be unique in the domain. +* `uid` - (Optional) Object unique identifier. +* `tags` - Collection of tag identifiers.tags blocks are documented below. diff --git a/website/docs/d/checkpoint_management_mobile_access_rule.html.markdown b/website/docs/d/checkpoint_management_mobile_access_rule.html.markdown new file mode 100644 index 00000000..e97f9a0b --- /dev/null +++ b/website/docs/d/checkpoint_management_mobile_access_rule.html.markdown @@ -0,0 +1,40 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_rule" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-rule" +description: |- +Use this data source to get information on an existing Check Point Mobile Access Rule. +--- + +# Data Source: checkpoint_management_mobile_access_rule + +Use this data source to get information on an existing Check Point Mobile Access Rule. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_rule" "example" { + name = "Rule 1" + applications = ["N", "e", "w", " ", "A", "p", "p", "l", "i", "c", "a", "t", "i", "o", "n",] + user_groups = ["my_group",] + position = {top = "top"} +} +data "checkpoint_management_mobile_access_rule" "data" { + uid = "${checkpoint_management_mobile_access_rule.example.id}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. Should be unique in the domain. +* `uid` - (Optional) Object unique identifier. +* `user_groups` - User groups that will be associated with the apps - identified by the name or UID.user_groups blocks are documented below. +* `applications` - Available apps that will be associated with the user groups - identified by the name or UID.applications blocks are documented below. +* `enabled` - Enable/Disable the rule. +* `install_on` - Which Gateways identified by the name or UID to install the policy on.install_on blocks are documented below. +* `tags` - Collection of tag identifiers.tags blocks are documented below. +* `comments` - Comments string. + diff --git a/website/docs/d/checkpoint_management_mobile_access_section.html.markdown b/website/docs/d/checkpoint_management_mobile_access_section.html.markdown new file mode 100644 index 00000000..d1b31469 --- /dev/null +++ b/website/docs/d/checkpoint_management_mobile_access_section.html.markdown @@ -0,0 +1,33 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_section" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-section" +description: |- +Use this data source to get information on an existing Check Point Mobile Access Section. +--- + +# Data Source: checkpoint_management_mobile_access_section + +Use this data source to get information on an existing Check Point Mobile Access Section. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_section" "example" { + name = "New Section 1" + position = {top = "top"} +} +data "checkpoint_management_mobile_access_section" "data" { + name = "${checkpoint_management_mobile_access_section.example.name}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. Should be unique in the domain. +* `uid` - (Optional) Object unique identifier. +* `tags` - Collection of tag identifiers.tags blocks are documented below. + diff --git a/website/docs/d/checkpoint_management_network_probe.html.markdown b/website/docs/d/checkpoint_management_network_probe.html.markdown new file mode 100644 index 00000000..55fd626a --- /dev/null +++ b/website/docs/d/checkpoint_management_network_probe.html.markdown @@ -0,0 +1,54 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_network_probe" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-network-probe" +description: |- +Use this data source to get information on an existing Check Point Network Probe. +--- + +# Data Source: checkpoint_management_network_probe + +Use this data source to get information on an existing Check Point Network Probe. + +## Example Usage + + +```hcl +resource "checkpoint_management_network_probe" "example" { + name = "network1" + icmp_options = { + source = "host1" + destination = "host2" + } + install_on = ["gw1","gw2"] + interval = "20" + protocol = "icmp" +} +data "checkpoint_management_network_probe" "data" { + uid = "${checkpoint_management_network_probe.example.id}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `uid` - (Optional) Object unique identifier. +* `name` - (Optional) Object name. +* `http_options` - Additional options when [protocol] is set to "http".http_options blocks are documented below. +* `icmp_options` - Additional options when [protocol] is set to "icmp".icmp_options blocks are documented below. +* `install_on` - Collection of Check Point Security Gateways that generate the probe, identified by name or UID.install_on blocks are documented below. +* `protocol` - The probing protocol to use. +* `tags` - Collection of tag identifiers.tags blocks are documented below. +* `interval` - The time interval (in seconds) between each probe request.
Best Practice - The interval value should be lower than the timeout value. +* `timeout` - The probe expiration timeout (in seconds). If there is not a single reply within this time, the status of the probe changes to "Down". +* `color` - Color of the object. Should be one of existing colors. +* `comments` - Comments string. + +`http_options` supports the following: +* `destination` - The destination URL. + + +`icmp_options` supports the following: +* `destination` - Name of an existing object with a unicast IPv4 address (Host, Security Gateway, and so on). A unicast IPv4 address string (if you do not want to create such an object). +* `source` - One of these: The string "main-ip" (the probe uses the main IPv4 address of the Security Gateway objects you specified in the parameter [install-on]). Name of an existing object of type 'Host' with a unicast IPv4 address. diff --git a/website/docs/r/checkpoint_management_delete_infinity_idp.html.markdown b/website/docs/r/checkpoint_management_delete_infinity_idp.html.markdown new file mode 100644 index 00000000..03b528e5 --- /dev/null +++ b/website/docs/r/checkpoint_management_delete_infinity_idp.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_delete_infinity_idp" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-delete-infinity-idp" +description: |- +This resource allows you to execute Check Point Delete Infinity Idp. +--- + +# checkpoint_management_delete_infinity_idp + +This resource allows you to execute Check Point Delete Infinity Idp. + +## Example Usage + + +```hcl +resource "checkpoint_management_delete_infinity_idp" "example" { + name = "object-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. +* `uid` - (Optional) Object UID. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + +## How To Use +Make sure this command will be executed in the right execution order. +note: terraform execution is not sequential. + diff --git a/website/docs/r/checkpoint_management_delete_infinity_idp_object.html.markdown b/website/docs/r/checkpoint_management_delete_infinity_idp_object.html.markdown new file mode 100644 index 00000000..f65cedd8 --- /dev/null +++ b/website/docs/r/checkpoint_management_delete_infinity_idp_object.html.markdown @@ -0,0 +1,35 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_delete_infinity_idp_object" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-delete-infinity-idp-object" +description: |- +This resource allows you to execute Check Point Delete Infinity Idp Object. +--- + +# checkpoint_management_delete_infinity_idp_object + +This resource allows you to execute Check Point Delete Infinity Idp Object. + +## Example Usage + + +```hcl +resource "checkpoint_management_delete_infinity_idp_object" "example" { + name = "object-name" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. +* `uid` - (Optional) Object UID. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + +## How To Use +Make sure this command will be executed in the right execution order. +note: terraform execution is not sequential. + diff --git a/website/docs/r/checkpoint_management_mobile_access_profile_rule.html.markdown b/website/docs/r/checkpoint_management_mobile_access_profile_rule.html.markdown new file mode 100644 index 00000000..4e66114c --- /dev/null +++ b/website/docs/r/checkpoint_management_mobile_access_profile_rule.html.markdown @@ -0,0 +1,44 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_profile_rule" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-profile-rule" +description: |- +This resource allows you to execute Check Point Mobile Access Profile Rule. +--- + +# checkpoint_management_mobile_access_profile_rule + +This resource allows you to execute Check Point Mobile Access Profile Rule. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_profile_rule" "example" { + name = "Rule 1" + mobile_profile = "Default_Profile" + user_groups = ["my_group"] + position = {top = "top"} +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `position` - (Required) Position in the rulebase. Position blocks are documented below. +* `mobile_profile` - (Optional) Profile configuration for User groups - identified by the name or UID. +* `user_groups` - (Optional) User groups that will be configured with the profile object - identified by the name or UID.user_groups blocks are documented below. +* `enabled` - (Optional) Enable/Disable the rule. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `comments` - (Optional) Comments string. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + +`position` supports the following: + +* `top` - (Optional) Add rule at the top of the rulebase. +* `above` - (Optional) Add rule above specific section/rule identified by uid or name. +* `below` - (Optional) Add rule below specific section/rule identified by uid or name. +* `bottom` - (Optional) Add rule at the bottom of the rulebase. \ No newline at end of file diff --git a/website/docs/r/checkpoint_management_mobile_access_profile_section.html.markdown b/website/docs/r/checkpoint_management_mobile_access_profile_section.html.markdown new file mode 100644 index 00000000..94f5fcb1 --- /dev/null +++ b/website/docs/r/checkpoint_management_mobile_access_profile_section.html.markdown @@ -0,0 +1,38 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_profile_section" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-profile-section" +description: |- +This resource allows you to execute Check Point Mobile Access Profile Section. +--- + +# checkpoint_management_mobile_access_profile_section + +This resource allows you to execute Check Point Mobile Access Profile Section. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_profile_section" "example" { + name = "New Section 1" + position = {top = "top"} +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `position` - (Required) Position in the rulebase. Position blocks are documented below. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + +`position` supports the following: + +* `top` - (Optional) Add rule at the top of the rulebase. +* `above` - (Optional) Add rule above specific section/rule identified by uid or name. +* `below` - (Optional) Add rule below specific section/rule identified by uid or name. +* `bottom` - (Optional) Add rule at the bottom of the rulebase. \ No newline at end of file diff --git a/website/docs/r/checkpoint_management_mobile_access_rule.html.markdown b/website/docs/r/checkpoint_management_mobile_access_rule.html.markdown new file mode 100644 index 00000000..1ba7f94d --- /dev/null +++ b/website/docs/r/checkpoint_management_mobile_access_rule.html.markdown @@ -0,0 +1,46 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_rule" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-rule" +description: |- +This resource allows you to execute Check Point Mobile Access Rule. +--- + +# checkpoint_management_mobile_access_rule + +This resource allows you to execute Check Point Mobile Access Rule. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_rule" "example" { + name = "Rule 1" + applications = ["N", "e", "w", " ", "A", "p", "p", "l", "i", "c", "a", "t", "i", "o", "n",] + user_groups = ["my_group",] + position = {top = "top"} +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `position` - (Required) Position in the rulebase. Position blocks are documented below. +* `user_groups` - (Optional) User groups that will be associated with the apps - identified by the name or UID.user_groups blocks are documented below. +* `applications` - (Optional) Available apps that will be associated with the user groups - identified by the name or UID.applications blocks are documented below. +* `enabled` - (Optional) Enable/Disable the rule. +* `install_on` - (Optional) Which Gateways identified by the name or UID to install the policy on.install_on blocks are documented below. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `comments` - (Optional) Comments string. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + +`position` supports the following: + +* `top` - (Optional) Add rule at the top of the rulebase. +* `above` - (Optional) Add rule above specific section/rule identified by uid or name. +* `below` - (Optional) Add rule below specific section/rule identified by uid or name. +* `bottom` - (Optional) Add rule at the bottom of the rulebase. + diff --git a/website/docs/r/checkpoint_management_mobile_access_section.html.markdown b/website/docs/r/checkpoint_management_mobile_access_section.html.markdown new file mode 100644 index 00000000..19682ce9 --- /dev/null +++ b/website/docs/r/checkpoint_management_mobile_access_section.html.markdown @@ -0,0 +1,38 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_mobile_access_section" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-mobile-access-section" +description: |- +This resource allows you to execute Check Point Mobile Access Section. +--- + +# checkpoint_management_mobile_access_section + +This resource allows you to execute Check Point Mobile Access Section. + +## Example Usage + + +```hcl +resource "checkpoint_management_mobile_access_section" "example" { + name = "New Section 1" + position = {top = "top"} +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `position` - (Required) Position in the rulebase. Position blocks are documented below. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + +`position` supports the following: + +* `top` - (Optional) Add rule at the top of the rulebase. +* `above` - (Optional) Add rule above specific section/rule identified by uid or name. +* `below` - (Optional) Add rule below specific section/rule identified by uid or name. +* `bottom` - (Optional) Add rule at the bottom of the rulebase. diff --git a/website/docs/r/checkpoint_management_network_probe.html.markdown b/website/docs/r/checkpoint_management_network_probe.html.markdown new file mode 100644 index 00000000..f48d3137 --- /dev/null +++ b/website/docs/r/checkpoint_management_network_probe.html.markdown @@ -0,0 +1,53 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_network_probe" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-network-probe" +description: |- +This resource allows you to execute Check Point Network Probe. +--- + +# checkpoint_management_network_probe + +This resource allows you to execute Check Point Network Probe. + +## Example Usage + + +```hcl +resource "checkpoint_management_network_probe" "example" { + name = "network1" + icmp_options = { + source = "host1" + destination = "host2" + } + install_on = ["gw1","gw2"] + interval = "20" + protocol = "icmp" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `http_options` - (Optional) Additional options when [protocol] is set to "http".http_options blocks are documented below. +* `icmp_options` - (Optional) Additional options when [protocol] is set to "icmp".icmp_options blocks are documented below. +* `install_on` - (Required) Collection of Check Point Security Gateways that generate the probe, identified by name or UID.install_on blocks are documented below. +* `protocol` - (Optional) The probing protocol to use. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `interval` - (Optional) The time interval (in seconds) between each probe request.
Best Practice - The interval value should be lower than the timeout value. +* `timeout` - (Optional) The probe expiration timeout (in seconds). If there is not a single reply within this time, the status of the probe changes to "Down". +* `color` - (Optional) Color of the object. Should be one of existing colors. +* `comments` - (Optional) Comments string. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + +`http_options` supports the following: +* `destination` - (Optional) The destination URL. + + +`icmp_options` supports the following: +* `destination` - (Optional) One of these:Name or UID of an existing object with a unicast IPv4 address (Host, Security Gateway, and so on). A unicast IPv4 address string (if you do not want to create such an object). +* `source` - (Optional) One of these: The string "main-ip" (the probe uses the main IPv4 address of the Security Gateway objects you specified in the parameter [install-on]). Name or UID of an existing object of type 'Host' with a unicast IPv4 address. A unicast IPv4 address string (if you do not want to create such an object).