feat(module/template, module/template_stack, module/zone): 2 new modu…

…les, 1 fix in module zone (#27)

examples/basic_configuration_example/README.md

@@ -24,6 +24,8 @@ No providers.
 | <a name="module_policy_as_code_service_groups"></a> [policy\_as\_code\_service\_groups](#module\_policy\_as\_code\_service\_groups) | ../../modules/service | n/a |
 | <a name="module_policy_as_code_static_routes"></a> [policy\_as\_code\_static\_routes](#module\_policy\_as\_code\_static\_routes) | ../../modules/static_route | n/a |
 | <a name="module_policy_as_code_tag"></a> [policy\_as\_code\_tag](#module\_policy\_as\_code\_tag) | ../../modules/tag | n/a |
+| <a name="module_policy_as_code_template"></a> [policy\_as\_code\_template](#module\_policy\_as\_code\_template) | ../../modules/template | n/a |
+| <a name="module_policy_as_code_template_stack"></a> [policy\_as\_code\_template\_stack](#module\_policy\_as\_code\_template\_stack) | ../../modules/template_stack | n/a |
 | <a name="module_policy_as_code_virtual_routers"></a> [policy\_as\_code\_virtual\_routers](#module\_policy\_as\_code\_virtual\_routers) | ../../modules/virtual_router | n/a |
 | <a name="module_policy_as_code_zones"></a> [policy\_as\_code\_zones](#module\_policy\_as\_code\_zones) | ../../modules/zone | n/a |
 
@@ -51,8 +53,8 @@ No resources.
 | <a name="input_services_group"></a> [services\_group](#input\_services\_group) | Service group object | `any` | `{}` | no |
 | <a name="input_static_routes"></a> [static\_routes](#input\_static\_routes) | n/a | `any` | n/a | yes |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags object | `any` | `{}` | no |
-| <a name="input_template"></a> [template](#input\_template) | Template name | `string` | `"default"` | no |
-| <a name="input_template_stack"></a> [template\_stack](#input\_template\_stack) | Template stack name | `string` | `""` | no |
+| <a name="input_template_stacks"></a> [template\_stacks](#input\_template\_stacks) | n/a | `any` | n/a | yes |
+| <a name="input_templates"></a> [templates](#input\_templates) | n/a | `any` | n/a | yes |
 | <a name="input_virtual_routers"></a> [virtual\_routers](#input\_virtual\_routers) | n/a | `any` | n/a | yes |
 | <a name="input_vsys"></a> [vsys](#input\_vsys) | Used if _mode_ is ngfw, this defines the vsys for the deployment | `string` | `"vsys1"` | no |
 | <a name="input_zones"></a> [zones](#input\_zones) | n/a | `any` | n/a | yes |

examples/basic_configuration_example/main.tf

@@ -47,81 +47,120 @@ module "policy_as_code_service_groups" {
 }
 
 module "policy_as_code_interfaces" {
-  source = "../../modules/interface"
-  mode   = var.mode
-
-  template       = var.template
-  template_stack = var.template_stack
+  source   = "../../modules/interface"
+  for_each = var.templates
+  mode     = var.mode
+  template = each.key
 
   interfaces = var.interfaces
 
-  depends_on = [module.policy_as_code_management_profiles, module.policy_as_code_zones, module.policy_as_code_virtual_routers]
+  depends_on = [
+    module.policy_as_code_template,
+    module.policy_as_code_template_stack,
+    module.policy_as_code_management_profiles,
+    module.policy_as_code_zones,
+    module.policy_as_code_virtual_routers
+  ]
 }
 
 module "policy_as_code_management_profiles" {
-  source = "../../modules/management_profile"
-  mode   = var.mode
-
-  template       = var.template
-  template_stack = var.template_stack
+  source   = "../../modules/management_profile"
+  for_each = var.templates
+  mode     = var.mode
+  template = each.key
 
   management_profiles = var.management_profiles
 
-  depends_on = []
+  depends_on = [
+    module.policy_as_code_template,
+    module.policy_as_code_template_stack,
+  ]
 }
 
 module "policy_as_code_virtual_routers" {
-  source = "../../modules/virtual_router"
-  mode   = var.mode
-
-  template       = var.template
-  template_stack = var.template_stack
+  source   = "../../modules/virtual_router"
+  for_each = var.templates
+  mode     = var.mode
+  template = each.key
 
   virtual_routers = var.virtual_routers
 
-  depends_on = []
+  depends_on = [
+    module.policy_as_code_template,
+    module.policy_as_code_template_stack,
+  ]
 }
 
 module "policy_as_code_static_routes" {
-  source = "../../modules/static_route"
-  mode   = var.mode
-
-  template       = var.template
-  template_stack = var.template_stack
+  source   = "../../modules/static_route"
+  for_each = var.templates
+  mode     = var.mode
+  template = each.key
 
   static_routes = var.static_routes
 
-  depends_on = [module.policy_as_code_virtual_routers, module.policy_as_code_interfaces]
+  depends_on = [
+    module.policy_as_code_template,
+    module.policy_as_code_template_stack,
+    module.policy_as_code_virtual_routers,
+    module.policy_as_code_interfaces
+  ]
 }
 
 module "policy_as_code_zones" {
-  source = "../../modules/zone"
-  mode   = var.mode
-
-  template       = var.template
-  template_stack = var.template_stack
+  source   = "../../modules/zone"
+  for_each = var.templates
+  mode     = var.mode
+  template = each.key
 
   zones = var.zones
 
-  depends_on = []
+  depends_on = [
+    module.policy_as_code_template,
+    module.policy_as_code_template_stack,
+  ]
 }
 
 module "policy_as_code_ipsec" {
-  source = "../../modules/ipsec"
-  mode   = var.mode
-
-  template       = var.template
-  template_stack = var.template_stack
+  source   = "../../modules/ipsec"
+  for_each = var.templates
+  mode     = var.mode
+  template = each.key
 
   ike_crypto_profiles   = var.ike_crypto_profiles
   ipsec_crypto_profiles = var.ipsec_crypto_profiles
   ike_gateways          = var.ike_gateways
   ipsec_tunnels         = var.ipsec_tunnels
   ipsec_tunnels_proxy   = {}
 
-  depends_on = [module.policy_as_code_virtual_routers, module.policy_as_code_interfaces]
+  depends_on = [
+    module.policy_as_code_template,
+    module.policy_as_code_template_stack,
+    module.policy_as_code_virtual_routers,
+    module.policy_as_code_zones,
+    module.policy_as_code_interfaces
+  ]
+}
+
+module "policy_as_code_template" {
+  source = "../../modules/template"
+  mode   = var.mode
+
+  templates = var.templates
+
+  depends_on = []
 }
 
+module "policy_as_code_template_stack" {
+  source = "../../modules/template_stack"
+  mode   = var.mode
+
+  template_stacks = var.template_stacks
+
+  depends_on = [module.policy_as_code_template]
+}
+
+
 module "policy_as_code_security_policies" {
   source = "../../modules/security_policies"
   mode   = var.mode

examples/basic_configuration_example/terraform.tfvars

@@ -1,10 +1,24 @@
 pan_creds = "./creds/credentials.json"
 mode      = "panorama"
 
-device_group   = "AWSTestDG"
-vsys           = "vsys1"
-template       = "test-template"
-template_stack = "" ### not every resource can be created in template stack e.g. panos_panorama_ethernet_interface can be only in template
+device_group = "AWSTestDG"
+vsys         = "vsys1"
+
+### Templates
+
+templates = {
+  "test-template" = {
+    description = "My test template"
+  }
+}
+
+template_stacks = {
+  "test-template-stack" = {
+    description = "My test template stack with devices"
+    templates   = ["test-template"]
+    # devices     = ["123456789"]
+  }
+}
 
 ### Tags
 
@@ -317,7 +331,7 @@ interfaces = {
     enable_dhcp               = true
     create_dhcp_default_route = false
     comment                   = "mgmt"
-    virtual_router            = "default"
+    virtual_router            = "vr"
     zone                      = "mgmt"
     vsys                      = "vsys1"
   }
@@ -377,14 +391,14 @@ management_profiles = {
 ### Network - virtual router
 
 virtual_routers = {
-  "default"  = {}
+  "vr"       = {}
   "external" = {}
   "internal" = {}
 }
 
 static_routes = {
   "vr_default_unicast_0.0.0.0" = {
-    virtual_router = "default"
+    virtual_router = "vr"
     route_table    = "unicast"
     destination    = "0.0.0.0/0"
     interface      = "ethernet1/1"
@@ -413,9 +427,6 @@ static_routes = {
 ### Network - zone
 
 zones = {
-  "internal" = {
-    mode = "layer3"
-  }
   "Trust-L3" = {
     mode = "layer3"
   }

examples/basic_configuration_example/variables.tf

@@ -10,18 +10,6 @@ variable "vsys" {
   type        = string
 }
 
-variable "template" {
-  description = "Template name"
-  default     = "default"
-  type        = string
-}
-
-variable "template_stack" {
-  description = "Template stack name"
-  default     = ""
-  type        = string
-}
-
 variable "pan_creds" {
   description = "Path to file with credentials to Panorama"
   type        = string
@@ -78,3 +66,5 @@ variable "ike_gateways" {}
 variable "ike_crypto_profiles" {}
 variable "ipsec_crypto_profiles" {}
 variable "ipsec_tunnels" {}
+variable "templates" {}
+variable "template_stacks" {}

modules/template/README.md

@@ -0,0 +1,38 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.4.0, < 2.0.0 |
+| <a name="requirement_panos"></a> [panos](#requirement\_panos) | ~> 1.11.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_panos"></a> [panos](#provider\_panos) | ~> 1.11.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [panos_panorama_template.this](https://registry.terraform.io/providers/PaloAltoNetworks/panos/latest/docs/resources/panorama_template) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_mode"></a> [mode](#input\_mode) | The mode to use for the modules. Valid values are `panorama` and `ngfw`. | `string` | n/a | yes |
+| <a name="input_mode_map"></a> [mode\_map](#input\_mode\_map) | The mode to use for the modules. Valid values are `panorama` and `ngfw`. | <pre>object({<br>    panorama = number<br>    ngfw     = number<br>  })</pre> | <pre>{<br>  "ngfw": 1,<br>  "panorama": 0<br>}</pre> | no |
+| <a name="input_templates"></a> [templates](#input\_templates) | Map of the templates, where key is the template's name:<br>- `description` - (Optional) The template's description.<br><br>Example:<pre>{<br>  "test-template" = {<br>    description = "My test template"<br>  }<br>}</pre> | <pre>map(object({<br>    description = optional(string)<br>  }))</pre> | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_panos_panorama_template"></a> [panos\_panorama\_template](#output\_panos\_panorama\_template) | n/a |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

modules/template/main.tf

@@ -0,0 +1,10 @@
+resource "panos_panorama_template" "this" {
+  for_each = var.mode_map[var.mode] == 0 ? var.templates : {}
+
+  name        = each.key
+  description = each.value.description
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}

modules/template/outputs.tf

@@ -0,0 +1,3 @@
+output "panos_panorama_template" {
+  value = panos_panorama_template.this
+}

modules/template/variables.tf

@@ -0,0 +1,41 @@
+variable "mode" {
+  description = "The mode to use for the modules. Valid values are `panorama` and `ngfw`."
+  type        = string
+  validation {
+    condition     = contains(["panorama", "ngfw"], var.mode)
+    error_message = "The mode must be either `panorama` or `ngfw`."
+  }
+}
+
+variable "mode_map" {
+  description = "The mode to use for the modules. Valid values are `panorama` and `ngfw`."
+  default = {
+    panorama = 0
+    ngfw     = 1
+    # cloud_manager = 2 # Not yet supported
+  }
+  type = object({
+    panorama = number
+    ngfw     = number
+  })
+}
+
+variable "templates" {
+  description = <<-EOF
+  Map of the templates, where key is the template's name:
+  - `description` - (Optional) The template's description.
+
+  Example:
+  ```
+  {
+    "test-template" = {
+      description = "My test template"
+    }
+  }
+  ```
+  EOF
+  default     = {}
+  type = map(object({
+    description = optional(string)
+  }))
+}

modules/template/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.4.0, < 2.0.0"
+  required_providers {
+    panos = {
+      source  = "PaloAltoNetworks/panos"
+      version = "~> 1.11.1"
+    }
+  }
+}