From 50a7f0202dcab9a18786ca6b68b26ecf129f1152 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Wed, 18 Sep 2024 14:23:37 +0200 Subject: [PATCH 1/4] Upgrade API client --- appgate/config.go | 2 +- appgate/config_test.go | 2 +- appgate/data_source_appgate_appliance_seed.go | 2 +- appgate/data_source_appgate_certificate_authority.go | 2 +- appgate/data_source_appgate_global_settings.go | 2 +- appgate/data_source_appgate_identity_provider.go | 2 +- appgate/find_resource_by_name.go | 2 +- appgate/identity_provider.go | 2 +- appgate/resource_appgate_administrative_role.go | 2 +- appgate/resource_appgate_appliance.go | 4 ++-- appgate/resource_appgate_appliance_controller.go | 2 +- appgate/resource_appgate_appliance_customization.go | 2 +- appgate/resource_appgate_blacklist_user.go | 2 +- appgate/resource_appgate_condition.go | 2 +- appgate/resource_appgate_criteria_script.go | 2 +- appgate/resource_appgate_device_script.go | 2 +- appgate/resource_appgate_entitlement.go | 2 +- appgate/resource_appgate_entitlement_script.go | 2 +- appgate/resource_appgate_identity_provider_connector.go | 2 +- appgate/resource_appgate_identity_provider_ldap.go | 2 +- ...resource_appgate_identity_provider_ldap_certificate.go | 2 +- .../resource_appgate_identity_provider_local_database.go | 2 +- appgate/resource_appgate_identity_provider_oidc.go | 2 +- appgate/resource_appgate_identity_provider_radius.go | 2 +- appgate/resource_appgate_identity_provider_saml.go | 2 +- appgate/resource_appgate_ip_pool.go | 2 +- appgate/resource_appgate_license.go | 2 +- appgate/resource_appgate_local_user.go | 2 +- appgate/resource_appgate_mfa_provider.go | 2 +- appgate/resource_appgate_policy.go | 2 +- appgate/resource_appgate_ringfence_rule.go | 2 +- appgate/resource_appgate_site.go | 6 +----- appgate/resource_appgate_trusted_certificate.go | 2 +- appgate/resource_appgate_user_claim_script.go | 2 +- appgate/util.go | 8 ++++---- gen/gen-accessors.go | 2 +- go.mod | 2 +- go.sum | 6 ++---- 38 files changed, 43 insertions(+), 49 deletions(-) diff --git a/appgate/config.go b/appgate/config.go index ba83c865..0ec2c62e 100644 --- a/appgate/config.go +++ b/appgate/config.go @@ -15,7 +15,7 @@ import ( "sync" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/cenkalti/backoff/v4" "github.com/hashicorp/go-version" "golang.org/x/net/http/httpproxy" diff --git a/appgate/config_test.go b/appgate/config_test.go index ff153dd5..5bfcb08e 100644 --- a/appgate/config_test.go +++ b/appgate/config_test.go @@ -11,7 +11,7 @@ import ( "testing" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/google/uuid" "github.com/hashicorp/go-version" ) diff --git a/appgate/data_source_appgate_appliance_seed.go b/appgate/data_source_appgate_appliance_seed.go index 6f5cb1da..3a299ebc 100644 --- a/appgate/data_source_appgate_appliance_seed.go +++ b/appgate/data_source_appgate_appliance_seed.go @@ -8,7 +8,7 @@ import ( "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/data_source_appgate_certificate_authority.go b/appgate/data_source_appgate_certificate_authority.go index 8ef5a97e..ab7281a9 100644 --- a/appgate/data_source_appgate_certificate_authority.go +++ b/appgate/data_source_appgate_certificate_authority.go @@ -4,7 +4,7 @@ import ( "context" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/data_source_appgate_global_settings.go b/appgate/data_source_appgate_global_settings.go index f0ada8c2..4cc8cd90 100644 --- a/appgate/data_source_appgate_global_settings.go +++ b/appgate/data_source_appgate_global_settings.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/data_source_appgate_identity_provider.go b/appgate/data_source_appgate_identity_provider.go index d0e6160e..b13c0276 100644 --- a/appgate/data_source_appgate_identity_provider.go +++ b/appgate/data_source_appgate_identity_provider.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/find_resource_by_name.go b/appgate/find_resource_by_name.go index 8e4e21bc..da0f256f 100644 --- a/appgate/find_resource_by_name.go +++ b/appgate/find_resource_by_name.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/identity_provider.go b/appgate/identity_provider.go index fbe5914e..0075dc58 100644 --- a/appgate/identity_provider.go +++ b/appgate/identity_provider.go @@ -7,7 +7,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/hashicorp/go-version" diff --git a/appgate/resource_appgate_administrative_role.go b/appgate/resource_appgate_administrative_role.go index 4c5000b4..992af848 100644 --- a/appgate/resource_appgate_administrative_role.go +++ b/appgate/resource_appgate_administrative_role.go @@ -10,7 +10,7 @@ import ( "sort" "strings" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/adminrole" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" diff --git a/appgate/resource_appgate_appliance.go b/appgate/resource_appgate_appliance.go index af1330cd..9a36d8a4 100644 --- a/appgate/resource_appgate_appliance.go +++ b/appgate/resource_appgate_appliance.go @@ -10,7 +10,7 @@ import ( "net/http" "os" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/google/uuid" "github.com/hashicorp/go-version" @@ -2983,7 +2983,7 @@ func resourceAppgateApplianceDelete(ctx context.Context, d *schema.ResourceData, if ok, _ := appliance.GetActivatedOk(); *ok { log.Printf("[DEBUG] Appliance is active, deactivate and wiping before deleting") deactiveRequest := api.AppliancesIdDeactivatePost(ctx, appliance.GetId()) - _, err = deactiveRequest.Wipe(true).Authorization(token).Execute() + _, _, err = deactiveRequest.Wipe(true).Authorization(token).Execute() if err != nil { return diag.Errorf("Failed to delete Appliance while deactivating, %s", err) } diff --git a/appgate/resource_appgate_appliance_controller.go b/appgate/resource_appgate_appliance_controller.go index ce3708b6..c1725c07 100644 --- a/appgate/resource_appgate_appliance_controller.go +++ b/appgate/resource_appgate_appliance_controller.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/cenkalti/backoff/v4" "github.com/hashicorp/go-version" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" diff --git a/appgate/resource_appgate_appliance_customization.go b/appgate/resource_appgate_appliance_customization.go index 8ecf7446..259c735f 100644 --- a/appgate/resource_appgate_appliance_customization.go +++ b/appgate/resource_appgate_appliance_customization.go @@ -12,7 +12,7 @@ import ( "os" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_blacklist_user.go b/appgate/resource_appgate_blacklist_user.go index ea83386b..d122c31e 100644 --- a/appgate/resource_appgate_blacklist_user.go +++ b/appgate/resource_appgate_blacklist_user.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_condition.go b/appgate/resource_appgate_condition.go index 594385c1..f622c26a 100644 --- a/appgate/resource_appgate_condition.go +++ b/appgate/resource_appgate_condition.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_criteria_script.go b/appgate/resource_appgate_criteria_script.go index da1dec3e..e7336bb7 100644 --- a/appgate/resource_appgate_criteria_script.go +++ b/appgate/resource_appgate_criteria_script.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_device_script.go b/appgate/resource_appgate_device_script.go index 77121011..53d2bcf7 100644 --- a/appgate/resource_appgate_device_script.go +++ b/appgate/resource_appgate_device_script.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_entitlement.go b/appgate/resource_appgate_entitlement.go index 14ea47ba..1ab1c849 100644 --- a/appgate/resource_appgate_entitlement.go +++ b/appgate/resource_appgate_entitlement.go @@ -10,7 +10,7 @@ import ( "strings" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/hashicorp/go-version" diff --git a/appgate/resource_appgate_entitlement_script.go b/appgate/resource_appgate_entitlement_script.go index a2ae433c..07994fa3 100644 --- a/appgate/resource_appgate_entitlement_script.go +++ b/appgate/resource_appgate_entitlement_script.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_connector.go b/appgate/resource_appgate_identity_provider_connector.go index 92d5863e..ee3bd36c 100644 --- a/appgate/resource_appgate_identity_provider_connector.go +++ b/appgate/resource_appgate_identity_provider_connector.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_ldap.go b/appgate/resource_appgate_identity_provider_ldap.go index 66a829d5..2b1c9ed5 100644 --- a/appgate/resource_appgate_identity_provider_ldap.go +++ b/appgate/resource_appgate_identity_provider_ldap.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_ldap_certificate.go b/appgate/resource_appgate_identity_provider_ldap_certificate.go index 08c5d896..e667559b 100644 --- a/appgate/resource_appgate_identity_provider_ldap_certificate.go +++ b/appgate/resource_appgate_identity_provider_ldap_certificate.go @@ -6,7 +6,7 @@ import ( "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_local_database.go b/appgate/resource_appgate_identity_provider_local_database.go index 0d55a417..3335a356 100644 --- a/appgate/resource_appgate_identity_provider_local_database.go +++ b/appgate/resource_appgate_identity_provider_local_database.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_oidc.go b/appgate/resource_appgate_identity_provider_oidc.go index 311def70..e433695a 100644 --- a/appgate/resource_appgate_identity_provider_oidc.go +++ b/appgate/resource_appgate_identity_provider_oidc.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_radius.go b/appgate/resource_appgate_identity_provider_radius.go index 6ac5bc54..fb66c07d 100644 --- a/appgate/resource_appgate_identity_provider_radius.go +++ b/appgate/resource_appgate_identity_provider_radius.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_saml.go b/appgate/resource_appgate_identity_provider_saml.go index f3644ad9..5152d74e 100644 --- a/appgate/resource_appgate_identity_provider_saml.go +++ b/appgate/resource_appgate_identity_provider_saml.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_ip_pool.go b/appgate/resource_appgate_ip_pool.go index 760e32c2..e21cea16 100644 --- a/appgate/resource_appgate_ip_pool.go +++ b/appgate/resource_appgate_ip_pool.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_license.go b/appgate/resource_appgate_license.go index c732a826..e1c592b9 100644 --- a/appgate/resource_appgate_license.go +++ b/appgate/resource_appgate_license.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/appgate/resource_appgate_local_user.go b/appgate/resource_appgate_local_user.go index b2bebe56..19f87d36 100644 --- a/appgate/resource_appgate_local_user.go +++ b/appgate/resource_appgate_local_user.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/appgate/resource_appgate_mfa_provider.go b/appgate/resource_appgate_mfa_provider.go index 83470121..d7a75d28 100644 --- a/appgate/resource_appgate_mfa_provider.go +++ b/appgate/resource_appgate_mfa_provider.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_policy.go b/appgate/resource_appgate_policy.go index 85efb042..22d5391b 100644 --- a/appgate/resource_appgate_policy.go +++ b/appgate/resource_appgate_policy.go @@ -9,7 +9,7 @@ import ( "github.com/hashicorp/go-version" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" diff --git a/appgate/resource_appgate_ringfence_rule.go b/appgate/resource_appgate_ringfence_rule.go index d26b6004..39e17093 100644 --- a/appgate/resource_appgate_ringfence_rule.go +++ b/appgate/resource_appgate_ringfence_rule.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_site.go b/appgate/resource_appgate_site.go index 19184fcd..be6af4af 100644 --- a/appgate/resource_appgate_site.go +++ b/appgate/resource_appgate_site.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/go-version" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -826,7 +826,6 @@ func flattenSiteAzureResolver(currentVersion *version.Version, in []openapi.Site m := make(map[string]interface{}) m["name"] = v.GetName() m["update_interval"] = v.GetUpdateInterval() - m["subscription_id"] = v.GetSubscriptionId() m["tenant_id"] = v.GetTenantId() m["client_id"] = v.GetClientId() if val, ok := local["secret"]; ok { @@ -1367,9 +1366,6 @@ func readAzureResolversFromConfig(currentVersion *version.Version, azureConfigs if v, ok := raw["update_interval"]; ok { row.SetUpdateInterval(int32(v.(int))) } - if v, ok := raw["subscription_id"]; ok { - row.SetSubscriptionId(v.(string)) - } if v, ok := raw["tenant_id"]; ok { row.SetTenantId(v.(string)) } diff --git a/appgate/resource_appgate_trusted_certificate.go b/appgate/resource_appgate_trusted_certificate.go index 23f270b3..0874e756 100644 --- a/appgate/resource_appgate_trusted_certificate.go +++ b/appgate/resource_appgate_trusted_certificate.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_user_claim_script.go b/appgate/resource_appgate_user_claim_script.go index 74bc7a9f..67067f4b 100644 --- a/appgate/resource_appgate_user_claim_script.go +++ b/appgate/resource_appgate_user_claim_script.go @@ -6,7 +6,7 @@ import ( "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/util.go b/appgate/util.go index ba6af1e1..42346a85 100644 --- a/appgate/util.go +++ b/appgate/util.go @@ -14,7 +14,7 @@ import ( "sort" "strings" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/cenkalti/backoff/v4" @@ -401,16 +401,16 @@ const ( // and make sure a certain appliance has reached state. func waitForApplianceState(ctx context.Context, meta interface{}, applianceID, state string, b *backoff.ExponentialBackOff) error { return backoff.Retry(func() error { - statsAPI := meta.(*Client).API.ApplianceStatsApi + appliancesAPI := meta.(*Client).API.AppliancesApi token, err := meta.(*Client).GetToken() if err != nil { return ApplianceStatsRetryableError{err: err} } - stats, _, err := statsAPI.StatsAppliancesGet(ctx).Authorization(token).Execute() + stats, _, err := appliancesAPI.AppliancesStatusGet(ctx).Authorization(token).Execute() if err != nil { return ApplianceStatsRetryableError{err: err} } - var appliance openapi.StatsAppliancesListAllOfData + var appliance openapi.ApplianceWithStatus for _, data := range stats.GetData() { if data.GetId() == applianceID { appliance = data diff --git a/gen/gen-accessors.go b/gen/gen-accessors.go index ce126559..d5390a2f 100644 --- a/gen/gen-accessors.go +++ b/gen/gen-accessors.go @@ -15,7 +15,7 @@ import ( "strings" "text/template" - "github.com/appgate/sdp-api-client-go/api/v20/openapi" + "github.com/appgate/sdp-api-client-go/api/v21/openapi" ) type Resource struct { diff --git a/go.mod b/go.mod index 31bd7501..dbccdfe3 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/appgate/terraform-provider-appgatesdp go 1.20 require ( - github.com/appgate/sdp-api-client-go v1.2.4 + github.com/appgate/sdp-api-client-go v1.2.6 github.com/cenkalti/backoff/v4 v4.2.1 github.com/denisbrodbeck/machineid v1.0.1 github.com/google/uuid v1.5.0 diff --git a/go.sum b/go.sum index f9d36329..db97995a 100644 --- a/go.sum +++ b/go.sum @@ -42,12 +42,10 @@ github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/appgate/sdp-api-client-go v1.2.1 h1:FJCWN11HBdqEsUGbuse1gDuj0/Xn/lGGagfz3ERT6DY= -github.com/appgate/sdp-api-client-go v1.2.1/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= -github.com/appgate/sdp-api-client-go v1.2.3 h1:FVGg4fnj8EekYAMdw8qVLeRrbEt/5lTCfDeoW7P0qdE= -github.com/appgate/sdp-api-client-go v1.2.3/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/appgate/sdp-api-client-go v1.2.4 h1:JqgFuNx4znQscEfCfI9iX/4/QzsQMTewiZaZtIqT5fw= github.com/appgate/sdp-api-client-go v1.2.4/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= +github.com/appgate/sdp-api-client-go v1.2.6 h1:/3zWOiG6JnW+Lxf08ZDbYNnNopvVDav2RV7POx4nS5U= +github.com/appgate/sdp-api-client-go v1.2.6/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= From dbeee954f72d6f59715ba29ef6181d6f44e99b16 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Thu, 19 Sep 2024 09:36:56 +0200 Subject: [PATCH 2/4] upgrade API and adapt tests --- appgate/config.go | 2 ++ appgate/provider.go | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/appgate/config.go b/appgate/config.go index 0ec2c62e..535f8ec3 100644 --- a/appgate/config.go +++ b/appgate/config.go @@ -187,6 +187,8 @@ func guessVersion(clientVersion int) (*version.Version, error) { return version.NewVersion("6.2.0+estimated") case Version20: return version.NewVersion("6.3.0+estimated") + case Version21: + return version.NewVersion("6.4.0+estimated") } return nil, fmt.Errorf("could not determine appliance version with client version %d", clientVersion) } diff --git a/appgate/provider.go b/appgate/provider.go index 49a3e3f7..0736558d 100644 --- a/appgate/provider.go +++ b/appgate/provider.go @@ -28,9 +28,10 @@ const ( Version18 int = 18 Version19 int = 19 Version20 int = 20 + Version21 int = 21 // DefaultClientVersion is the latest support version of appgate sdp client that is supported. // its not recommended to change this value. - DefaultClientVersion = Version20 + DefaultClientVersion = Version21 MinimumSupportedVersion = Version18 ) @@ -46,6 +47,7 @@ var ( Version18: "6.1.0", Version19: "6.2.0", Version20: "6.3.0", + Version21: "6.4.0", } Appliance53Version, _ = version.NewVersion(ApplianceVersionMap[Version14]) @@ -55,6 +57,7 @@ var ( Appliance61Version, _ = version.NewVersion(ApplianceVersionMap[Version18]) Appliance62Version, _ = version.NewVersion(ApplianceVersionMap[Version19]) Appliance63Version, _ = version.NewVersion(ApplianceVersionMap[Version20]) + Appliance64Version, _ = version.NewVersion(ApplianceVersionMap[Version21]) ) // Provider function returns the object that implements the terraform.ResourceProvider interface, specifically a schema.Provider @@ -86,7 +89,7 @@ func Provider() *schema.Provider { "insecure": { Type: schema.TypeBool, Optional: true, - DefaultFunc: schema.EnvDefaultFunc("APPGATE_INSECURE", false), + DefaultFunc: schema.EnvDefaultFunc("APPGATE_INSECURE", true), }, "debug": { Type: schema.TypeBool, From 8ead1de21e749a5ab3cd3f948a1eb9e700bd5592 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Thu, 3 Oct 2024 11:17:57 +0200 Subject: [PATCH 3/4] pass test 6.1 --- appgate/config.go | 10 - appgate/config_test.go | 53 ++--- appgate/data_source_appgate_appliance_seed.go | 6 - ...data_source_appgate_appliance_seed_test.go | 14 -- appgate/identity_provider.go | 20 +- appgate/identity_provider_migrate.go | 2 +- appgate/identity_provider_migrate_test.go | 32 +-- appgate/provider.go | 16 -- .../resource_appgate_administrative_role.go | 21 +- ...source_appgate_administrative_role_test.go | 64 +----- appgate/resource_appgate_appliance.go | 124 +++-------- appgate/resource_appgate_appliance_test.go | 201 +----------------- appgate/resource_appgate_condition.go | 18 +- appgate/resource_appgate_global_settings.go | 18 +- ...resource_appgate_identity_provider_ldap.go | 6 +- ...gate_identity_provider_ldap_certificate.go | 8 +- ...identity_provider_ldap_certificate_test.go | 7 - ...rce_appgate_identity_provider_ldap_test.go | 3 - ...resource_appgate_identity_provider_oidc.go | 5 +- ...source_appgate_identity_provider_radius.go | 5 +- ...e_appgate_identity_provider_radius_test.go | 3 - ...resource_appgate_identity_provider_saml.go | 5 +- ...rce_appgate_identity_provider_saml_test.go | 11 +- appgate/resource_appgate_policy.go | 156 ++++++-------- appgate/resource_appgate_policy_test.go | 7 - appgate/resource_appgate_site.go | 63 +++--- appgate/resource_appgate_site_test.go | 70 +++--- website/docs/r/appliance.markdown | 24 --- website/docs/r/site.markdown | 2 - 29 files changed, 231 insertions(+), 743 deletions(-) diff --git a/appgate/config.go b/appgate/config.go index 535f8ec3..a5c8ed44 100644 --- a/appgate/config.go +++ b/appgate/config.go @@ -171,16 +171,6 @@ func guessVersion(clientVersion int) (*version.Version, error) { // TODO query GET /appliance controller and check exact version. // POST /login does not include version anymore. switch clientVersion { - case Version13: - return version.NewVersion("5.2.0+estimated") - case Version14: - return version.NewVersion("5.3.0+estimated") - case Version15: - return version.NewVersion("5.4.0+estimated") - case Version16: - return version.NewVersion("5.5.0+estimated") - case Version17: - return version.NewVersion("6.0.0+estimated") case Version18: return version.NewVersion("6.1.0+estimated") case Version19: diff --git a/appgate/config_test.go b/appgate/config_test.go index 5bfcb08e..e9a6fc3c 100644 --- a/appgate/config_test.go +++ b/appgate/config_test.go @@ -144,9 +144,10 @@ func TestLoginNotAcceptable(t *testing.T) { } var ( - computed54TestVersion, _ = version.NewVersion("5.4.0+estimated") + computed61TestVersion, _ = version.NewVersion("6.1.0+estimated") + computed64TestVersion, _ = version.NewVersion("6.4.0+estimated") - loginResponse54 = ` + loginResponse61 = ` { "user": { "name": "admin", @@ -173,8 +174,8 @@ var ( { "id": "string", "message": "string", - "minSupportedVersion": 7, - "maxSupportedVersion": 15 + "minSupportedVersion": 18, + "maxSupportedVersion": 21 } ` ) @@ -195,16 +196,16 @@ func TestClient(t *testing.T) { wantInsecure bool }{ { - name: "test 5.4 login", + name: "test 6.1 login", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: false, - expectedVersion: computed54TestVersion, + expectedVersion: computed64TestVersion, config: &Config{ Username: "admin", Password: "admin", - Version: 15, + Version: 18, LoginTimeout: 1, Insecure: true, }, @@ -214,10 +215,10 @@ func TestClient(t *testing.T) { { name: "invalid client version", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: true, - expectedVersion: computed54TestVersion, + expectedVersion: computed61TestVersion, config: &Config{ Username: "admin", Password: "admin", @@ -231,14 +232,14 @@ func TestClient(t *testing.T) { { name: "500 login response", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: true, - expectedVersion: computed54TestVersion, + expectedVersion: computed61TestVersion, config: &Config{ Username: "admin", Password: "admin", - Version: 15, + Version: 18, LoginTimeout: 1, Insecure: true, }, @@ -248,14 +249,14 @@ func TestClient(t *testing.T) { { name: "502 login response", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: true, - expectedVersion: computed54TestVersion, + expectedVersion: computed61TestVersion, config: &Config{ Username: "admin", Password: "admin", - Version: 15, + Version: 18, LoginTimeout: 1, Insecure: true, }, @@ -265,14 +266,14 @@ func TestClient(t *testing.T) { { name: "503 login response", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: true, - expectedVersion: computed54TestVersion, + expectedVersion: computed61TestVersion, config: &Config{ Username: "admin", Password: "admin", - Version: 15, + Version: 18, LoginTimeout: 1, Insecure: true, }, @@ -285,7 +286,7 @@ func TestClient(t *testing.T) { ResponseBody: loginResponse406, }, wantErr: true, - expectedVersion: computed54TestVersion, + expectedVersion: computed61TestVersion, config: &Config{ Username: "admin", Password: "admin", @@ -299,15 +300,15 @@ func TestClient(t *testing.T) { { name: "test with invalid pem", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: false, wantClientErr: true, - expectedVersion: computed54TestVersion, + expectedVersion: computed61TestVersion, config: &Config{ Username: "admin", Password: "admin", - Version: 15, + Version: 18, LoginTimeout: 1, Insecure: false, PemFilePath: "test-fixtures/invalid_cert.pem", @@ -318,15 +319,15 @@ func TestClient(t *testing.T) { { name: "test with pem file", fields: fields{ - ResponseBody: loginResponse54, + ResponseBody: loginResponse61, }, wantErr: false, wantClientErr: false, - expectedVersion: computed54TestVersion, + expectedVersion: computed64TestVersion, config: &Config{ Username: "admin", Password: "admin", - Version: 15, + Version: 18, LoginTimeout: 1, Insecure: false, PemFilePath: "test-fixtures/cert.pem", diff --git a/appgate/data_source_appgate_appliance_seed.go b/appgate/data_source_appgate_appliance_seed.go index 3a299ebc..07806bbc 100644 --- a/appgate/data_source_appgate_appliance_seed.go +++ b/appgate/data_source_appgate_appliance_seed.go @@ -61,7 +61,6 @@ func dataSourceAppgateApplianceSeedRead(d *schema.ResourceData, meta interface{} return err } api := meta.(*Client).API.AppliancesApi - currentVersion := meta.(*Client).ApplianceVersion ctx := context.TODO() applianceID, iok := d.GetOk("appliance_id") @@ -95,11 +94,6 @@ func dataSourceAppgateApplianceSeedRead(d *schema.ResourceData, meta interface{} cloudKey, cloudOk := d.GetOk("provide_cloud_ssh_key") sshConfig := openapi.NewSSHConfig() - // AllowCustomization and ValidityDays is only available in >= 5.5 - if currentVersion.LessThan(Appliance55Version) { - sshConfig.AllowCustomization = nil - sshConfig.ValidityDays = nil - } if passwordOk { sshConfig.Password = openapi.PtrString(password.(string)) d.Set("password", password.(string)) diff --git a/appgate/data_source_appgate_appliance_seed_test.go b/appgate/data_source_appgate_appliance_seed_test.go index 8ae897e0..7987a15d 100644 --- a/appgate/data_source_appgate_appliance_seed_test.go +++ b/appgate/data_source_appgate_appliance_seed_test.go @@ -17,9 +17,6 @@ func TestAccAppgateApplianceSeedDataSource(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccSeedTest(rName), - PreConfig: func() { - applianceTestForFiveFive(t) - }, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrPair(dataSourceName, "appliance_id", resourceName, "id"), resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "password"), @@ -53,17 +50,6 @@ resource "appgatesdp_appliance" "new_test_gateway" { override_spa_mode = "UDP-TCP" } - peer_interface { - hostname = "envy-10-97-168-1338.devops" - https_port = "1338" - - allow_sources { - address = "1.3.3.8" - netmask = 32 - nic = "eth0" - } - } - site = data.appgatesdp_site.default_site.id networking { nics { diff --git a/appgate/identity_provider.go b/appgate/identity_provider.go index 0075dc58..f2e04aad 100644 --- a/appgate/identity_provider.go +++ b/appgate/identity_provider.go @@ -10,7 +10,6 @@ import ( "github.com/appgate/sdp-api-client-go/api/v21/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" - "github.com/hashicorp/go-version" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -52,7 +51,7 @@ func identityProviderSchema() map[string]*schema.Schema { return } } - errs = append(errs, fmt.Errorf("type must be on of %v, got %s", list, s)) + errs = append(errs, fmt.Errorf("type must be one of %v, got %s", list, s)) return }, }, @@ -421,7 +420,7 @@ func ldapProviderSchema() map[string]*schema.Schema { } // readProviderFromConfig reads all the common attributes for the IdentityProviders. -func readProviderFromConfig(d *schema.ResourceData, provider openapi.ConfigurableIdentityProvider, currentVersion *version.Version) (*openapi.ConfigurableIdentityProvider, error) { +func readProviderFromConfig(d *schema.ResourceData, provider openapi.ConfigurableIdentityProvider) (*openapi.ConfigurableIdentityProvider, error) { base, err := readBaseEntityFromConfig(d) if err != nil { return &provider, err @@ -440,18 +439,6 @@ func readProviderFromConfig(d *schema.ResourceData, provider openapi.Configurabl provider.SetAdminProvider(v.(bool)) } - // device_limit_per_user is only available on 5.5 or higher on root level, - // previous version has this on on_boarding_two_factor.device_limit_per_user - if v, ok := d.GetOk("device_limit_per_user"); ok { - if currentVersion.LessThan(Appliance55Version) { - return &provider, fmt.Errorf( - "device_limit_per_user is only available on 5.5, your current version is %s, Use on_boarding_two_factor.device_limit_per_user for appliances less then 5.5", - currentVersion.String(), - ) - } - provider.SetDeviceLimitPerUser(int32(v.(int))) - } - if v, ok := d.GetOk("on_boarding_two_factor"); ok { onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { @@ -472,6 +459,9 @@ func readProviderFromConfig(d *schema.ResourceData, provider openapi.Configurabl if v, ok := d.GetOk("ip_pool_v6"); ok { provider.SetIpPoolV6(v.(string)) } + if v, ok := d.GetOk("device_limit_per_user"); ok { + provider.SetDeviceLimitPerUser(int32(v.(int))) + } if v, ok := d.GetOk("user_scripts"); ok { us, err := readArrayOfStringsFromConfig(v.([]interface{})) if err != nil { diff --git a/appgate/identity_provider_migrate.go b/appgate/identity_provider_migrate.go index 758a48c5..79e07ac4 100644 --- a/appgate/identity_provider_migrate.go +++ b/appgate/identity_provider_migrate.go @@ -19,7 +19,7 @@ func resourceIdentityProvidereUpgradeV0(_ context.Context, rawState map[string]i return nil, nil } currentVersion := meta.(*Client).ApplianceVersion - if currentVersion.GreaterThanOrEqual(Appliance55Version) { + if currentVersion.GreaterThanOrEqual(Appliance64Version) { if v, ok := rawState["on_boarding_two_factor"]; ok { twoFA := v.(map[string]interface{}) if v, ok := twoFA["device_limit_per_user"]; ok { diff --git a/appgate/identity_provider_migrate_test.go b/appgate/identity_provider_migrate_test.go index 6f8d5789..ee72e73a 100644 --- a/appgate/identity_provider_migrate_test.go +++ b/appgate/identity_provider_migrate_test.go @@ -45,37 +45,7 @@ func TestResourceExampleInstanceStateUpgradeV0(t *testing.T) { }, }, Meta: &Client{ - ApplianceVersion: Appliance55Version, - }, - }, - { - Description: "5.4 do nothing", - InputState: map[string]interface{}{ - "name": "foobar", - "notes": "Managed by terraform", - "object_class": "user", - "on_boarding_two_factor": map[string]interface{}{ - "always_required": false, - "claim_suffix": "onBoarding", - "device_limit_per_user": 6, - "message": "welcome", - "mfa_provider_id": "3ae98d53-c520-437f-99e4-451f936e6d2c", - }, - }, - ExpectedState: map[string]interface{}{ - "name": "foobar", - "notes": "Managed by terraform", - "object_class": "user", - "on_boarding_two_factor": map[string]interface{}{ - "always_required": false, - "claim_suffix": "onBoarding", - "device_limit_per_user": 6, - "message": "welcome", - "mfa_provider_id": "3ae98d53-c520-437f-99e4-451f936e6d2c", - }, - }, - Meta: &Client{ - ApplianceVersion: Appliance54Version, + ApplianceVersion: Appliance64Version, }, }, } diff --git a/appgate/provider.go b/appgate/provider.go index 0736558d..8843f2d1 100644 --- a/appgate/provider.go +++ b/appgate/provider.go @@ -19,12 +19,6 @@ import ( ) const ( - Version12 int = 12 - Version13 int = 13 - Version14 int = 14 - Version15 int = 15 - Version16 int = 16 - Version17 int = 17 Version18 int = 18 Version19 int = 19 Version20 int = 20 @@ -38,22 +32,12 @@ const ( var ( // ApplianceVersionMap match appliance version to go client version. ApplianceVersionMap = map[int]string{ - Version12: "5.1.0", - Version13: "5.2.0", - Version14: "5.3.0", - Version15: "5.4.0", - Version16: "5.5.0", - Version17: "6.0.0", Version18: "6.1.0", Version19: "6.2.0", Version20: "6.3.0", Version21: "6.4.0", } - Appliance53Version, _ = version.NewVersion(ApplianceVersionMap[Version14]) - Appliance54Version, _ = version.NewVersion(ApplianceVersionMap[Version15]) - Appliance55Version, _ = version.NewVersion(ApplianceVersionMap[Version16]) - Appliance60Version, _ = version.NewVersion(ApplianceVersionMap[Version17]) Appliance61Version, _ = version.NewVersion(ApplianceVersionMap[Version18]) Appliance62Version, _ = version.NewVersion(ApplianceVersionMap[Version19]) Appliance63Version, _ = version.NewVersion(ApplianceVersionMap[Version20]) diff --git a/appgate/resource_appgate_administrative_role.go b/appgate/resource_appgate_administrative_role.go index 992af848..e526833d 100644 --- a/appgate/resource_appgate_administrative_role.go +++ b/appgate/resource_appgate_administrative_role.go @@ -211,7 +211,13 @@ func resourceAppgateAdministrativeRoleCreate(ctx context.Context, d *schema.Reso if err != nil { return diag.FromErr(err) } - privileges, err := readAdminIstrativeRolePrivileges(v.(*schema.Set).List(), currentVersion, targetMap) + privileges, err := func() ([]openapi.AdministrativePrivilege, error) { + var ( + privileges = v.(*schema.Set).List() + _ *version.Version = currentVersion + ) + return readAdminIstrativeRolePrivileges(privileges, targetMap) + }() if err != nil { return diag.FromErr(err) } @@ -231,7 +237,7 @@ func resourceAppgateAdministrativeRoleCreate(ctx context.Context, d *schema.Reso return diags } -func readAdminIstrativeRolePrivileges(privileges []interface{}, currentVersion *version.Version, targetMap *openapi.AdministrativeRolesTypeTargetMapGet200Response) ([]openapi.AdministrativePrivilege, error) { +func readAdminIstrativeRolePrivileges(privileges []interface{}, targetMap *openapi.AdministrativeRolesTypeTargetMapGet200Response) ([]openapi.AdministrativePrivilege, error) { result := make([]openapi.AdministrativePrivilege, 0) for _, privilege := range privileges { if privilege == nil { @@ -300,9 +306,6 @@ func readAdminIstrativeRolePrivileges(privileges []interface{}, currentVersion * // lowercase, server side validation does not care about letter case allowedFuncs := []string{"controller", "gateway", "logserver", "logforwarder", "connector", "portal"} if v, ok := raw["functions"].([]interface{}); ok && len(v) > 0 { - if currentVersion.LessThan(Appliance60Version) { - return result, fmt.Errorf("privileges.functions is only supported on >= 6") - } if a.GetType() != "AssignFunction" { return result, fmt.Errorf( "functions only applicable on \"AssignFunction\" type with target \"Appliance\" or \"All\"."+ @@ -455,7 +458,13 @@ func resourceAppgateAdministrativeRoleUpdate(ctx context.Context, d *schema.Reso if err != nil { return diag.FromErr(err) } - privileges, err := readAdminIstrativeRolePrivileges(v.(*schema.Set).List(), currentVersion, targetMap) + privileges, err := func() ([]openapi.AdministrativePrivilege, error) { + var ( + privileges = v.(*schema.Set).List() + _ *version.Version = currentVersion + ) + return readAdminIstrativeRolePrivileges(privileges, targetMap) + }() if err != nil { return diag.FromErr(fmt.Errorf("Failed to update administrative role privileges %w", err)) } diff --git a/appgate/resource_appgate_administrative_role_test.go b/appgate/resource_appgate_administrative_role_test.go index 354f47c8..ad6fb804 100644 --- a/appgate/resource_appgate_administrative_role_test.go +++ b/appgate/resource_appgate_administrative_role_test.go @@ -341,10 +341,6 @@ func TestAccadministrativeMultiplePrivilegesValidation(t *testing.T) { PreConfig: func() { c := testAccProvider.Meta().(*Client) c.GetToken() - currentVersion := c.ApplianceVersion - if currentVersion.LessThan(Appliance53Version) { - t.Skip("Test only for 5.3 and above, privileges.target RegisteredDevice not supported prior to 5.3") - } }, Config: testAccCheckadministrativeRoleMultiplePrivlegesConfig(context), Check: resource.ComposeTestCheckFunc( @@ -386,62 +382,6 @@ func TestAccadministrativeMultiplePrivilegesValidation(t *testing.T) { }) } -// TestAccadministrativeMultiplePrivilegesValidation52 make sure it still works on 5.2 -// https://github.com/appgate/terraform-provider-appgatesdp/issues/129 -func TestAccadministrativeMultiplePrivilegesValidation52(t *testing.T) { - resourceName := "appgatesdp_administrative_role.test_administrative_role_129" - rName := RandStringFromCharSet(10, CharSetAlphaNum) - context := map[string]interface{}{ - "name": rName, - "target": "OnBoardedDevice", // in < 5.3 its called OnBoardedDevice - } - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckadministrativeRoleDestroy, - Steps: []resource.TestStep{ - { - PreConfig: func() { - c := testAccProvider.Meta().(*Client) - c.GetToken() - currentVersion := c.ApplianceVersion - if currentVersion.GreaterThanOrEqual(Appliance53Version) { - t.Skip("Test is only for 5.2, privileges.target OnBoardedDevice") - } - }, - Config: testAccCheckadministrativeRoleMultiplePrivlegesConfig(context), - Check: resource.ComposeTestCheckFunc( - testAccCheckadministrativeRoleExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "name", rName), - resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), - resource.TestCheckResourceAttr(resourceName, "privileges.#", "2"), - resource.TestCheckResourceAttr(resourceName, "privileges.0.%", "4"), - resource.TestCheckResourceAttr(resourceName, "privileges.0.scope.#", "1"), - resource.TestCheckResourceAttr(resourceName, "privileges.0.scope.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "privileges.0.scope.0.all", "true"), - resource.TestCheckResourceAttr(resourceName, "privileges.0.target", context["target"].(string)), - resource.TestCheckResourceAttr(resourceName, "privileges.0.type", "View"), - resource.TestCheckResourceAttr(resourceName, "privileges.1.%", "4"), - resource.TestCheckResourceAttr(resourceName, "privileges.1.scope.#", "1"), - resource.TestCheckResourceAttr(resourceName, "privileges.1.scope.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "privileges.1.scope.0.all", "true"), - resource.TestCheckResourceAttr(resourceName, "privileges.1.target", context["target"].(string)), - resource.TestCheckResourceAttr(resourceName, "privileges.1.type", "Delete"), - resource.TestCheckResourceAttr(resourceName, "tags.#", "3"), - resource.TestCheckResourceAttr(resourceName, "tags.0", "aa"), - resource.TestCheckResourceAttr(resourceName, "tags.1", "bb"), - resource.TestCheckResourceAttr(resourceName, "tags.2", "cc"), - ), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccadministrativeRoleImportStateCheckFunc(1), - }, - }, - }) -} - func testAccCheckadministrativeRoleMultiplePrivlegesConfig(context map[string]interface{}) string { // Test based on https://github.com/appgate/terraform-provider-appgatesdp/issues/129#issuecomment-852211335 return Nprintf(` @@ -586,7 +526,7 @@ resource "appgatesdp_administrative_role" "test_administrative_role" { privileges { type = "AssignFunction" target = "All" - functions = ["Connector", "Controller", "GateWAY", "logserver"] + functions = ["Connector", "Controller", "GateWAY", "logserver", "Ztp"] } } `, context) @@ -603,7 +543,7 @@ resource "appgatesdp_administrative_role" "test_administrative_role" { privileges { type = "AssignFunction" target = "All" - functions = ["Connector", "Controller", "GateWAY", "logserver"] + functions = ["Connector", "Controller", "GateWAY", "logserver", "Ztp"] } } `, context) diff --git a/appgate/resource_appgate_appliance.go b/appgate/resource_appgate_appliance.go index 9a36d8a4..b16d6683 100644 --- a/appgate/resource_appgate_appliance.go +++ b/appgate/resource_appgate_appliance.go @@ -80,14 +80,6 @@ func resourceAppgateAppliance() *schema.Resource { Computed: true, }, - "connect_to_peers_using_client_port_with_spa": { - Type: schema.TypeBool, - Deprecated: "connect_to_peers_using_client_port_with_spa is deprecated as of 5.4. It will always be enabled when the support for peerInterface is removed.", - Description: "Makes the Appliance to connect to Controller/LogServer/LogForwarders using their clientInterface.httpsPort instead of peerInterface.httpsPort. The Appliance uses SPA to connect.", - Optional: true, - Computed: true, - }, - "client_interface": { Type: schema.TypeList, MaxItems: 1, @@ -145,31 +137,6 @@ func resourceAppgateAppliance() *schema.Resource { }, }, - "peer_interface": { - Type: schema.TypeList, - Optional: true, - // TODO: - // Temporary removed this warning, since its not scheduled to be removed until the version after 5.5 - // and since its still required for all existing supported versions, we will not show this error for the users. - // - // Deprecated: "peer_interface is deprecated as of 5.4. All connections will be handled by clientInterface and adminInterface in the future. The hostname field is used as identifier and will take over the hostname field in the root of Appliance when this interface is removed.", - MaxItems: 1, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "hostname": { - Type: schema.TypeString, - Required: true, - }, - "https_port": { - Type: schema.TypeInt, - Optional: true, - Default: 8443, - }, - "allow_sources": allowSourcesSchema(), - }, - }, - }, - "admin_interface": adminInterfaceSchema(), "networking": { @@ -1542,7 +1509,7 @@ func resourceAppgateApplianceCreate(ctx context.Context, d *schema.ResourceData, } if v, ok := d.GetOk("log_forwarder"); ok { - lf, err := readLogForwardFromConfig(v.([]interface{}), currentVersion) + lf, err := readLogForwardFromConfig(v.([]interface{})) if err != nil { return diag.FromErr(err) } @@ -1558,7 +1525,7 @@ func resourceAppgateApplianceCreate(ctx context.Context, d *schema.ResourceData, } if v, ok := d.GetOk("connector"); ok { - connector, err := readApplianceConnectorFromConfig(currentVersion, v.([]interface{})) + connector, err := readApplianceConnectorFromConfig(v.([]interface{})) if err != nil { return diag.FromErr(err) } @@ -1574,10 +1541,7 @@ func resourceAppgateApplianceCreate(ctx context.Context, d *schema.ResourceData, } if v, ok := d.GetOk("portal"); ok { - if !currentVersion.GreaterThanOrEqual(Appliance54Version) { - return diag.Errorf("appliance.portal requires %s, you are using %q client v%d", Appliance54Version, currentVersion, meta.(*Client).ClientVersion) - } - portal, err := readAppliancePortalFromConfig(d, v.([]interface{}), currentVersion) + portal, err := readAppliancePortalFromConfig(d, v.([]interface{})) if err != nil { return diag.FromErr(err) } @@ -2062,7 +2026,7 @@ func resourceAppgateApplianceRead(ctx context.Context, d *schema.ResourceData, m } if v, ok := appliance.GetConnectorOk(); ok { - connector, err := flatttenApplianceConnector(currentVersion, *v) + connector, err := flatttenApplianceConnector(*v) if err != nil { return diag.FromErr(err) } @@ -2112,13 +2076,11 @@ func resourceAppgateApplianceRead(ctx context.Context, d *schema.ResourceData, m portal["profiles"] = v.GetProfiles() portal["external_profiles"] = v.GetExternalProfiles() - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - signInCustomization, err := flattenAppliancePortalSignInCustomziation(d, v.GetSignInCustomization()) - if err != nil { - return diag.FromErr(err) - } - portal["sign_in_customization"] = signInCustomization + signInCustomization, err := flattenAppliancePortalSignInCustomziation(d, v.GetSignInCustomization()) + if err != nil { + return diag.FromErr(err) } + portal["sign_in_customization"] = signInCustomization portals = append(portals, portal) if err := d.Set("portal", portals); err != nil { return diag.FromErr(err) @@ -2259,28 +2221,26 @@ func flatttenApplianceLogForwarder(in openapi.ApplianceAllOfLogForwarder, curren if v, ok := v.GetRetentionDaysOk(); ok { elasticsearch["retention_days"] = *v } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - if v, ok := v.GetCompatibilityModeOk(); ok { - elasticsearch["compatibility_mode"] = *v + if v, ok := v.GetCompatibilityModeOk(); ok { + elasticsearch["compatibility_mode"] = *v + } + if authRaw, ok := v.GetAuthenticationOk(); ok { + auth := make(map[string]interface{}) + if v, ok := authRaw.GetTypeOk(); ok { + auth["type"] = v } - if authRaw, ok := v.GetAuthenticationOk(); ok { - auth := make(map[string]interface{}) - if v, ok := authRaw.GetTypeOk(); ok { - auth["type"] = v - } - // token is sensitive, so we won't get it in the response body, but we can lookup it from the state - if state := d.Get("log_forwarder.0.elasticsearch.0.authentication").([]interface{}); len(state) > 0 && state[0] != nil { - s := state[0].(map[string]interface{}) - if v, ok := s["token"]; ok { - auth["token"] = v.(string) - } - } else if v, ok := authRaw.GetTokenOk(); ok { - log.Printf("[DEBUG] Could not find log_forwarder.0.elasticsearch.0.authentication.token in state, fallback to API response") - auth["token"] = v + // token is sensitive, so we won't get it in the response body, but we can lookup it from the state + if state := d.Get("log_forwarder.0.elasticsearch.0.authentication").([]interface{}); len(state) > 0 && state[0] != nil { + s := state[0].(map[string]interface{}) + if v, ok := s["token"]; ok { + auth["token"] = v.(string) } - elasticsearch["authentication"] = []map[string]interface{}{auth} + } else if v, ok := authRaw.GetTokenOk(); ok { + log.Printf("[DEBUG] Could not find log_forwarder.0.elasticsearch.0.authentication.token in state, fallback to API response") + auth["token"] = v } + elasticsearch["authentication"] = []map[string]interface{}{auth} } logforward["elasticsearch"] = []map[string]interface{}{elasticsearch} } @@ -2485,7 +2445,7 @@ func flattenApplianceMetricsAggregator(in openapi.ApplianceAllOfMetricsAggregato return metricsAggrs, nil } -func flatttenApplianceConnector(currentVersion *version.Version, in openapi.ApplianceAllOfConnector) ([]map[string]interface{}, error) { +func flatttenApplianceConnector(in openapi.ApplianceAllOfConnector) ([]map[string]interface{}, error) { var connectors []map[string]interface{} connector := make(map[string]interface{}) if v, ok := in.GetEnabledOk(); ok { @@ -2504,9 +2464,7 @@ func flatttenApplianceConnector(currentVersion *version.Version, in openapi.Appl } c["allow_resources"] = alloweResources c["snat_to_resources"] = client.GetSnatToResources() - if currentVersion.GreaterThanOrEqual(Appliance54Version) { - c["dnat_to_resource"] = client.GetDnatToResource() - } + c["dnat_to_resource"] = client.GetDnatToResource() clients = append(clients, c) } @@ -2902,7 +2860,7 @@ func resourceAppgateApplianceUpdate(ctx context.Context, d *schema.ResourceData, if d.HasChange("log_forwarder") { _, v := d.GetChange("log_forwarder") - lf, err := readLogForwardFromConfig(v.([]interface{}), currentVersion) + lf, err := readLogForwardFromConfig(v.([]interface{})) if err != nil { return diag.FromErr(err) } @@ -2920,7 +2878,7 @@ func resourceAppgateApplianceUpdate(ctx context.Context, d *schema.ResourceData, if d.HasChange("connector") { _, v := d.GetChange("connector") - iot, err := readApplianceConnectorFromConfig(currentVersion, v.([]interface{})) + iot, err := readApplianceConnectorFromConfig(v.([]interface{})) if err != nil { return diag.FromErr(err) } @@ -2929,7 +2887,7 @@ func resourceAppgateApplianceUpdate(ctx context.Context, d *schema.ResourceData, if d.HasChange("portal") { _, v := d.GetChange("portal") - portal, err := readAppliancePortalFromConfig(d, v.([]interface{}), currentVersion) + portal, err := readAppliancePortalFromConfig(d, v.([]interface{})) if err != nil { return diag.FromErr(err) } @@ -3373,7 +3331,7 @@ func readPingFromConfig(pingers []interface{}) (openapi.ApplianceAllOfPing, erro return val, nil } -func readLogForwardFromConfig(logforwards []interface{}, currentVersion *version.Version) (openapi.ApplianceAllOfLogForwarder, error) { +func readLogForwardFromConfig(logforwards []interface{}) (openapi.ApplianceAllOfLogForwarder, error) { val := openapi.ApplianceAllOfLogForwarder{} for _, logforward := range logforwards { if logforward == nil { @@ -3409,16 +3367,10 @@ func readLogForwardFromConfig(logforwards []interface{}, currentVersion *version elasticsearch.SetRetentionDays(int32(v.(int))) } if v, ok := r["compatibility_mode"]; ok { - if currentVersion.LessThan(Appliance55Version) { - return val, fmt.Errorf("elasticsearch.compatibility_mode is only available in 5.5 or greater, got %s", currentVersion) - } elasticsearch.SetCompatibilityMode(int32(v.(int))) } if v, ok := r["authentication"].([]interface{}); ok { - if currentVersion.LessThan(Appliance55Version) { - return val, fmt.Errorf("elasticsearch.authentication is only available in 5.5 or greater, got %s", currentVersion) - } val := v[0].(map[string]interface{}) a := openapi.ElasticsearchAllOfAuthentication{} if v, ok := val["type"].(string); ok && len(v) > 0 { @@ -3676,7 +3628,7 @@ func readApplianceMetricsAggregatorFromConfig(metricAggrs []interface{}, current return val, nil } -func readApplianceConnectorFromConfig(currentVersion *version.Version, connectors []interface{}) (openapi.ApplianceAllOfConnector, error) { +func readApplianceConnectorFromConfig(connectors []interface{}) (openapi.ApplianceAllOfConnector, error) { val := openapi.ApplianceAllOfConnector{} for _, connector := range connectors { if connector == nil { @@ -3720,10 +3672,8 @@ func readApplianceConnectorFromConfig(currentVersion *version.Version, connector if v, ok := r["snat_to_resources"]; ok { client.SetSnatToResources(v.(bool)) } - if currentVersion.GreaterThanOrEqual(Appliance54Version) { - if v, ok := r["dnat_to_resource"]; ok { - client.SetDnatToResource(v.(bool)) - } + if v, ok := r["dnat_to_resource"]; ok { + client.SetDnatToResource(v.(bool)) } clients = append(clients, client) @@ -3794,7 +3744,7 @@ func readRsyslogDestinationFromConfig(rsyslogs []interface{}) ([]openapi.Applian return result, nil } -func readAppliancePortalFromConfig(d *schema.ResourceData, portals []interface{}, currentVersion *version.Version) (openapi.Portal, error) { +func readAppliancePortalFromConfig(d *schema.ResourceData, portals []interface{}) (openapi.Portal, error) { p := openapi.Portal{} for _, portal := range portals { if portal == nil { @@ -3890,11 +3840,7 @@ func readAppliancePortalFromConfig(d *schema.ResourceData, portals []interface{} } if v, ok := raw["auto_redirect"].(bool); ok { - if currentVersion.LessThan(Appliance60Version) && v { - return p, fmt.Errorf("portal.sign_in_customization.auto_redirect is not allowed in %s", currentVersion.String()) - } else if currentVersion.GreaterThanOrEqual(Appliance60Version) { - customization.SetAutoRedirect(v) - } + customization.SetAutoRedirect(v) } p.SetSignInCustomization(customization) diff --git a/appgate/resource_appgate_appliance_test.go b/appgate/resource_appgate_appliance_test.go index 5f50d3e6..da2eb21d 100644 --- a/appgate/resource_appgate_appliance_test.go +++ b/appgate/resource_appgate_appliance_test.go @@ -33,12 +33,6 @@ var applianceConstraintCheck = func(t *testing.T, constraint string) { } var ( - applianceTestForFiveFive = func(t *testing.T) { - applianceConstraintCheck(t, ">= 5.5, < 6.0") - } - applianceTestForFiveFiveOrHigher = func(t *testing.T) { - applianceConstraintCheck(t, ">= 5.5") - } testFor6AndAbove = func(t *testing.T) { applianceConstraintCheck(t, ">= 6.0") } @@ -81,10 +75,6 @@ func TestAccApplianceBasicController(t *testing.T) { Steps: []resource.TestStep{ { - PreConfig: func() { - // this test include peer_interface which is not allowed on higher versions - applianceTestForFiveFive(t) - }, Config: testAccCheckApplianceBasicController(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), @@ -248,7 +238,6 @@ func TestAccApplianceBasicController(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", context["updated_name"].(string)), resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "hostname", context["updated_hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.#", "1"), @@ -260,10 +249,6 @@ func TestAccApplianceBasicController(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "4444"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "UDP-TCP"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "13371"), resource.TestCheckResourceAttr(resourceName, "tags.#", "3"), resource.TestCheckResourceAttr(resourceName, "tags.0", "api-test-created-updated"), @@ -435,7 +420,6 @@ func TestAccApplianceBasicController(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", context["disabled_name"].(string)), resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "hostname", context["updated_hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.#", "1"), @@ -447,10 +431,6 @@ func TestAccApplianceBasicController(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "4444"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "UDP-TCP"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "13371"), resource.TestCheckResourceAttr(resourceName, "tags.#", "2"), resource.TestCheckResourceAttr(resourceName, "tags.0", "api-test-created-updated"), @@ -597,7 +577,6 @@ data "appgatesdp_site" "default_site" { resource "appgatesdp_appliance" "test_controller" { name = "%{name}" hostname = "%{hostname}" - connect_to_peers_using_client_port_with_spa = true client_interface { hostname = "%{hostname}" proxy_protocol = true @@ -610,10 +589,6 @@ resource "appgatesdp_appliance" "test_controller" { } override_spa_mode = "TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "1337" - } tags = [ "terraform", "api-test-created" @@ -803,10 +778,6 @@ resource "appgatesdp_appliance" "test_controller" { override_spa_mode = "UDP-TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "13371" - } tags = [ "terraform", "api-test-created-updated", @@ -1035,11 +1006,6 @@ resource "appgatesdp_appliance" "test_controller" { override_spa_mode = "UDP-TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "13371" - } - tags = [ "terraform", "api-test-created-updated", @@ -1146,9 +1112,6 @@ func TestAccApplianceConnector(t *testing.T) { Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFive(t) - }, Config: testAccCheckApplianceBasicConnector(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), @@ -1200,11 +1163,6 @@ func TestAccApplianceConnector(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1337"), - resource.TestCheckResourceAttr(resourceName, "tags.#", "2"), resource.TestCheckResourceAttr(resourceName, "tags.0", "api-test-created"), resource.TestCheckResourceAttr(resourceName, "tags.1", "terraform"), @@ -1247,10 +1205,6 @@ resource "appgatesdp_appliance" "connector" { override_spa_mode = "TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "1337" - } tags = [ "terraform", "api-test-created" @@ -1336,10 +1290,6 @@ func TestAccApplianceBasicGateway(t *testing.T) { CheckDestroy: testAccCheckApplianceDestroy, Steps: []resource.TestStep{ { - PreConfig: func() { - // this test include peer_interface which is not allowed on higher versions - applianceTestForFiveFive(t) - }, Config: testAccCheckApplianceBasicGateway(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), @@ -1420,10 +1370,6 @@ resource "appgatesdp_appliance" "test_gateway" { override_spa_mode = "TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "1337" - } tags = [ "terraform", "api-test-created" @@ -1489,16 +1435,12 @@ func TestAccApplianceBasicControllerWithoutOverrideSPA(t *testing.T) { Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFive(t) - }, Config: testAccCheckApplianceBasicControllerWithoutOverrideSPA(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.#", "1"), @@ -1598,11 +1540,6 @@ func TestAccApplianceBasicControllerWithoutOverrideSPA(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1337"), - resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.address", "127.0.0.1"), @@ -1666,7 +1603,6 @@ data "appgatesdp_site" "default_site" { resource "appgatesdp_appliance" "test_controller" { name = "%{name}" hostname = "%{hostname}" - connect_to_peers_using_client_port_with_spa = true client_interface { hostname = "%{hostname}" proxy_protocol = true @@ -1678,10 +1614,6 @@ resource "appgatesdp_appliance" "test_controller" { nic = "eth0" } } - peer_interface { - hostname = "%{hostname}" - https_port = "1337" - } tags = [ "terraform", "api-test-created" @@ -1862,16 +1794,12 @@ func TestAccApplianceBasicControllerOverriderSPADisabled(t *testing.T) { Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFive(t) - }, Config: testAccCheckApplianceBasicControllerWithOverrideSPA(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "Disabled"), @@ -1972,11 +1900,6 @@ func TestAccApplianceBasicControllerOverriderSPADisabled(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1337"), - resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.address", "127.0.0.1"), @@ -2040,7 +1963,6 @@ data "appgatesdp_site" "default_site" { resource "appgatesdp_appliance" "test_controller" { name = "%{name}" hostname = "%{hostname}" - connect_to_peers_using_client_port_with_spa = true client_interface { hostname = "%{hostname}" proxy_protocol = true @@ -2053,10 +1975,6 @@ resource "appgatesdp_appliance" "test_controller" { nic = "eth0" } } - peer_interface { - hostname = "%{hostname}" - https_port = "1337" - } tags = [ "terraform", "api-test-created" @@ -2267,7 +2185,6 @@ func TestAccAppliancePortalSetup(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "447"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "UDP-TCP"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "networking.#", "1"), @@ -2299,15 +2216,6 @@ func TestAccAppliancePortalSetup(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.name", "eth0"), resource.TestCheckResourceAttr(resourceName, "networking.0.routes.#", "0"), resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.address", "1.3.3.8"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1338"), resource.TestCheckResourceAttr(resourceName, "portal.#", "1"), resource.TestCheckResourceAttr(resourceName, "portal.0.enabled", "true"), @@ -2378,16 +2286,6 @@ resource "appgatesdp_appliance" "test_portal" { } override_spa_mode = "UDP-TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "1338" - - allow_sources { - address = "1.3.3.8" - netmask = 32 - nic = "eth0" - } - } site = data.appgatesdp_site.default_site.id networking { nics { @@ -2445,15 +2343,6 @@ func TestAccAppliancePortalSetup6(t *testing.T) { PreConfig: func() { c := testAccProvider.Meta().(*Client) c.GetToken() - currentVersion := c.ApplianceVersion - constraints, err := version.NewConstraint(">= 6.0, < 6.2") - if err != nil { - t.Fatalf("could not parse version constraint %s", err) - return - } - if !constraints.Check(currentVersion) { - t.Skip("Test only for 6.0 and above, appliance.portal without peer_interface is only supported in 5.4 and above.") - } }, Config: testAccCheckAppliancePortalConfig6(context), Check: resource.ComposeTestCheckFunc( @@ -2792,9 +2681,6 @@ func TestAccApplianceAdminInterfaceAddRemove(t *testing.T) { Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFive(t) - }, Config: testAccApplianceWithAdminInterface(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), @@ -2833,10 +2719,6 @@ func TestAccApplianceAdminInterfaceAddRemove(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "444"), resource.TestCheckResourceAttr(resourceName, "admin_interface.#", "1"), resource.TestCheckResourceAttr(resourceName, "admin_interface.0.%", "4"), resource.TestCheckResourceAttr(resourceName, "admin_interface.0.allow_sources.#", "0"), @@ -2896,11 +2778,6 @@ func TestAccApplianceAdminInterfaceAddRemove(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "444"), - resource.TestCheckResourceAttr(resourceName, "admin_interface.#", "0"), ), }, @@ -2932,16 +2809,6 @@ resource "appgatesdp_appliance" "appliance_one" { override_spa_mode = "TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "444" - - allow_sources { - address = "0.0.0.0" - netmask = 0 - } - } - admin_interface { hostname = "%{hostname}" https_ciphers = [ @@ -2993,15 +2860,6 @@ resource "appgatesdp_appliance" "appliance_one" { override_spa_mode = "TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "444" - - allow_sources { - address = "0.0.0.0" - netmask = 0 - } - } site = data.appgatesdp_site.default_site.id networking { nics { @@ -3037,9 +2895,6 @@ func TestAccApplianceLogServerFunction(t *testing.T) { Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFive(t) - }, Config: testAccApplianceWithLogServer(context), Check: resource.ComposeTestCheckFunc( testAccCheckApplianceExists(resourceName), @@ -3063,7 +2918,6 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "447"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "UDP-TCP"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), @@ -3074,7 +2928,7 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "controller.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "customization", ""), resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "2"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "gateway.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.%", "3"), @@ -3130,15 +2984,6 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.#", "1"), resource.TestCheckResourceAttr(resourceName, "ntp.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.address", "1.3.3.8"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1338"), resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), @@ -3191,7 +3036,6 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "447"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "UDP-TCP"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), @@ -3202,7 +3046,7 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "controller.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "customization", ""), resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "2"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "gateway.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.%", "3"), @@ -3255,15 +3099,6 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.#", "1"), resource.TestCheckResourceAttr(resourceName, "ntp.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.address", "1.3.3.8"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1338"), resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), @@ -3331,16 +3166,6 @@ resource "appgatesdp_appliance" "log_server" { "ECDHE-RSA-AES128-GCM-SHA256" ] } - peer_interface { - hostname = "%{hostname}" - https_port = "1338" - - allow_sources { - address = "1.3.3.8" - netmask = 32 - nic = "eth0" - } - } site = data.appgatesdp_site.default_site.id networking { @@ -3388,17 +3213,6 @@ resource "appgatesdp_appliance" "log_server" { override_spa_mode = "UDP-TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "1338" - - allow_sources { - address = "1.3.3.8" - netmask = 32 - nic = "eth0" - } - } - site = data.appgatesdp_site.default_site.id networking { nics { @@ -3428,7 +3242,6 @@ data "appgatesdp_site" "default_site" { resource "appgatesdp_appliance" "log_forwarder_elasticsearch" { name = "%{name}" hostname = "%{hostname}" - connect_to_peers_using_client_port_with_spa = true client_interface { hostname = "%{hostname}" proxy_protocol = true @@ -3441,10 +3254,6 @@ resource "appgatesdp_appliance" "log_forwarder_elasticsearch" { } override_spa_mode = "TCP" } - peer_interface { - hostname = "%{hostname}" - https_port = "1337" - } tags = [ "terraform", "api-test-created" @@ -3640,7 +3449,6 @@ func TestAccApplianceLogForwarderSplunkSumo61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "443"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "Disabled"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "false"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "false"), resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), @@ -3739,7 +3547,6 @@ func TestAccApplianceLogForwarderSplunkSumo61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.hostname", "3.ubuntu.pool.ntp.org"), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "0"), resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), @@ -3906,7 +3713,6 @@ func TestAccApplianceLogForwarderTcpClients(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "444"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "TCP"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "false"), resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), @@ -4029,7 +3835,6 @@ func TestAccApplianceLogForwarderTcpClients(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.#", "1"), resource.TestCheckResourceAttr(resourceName, "ntp.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "0"), resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), @@ -4315,7 +4120,6 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.hostname", "3.ubuntu.pool.ntp.org"), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "0"), resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), @@ -4484,7 +4288,6 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.hostname", "3.ubuntu.pool.ntp.org"), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "0"), resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), diff --git a/appgate/resource_appgate_condition.go b/appgate/resource_appgate_condition.go index f622c26a..561e38d4 100644 --- a/appgate/resource_appgate_condition.go +++ b/appgate/resource_appgate_condition.go @@ -11,9 +11,6 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -// errRemedyLogicUnsupportedVersion is used when trying to use remedy_logic on an older unsupported version. -var errRemedyLogicUnsupportedVersion = fmt.Errorf("remedy_logic is only supported in %s or higher", ApplianceVersionMap[Version14]) - func resourceAppgateCondition() *schema.Resource { return &schema.Resource{ Create: resourceAppgateConditionCreate, @@ -131,7 +128,6 @@ func resourceAppgateConditionCreate(d *schema.ResourceData, meta interface{}) er return err } api := meta.(*Client).API.ConditionsApi - currentVersion := meta.(*Client).ApplianceVersion args := openapi.Condition{} if v, ok := d.GetOk("condition_id"); ok { @@ -150,9 +146,6 @@ func resourceAppgateConditionCreate(d *schema.ResourceData, meta interface{}) er } if v, ok := d.GetOk("remedy_logic"); ok { - if currentVersion.LessThan(Appliance53Version) { - return fmt.Errorf("%w, you are using %q client v%d", errRemedyLogicUnsupportedVersion, currentVersion, meta.(*Client).ClientVersion) - } args.SetRemedyLogic(v.(string)) } @@ -191,7 +184,6 @@ func resourceAppgateConditionRead(d *schema.ResourceData, meta interface{}) erro return err } api := meta.(*Client).API.ConditionsApi - currentVersion := meta.(*Client).ApplianceVersion ctx := context.Background() request := api.ConditionsIdGet(ctx, d.Id()) remoteCondition, res, err := request.Authorization(token).Execute() @@ -208,11 +200,7 @@ func resourceAppgateConditionRead(d *schema.ResourceData, meta interface{}) erro d.Set("notes", remoteCondition.Notes) d.Set("tags", remoteCondition.Tags) d.Set("expression", remoteCondition.Expression) - - if currentVersion.GreaterThanOrEqual(Appliance53Version) { - d.Set("remedy_logic", remoteCondition.GetRemedyLogic()) - } - + d.Set("remedy_logic", remoteCondition.GetRemedyLogic()) d.Set("repeat_schedules", remoteCondition.RepeatSchedules) if remoteCondition.RemedyMethods != nil { if err = d.Set("remedy_methods", flattenConditionRemedyMethods(remoteCondition.RemedyMethods)); err != nil { @@ -244,7 +232,6 @@ func resourceAppgateConditionUpdate(d *schema.ResourceData, meta interface{}) er return err } api := meta.(*Client).API.ConditionsApi - currentVersion := meta.(*Client).ApplianceVersion request := api.ConditionsIdGet(ctx, d.Id()) orginalCondition, _, err := request.Authorization(token).Execute() if err != nil { @@ -266,9 +253,6 @@ func resourceAppgateConditionUpdate(d *schema.ResourceData, meta interface{}) er orginalCondition.SetExpression(d.Get("expression").(string)) } if d.HasChange("remedy_logic") { - if currentVersion.LessThan(Appliance53Version) { - return fmt.Errorf("%w, you are using %q client v%d", errRemedyLogicUnsupportedVersion, currentVersion, meta.(*Client).ClientVersion) - } orginalCondition.SetRemedyLogic(d.Get("remedy_logic").(string)) } diff --git a/appgate/resource_appgate_global_settings.go b/appgate/resource_appgate_global_settings.go index 8c794641..19a2f2ea 100644 --- a/appgate/resource_appgate_global_settings.go +++ b/appgate/resource_appgate_global_settings.go @@ -276,25 +276,13 @@ func resourceGlobalSettingsUpdate(ctx context.Context, d *schema.ResourceData, m } } if d.HasChange("spa_mode") { - if currentVersion.LessThan(Appliance55Version) { - return diag.Errorf("spa_mode is not supported on %s", currentVersion.String()) - } else if currentVersion.GreaterThanOrEqual(Appliance55Version) { - originalsettings.SetSpaMode(d.Get("spa_mode").(string)) - } + originalsettings.SetSpaMode(d.Get("spa_mode").(string)) } if d.HasChange("spa_time_window_seconds") { - if currentVersion.LessThan(Appliance60Version) { - return diag.Errorf("spa_time_window_seconds is not supported on %s", currentVersion.String()) - } else if currentVersion.GreaterThanOrEqual(Appliance60Version) { - originalsettings.SetSpaTimeWindowSeconds(float32(d.Get("spa_time_window_seconds").(int))) - } + originalsettings.SetSpaTimeWindowSeconds(float32(d.Get("spa_time_window_seconds").(int))) } if d.HasChange("collective_name") { - if currentVersion.LessThan(Appliance60Version) { - return diag.Errorf("collective_name is not supported on %s", currentVersion.String()) - } else if currentVersion.GreaterThanOrEqual(Appliance60Version) { - originalsettings.SetCollectiveName(d.Get("collective_name").(string)) - } + originalsettings.SetCollectiveName(d.Get("collective_name").(string)) } log.Printf("[DEBUG] Updating Global settings %+v", originalsettings) req := api.GlobalSettingsPut(ctx) diff --git a/appgate/resource_appgate_identity_provider_ldap.go b/appgate/resource_appgate_identity_provider_ldap.go index 2b1c9ed5..77b48859 100644 --- a/appgate/resource_appgate_identity_provider_ldap.go +++ b/appgate/resource_appgate_identity_provider_ldap.go @@ -48,17 +48,13 @@ func resourceAppgateLdapProviderRuleCreate(d *schema.ResourceData, meta interfac currentVersion := meta.(*Client).ApplianceVersion provider := &openapi.ConfigurableIdentityProvider{} provider.Type = identityProviderLdap - provider, err = readProviderFromConfig(d, *provider, currentVersion) + provider, err = readProviderFromConfig(d, *provider) if err != nil { return fmt.Errorf("Failed to read and create basic identity provider for %s %w", identityProviderLdap, err) } args := openapi.LdapProvider{} - if currentVersion.LessThan(Appliance55Version) { - args.DeviceLimitPerUser = nil - } - args.SetType(provider.GetType()) args.SetId(provider.GetId()) args.SetName(provider.GetName()) diff --git a/appgate/resource_appgate_identity_provider_ldap_certificate.go b/appgate/resource_appgate_identity_provider_ldap_certificate.go index e667559b..dc48bbc1 100644 --- a/appgate/resource_appgate_identity_provider_ldap_certificate.go +++ b/appgate/resource_appgate_identity_provider_ldap_certificate.go @@ -69,17 +69,13 @@ func resourceAppgateLdapCertificateProviderRuleCreate(d *schema.ResourceData, me currentVersion := meta.(*Client).ApplianceVersion provider := &openapi.ConfigurableIdentityProvider{} provider.Type = identityProviderLdapCertificate - provider, err = readProviderFromConfig(d, *provider, currentVersion) + provider, err = readProviderFromConfig(d, *provider) if err != nil { return fmt.Errorf("Failed to read and create basic identity provider for %s %w", identityProviderLdapCertificate, err) } args := openapi.LdapCertificateProvider{} - if currentVersion.LessThan(Appliance55Version) { - args.DeviceLimitPerUser = nil - } - args.SetType(provider.GetType()) args.SetId(provider.GetId()) args.SetName(provider.GetName()) @@ -320,7 +316,7 @@ func resourceAppgateLdapCertificateProviderRuleUpdate(d *schema.ResourceData, me originalLdapCertificateProvider.SetAdminProvider(d.Get("admin_provider").(bool)) } if d.HasChange("device_limit_per_user") { - originalLdapCertificateProvider.SetDeviceLimitPerUser(int32(d.Get("device_limit_per_user").(int))) + originalLdapCertificateProvider.SetDeviceLimitPerUser(d.Get("device_limit_per_user").(int32)) } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") diff --git a/appgate/resource_appgate_identity_provider_ldap_certificate_test.go b/appgate/resource_appgate_identity_provider_ldap_certificate_test.go index d9a5eeea..4f8bdb82 100644 --- a/appgate/resource_appgate_identity_provider_ldap_certificate_test.go +++ b/appgate/resource_appgate_identity_provider_ldap_certificate_test.go @@ -18,9 +18,6 @@ func TestAccLdapCertificateIdentityProvidervBasic(t *testing.T) { CheckDestroy: testAccCheckLdapCertificateIdentityProvidervDestroy, Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFiveOrHigher(t) - }, Config: testAccCheckLdapCertificateIdentityProvidervBasic(rName), Check: resource.ComposeTestCheckFunc( testAccCheckLdapCertificateIdentityProvidervExists(resourceName), @@ -281,10 +278,6 @@ func TestAccLdapCertificateIdentityProvidervBasic55OrGreater(t *testing.T) { PreConfig: func() { c := testAccProvider.Meta().(*Client) c.GetToken() - currentVersion := c.ApplianceVersion - if currentVersion.LessThan(Appliance55Version) { - t.Skip("Test only for 5.5 and above, on_boarding_two_factor.0.device_limit_per_user updated behaviour in > 5.5") - } }, Config: testAccCheckLdapCertificateIdentityProvidervBasic55OrGreater(rName), Check: resource.ComposeTestCheckFunc( diff --git a/appgate/resource_appgate_identity_provider_ldap_test.go b/appgate/resource_appgate_identity_provider_ldap_test.go index 18024138..d57ecf7d 100644 --- a/appgate/resource_appgate_identity_provider_ldap_test.go +++ b/appgate/resource_appgate_identity_provider_ldap_test.go @@ -18,9 +18,6 @@ func TestAccLdapIdentityProviderBasic(t *testing.T) { CheckDestroy: testAccCheckLdapIdentityProviderDestroy, Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFiveOrHigher(t) - }, Config: testAccCheckLdapIdentityProviderBasic(rName), Check: resource.ComposeTestCheckFunc( testAccCheckLdapIdentityProviderExists(resourceName), diff --git a/appgate/resource_appgate_identity_provider_oidc.go b/appgate/resource_appgate_identity_provider_oidc.go index e433695a..726e3764 100644 --- a/appgate/resource_appgate_identity_provider_oidc.go +++ b/appgate/resource_appgate_identity_provider_oidc.go @@ -88,15 +88,12 @@ func resourceAppgateOidcProviderRuleCreate(d *schema.ResourceData, meta interfac currentVersion := meta.(*Client).ApplianceVersion provider := &openapi.ConfigurableIdentityProvider{} provider.Type = identityProviderOidc - provider, err = readProviderFromConfig(d, *provider, currentVersion) + provider, err = readProviderFromConfig(d, *provider) if err != nil { return fmt.Errorf("Failed to read and create basic identity provider for %s %w", identityProviderOidc, err) } args := openapi.OidcProvider{} // base - if currentVersion.LessThan(Appliance55Version) { - args.DeviceLimitPerUser = nil - } args.SetType(provider.GetType()) args.SetId(provider.GetId()) args.SetName(provider.GetName()) diff --git a/appgate/resource_appgate_identity_provider_radius.go b/appgate/resource_appgate_identity_provider_radius.go index fb66c07d..0045f9a5 100644 --- a/appgate/resource_appgate_identity_provider_radius.go +++ b/appgate/resource_appgate_identity_provider_radius.go @@ -78,15 +78,12 @@ func resourceAppgateRadiusProviderRuleCreate(d *schema.ResourceData, meta interf currentVersion := meta.(*Client).ApplianceVersion provider := &openapi.ConfigurableIdentityProvider{} provider.Type = identityProviderRadius - provider, err = readProviderFromConfig(d, *provider, currentVersion) + provider, err = readProviderFromConfig(d, *provider) if err != nil { return fmt.Errorf("Failed to read and create basic identity provider for %s %w", identityProviderRadius, err) } args := openapi.RadiusProvider{} // base - if currentVersion.LessThan(Appliance55Version) { - args.DeviceLimitPerUser = nil - } args.SetType(provider.GetType()) args.SetId(provider.GetId()) args.SetName(provider.GetName()) diff --git a/appgate/resource_appgate_identity_provider_radius_test.go b/appgate/resource_appgate_identity_provider_radius_test.go index a36d10e2..f122e144 100644 --- a/appgate/resource_appgate_identity_provider_radius_test.go +++ b/appgate/resource_appgate_identity_provider_radius_test.go @@ -70,9 +70,6 @@ func TestAccRadiusIdentityProviderBasic(t *testing.T) { CheckDestroy: testAccCheckRadiusIdentityProviderDestroy, Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFiveOrHigher(t) - }, Config: testAccCheckRadiusIdentityProviderBasic55OrGreater(rName), Check: resource.ComposeTestCheckFunc( testAccCheckRadiusIdentityProviderExists(resourceName), diff --git a/appgate/resource_appgate_identity_provider_saml.go b/appgate/resource_appgate_identity_provider_saml.go index 5152d74e..aa1835d6 100644 --- a/appgate/resource_appgate_identity_provider_saml.go +++ b/appgate/resource_appgate_identity_provider_saml.go @@ -71,15 +71,12 @@ func resourceAppgateSamlProviderRuleCreate(d *schema.ResourceData, meta interfac currentVersion := meta.(*Client).ApplianceVersion provider := &openapi.ConfigurableIdentityProvider{} provider.Type = identityProviderSaml - provider, err = readProviderFromConfig(d, *provider, currentVersion) + provider, err = readProviderFromConfig(d, *provider) if err != nil { return fmt.Errorf("Failed to read and create basic identity provider for %s %w", identityProviderSaml, err) } args := openapi.SamlProvider{} - if currentVersion.LessThan(Appliance55Version) { - args.DeviceLimitPerUser = nil - } args.SetType(provider.GetType()) args.SetId(provider.GetId()) args.SetName(provider.GetName()) diff --git a/appgate/resource_appgate_identity_provider_saml_test.go b/appgate/resource_appgate_identity_provider_saml_test.go index 403ed3fd..8491177c 100644 --- a/appgate/resource_appgate_identity_provider_saml_test.go +++ b/appgate/resource_appgate_identity_provider_saml_test.go @@ -18,9 +18,6 @@ func TestAccSamlIdentityProviderBasic(t *testing.T) { CheckDestroy: testAccCheckSamlIdentityProviderDestroy, Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFiveOrHigher(t) - }, Config: testAccCheckSamlIdentityProviderBasic(rName), Check: resource.ComposeTestCheckFunc( testAccCheckSamlIdentityProviderExists(resourceName), @@ -841,8 +838,8 @@ func TestAccSamlIdentityProviderBasic55OrGreater(t *testing.T) { c := testAccProvider.Meta().(*Client) c.GetToken() currentVersion := c.ApplianceVersion - if currentVersion.LessThan(Appliance55Version) { - t.Skip("Test only for 5.5 and above, on_boarding_two_factor.0.device_limit_per_user updated behaviour in > 5.5") + if currentVersion.LessThan(Appliance63Version) { + t.Skip("Test ") } }, Config: testAccCheckSamlIdentityProviderBasic55OrGreater(rName), @@ -938,10 +935,6 @@ func TestAccSamlIdentityProviderUserScripts55OrGreater(t *testing.T) { PreConfig: func() { c := testAccProvider.Meta().(*Client) c.GetToken() - currentVersion := c.ApplianceVersion - if currentVersion.LessThan(Appliance55Version) { - t.Skip("Test only for 5.5 and above, on_boarding_two_factor.0.device_limit_per_user updated behaviour in > 5.5") - } }, Config: testAccCheckSamlIdentityProviderUserScripts55OrGreater(rName), Check: resource.ComposeTestCheckFunc( diff --git a/appgate/resource_appgate_policy.go b/appgate/resource_appgate_policy.go index 22d5391b..68c09b38 100644 --- a/appgate/resource_appgate_policy.go +++ b/appgate/resource_appgate_policy.go @@ -384,10 +384,6 @@ func resourceAppgatePolicyCreate(ctx context.Context, d *schema.ResourceData, me args.SetId(v.(string)) } - // Type is only available in >= 5.5 - if currentVersion.LessThan(Appliance55Version) { - args.Type = nil - } // if the provisioner has expliclitly set the type, use it. if v, ok := d.GetOk("type"); ok { args.SetType(v.(string)) @@ -398,9 +394,6 @@ func resourceAppgatePolicyCreate(ctx context.Context, d *schema.ResourceData, me // - resource "appgatesdp_device_policy" // - resource "appgatesdp_dns_policy" if v, ok := ctx.Value(PolicyTypeCtx).(string); ok { - if currentVersion.LessThan(Appliance55Version) { - return diag.Errorf("appgatesdp_%s_policy is not supported on your version", v) - } args.Type = openapi.PtrString(v) } @@ -420,14 +413,12 @@ func resourceAppgatePolicyCreate(ctx context.Context, d *schema.ResourceData, me args.SetExpression(c.(string)) } - if currentVersion.GreaterThanOrEqual(Appliance54Version) { - if v, ok := d.GetOk("client_settings"); ok { - settings, err := readPolicyClientSettingsFromConfig(v.([]interface{})) - if err != nil { - return diag.FromErr(err) - } - args.SetClientSettings(settings) + if v, ok := d.GetOk("client_settings"); ok { + settings, err := readPolicyClientSettingsFromConfig(v.([]interface{})) + if err != nil { + return diag.FromErr(err) } + args.SetClientSettings(settings) } if currentVersion.GreaterThanOrEqual(Appliance61Version) { if v, ok := d.GetOk("client_profile_settings"); ok { @@ -441,32 +432,30 @@ func resourceAppgatePolicyCreate(ctx context.Context, d *schema.ResourceData, me args.SetCustomClientHelpUrl(v.(string)) } } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - if v, ok := d.GetOk("type"); ok { - args.SetType(v.(string)) - } - if args.GetType() == "Dns" { - args.SetTamperProofing(false) - } - if v, ok := d.GetOk("override_site_claim"); ok { - args.SetOverrideSiteClaim(v.(string)) - } - if v, ok := d.GetOk("override_nearest_site"); ok { - args.SetOverrideNearestSite(v.(bool)) - } - if v, ok := d.GetOk("apply_fallback_site"); ok { - args.SetApplyFallbackSite(v.(bool)) + if v, ok := d.GetOk("type"); ok { + args.SetType(v.(string)) + } + if args.GetType() == "Dns" { + args.SetTamperProofing(false) + } + if v, ok := d.GetOk("override_site_claim"); ok { + args.SetOverrideSiteClaim(v.(string)) + } + if v, ok := d.GetOk("override_nearest_site"); ok { + args.SetOverrideNearestSite(v.(bool)) + } + if v, ok := d.GetOk("apply_fallback_site"); ok { + args.SetApplyFallbackSite(v.(bool)) + } + if v, ok := d.GetOk("dns_settings"); ok { + if args.GetType() != "Dns" { + return diag.Errorf("appgatesdp_policy.dns_settings is only allowed on policy Type 'Dns', got %q", args.GetType()) } - if v, ok := d.GetOk("dns_settings"); ok { - if args.GetType() != "Dns" { - return diag.Errorf("appgatesdp_policy.dns_settings is only allowed on policy Type 'Dns', got %q", args.GetType()) - } - servers, err := readPolicyDnsSettingsFromConfig(v.(*schema.Set).List()) - if err != nil { - return diag.FromErr(err) - } - args.SetDnsSettings(servers) + servers, err := readPolicyDnsSettingsFromConfig(v.(*schema.Set).List()) + if err != nil { + return diag.FromErr(err) } + args.SetDnsSettings(servers) } if c, ok := d.GetOk("entitlements"); ok { @@ -508,9 +497,6 @@ func resourceAppgatePolicyCreate(ctx context.Context, d *schema.ResourceData, me args.SetOverrideSite(c.(string)) } if v, ok := d.GetOk("proxy_auto_config"); ok { - if currentVersion.LessThan(Appliance53Version) { - return diag.Errorf("proxy_auto_config not supported on %q client v%d", currentVersion, meta.(*Client).ClientVersion) - } args.SetProxyAutoConfig(readProxyAutoConfigFromConfig(v.([]interface{}))) } @@ -721,9 +707,7 @@ func resourceAppgatePolicyRead(ctx context.Context, d *schema.ResourceData, meta if err != nil { return diag.FromErr(err) } - if currentVersion.GreaterThanOrEqual(Appliance53Version) { - d.Set("proxy_auto_config", pac) - } + d.Set("proxy_auto_config", pac) } } if v, o := policy.GetTrustedNetworkCheckOk(); o != false { @@ -735,28 +719,24 @@ func resourceAppgatePolicyRead(ctx context.Context, d *schema.ResourceData, meta d.Set("trusted_network_check", t) } } - if currentVersion.GreaterThanOrEqual(Appliance54Version) { - if ok := d.Get("client_settings"); ok != nil { - clientSettings, err := flattenPolicyClientSettings(policy.GetClientSettings()) - if err != nil { - return diag.FromErr(err) - } - d.Set("client_settings", clientSettings) + if ok := d.Get("client_settings"); ok != nil { + clientSettings, err := flattenPolicyClientSettings(policy.GetClientSettings()) + if err != nil { + return diag.FromErr(err) } + d.Set("client_settings", clientSettings) + } + d.Set("type", policy.GetType()) + if v := d.Get("override_site_claim"); v != nil { + d.Set("override_site_claim", policy.GetOverrideSiteClaim()) } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - d.Set("type", policy.GetType()) - if v := d.Get("override_site_claim"); v != nil { - d.Set("override_site_claim", policy.GetOverrideSiteClaim()) - } - if v := d.Get("dns_settings"); v != nil { - dnsSettings, err := flattenPolicyDnsSettings(policy.GetDnsSettings()) - if err != nil { - return diag.FromErr(err) - } - d.Set("dns_settings", dnsSettings) + if v := d.Get("dns_settings"); v != nil { + dnsSettings, err := flattenPolicyDnsSettings(policy.GetDnsSettings()) + if err != nil { + return diag.FromErr(err) } + d.Set("dns_settings", dnsSettings) } if v := d.Get("client_profile_settings"); v != nil && currentVersion.GreaterThanOrEqual(Appliance61Version) { clientProfileSettings, err := flattenPolicyClientProfileSettings(policy.GetClientProfileSettings()) @@ -966,15 +946,13 @@ func resourceAppgatePolicyUpdate(ctx context.Context, d *schema.ResourceData, me } orginalPolicy.SetAdministrativeRoles(entitlements) } - if currentVersion.GreaterThanOrEqual(Appliance54Version) { - if d.HasChange("client_settings") { - _, v := d.GetChange("client_settings") - clientSettings, err := readPolicyClientSettingsFromConfig(v.([]interface{})) - if err != nil { - return diag.FromErr(err) - } - orginalPolicy.SetClientSettings(clientSettings) + if d.HasChange("client_settings") { + _, v := d.GetChange("client_settings") + clientSettings, err := readPolicyClientSettingsFromConfig(v.([]interface{})) + if err != nil { + return diag.FromErr(err) } + orginalPolicy.SetClientSettings(clientSettings) } if d.HasChange("override_site") { @@ -986,29 +964,27 @@ func resourceAppgatePolicyUpdate(ctx context.Context, d *schema.ResourceData, me } } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - if d.HasChange("type") { - orginalPolicy.SetType(d.Get("type").(string)) + if d.HasChange("type") { + orginalPolicy.SetType(d.Get("type").(string)) + } + if d.HasChange("override_site_claim") { + _, n := d.GetChange("override_site_claim") + if new, ok := n.(string); ok && len(new) > 0 { + orginalPolicy.SetOverrideSiteClaim(new) + } else { + orginalPolicy.OverrideSiteClaim = nil } - if d.HasChange("override_site_claim") { - _, n := d.GetChange("override_site_claim") - if new, ok := n.(string); ok && len(new) > 0 { - orginalPolicy.SetOverrideSiteClaim(new) - } else { - orginalPolicy.OverrideSiteClaim = nil - } + } + if d.HasChange("dns_settings") { + if orginalPolicy.GetType() != "Dns" { + return diag.Errorf("appgatesdp_policy.dns_settings is only allowed on policy Type 'Dns', got %q", orginalPolicy.GetType()) } - if d.HasChange("dns_settings") { - if orginalPolicy.GetType() != "Dns" { - return diag.Errorf("appgatesdp_policy.dns_settings is only allowed on policy Type 'Dns', got %q", orginalPolicy.GetType()) - } - _, v := d.GetChange("dns_settings") - dnsSettings, err := readPolicyDnsSettingsFromConfig(v.(*schema.Set).List()) - if err != nil { - return diag.FromErr(err) - } - orginalPolicy.SetDnsSettings(dnsSettings) + _, v := d.GetChange("dns_settings") + dnsSettings, err := readPolicyDnsSettingsFromConfig(v.(*schema.Set).List()) + if err != nil { + return diag.FromErr(err) } + orginalPolicy.SetDnsSettings(dnsSettings) } if currentVersion.GreaterThanOrEqual(Appliance61Version) { if d.HasChange("client_profile_settings") { diff --git a/appgate/resource_appgate_policy_test.go b/appgate/resource_appgate_policy_test.go index 00af8f0d..3c5eb758 100644 --- a/appgate/resource_appgate_policy_test.go +++ b/appgate/resource_appgate_policy_test.go @@ -311,9 +311,6 @@ func TestAccPolicyClientSettings55(t *testing.T) { CheckDestroy: testAccCheckPolicyDestroy, Steps: []resource.TestStep{ { - PreConfig: func() { - applianceTestForFiveFiveOrHigher(t) - }, Config: testAccCheckPolicyClientSettings(context), Check: resource.ComposeTestCheckFunc( testAccCheckPolicyExists(resourceName), @@ -492,10 +489,6 @@ func TestAccPolicyDnsSettings55(t *testing.T) { PreConfig: func() { c := testAccProvider.Meta().(*Client) c.GetToken() - currentVersion := c.ApplianceVersion - if currentVersion.LessThan(Appliance55Version) { - t.Skip("Test only for 5.5 and above, appliance.portal is only supported in 5.4 and above.") - } }, Config: testAccCheckPolicyDnsSettings(context), Check: resource.ComposeTestCheckFunc( diff --git a/appgate/resource_appgate_site.go b/appgate/resource_appgate_site.go index be6af4af..bbb15bbb 100644 --- a/appgate/resource_appgate_site.go +++ b/appgate/resource_appgate_site.go @@ -2,7 +2,6 @@ package appgate import ( "context" - "errors" "fmt" "log" "net/http" @@ -352,10 +351,6 @@ func resourceAppgateSite() *schema.Resource { Default: false, Optional: true, }, - "subscription_id": { - Type: schema.TypeString, - Required: true, - }, "tenant_id": { Type: schema.TypeString, Required: true, @@ -736,7 +731,7 @@ func flattenNameResolution(currentVersion *version.Version, local map[string]int } if v, ok := in.GetAzureResolversOk(); ok { l := getNSLocalChanges(local, "azure_resolvers") - m["azure_resolvers"] = flattenSiteAzureResolver(currentVersion, v, l) + m["azure_resolvers"] = flattenSiteAzureResolver(v, l) } if v, ok := in.GetEsxResolversOk(); ok { l := getNSLocalChanges(local, "esx_resolvers") @@ -754,7 +749,7 @@ func flattenNameResolution(currentVersion *version.Version, local map[string]int } if currentVersion.GreaterThanOrEqual(Appliance61Version) { if v, ok := in.GetIllumioResolversOk(); ok { - m["illumio_resolvers"] = flattenSiteIllumioResolvers(v, getNSLocalChanges(local, "illumio_resolvers")) + m["illumio_resolvers"] = flattenSiteIllumioResolvers(currentVersion, v, getNSLocalChanges(local, "illumio_resolvers")) } } return []interface{}{m}, nil @@ -782,7 +777,7 @@ func flattenSiteGCPResolvers(in []openapi.SiteAllOfNameResolutionGcpResolvers) [ return out } -func flattenSiteIllumioResolvers(in []openapi.SiteAllOfNameResolutionIllumioResolvers, local map[string]interface{}) []map[string]interface{} { +func flattenSiteIllumioResolvers(version *version.Version, in []openapi.SiteAllOfNameResolutionIllumioResolvers, local map[string]interface{}) []map[string]interface{} { var out = make([]map[string]interface{}, len(in), len(in)) for i, v := range in { m := make(map[string]interface{}) @@ -791,7 +786,12 @@ func flattenSiteIllumioResolvers(in []openapi.SiteAllOfNameResolutionIllumioReso m["hostname"] = v.GetHostname() m["port"] = v.GetPort() m["username"] = v.GetUsername() - m["org_id"] = v.GetOrgId() + if version.GreaterThanOrEqual(Appliance62Version) { + if val, ok := local["orgiId"]; ok { + m["orgId"] = val + } + m["org_id"] = v.GetOrgId() + } if val, ok := local["password"]; ok { m["password"] = val } else { @@ -820,7 +820,7 @@ func flattenSiteESXResolvers(in []openapi.SiteAllOfNameResolutionEsxResolvers, l return out } -func flattenSiteAzureResolver(currentVersion *version.Version, in []openapi.SiteAllOfNameResolutionAzureResolvers, local map[string]interface{}) []map[string]interface{} { +func flattenSiteAzureResolver(in []openapi.SiteAllOfNameResolutionAzureResolvers, local map[string]interface{}) []map[string]interface{} { var out = make([]map[string]interface{}, len(in), len(in)) for i, v := range in { m := make(map[string]interface{}) @@ -833,9 +833,7 @@ func flattenSiteAzureResolver(currentVersion *version.Version, in []openapi.Site } else { m["secret"] = v.GetSecret() } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - m["use_managed_identities"] = v.GetUseManagedIdentities() - } + m["use_managed_identities"] = v.GetUseManagedIdentities() out[i] = m } @@ -1170,7 +1168,7 @@ func readSiteNameResolutionFromConfig(currentVersion *version.Version, nameresol } if v, ok := raw["dns_resolvers"]; ok { dnss := v.(*schema.Set).List() - dnsResolvers, err := readDNSResolversFromConfig(currentVersion, dnss) + dnsResolvers, err := readDNSResolversFromConfig(dnss) if err != nil { return result, err } @@ -1184,7 +1182,7 @@ func readSiteNameResolutionFromConfig(currentVersion *version.Version, nameresol result.SetAwsResolvers(awsResolvers) } if v, ok := raw["azure_resolvers"]; ok { - azureResolvers, err := readAzureResolversFromConfig(currentVersion, v.(*schema.Set).List()) + azureResolvers, err := readAzureResolversFromConfig(v.(*schema.Set).List()) if err != nil { return result, err } @@ -1205,14 +1203,11 @@ func readSiteNameResolutionFromConfig(currentVersion *version.Version, nameresol result.SetGcpResolvers(gcpResolvers) } if v, ok := raw["dns_forwarding"]; ok { - dnsForwardingResolvers, err := readDNSForwardingResolversFromConfig(currentVersion, v.(*schema.Set).List()) + dnsForwardingResolvers, err := readDNSForwardingResolversFromConfig(v.(*schema.Set).List()) if err != nil { return result, err } if len(dnsForwardingResolvers.GetDnsServers()) > 0 { - if currentVersion.LessThan(Appliance55Version) { - return result, errors.New("dns_forwarding is only available in 5.5 or above") - } result.SetDnsForwarding(dnsForwardingResolvers) } } @@ -1229,7 +1224,7 @@ func readSiteNameResolutionFromConfig(currentVersion *version.Version, nameresol return result, nil } -func readDNSResolversFromConfig(currentVersion *version.Version, dnsConfigs []interface{}) ([]openapi.SiteAllOfNameResolutionDnsResolvers, error) { +func readDNSResolversFromConfig(dnsConfigs []interface{}) ([]openapi.SiteAllOfNameResolutionDnsResolvers, error) { result := make([]openapi.SiteAllOfNameResolutionDnsResolvers, 0) for _, dns := range dnsConfigs { raw := dns.(map[string]interface{}) @@ -1240,13 +1235,11 @@ func readDNSResolversFromConfig(currentVersion *version.Version, dnsConfigs []in if v, ok := raw["update_interval"]; ok { row.SetUpdateInterval(int32(v.(int))) } - if currentVersion.GreaterThanOrEqual(Appliance60Version) { - if v, ok := raw["query_aaaa"]; ok { - row.SetQueryAAAA(v.(bool)) - } - if v, ok := raw["default_ttl_seconds"].(int); ok && v > 0 { - row.SetDefaultTtlSeconds(int32(v)) - } + if v, ok := raw["query_aaaa"]; ok { + row.SetQueryAAAA(v.(bool)) + } + if v, ok := raw["default_ttl_seconds"].(int); ok && v > 0 { + row.SetDefaultTtlSeconds(int32(v)) } if v := raw["servers"]; len(v.([]interface{})) > 0 { servers, err := readArrayOfStringsFromConfig(v.([]interface{})) @@ -1355,7 +1348,7 @@ func readAwsAssumedRolesFromConfig(roles []interface{}) ([]openapi.SiteAllOfName return result, nil } -func readAzureResolversFromConfig(currentVersion *version.Version, azureConfigs []interface{}) ([]openapi.SiteAllOfNameResolutionAzureResolvers, error) { +func readAzureResolversFromConfig(azureConfigs []interface{}) ([]openapi.SiteAllOfNameResolutionAzureResolvers, error) { result := make([]openapi.SiteAllOfNameResolutionAzureResolvers, 0) for _, azure := range azureConfigs { raw := azure.(map[string]interface{}) @@ -1375,10 +1368,8 @@ func readAzureResolversFromConfig(currentVersion *version.Version, azureConfigs if v, ok := raw["secret"]; ok { row.SetSecret(v.(string)) } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - if v, ok := raw["use_managed_identities"]; ok { - row.SetUseManagedIdentities(v.(bool)) - } + if v, ok := raw["use_managed_identities"]; ok { + row.SetUseManagedIdentities(v.(bool)) } result = append(result, row) } @@ -1432,7 +1423,7 @@ func readGCPResolversFromConfig(gcpConfigs []interface{}) ([]openapi.SiteAllOfNa return result, nil } -func readDNSForwardingResolversFromConfig(currentVersion *version.Version, dnsForwardingConfig []interface{}) (openapi.SiteAllOfNameResolutionDnsForwarding, error) { +func readDNSForwardingResolversFromConfig(dnsForwardingConfig []interface{}) (openapi.SiteAllOfNameResolutionDnsForwarding, error) { result := openapi.SiteAllOfNameResolutionDnsForwarding{} for _, dnsForwarding := range dnsForwardingConfig { raw := dnsForwarding.(map[string]interface{}) @@ -1456,10 +1447,8 @@ func readDNSForwardingResolversFromConfig(currentVersion *version.Version, dnsFo } result.SetAllowDestinations(destinations) } - if currentVersion.GreaterThanOrEqual(Appliance60Version) { - if v, ok := raw["default_ttl_seconds"].(int); ok && v > 0 { - result.SetDefaultTtlSeconds(int32(v)) - } + if v, ok := raw["default_ttl_seconds"].(int); ok && v > 0 { + result.SetDefaultTtlSeconds(int32(v)) } } return result, nil diff --git a/appgate/resource_appgate_site_test.go b/appgate/resource_appgate_site_test.go index ae39d5a4..3c0cecaf 100644 --- a/appgate/resource_appgate_site_test.go +++ b/appgate/resource_appgate_site_test.go @@ -54,7 +54,6 @@ func TestAccSiteBasic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.client_id", "string3"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.name", "Azure Resolver 1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.secret", "string4"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.subscription_id", "string1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.tenant_id", "string2"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.update_interval", "30"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_resolvers.#", "1"), @@ -259,12 +258,12 @@ resource "appgatesdp_site" "test_site" { } azure_resolvers { - name = "Azure Resolver 1" - update_interval = 30 - subscription_id = "string1" - tenant_id = "string2" - client_id = "string3" - secret = "string4" + name = "Azure Resolver 1" + update_interval = 30 + use_managed_identities = true + tenant_id = "string2" + client_id = "string3" + secret = "string4" } esx_resolvers { @@ -339,12 +338,12 @@ resource "appgatesdp_site" "test_site" { } azure_resolvers { - name = "Azure Resolver 1" - update_interval = 30 - subscription_id = "string1" - tenant_id = "string2" - client_id = "string3" - secret = "string4" + name = "Azure Resolver 1" + update_interval = 30 + use_managed_identities = true + tenant_id = "string2" + client_id = "string3" + secret = "string4" } esx_resolvers { @@ -414,12 +413,12 @@ resource "appgatesdp_site" "test_site" { } azure_resolvers { - name = "Azure Resolver 1" - update_interval = 30 - subscription_id = "string1" - tenant_id = "string2" - client_id = "string3" - secret = "string4" + name = "Azure Resolver 1" + update_interval = 30 + tenant_id = "string2" + client_id = "string3" + secret = "string4" + use_managed_identities = true } esx_resolvers { @@ -484,12 +483,12 @@ resource "appgatesdp_site" "test_site" { } azure_resolvers { - name = "Azure Resolver 1" - update_interval = 30 - subscription_id = "string1" - tenant_id = "string2" - client_id = "string3" - secret = "string4" + name = "Azure Resolver 1" + update_interval = 30 + tenant_id = "string2" + client_id = "string3" + secret = "string4" + use_managed_identities = true } esx_resolvers { @@ -555,12 +554,12 @@ resource "appgatesdp_site" "test_site" { } azure_resolvers { - name = "Azure Resolver 1" - update_interval = 30 - subscription_id = "string1" - tenant_id = "string2" - client_id = "string3" - secret = "string4" + name = "Azure Resolver 1" + update_interval = 30 + tenant_id = "string2" + client_id = "string3" + secret = "string4" + use_managed_identities = true } esx_resolvers { @@ -1851,6 +1850,9 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), + ImportStateVerifyIgnore: []string{ + "name_resolution.0.illumio_resolvers.0.org_id", + }, }, { ResourceName: resourceName, @@ -1906,6 +1908,9 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), + ImportStateVerifyIgnore: []string{ + "name_resolution.0.illumio_resolvers.0.org_id", + }, }, { ResourceName: resourceName, @@ -1951,6 +1956,9 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), + ImportStateVerifyIgnore: []string{ + "name_resolution.0.illumio_resolvers.0.org_id", + }, }, { ResourceName: resourceName, diff --git a/website/docs/r/appliance.markdown b/website/docs/r/appliance.markdown index 9d244c6e..8231e7f6 100644 --- a/website/docs/r/appliance.markdown +++ b/website/docs/r/appliance.markdown @@ -41,18 +41,6 @@ resource "appgatesdp_appliance" "new_gateway" { override_spa_mode = "UDP-TCP" } - peer_interface { - hostname = "envy-10-97-168-1338.devops" - https_port = "1338" - - allow_sources { - address = "1.3.3.8" - netmask = 0 - nic = "eth0" - } - } - - admin_interface { hostname = "envy-10-97-168-1337.devops" https_ciphers = [ @@ -274,9 +262,7 @@ The following arguments are supported: * `site`: (Optional) Site served by the Appliance. Entitlements on this Site will be included in the Entitlement Token for this Appliance. Not useful if Gateway role is not enabled. * `site_name`: (Optional) Name of the Site for this Appliance. For convenience only. * `customization`: (Optional) Customization assigned to this Appliance. -* `connect_to_peers_using_client_port_with_spa`: (Optional) Makes the Appliance to connect to Controller/LogServer/LogForwarders using their clientInterface.httpsPort instead of peerInterface.httpsPort. The Appliance uses SPA to connect. This field is deprecated as of 5.4. It will always be enabled when the support for peerInterface is removed. * `client_interface`: (Required) The details of the Client connection interface. -* `peer_interface`: (Required) The details of peer connection interface. Used by other appliances and administrative UI. This interface is deprecated as of 5.4. All connections will be handled by clientInterface and adminInterface in the future. The hostname field is used as identifier and will take over the hostname field in the root of Appliance when this interface is removed. * `admin_interface`: (Optional) The details of the admin connection interface. Required on Controllers and LogServers. * `networking`: (Required) Networking configuration of the system. * `ntp`: (Optional) NTP configuration. @@ -313,16 +299,6 @@ Source configuration to allow via iptables. * `address`: (Optional) IP address to allow connection. Example: 0.0.0.0,::. * `netmask`: (Optional) Netmask to use with address for allowing connections. Example: 0. * `nic`: (Optional) NIC name to accept connections on. Example: eth0. -### peer_interface - -!> **Warning:** peer_interface will be removed in future release. Estimated to be removed in the release after 5.5 - - -The details of peer connection interface. Used by other appliances and administrative UI. This interface is deprecated as of 5.4. All connections will be handled by clientInterface and adminInterface in the future. The hostname field is used as identifier and will take over the hostname field in the root of Appliance when this interface is removed. - -* `hostname`: (Required) Hostname to connect by the peers. It will be used to validate the appliance certificate. Example: appgate.company.com. -* `https_port`: (Optional) default value `8443` Port to connect for peer specific services. -* `allow_sources`: (Optional) Source configuration to allow via iptables. #### allow_sources Source configuration to allow via iptables. * `address`: (Optional) IP address to allow connection. Example: 0.0.0.0,::. diff --git a/website/docs/r/site.markdown b/website/docs/r/site.markdown index 46684fe0..5a17c672 100644 --- a/website/docs/r/site.markdown +++ b/website/docs/r/site.markdown @@ -92,7 +92,6 @@ resource "appgatesdp_site" "gbg_site" { name = "Azure Resolver 1" update_interval = 5 use_managed_identities = true - subscription_id = "subscription1" tenant_id = "tenant1" client_id = "client_id1" secret = "secret1" @@ -221,7 +220,6 @@ Resolvers to resolve Azure machines by querying Azure App Service. * `name`: (Required) Identifier name. Has no functional effect. * `update_interval`: (Optional) How often will the resolver poll the server. In seconds. * `use_managed_identities`: (Optional) Uses the built-in Managed Identities in Azure instances to authenticate against the API. -* `subscription_id`: (Optional) Azure subscription id, visible with the azure cli command `azure account show`. * `tenant_id`: (Optional) Azure tenant id, visible with the azure cli command `azure account show`. * `client_id`: (Optional) Azure client id, also called app id. Visible for a given application using the azure cli command `azure ad app show`. * `secret`: (Optional) Azure client secret. For Azure AD Apps this is done by creating a key for the app. From f573b774f67a3ed1c7c539b408d500ff9244ea18 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Thu, 3 Oct 2024 15:29:20 +0200 Subject: [PATCH 4/4] fix tests for v18-v21 --- appgate/resource_appgate_administrative_role.go | 2 +- .../resource_appgate_administrative_role_test.go | 4 ++-- appgate/resource_appgate_site.go | 3 --- appgate/resource_appgate_site_test.go | 16 ++-------------- go.mod | 2 +- go.sum | 4 ++++ 6 files changed, 10 insertions(+), 21 deletions(-) diff --git a/appgate/resource_appgate_administrative_role.go b/appgate/resource_appgate_administrative_role.go index e526833d..22aff106 100644 --- a/appgate/resource_appgate_administrative_role.go +++ b/appgate/resource_appgate_administrative_role.go @@ -304,7 +304,7 @@ func readAdminIstrativeRolePrivileges(privileges []interface{}, targetMap *opena // client side validation since the controller API does not yet validate it. functionAllowedTargets := []string{"Appliance", "All"} // lowercase, server side validation does not care about letter case - allowedFuncs := []string{"controller", "gateway", "logserver", "logforwarder", "connector", "portal"} + allowedFuncs := []string{"controller", "gateway", "logserver", "logforwarder", "connector", "portal", "ztp"} if v, ok := raw["functions"].([]interface{}); ok && len(v) > 0 { if a.GetType() != "AssignFunction" { return result, fmt.Errorf( diff --git a/appgate/resource_appgate_administrative_role_test.go b/appgate/resource_appgate_administrative_role_test.go index ad6fb804..f393d28d 100644 --- a/appgate/resource_appgate_administrative_role_test.go +++ b/appgate/resource_appgate_administrative_role_test.go @@ -526,7 +526,7 @@ resource "appgatesdp_administrative_role" "test_administrative_role" { privileges { type = "AssignFunction" target = "All" - functions = ["Connector", "Controller", "GateWAY", "logserver", "Ztp"] + functions = ["Connector", "Controller", "GateWAY", "logserver"] } } `, context) @@ -543,7 +543,7 @@ resource "appgatesdp_administrative_role" "test_administrative_role" { privileges { type = "AssignFunction" target = "All" - functions = ["Connector", "Controller", "GateWAY", "logserver", "Ztp"] + functions = ["Connector", "Controller", "GateWAY", "logserver"] } } `, context) diff --git a/appgate/resource_appgate_site.go b/appgate/resource_appgate_site.go index bbb15bbb..7bc15788 100644 --- a/appgate/resource_appgate_site.go +++ b/appgate/resource_appgate_site.go @@ -787,9 +787,6 @@ func flattenSiteIllumioResolvers(version *version.Version, in []openapi.SiteAllO m["port"] = v.GetPort() m["username"] = v.GetUsername() if version.GreaterThanOrEqual(Appliance62Version) { - if val, ok := local["orgiId"]; ok { - m["orgId"] = val - } m["org_id"] = v.GetOrgId() } if val, ok := local["password"]; ok { diff --git a/appgate/resource_appgate_site_test.go b/appgate/resource_appgate_site_test.go index 3c0cecaf..7fcad682 100644 --- a/appgate/resource_appgate_site_test.go +++ b/appgate/resource_appgate_site_test.go @@ -1850,17 +1850,11 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), - ImportStateVerifyIgnore: []string{ - "name_resolution.0.illumio_resolvers.0.org_id", - }, }, { ResourceName: resourceName, ImportState: true, ImportStateCheck: testAccSiteImportStateCheckFunc(1), - ImportStateVerifyIgnore: []string{ - "name_resolution.0.illumio_resolvers.0.org_id", - }, }, { Config: testAccSiteNameResolverIllumioUpdated(rName), @@ -1908,9 +1902,6 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), - ImportStateVerifyIgnore: []string{ - "name_resolution.0.illumio_resolvers.0.org_id", - }, }, { ResourceName: resourceName, @@ -1956,9 +1947,6 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), - ImportStateVerifyIgnore: []string{ - "name_resolution.0.illumio_resolvers.0.org_id", - }, }, { ResourceName: resourceName, @@ -2229,7 +2217,7 @@ resource "appgatesdp_site" "illumio_site" { port = 65530 username = "admin" password = "adminadmin" - org_id = "org12345" + org_id = "org12345" } } }`, rName) @@ -2257,7 +2245,7 @@ resource "appgatesdp_site" "illumio_site" { port = 1337 username = "acme" password = "adminadmin" - org_id = "org12345" + org_id = "org12345" } } }`, rName) diff --git a/go.mod b/go.mod index dbccdfe3..f1cfe0cf 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/appgate/terraform-provider-appgatesdp go 1.20 require ( - github.com/appgate/sdp-api-client-go v1.2.6 + github.com/appgate/sdp-api-client-go v1.2.8 github.com/cenkalti/backoff/v4 v4.2.1 github.com/denisbrodbeck/machineid v1.0.1 github.com/google/uuid v1.5.0 diff --git a/go.sum b/go.sum index db97995a..8ecf19cf 100644 --- a/go.sum +++ b/go.sum @@ -46,6 +46,10 @@ github.com/appgate/sdp-api-client-go v1.2.4 h1:JqgFuNx4znQscEfCfI9iX/4/QzsQMTewi github.com/appgate/sdp-api-client-go v1.2.4/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/appgate/sdp-api-client-go v1.2.6 h1:/3zWOiG6JnW+Lxf08ZDbYNnNopvVDav2RV7POx4nS5U= github.com/appgate/sdp-api-client-go v1.2.6/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= +github.com/appgate/sdp-api-client-go v1.2.7 h1:VaYd1I0q/b43MCEsx2dMcfwQcXwhB4BWEQLCx8v+FCg= +github.com/appgate/sdp-api-client-go v1.2.7/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= +github.com/appgate/sdp-api-client-go v1.2.8 h1:bx+qFl9G4DEARkceOciXEa0bvCDk6cy5TIi2zMa20R0= +github.com/appgate/sdp-api-client-go v1.2.8/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=