From 55969ee567e232513db509370bfcb7d091490cab Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Tue, 19 Mar 2024 09:04:05 +0100 Subject: [PATCH 1/7] upgrade client --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 36e69cf0..3507d77a 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/appgate/terraform-provider-appgatesdp go 1.20 require ( - github.com/appgate/sdp-api-client-go v1.2.1 + github.com/appgate/sdp-api-client-go v1.2.3 github.com/cenkalti/backoff/v4 v4.2.1 github.com/denisbrodbeck/machineid v1.0.1 github.com/google/uuid v1.5.0 diff --git a/go.sum b/go.sum index 54f4f395..b0598318 100644 --- a/go.sum +++ b/go.sum @@ -44,6 +44,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= github.com/appgate/sdp-api-client-go v1.2.1 h1:FJCWN11HBdqEsUGbuse1gDuj0/Xn/lGGagfz3ERT6DY= github.com/appgate/sdp-api-client-go v1.2.1/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= +github.com/appgate/sdp-api-client-go v1.2.3 h1:FVGg4fnj8EekYAMdw8qVLeRrbEt/5lTCfDeoW7P0qdE= +github.com/appgate/sdp-api-client-go v1.2.3/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= From e1d607e73b31b438b7ada7e4548825179c025cff Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Tue, 16 Apr 2024 09:10:07 +0200 Subject: [PATCH 2/7] WIP --- appgate/config.go | 14 +- appgate/config_test.go | 2 +- appgate/data_source_appgate_appliance_seed.go | 6 +- ...data_source_appgate_appliance_seed_test.go | 1 - ...ta_source_appgate_certificate_authority.go | 2 +- .../data_source_appgate_global_settings.go | 8 +- ...ata_source_appgate_global_settings_test.go | 1 - .../data_source_appgate_identity_provider.go | 2 +- appgate/find_resource_by_name.go | 64 +- appgate/identity_provider.go | 32 +- appgate/provider.go | 12 +- .../resource_appgate_administrative_role.go | 10 +- appgate/resource_appgate_appliance.go | 310 +++++++--- .../resource_appgate_appliance_controller.go | 2 +- ...esource_appgate_appliance_customization.go | 2 +- appgate/resource_appgate_appliance_test.go | 583 ++++++++++-------- appgate/resource_appgate_blacklist_user.go | 2 +- .../resource_appgate_client_connections.go | 189 ------ ...esource_appgate_client_connections_test.go | 85 --- appgate/resource_appgate_client_profile.go | 237 ++----- .../resource_appgate_client_profile_test.go | 48 +- appgate/resource_appgate_condition.go | 2 +- appgate/resource_appgate_criteria_script.go | 2 +- appgate/resource_appgate_device_script.go | 2 +- appgate/resource_appgate_entitlement.go | 8 +- .../resource_appgate_entitlement_script.go | 2 +- appgate/resource_appgate_entitlement_test.go | 10 +- appgate/resource_appgate_global_settings.go | 36 -- .../resource_appgate_global_settings_test.go | 5 - ...rce_appgate_identity_provider_connector.go | 2 +- ...resource_appgate_identity_provider_ldap.go | 8 +- ...gate_identity_provider_ldap_certificate.go | 8 +- ...ppgate_identity_provider_local_database.go | 8 +- ...resource_appgate_identity_provider_oidc.go | 12 +- ...source_appgate_identity_provider_radius.go | 8 +- ...resource_appgate_identity_provider_saml.go | 8 +- appgate/resource_appgate_ip_pool.go | 2 +- appgate/resource_appgate_license.go | 2 +- appgate/resource_appgate_local_user.go | 2 +- appgate/resource_appgate_mfa_provider.go | 2 +- appgate/resource_appgate_policy.go | 5 +- appgate/resource_appgate_ringfence_rule.go | 2 +- appgate/resource_appgate_site.go | 47 +- appgate/resource_appgate_site_test.go | 74 +-- appgate/resource_appgate_stop_policy_test.go | 5 +- .../resource_appgate_trusted_certificate.go | 2 +- appgate/resource_appgate_user_claim_script.go | 2 +- appgate/util.go | 29 +- gen/gen-accessors.go | 2 +- website/docs/d/global_settings.html.markdown | 1 - website/docs/r/appliance.markdown | 8 + website/docs/r/global_settings.markdown | 1 - website/docs/r/site.markdown | 2 - 53 files changed, 783 insertions(+), 1138 deletions(-) delete mode 100644 appgate/resource_appgate_client_connections.go delete mode 100644 appgate/resource_appgate_client_connections_test.go diff --git a/appgate/config.go b/appgate/config.go index b863332c..ba83c865 100644 --- a/appgate/config.go +++ b/appgate/config.go @@ -15,7 +15,7 @@ import ( "sync" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/cenkalti/backoff/v4" "github.com/hashicorp/go-version" "golang.org/x/net/http/httpproxy" @@ -185,6 +185,8 @@ func guessVersion(clientVersion int) (*version.Version, error) { return version.NewVersion("6.1.0+estimated") case Version19: return version.NewVersion("6.2.0+estimated") + case Version20: + return version.NewVersion("6.3.0+estimated") } return nil, fmt.Errorf("could not determine appliance version with client version %d", clientVersion) } @@ -283,13 +285,9 @@ func (c *Client) login(ctx context.Context) (*openapi.LoginResponse, error) { err := backoff.Retry(func() error { login, response, err := c.API.LoginApi.LoginPost(ctx).LoginRequest(loginOpts).Execute() if response == nil { - if err != nil { - if err, ok := err.(*url.Error); ok { - if err, ok := err.Unwrap().(x509.UnknownAuthorityError); ok { - return &backoff.PermanentError{ - Err: fmt.Errorf("Import certificate or toggle APPGATE_INSECURE - %s", err), - } - } + if err != nil && errors.As(err, &x509.UnknownAuthorityError{}) { + return &backoff.PermanentError{ + Err: fmt.Errorf("Import certificate or toggle APPGATE_INSECURE - %s", err), } } log.Printf("[DEBUG] Login failed, No response %s", err) diff --git a/appgate/config_test.go b/appgate/config_test.go index 7998db9f..ff153dd5 100644 --- a/appgate/config_test.go +++ b/appgate/config_test.go @@ -11,7 +11,7 @@ import ( "testing" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/google/uuid" "github.com/hashicorp/go-version" ) diff --git a/appgate/data_source_appgate_appliance_seed.go b/appgate/data_source_appgate_appliance_seed.go index 95b20110..6f5cb1da 100644 --- a/appgate/data_source_appgate_appliance_seed.go +++ b/appgate/data_source_appgate_appliance_seed.go @@ -8,7 +8,7 @@ import ( "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -112,10 +112,6 @@ func dataSourceAppgateApplianceSeedRead(d *schema.ResourceData, meta interface{} sshConfig.ProvideCloudSSHKey = openapi.PtrBool(cloudKey.(bool)) d.Set("provide_cloud_ssh_key", true) } - if _, lvOk := d.GetOk("latest_version"); lvOk { - exportRequest = exportRequest.LatestVersion(true) - d.Set("latest_version", true) - } exportRequest = exportRequest.SSHConfig(*sshConfig) seedmap, _, err := exportRequest.Authorization(token).Execute() if err != nil { diff --git a/appgate/data_source_appgate_appliance_seed_test.go b/appgate/data_source_appgate_appliance_seed_test.go index dbae5924..8ae897e0 100644 --- a/appgate/data_source_appgate_appliance_seed_test.go +++ b/appgate/data_source_appgate_appliance_seed_test.go @@ -22,7 +22,6 @@ func TestAccAppgateApplianceSeedDataSource(t *testing.T) { }, Check: resource.ComposeAggregateTestCheckFunc( resource.TestCheckResourceAttrPair(dataSourceName, "appliance_id", resourceName, "id"), - resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "latest_version"), resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "password"), resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "seed_file"), ), diff --git a/appgate/data_source_appgate_certificate_authority.go b/appgate/data_source_appgate_certificate_authority.go index a92cae05..8ef5a97e 100644 --- a/appgate/data_source_appgate_certificate_authority.go +++ b/appgate/data_source_appgate_certificate_authority.go @@ -4,7 +4,7 @@ import ( "context" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/data_source_appgate_global_settings.go b/appgate/data_source_appgate_global_settings.go index daf23b58..f0ada8c2 100644 --- a/appgate/data_source_appgate_global_settings.go +++ b/appgate/data_source_appgate_global_settings.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -53,11 +53,6 @@ func dataSourceGlobalSettings() *schema.Resource { Deprecated: "Whether there is a backup passphrase set or not. Deprecated as of 5.0. Use backupApiEnabled instead.", Computed: true, }, - "fips": { - Type: schema.TypeBool, - Description: "FIPS 140-2 Compliant Tunneling.", - Computed: true, - }, "geo_ip_updates": { Type: schema.TypeBool, Description: "Whether the automatic GeoIp updates are enabled or not.", @@ -102,7 +97,6 @@ func dataSourceAppgateGlobalSettingsRead(d *schema.ResourceData, meta interface{ d.Set("login_banner_message", settings.GetLoginBannerMessage()) d.Set("message_of_the_day", settings.GetMessageOfTheDay()) d.Set("backup_api_enabled", settings.GetBackupApiEnabled()) - d.Set("fips", settings.GetFips()) d.Set("geo_ip_updates", settings.GetGeoIpUpdates()) d.Set("audit_log_persistence_mode", settings.GetAuditLogPersistenceMode()) d.Set("app_discovery_domains", settings.GetAppDiscoveryDomains()) diff --git a/appgate/data_source_appgate_global_settings_test.go b/appgate/data_source_appgate_global_settings_test.go index d55f5243..d7cfa8d6 100644 --- a/appgate/data_source_appgate_global_settings_test.go +++ b/appgate/data_source_appgate_global_settings_test.go @@ -21,7 +21,6 @@ func TestAccAppgateGlobalSettingsDataSource(t *testing.T) { resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "backup_api_enabled"), - resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "fips"), resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "geo_ip_updates"), resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "audit_log_persistence_mode"), diff --git a/appgate/data_source_appgate_identity_provider.go b/appgate/data_source_appgate_identity_provider.go index 647b94f7..d0e6160e 100644 --- a/appgate/data_source_appgate_identity_provider.go +++ b/appgate/data_source_appgate_identity_provider.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/find_resource_by_name.go b/appgate/find_resource_by_name.go index 1e4571bf..8e4e21bc 100644 --- a/appgate/find_resource_by_name.go +++ b/appgate/find_resource_by_name.go @@ -3,10 +3,12 @@ package appgate import ( "context" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "log" + "time" + + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - "log" ) func findEntitlementByUUID(ctx context.Context, api *openapi.EntitlementsApiService, id, token string) (*openapi.Entitlement, diag.Diagnostics) { @@ -703,7 +705,56 @@ func findClientProfileByUUID(ctx context.Context, api *openapi.ClientProfilesApi if err != nil { return nil, diag.FromErr(err) } - return resource, nil + profile := openapi.ClientProfile{} + if id, ok := resource["id"]; ok { + profile.SetId(id.(string)) + } + if name, ok := resource["name"]; ok { + profile.SetName(name.(string)) + } + if identityProviderName, ok := resource["identityProviderName"]; ok { + profile.SetIdentityProviderName(identityProviderName.(string)) + } + if spaKeyName, ok := resource["spaKeyName"]; ok { + profile.SetSpaKeyName(spaKeyName.(string)) + } + if created, ok := resource["created"]; ok { + if c, err := time.Parse(time.RFC3339, created.(string)); err == nil { + profile.SetCreated(c) + } + } + if updated, ok := resource["updated"]; ok { + if u, err := time.Parse(time.RFC3339, updated.(string)); err == nil { + profile.SetUpdated(u) + } + } + if exported, ok := resource["exported"]; ok { + if e, err := time.Parse(time.RFC3339, exported.(string)); err == nil { + profile.SetExported(e) + } + } + if tags, ok := resource["tags"]; ok { + l := []string{} + t, ok := tags.([]interface{}) + if ok { + if len(t) > 0 { + for _, v := range t { + l = append(l, v.(string)) + } + } + } + profile.SetTags(l) + } + if type_, ok := resource["type"]; ok { + profile.SetType(type_.(string)) + } + if globalHostname, ok := resource["globalHostname"]; ok { + profile.SetGlobalHostname(globalHostname.(string)) + } + if notes, ok := resource["notes"]; ok { + profile.SetNotes(notes.(string)) + } + return &profile, nil } func findClientProfileByName(ctx context.Context, api *openapi.ClientProfilesApiService, name, token string) (*openapi.ClientProfile, diag.Diagnostics) { @@ -715,8 +766,11 @@ func findClientProfileByName(ctx context.Context, api *openapi.ClientProfilesApi return nil, diag.FromErr(err) } for _, r := range resource.GetData() { - if r.GetName() == name { - return &r, nil + if p, ok := r["profile"]; ok { + profileData := p.(openapi.ClientProfile) + if profileData.GetName() == name { + return &profileData, nil + } } } if len(resource.GetData()) > 1 { diff --git a/appgate/identity_provider.go b/appgate/identity_provider.go index 5578b755..fbe5914e 100644 --- a/appgate/identity_provider.go +++ b/appgate/identity_provider.go @@ -7,7 +7,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/hashicorp/go-version" @@ -453,7 +453,7 @@ func readProviderFromConfig(d *schema.ResourceData, provider openapi.Configurabl } if v, ok := d.GetOk("on_boarding_two_factor"); ok { - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return &provider, err } @@ -511,7 +511,7 @@ func readProviderFromConfig(d *schema.ResourceData, provider openapi.Configurabl return &provider, nil } -func readOnBoardingTwoFactorFromConfig(input []interface{}, currentVersion *version.Version) (openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA, error) { +func readOnBoardingTwoFactorFromConfig(input []interface{}) (openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA, error) { onboarding := openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA{} for _, r := range input { raw := r.(map[string]interface{}) @@ -521,24 +521,6 @@ func readOnBoardingTwoFactorFromConfig(input []interface{}, currentVersion *vers if v, ok := raw["message"]; ok { onboarding.SetMessage(v.(string)) } - if v, ok := raw["device_limit_per_user"]; ok { - val := int32(v.(int)) - log.Printf("[DEBUG] on_boarding_two_factor.device_limit_per_user only available in version 5.4 or less got %v - %v", val, currentVersion.LessThan(Appliance55Version)) - if currentVersion.LessThan(Appliance55Version) && val > 0 { - onboarding.SetDeviceLimitPerUser(val) - } else if val > 0 { - // device_limit_per_user is not allowed in 5.5 - return onboarding, fmt.Errorf( - "on_boarding_two_factor.device_limit_per_user is deprecated in %s. Use root level field instead. Got %d", - currentVersion.String(), - val, - ) - } else { - // else omit devicelmit per user from the request. - log.Printf("[DEBUG] on_boarding_two_factor.device_limit_per_user is not allowed on %s, omitted it from request, use root level instead", currentVersion.String()) - onboarding.DeviceLimitPerUser = nil - } - } if v, ok := raw["claim_suffix"]; ok { onboarding.SetClaimSuffix(v.(string)) @@ -667,7 +649,7 @@ func flattenIdentityProviderOnDemandClaimsMappning(claims []openapi.OnDemandClai return schema.NewSet(resourceIdentityProviderOnDemandClaimMappingsHash, out) } -func flattenIdentityProviderOnboarding2fa(input openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA, currentVersion *version.Version) []interface{} { +func flattenIdentityProviderOnboarding2fa(input openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA) []interface{} { o := make(map[string]interface{}) if v, ok := input.GetMfaProviderIdOk(); ok { o["mfa_provider_id"] = v @@ -675,12 +657,6 @@ func flattenIdentityProviderOnboarding2fa(input openapi.ConfigurableIdentityProv if v, ok := input.GetMessageOk(); ok { o["message"] = v } - // we will only save device_limit_per_user in the statefile if the currentversion still supports it. - if currentVersion.LessThan(Appliance55Version) { - if v, ok := input.GetDeviceLimitPerUserOk(); ok { - o["device_limit_per_user"] = int(*v) - } - } if v, ok := input.GetClaimSuffixOk(); ok { o["claim_suffix"] = v } diff --git a/appgate/provider.go b/appgate/provider.go index bd84f65e..49a3e3f7 100644 --- a/appgate/provider.go +++ b/appgate/provider.go @@ -27,10 +27,11 @@ const ( Version17 int = 17 Version18 int = 18 Version19 int = 19 + Version20 int = 20 // DefaultClientVersion is the latest support version of appgate sdp client that is supported. // its not recommended to change this value. - DefaultClientVersion = Version18 - MinimumSupportedVersion = Version16 + DefaultClientVersion = Version20 + MinimumSupportedVersion = Version18 ) var ( @@ -44,6 +45,7 @@ var ( Version17: "6.0.0", Version18: "6.1.0", Version19: "6.2.0", + Version20: "6.3.0", } Appliance53Version, _ = version.NewVersion(ApplianceVersionMap[Version14]) @@ -52,6 +54,7 @@ var ( Appliance60Version, _ = version.NewVersion(ApplianceVersionMap[Version17]) Appliance61Version, _ = version.NewVersion(ApplianceVersionMap[Version18]) Appliance62Version, _ = version.NewVersion(ApplianceVersionMap[Version19]) + Appliance63Version, _ = version.NewVersion(ApplianceVersionMap[Version20]) ) // Provider function returns the object that implements the terraform.ResourceProvider interface, specifically a schema.Provider @@ -192,7 +195,6 @@ func Provider() *schema.Provider { "appgatesdp_local_user": resourceAppgateLocalUser(), "appgatesdp_license": resourceAppgateLicense(), "appgatesdp_admin_mfa_settings": resourceAdminMfaSettings(), - "appgatesdp_client_connections": resourceClientConnections(), "appgatesdp_blacklist_user": resourceAppgateBlacklistUser(), "appgatesdp_radius_identity_provider": resourceAppgateRadiusProvider(), "appgatesdp_oidc_identity_provider": resourceAppgateOidcProvider(), @@ -206,12 +208,12 @@ func Provider() *schema.Provider { } provider.ConfigureContextFunc = func(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) { - return providerConfigure(ctx, d, provider.UserAgent("appgatesdp", pkgversion.ProviderVersion)) + return providerConfigure(d, provider.UserAgent("appgatesdp", pkgversion.ProviderVersion)) } return provider } -func providerConfigure(ctx context.Context, d *schema.ResourceData, ua string) (interface{}, diag.Diagnostics) { +func providerConfigure(d *schema.ResourceData, ua string) (interface{}, diag.Diagnostics) { // Warning or errors can be collected in a slice type var diags diag.Diagnostics config := Config{ diff --git a/appgate/resource_appgate_administrative_role.go b/appgate/resource_appgate_administrative_role.go index 4b535e9c..4c5000b4 100644 --- a/appgate/resource_appgate_administrative_role.go +++ b/appgate/resource_appgate_administrative_role.go @@ -10,7 +10,7 @@ import ( "sort" "strings" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/adminrole" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" @@ -321,21 +321,21 @@ func readAdminIstrativeRolePrivileges(privileges []interface{}, currentVersion * if _, ok := a.GetScopeOk(); ok { return result, fmt.Errorf("Scope is not applicable in combination with privileges.functions") } - funcs, err := readArrayOfStringsFromConfig(v) + funcs, err := readArrayOfFunctionsFromConfig(v) if err != nil { return result, fmt.Errorf("Failed to resolve privileges functions %w", err) } - specialCases := func(input []string) []string { + specialCases := func(input []string) []openapi.ApplianceFunction { // the API in 6.2 is very strict with the format of the function, // and the formatted string is not plain CamelCase, so we need to do our own custom logic here // to format the function string. this is so we don't break backwards compatibility, since this attribute // DiffSuppress string case forcedFormated := []string{"Controller", "Gateway", "LogServer", "LogForwarder", "Connector", "Portal"} - result := make([]string, 0, len(input)) + result := make([]openapi.ApplianceFunction, 0, len(input)) for _, s := range input { for index, inner := range forcedFormated { if strings.EqualFold(s, inner) { - result = append(result, forcedFormated[index]) + result = append(result, openapi.ApplianceFunction(forcedFormated[index])) } } diff --git a/appgate/resource_appgate_appliance.go b/appgate/resource_appgate_appliance.go index d9cd01c5..af1330cd 100644 --- a/appgate/resource_appgate_appliance.go +++ b/appgate/resource_appgate_appliance.go @@ -10,7 +10,7 @@ import ( "net/http" "os" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/google/uuid" "github.com/hashicorp/go-version" @@ -18,6 +18,16 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) +const ( + labelsDisabledCollectiveID string = "collective_id" + labelsDisabledCollectiveName string = "collective_name" + labelsDisabledApplianceID string = "appliance_id" + labelsDisabledApplianceName string = "appliance_name" + labelsDisabledApplianceVersion string = "appliance_version" + labelsDisabledSiteID string = "site_id" + labelsDisabledSiteName string = "site_name" +) + func resourceAppgateAppliance() *schema.Resource { return &schema.Resource{ CreateContext: resourceAppgateApplianceCreate, @@ -346,6 +356,7 @@ func resourceAppgateAppliance() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, }, + // TODO: Deprececated as of api version 20. Remove when releasing api version 23 "dns_domains": { Type: schema.TypeSet, Description: "DNS Search domains.", @@ -585,6 +596,32 @@ func resourceAppgateAppliance() *schema.Resource { }, }, }, + "labels_disabled": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: func(v interface{}, name string) (ws []string, errs []error) { + s := v.(string) + list := []string{ + labelsDisabledCollectiveID, + labelsDisabledCollectiveName, + labelsDisabledApplianceID, + labelsDisabledApplianceName, + labelsDisabledApplianceVersion, + labelsDisabledSiteID, + labelsDisabledSiteName, + } + for _, x := range list { + if s == x { + return + } + } + errs = append(errs, fmt.Errorf("type must be on of %v, got %s", list, s)) + return + }, + }, + }, }, }, }, @@ -909,6 +946,10 @@ func resourceAppgateAppliance() *schema.Resource { Type: schema.TypeString, Required: true, }, + "scope": { + Type: schema.TypeString, + Required: true, + }, }, }, }, @@ -941,6 +982,61 @@ func resourceAppgateAppliance() *schema.Resource { }, }, }, + "datadogs": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "site": { + Type: schema.TypeString, + Required: true, + }, + "api_key": { + Type: schema.TypeString, + Required: true, + Sensitive: true, + }, + "source": { + Type: schema.TypeString, + Required: true, + }, + "tags": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + }, + }, + "coralogixs": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "url": { + Type: schema.TypeString, + Required: true, + }, + "private_key": { + Type: schema.TypeString, + Required: true, + Sensitive: true, + }, + "uuid": { + Type: schema.TypeString, + Required: true, + }, + "application_name": { + Type: schema.TypeString, + Required: true, + }, + "subsystem_name": { + Type: schema.TypeString, + Required: true, + }, + }, + }, + }, "sites": { Type: schema.TypeSet, Description: "Array of sites.", @@ -1033,6 +1129,11 @@ func resourceAppgateAppliance() *schema.Resource { }, }, }, + "labels_disabled": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, }, }, }, @@ -1340,10 +1441,6 @@ func resourceAppgateApplianceCreate(ctx context.Context, d *schema.ResourceData, args.SetCustomization(v.(string)) } - if v, ok := d.GetOk("connect_to_peers_using_client_port_with_spa"); ok { - args.SetConnectToPeersUsingClientPortWithSpa(v.(bool)) - } - if c, ok := d.GetOk("client_interface"); ok { cinterface, err := readClientInterfaceFromConfig(c.([]interface{})) if err != nil { @@ -1352,25 +1449,6 @@ func resourceAppgateApplianceCreate(ctx context.Context, d *schema.ResourceData, args.SetClientInterface(cinterface) } - if p, ok := d.GetOk("peer_interface"); ok { - if currentVersion.GreaterThanOrEqual(Appliance60Version) { - diags = append(diags, diag.Diagnostic{ - Severity: diag.Error, - Summary: fmt.Sprintf("peer_interface is not supported in %s", currentVersion.String()), - Detail: `peer_interface is removed in >= 6.0. -All connections will be handled by client_interface and admin_interface in the future. -The hostname field is used as identifier and will take over the hostname field in -the root of Appliance when this interface is removed.`, - }) - return diags - } - pinterface, err := readPeerInterfaceFromConfig(p.([]interface{})) - if err != nil { - return diag.FromErr(err) - } - args.SetPeerInterface(pinterface) - } - if a, ok := d.GetOk("admin_interface"); ok { ainterface, err := readAdminInterfaceFromConfig(a.([]interface{})) if err != nil { @@ -1776,10 +1854,6 @@ func resourceAppgateApplianceRead(ctx context.Context, d *schema.ResourceData, m return diag.Errorf("Error setting appliance.customization %s", err) } - if err := d.Set("connect_to_peers_using_client_port_with_spa", appliance.GetConnectToPeersUsingClientPortWithSpa()); err != nil { - return diag.Errorf("Error setting appliance.connect_to_peers_using_client_port_with_spa %s", err) - } - if v, ok := appliance.GetClientInterfaceOk(); ok { ci, err := flattenApplianceClientInterface(*v) if err != nil { @@ -1788,14 +1862,6 @@ func resourceAppgateApplianceRead(ctx context.Context, d *schema.ResourceData, m d.Set("client_interface", ci) } - if v, ok := appliance.GetPeerInterfaceOk(); ok { - peerInterface, err := flattenAppliancePeerInterface(*v) - if err != nil { - return diag.FromErr(err) - } - d.Set("peer_interface", peerInterface) - } - if v, ok := appliance.GetAdminInterfaceOk(); ok { adminInterface, err := flattenApplianceAdminInterface(*v) if err != nil { @@ -1917,7 +1983,13 @@ func resourceAppgateApplianceRead(ctx context.Context, d *schema.ResourceData, m } allowedUsers = append(allowedUsers, allowedUser) } + exporter["allowed_users"] = allowedUsers + + if currentVersion.GreaterThanOrEqual(Appliance63Version) { + exporter["labels_disabled"] = v.GetLabelsDisabled() + } + if err := d.Set("prometheus_exporter", []interface{}{exporter}); err != nil { return diag.FromErr(err) } @@ -2041,7 +2113,7 @@ func resourceAppgateApplianceRead(ctx context.Context, d *schema.ResourceData, m portal["profiles"] = v.GetProfiles() portal["external_profiles"] = v.GetExternalProfiles() if currentVersion.GreaterThanOrEqual(Appliance55Version) { - signInCustomization, err := flattenAppliancePortalSignInCustomziation(d, localPortal, v.GetSignInCustomization()) + signInCustomization, err := flattenAppliancePortalSignInCustomziation(d, v.GetSignInCustomization()) if err != nil { return diag.FromErr(err) } @@ -2102,7 +2174,7 @@ func flattenApplianceProxyp12s(local map[string]interface{}, p12 openapi.P12) ([ return result, nil } -func flattenAppliancePortalSignInCustomziation(d *schema.ResourceData, local map[string]interface{}, customization openapi.PortalSignInCustomization) ([]map[string]interface{}, error) { +func flattenAppliancePortalSignInCustomziation(d *schema.ResourceData, customization openapi.PortalSignInCustomization) ([]map[string]interface{}, error) { var result []map[string]interface{} raw := make(map[string]interface{}) @@ -2278,6 +2350,9 @@ func flatttenApplianceLogForwarder(in openapi.ApplianceAllOfLogForwarder, curren "token_request_url": azure.GetTokenRequestUrl(), "log_destination_url": azure.GetLogDestinationUrl(), } + if currentVersion.GreaterThanOrEqual(Appliance63Version) { + s["scope"] = azure.GetScope() + } if state := d.Get(fmt.Sprintf("log_forwarder.0.azure_monitor.%d.app_secret", index)).(string); len(state) > 0 { s["app_secret"] = state } @@ -2303,6 +2378,44 @@ func flatttenApplianceLogForwarder(in openapi.ApplianceAllOfLogForwarder, curren logforward["falcon_log_scale"] = falconList } } + + if currentVersion.GreaterThanOrEqual(Appliance63Version) { + if v, ok := in.GetDatadogsOk(); ok { + dataDogsList := make([]map[string]interface{}, 0) + for index, dd := range v { + s := map[string]interface{}{ + "site": dd.GetSite(), + "api_key": dd.GetApiKey(), + "source": dd.GetSource(), + "tags": dd.GetTags(), + } + if state := d.Get(fmt.Sprintf("log_forwarder.0.datadogs.%d.token", index)).(string); len(state) > 0 { + s["token"] = state + } + dataDogsList = append(dataDogsList, s) + } + logforward["datadogs"] = dataDogsList + } + + if v, ok := in.GetCoralogixsOk(); ok { + coralogixsList := make([]map[string]interface{}, 0) + for index, cl := range v { + s := map[string]interface{}{ + "url": cl.GetUrl(), + "private_key": cl.GetPrivateKey(), + "uuid": cl.GetUuid(), + "application_name": cl.GetApplicationName(), + "subsystem_name": cl.GetSubsystemName(), + } + if state := d.Get(fmt.Sprintf("log_forwarder.0.coralogixs.%d.token", index)).(string); len(state) > 0 { + s["token"] = state + } + coralogixsList = append(coralogixsList, s) + } + logforward["coralogixs"] = coralogixsList + } + } + logforward["sites"] = in.GetSites() logforwarders = append(logforwarders, logforward) @@ -2361,6 +2474,10 @@ func flattenApplianceMetricsAggregator(in openapi.ApplianceAllOfMetricsAggregato } exporter["allowed_users"] = allowedUsers + if currentVersion.GreaterThanOrEqual(Appliance63Version) { + exporter["labels_disabled"] = v.GetLabelsDisabled() + } + metricsAggr["prometheus_exporter"] = []interface{}{exporter} } @@ -2453,24 +2570,6 @@ func flattenApplianceClientInterface(in openapi.ApplianceAllOfClientInterface) ( return []interface{}{m}, nil } -func flattenAppliancePeerInterface(in openapi.ApplianceAllOfPeerInterface) ([]interface{}, error) { - m := make(map[string]interface{}) - if v, ok := in.GetHostnameOk(); ok { - m["hostname"] = v - } - if v, ok := in.GetHttpsPortOk(); ok { - m["https_port"] = v - } - if _, ok := in.GetAllowSourcesOk(); ok { - allowSources, err := flattenAllowSources(in.GetAllowSources()) - if err != nil { - return nil, err - } - m["allow_sources"] = allowSources - } - return []interface{}{m}, nil -} - func flattenApplianceAdminInterface(in openapi.ApplianceAllOfAdminInterface) ([]interface{}, error) { m := make(map[string]interface{}) if v, ok := in.GetHostnameOk(); ok { @@ -2677,10 +2776,6 @@ func resourceAppgateApplianceUpdate(ctx context.Context, d *schema.ResourceData, originalAppliance.SetCustomization(d.Get("customization").(string)) } - if d.HasChange("connect_to_peers_using_client_port_with_spa") { - originalAppliance.SetConnectToPeersUsingClientPortWithSpa(d.Get("connect_to_peers_using_client_port_with_spa").(bool)) - } - if d.HasChange("client_interface") { _, v := d.GetChange("client_interface") cinterface, err := readClientInterfaceFromConfig(v.([]interface{})) @@ -2690,15 +2785,6 @@ func resourceAppgateApplianceUpdate(ctx context.Context, d *schema.ResourceData, originalAppliance.SetClientInterface(cinterface) } - if d.HasChange("peer_interface") { - _, v := d.GetChange("peer_interface") - pinterface, err := readPeerInterfaceFromConfig(v.([]interface{})) - if err != nil { - return diag.FromErr(err) - } - originalAppliance.SetPeerInterface(pinterface) - } - if d.HasChange("admin_interface") { _, v := d.GetChange("admin_interface") ainterface, err := readAdminInterfaceFromConfig(v.([]interface{})) @@ -2948,26 +3034,6 @@ func readClientInterfaceFromConfig(cinterfaces []interface{}) (openapi.Appliance return cinterface, nil } -func readPeerInterfaceFromConfig(pinterfaces []interface{}) (openapi.ApplianceAllOfPeerInterface, error) { - pinterf := openapi.ApplianceAllOfPeerInterface{} - for _, r := range pinterfaces { - raw := r.(map[string]interface{}) - if v, ok := raw["hostname"].(string); ok && len(v) > 0 { - pinterf.SetHostname(v) - } - if v, ok := raw["https_port"]; ok { - pinterf.SetHttpsPort(int32(v.(int))) - } - if v := raw["allow_sources"].([]interface{}); len(v) > 0 { - allowSources, err := readAllowSources(v) - if err != nil { - return pinterf, fmt.Errorf("Failed to resolve peer_interface.allow_sources: %w", err) - } - pinterf.SetAllowSources(allowSources) - } - } - return pinterf, nil -} func readAdminInterfaceFromConfig(adminInterfaces []interface{}) (openapi.ApplianceAllOfAdminInterface, error) { aInterface := openapi.ApplianceAllOfAdminInterface{} for _, admin := range adminInterfaces { @@ -3276,6 +3342,15 @@ func readPrometheusExporterFromConfig(exporters []interface{}, currentVersion *v val.SetAllowedUsers(allowedUsers) } } + if currentVersion.GreaterThanOrEqual(Appliance63Version) { + if v, ok := rawServer["labels_disabled"].([]interface{}); ok && len(v) > 0 { + labelsDisabled, err := readLabelsDisabled(v) + if err != nil { + return val, err + } + val.SetLabelsDisabled(labelsDisabled) + } + } } return val, nil } @@ -3471,6 +3546,9 @@ func readLogForwardFromConfig(logforwards []interface{}, currentVersion *version if v, ok := row["log_destination_url"]; ok { azure.SetLogDestinationUrl(v.(string)) } + if v, ok := row["scope"]; ok { + azure.SetScope(v.(string)) + } azures = append(azures, azure) } val.SetAzureMonitors(azures) @@ -3501,6 +3579,56 @@ func readLogForwardFromConfig(logforwards []interface{}, currentVersion *version val.SetFalconLogScales(falcons) } + if v := raw["datadogs"]; len(v.([]interface{})) > 0 { + datadogs := make([]openapi.Datadog, 0) + for _, dd := range v.([]interface{}) { + datadog := openapi.Datadog{} + row := dd.(map[string]interface{}) + if v, ok := row["site"]; ok { + datadog.SetSite(v.(string)) + } + if v, ok := row["api_key"]; ok { + datadog.SetApiKey(v.(string)) + } + if v, ok := row["source"]; ok { + datadog.SetSource(v.(string)) + } + if v, ok := row["tags"]; ok { + datadog.SetTags(v.([]string)) + } + datadogs = append(datadogs, datadog) + } + val.SetDatadogs(datadogs) + } + + if v := raw["coralogixs"]; len(v.([]interface{})) > 0 { + coralogixs := make([]openapi.Coralogix, 0) + for _, cl := range v.([]interface{}) { + coralogix := openapi.Coralogix{} + row := cl.(map[string]interface{}) + if v, ok := row["url"]; ok { + coralogix.SetUrl(v.(string)) + } + if v, ok := row["private_key"]; ok { + coralogix.SetPrivateKey(v.(string)) + } + if v, ok := row["private_key"]; ok { + coralogix.SetPrivateKey(v.(string)) + } + if v, ok := row["uuid"]; ok { + coralogix.SetUuid(v.(string)) + } + if v, ok := row["application_name"]; ok { + coralogix.SetApplicationName(v.(string)) + } + if v, ok := row["subsystem_name"]; ok { + coralogix.SetSubsystemName(v.(string)) + } + coralogixs = append(coralogixs, coralogix) + } + val.SetCoralogixs(coralogixs) + } + sites := make([]string, 0) if v := raw["sites"].(*schema.Set); v.Len() > 0 { for _, s := range v.List() { @@ -3717,10 +3845,10 @@ func readAppliancePortalFromConfig(d *schema.ResourceData, portals []interface{} p.SetProxyP12s(p12s) } if v, ok := raw["external_profiles"].([]interface{}); ok && len(v) > 0 && v[0] != nil { - profiles := make([]openapi.PortalExternalProfilesInner, 0) + profiles := make([]openapi.ExternalProfile, 0) for _, k := range v { raw := k.(map[string]interface{}) - profile := openapi.PortalExternalProfilesInner{} + profile := openapi.ExternalProfile{} if v, ok := raw["id"]; ok { profile.SetId(v.(string)) } diff --git a/appgate/resource_appgate_appliance_controller.go b/appgate/resource_appgate_appliance_controller.go index 1df71457..ce3708b6 100644 --- a/appgate/resource_appgate_appliance_controller.go +++ b/appgate/resource_appgate_appliance_controller.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/cenkalti/backoff/v4" "github.com/hashicorp/go-version" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" diff --git a/appgate/resource_appgate_appliance_customization.go b/appgate/resource_appgate_appliance_customization.go index d6583573..8ecf7446 100644 --- a/appgate/resource_appgate_appliance_customization.go +++ b/appgate/resource_appgate_appliance_customization.go @@ -12,7 +12,7 @@ import ( "os" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_appliance_test.go b/appgate/resource_appgate_appliance_test.go index 53261a77..58075b9c 100644 --- a/appgate/resource_appgate_appliance_test.go +++ b/appgate/resource_appgate_appliance_test.go @@ -32,24 +32,35 @@ var applianceConstraintCheck = func(t *testing.T, constraint string) { } } -var applianceTestForFiveFive = func(t *testing.T) { - applianceConstraintCheck(t, ">= 5.5, < 6.0") -} -var applianceTestForFiveFiveOrHigher = func(t *testing.T) { - applianceConstraintCheck(t, ">= 5.5") -} - -var testFor6AndAbove = func(t *testing.T) { - applianceConstraintCheck(t, ">= 6.0") -} - -var testFor61AndAbove = func(t *testing.T) { - applianceConstraintCheck(t, ">= 6.1") -} - -var testFor62AndAbove = func(t *testing.T) { - applianceConstraintCheck(t, ">= 6.2") -} +var ( + applianceTestForFiveFive = func(t *testing.T) { + applianceConstraintCheck(t, ">= 5.5, < 6.0") + } + applianceTestForFiveFiveOrHigher = func(t *testing.T) { + applianceConstraintCheck(t, ">= 5.5") + } + testFor6AndAbove = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.0") + } + testFor61AndAbove = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.1") + } + testFor62AndAbove = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.2") + } + testFor63AndAbove = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.3") + } + testFor61 = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.1, < 6.2") + } + testFor62 = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.2, < 6.3") + } + testFor63 = func(t *testing.T) { + applianceConstraintCheck(t, ">= 6.3, < 6.4") + } +) func TestAccApplianceBasicController(t *testing.T) { resourceName := "appgatesdp_appliance.test_controller" @@ -80,7 +91,6 @@ func TestAccApplianceBasicController(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", rName), resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.#", "1"), @@ -181,11 +191,6 @@ func TestAccApplianceBasicController(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1337"), - resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.address", "127.0.0.1"), @@ -3412,253 +3417,6 @@ resource "appgatesdp_appliance" "log_server" { `, context) } -func TestAccApplianceLogForwarderElastic55(t *testing.T) { - resourceName := "appgatesdp_appliance.log_forwarder_elasticsearch" - rName := RandStringFromCharSet(10, CharSetAlphaNum) - context := map[string]interface{}{ - "name": rName, - "hostname": fmt.Sprintf("%s.devops", rName), - } - resource.ParallelTest(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckApplianceDestroy, - - Steps: []resource.TestStep{ - { - PreConfig: func() { - applianceTestForFiveFive(t) - }, - Config: testAccCheckApplianceLogforwarderElasticSearch(context), - Check: resource.ComposeTestCheckFunc( - testAccCheckApplianceExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.%", "7"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.address", "127.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.dtls_port", "445"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "444"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "TCP"), - resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "true"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "true"), - resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), - resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), - resource.TestCheckResourceAttr(resourceName, "connector.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "connector.0.express_clients.#", "0"), - resource.TestCheckResourceAttr(resourceName, "controller.#", "1"), - resource.TestCheckResourceAttr(resourceName, "controller.0.%", "1"), - resource.TestCheckResourceAttr(resourceName, "controller.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "customization", ""), - resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "2"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.allow_destinations.#", "0"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.weight", "100"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.#", "1"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.allow_sources.0.address", "127.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "healthcheck_server.0.port", "5555"), - resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "hostname_aliases.#", "0"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.aws_kineses.#", "0"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.%", "8"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.authentication.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.authentication.0.%", "2"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.authentication.0.token", "user:password"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.authentication.0.type", "ServiceAccounts"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.aws_id", ""), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.aws_region", ""), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.aws_secret", ""), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.compatibility_mode", "10"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.retention_days", "90"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.url", "https://aws.com/elasticsearch/instance/asdaxllkmda64"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.0.use_instance_credentials", "false"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.sites.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.sites.0", "8a4add9e-0e99-4bb1-949c-c9faf9a49ad4"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.tcp_clients.#", "0"), - resource.TestCheckResourceAttr(resourceName, "log_server.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name", context["name"].(string)), - resource.TestCheckResourceAttr(resourceName, "networking.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.%", "5"), - resource.TestCheckResourceAttr(resourceName, "networking.0.dns_domains.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.dns_domains.0", "aa.com"), - resource.TestCheckResourceAttr(resourceName, "networking.0.dns_servers.#", "2"), - resource.TestCheckResourceAttr(resourceName, "networking.0.dns_servers.0", "1.1.1.1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.dns_servers.1", "8.8.8.8"), - resource.TestCheckResourceAttr(resourceName, "networking.0.hosts.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.hosts.0.%", "2"), - resource.TestCheckResourceAttr(resourceName, "networking.0.hosts.0.address", "0.0.0.0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.hosts.0.hostname", "bla"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.#", "2"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.%", "5"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.%", "4"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.dns", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.ntp", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.routers", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.#", "2"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.0.%", "4"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.0.address", "10.10.10.1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.0.hostname", ""), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.0.netmask", "24"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.0.snat", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.1.%", "4"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.1.address", "20.20.20.1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.1.hostname", ""), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.1.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.1.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.virtual_ip", ""), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.dns", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.ntp", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.static.#", "0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.virtual_ip", ""), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.mtu", "0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.name", "eth0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.%", "5"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.dhcp.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.dhcp.0.%", "4"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.dhcp.0.dns", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.dhcp.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.dhcp.0.ntp", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.dhcp.0.routers", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.static.#", "0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv4.0.virtual_ip", ""), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.dhcp.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.dhcp.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.dhcp.0.dns", "true"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.dhcp.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.dhcp.0.ntp", "false"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.static.#", "0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.ipv6.0.virtual_ip", ""), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.mtu", "0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.nics.1.name", "eth1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.routes.#", "1"), - resource.TestCheckResourceAttr(resourceName, "networking.0.routes.0.%", "4"), - resource.TestCheckResourceAttr(resourceName, "networking.0.routes.0.address", "0.0.0.0"), - resource.TestCheckResourceAttr(resourceName, "networking.0.routes.0.gateway", "1.2.3.4"), - resource.TestCheckResourceAttr(resourceName, "networking.0.routes.0.netmask", "24"), - resource.TestCheckResourceAttr(resourceName, "networking.0.routes.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), - resource.TestCheckResourceAttr(resourceName, "ntp.#", "1"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.%", "1"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.#", "4"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.0.hostname", "0.ubuntu.pool.ntp.org"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.0.key", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.0.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.1.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.1.hostname", "1.ubuntu.pool.ntp.org"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.1.key", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.1.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.2.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.2.hostname", "2.ubuntu.pool.ntp.org"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.2.key", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.2.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.hostname", "3.ubuntu.pool.ntp.org"), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key", ""), - resource.TestCheckResourceAttr(resourceName, "ntp.0.servers.3.key_type", ""), - resource.TestCheckResourceAttr(resourceName, "peer_interface.#", "1"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.allow_sources.#", "0"), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.hostname", context["hostname"].(string)), - resource.TestCheckResourceAttr(resourceName, "peer_interface.0.https_port", "1337"), - resource.TestCheckResourceAttr(resourceName, "ping.#", "1"), - resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), - resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.address", "127.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "portal.#", "1"), - resource.TestCheckResourceAttr(resourceName, "portal.0.%", "6"), - resource.TestCheckResourceAttr(resourceName, "portal.0.enabled", "false"), - resource.TestCheckResourceAttr(resourceName, "portal.0.external_profiles.#", "0"), - resource.TestCheckResourceAttr(resourceName, "portal.0.https_p12.#", "0"), - resource.TestCheckResourceAttr(resourceName, "portal.0.profiles.#", "0"), - resource.TestCheckResourceAttr(resourceName, "portal.0.proxy_p12s.#", "0"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.address", "127.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "1234"), - resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), - resource.TestCheckResourceAttr(resourceName, "site", ""), - resource.TestCheckResourceAttr(resourceName, "snmp_server.#", "1"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.%", "5"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.allow_sources.#", "1"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.allow_sources.0.address", "127.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.snmpd_conf", "foo"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.tcp_port", "161"), - resource.TestCheckResourceAttr(resourceName, "snmp_server.0.udp_port", "161"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.#", "1"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.%", "4"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.#", "2"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.0.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.0.address", "127.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.0.nic", "eth0"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.1.%", "3"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.1.address", "0.0.0.0"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.1.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.allow_sources.1.nic", "eth1"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.enabled", "true"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.password_authentication", "true"), - resource.TestCheckResourceAttr(resourceName, "ssh_server.0.port", "2222"), - resource.TestCheckResourceAttr(resourceName, "tags.#", "2"), - resource.TestCheckResourceAttr(resourceName, "tags.0", "api-test-created"), - resource.TestCheckResourceAttr(resourceName, "tags.1", "terraform"), - ), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, - ImportStateCheck: testAccApplianceImportStateCheckFunc(1), - ImportStateVerifyIgnore: []string{"site", "seed_file", "log_forwarder.0.elasticsearch.0.authentication.0.token"}, // we can't import verify local file path - - }, - }, - }) -} - func testAccCheckApplianceLogforwarderElasticSearch(context map[string]interface{}) string { return Nprintf(` data "appgatesdp_site" "default_site" { @@ -4960,7 +4718,7 @@ func TestAccAppliance62MetricsAggregator(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { - testFor62AndAbove(t) + testFor62(t) }, Config: testAccAppliance62MetricsAggregator(context), Check: resource.ComposeTestCheckFunc( @@ -5140,7 +4898,7 @@ func TestAccAppliance61(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { - testFor61AndAbove(t) + testFor61(t) }, Config: testAccAppliance61(context), Check: resource.ComposeTestCheckFunc( @@ -5309,7 +5067,7 @@ func TestAccAppliance62(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { - testFor62AndAbove(t) + testFor62(t) }, Config: testAccAppliance62(context), Check: resource.ComposeTestCheckFunc( @@ -5489,6 +5247,207 @@ resource "appgatesdp_appliance" "appliancev62" { `, context) } +func TestAccAppliance63(t *testing.T) { + resourceName := "appgatesdp_appliance.appliancev63" + rName := RandStringFromCharSet(10, CharSetAlphaNum) + context := map[string]interface{}{ + "name": rName, + "hostname": fmt.Sprintf("%s.devops", rName), + } + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckApplianceDestroy, + Steps: []resource.TestStep{ + { + PreConfig: func() { + testFor63AndAbove(t) + }, + Config: testAccAppliance63(context), + Check: resource.ComposeTestCheckFunc( + testAccCheckApplianceExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "name", rName), + resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), + resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), + + resource.TestCheckResourceAttr(resourceName, "client_interface.#", "1"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.#", "2"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.%", "3"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.address", "0.0.0.0"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.netmask", "0"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.0.nic", ""), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.1.%", "3"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.1.address", "::"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.1.netmask", "0"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.allow_sources.1.nic", ""), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.dtls_port", "443"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.hostname", context["hostname"].(string)), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.local_hostname", context["hostname"].(string)), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "443"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "Disabled"), + resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "false"), + + resource.TestCheckResourceAttr(resourceName, "networking.#", "1"), + resource.TestCheckResourceAttr(resourceName, "networking.0.%", "5"), + resource.TestCheckResourceAttr(resourceName, "networking.0.hosts.#", "0"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.#", "1"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.%", "5"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.#", "1"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.%", "3"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.#", "1"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.%", "4"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.dns", "true"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.ntp", "true"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.dhcp.0.routers", "true"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.static.#", "0"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv4.0.virtual_ip", ""), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.#", "1"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.%", "3"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.#", "1"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.%", "3"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.dns", "true"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.enabled", "false"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.dhcp.0.ntp", "false"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.static.#", "0"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.ipv6.0.virtual_ip", ""), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.mtu", "0"), + resource.TestCheckResourceAttr(resourceName, "networking.0.nics.0.name", "eth0"), + resource.TestCheckResourceAttr(resourceName, "networking.0.routes.#", "0"), + + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "1"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.%", "3"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.address", "127.0.0.1"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.netmask", "32"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.nic", "eth0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "true"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "1234"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.https_p12.#", "1"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.https_p12.0.%", "4"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.https_p12.0.content", "test-fixtures/test_devops.crt"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.https_p12.0.subject_name", "CN=test.devops"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.basic_auth", "true"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.#", "2"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.0.username", "foo"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.0.password", "foo123"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.1.username", "boo"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.1.password", "boo123"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "2"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.0", "collective_id"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.1", "appliance_name"), + + resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.allow_destinations.#", "1"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.allow_destinations.0.address", "0.0.0.0"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.allow_destinations.0.netmask", "0"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.allow_destinations.0.nic", "eth0"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.weight", "100"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.local_weight", "100"), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateCheck: testAccApplianceImportStateCheckFunc(1), + ImportStateVerifyIgnore: []string{"site", "seed_file", + // we can't import verify local file path + "prometheus_exporter.0.https_p12.0.content", + "prometheus_exporter.0.allowed_users.0.password", + "prometheus_exporter.0.allowed_users.1.password", + "log_forwarder.0.azure_monitor.0.app_secret", + "log_forwarder.0.falcon_log_scale.0.token", + }, + }, + }, + }) +} + +func testAccAppliance63(context map[string]interface{}) string { + return Nprintf(` +data "appgatesdp_site" "default_site" { + site_name = "Default Site" +} +resource "appgatesdp_appliance" "appliancev63" { + name = "%{name}" + hostname = "%{hostname}" + site = data.appgatesdp_site.default_site.id + client_interface { + hostname = "%{hostname}" + local_hostname = "%{hostname}" + + allow_sources { + address = "0.0.0.0" + netmask = 0 + } + allow_sources { + address = "::" + netmask = 0 + } + } + networking { + nics { + enabled = true + name = "eth0" + ipv4 { + dhcp { + enabled = true + dns = true + routers = true + ntp = true + } + } + } + } + prometheus_exporter { + enabled = true + port = 1234 + allow_sources { + address = "127.0.0.1" + netmask = 32 + nic = "eth0" + } + use_https = true + https_p12 { + content = "test-fixtures/test_devops.crt" + password = "" + } + basic_auth = true + allowed_users { + username = "foo" + password = "foo123" + } + allowed_users { + username = "boo" + password = "boo123" + } + labels_disabled = [ + "collective_id", + "appliance_name" + ] + } + gateway { + enabled = true + vpn { + weight = 100 + local_weight = 100 + allow_destinations { + nic = "eth0" + address = "0.0.0.0" + netmask = 0 + } + } + } +} + +`, context) +} + func testAccAppliance62LogForwarder(context map[string]interface{}) string { return Nprintf(` data "appgatesdp_site" "default_site" { @@ -5548,3 +5507,79 @@ resource "appgatesdp_appliance" "appliancev62" { `, context) } + +func testAccAppliance63LogForwarder(context map[string]interface{}) string { + return Nprintf(` +data "appgatesdp_site" "default_site" { + site_name = "Default Site" +} +resource "appgatesdp_appliance" "appliancev62" { + name = "%{name}" + hostname = "%{hostname}" + site = data.appgatesdp_site.default_site.id + client_interface { + hostname = "%{hostname}" + local_hostname = "%{hostname}" + + allow_sources { + address = "0.0.0.0" + netmask = 0 + } + allow_sources { + address = "::" + netmask = 0 + } + } + networking { + nics { + enabled = true + name = "eth0" + ipv4 { + dhcp { + enabled = true + dns = true + routers = true + ntp = true + } + } + } + } + log_forwarder { + enabled = true + azure_monitor { + app_id = "az-example" + token_request_url = "https://example.com/azure/token" + log_destination_url = "https://example.com/azure/log" + app_secret = "az-password123" + scope = "https://monitor.axure.com/.test" + } + falcon_log_scale { + collector_url = "https://example.com/falcon/collect" + token = "password123" + index = "example-index" + source_type = "example-source-type" + source = "example-source" + } + datadogs { + site = "https://example.com/datadogs/collect" + api_key = "cff125ac-19df-4d01-b29d-d7eb0fc4e06c" + source = "appgatesdp" + tags = [ + "test-tag" + ] + } + coralogixs { + url = "https://example.com/coralogix/collect" + private_key = "secret" + uuid = "dcada937-22ac-4219-84cb-86e1aa834bcd" + application_name = "appgate-sdptest" + subsystem_name = "appgate-sub" + } + sites = [ + data.appgatesdp_site.default_site.id + ] + } +} + +`, context) +} diff --git a/appgate/resource_appgate_blacklist_user.go b/appgate/resource_appgate_blacklist_user.go index b918fc90..ea83386b 100644 --- a/appgate/resource_appgate_blacklist_user.go +++ b/appgate/resource_appgate_blacklist_user.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_client_connections.go b/appgate/resource_appgate_client_connections.go deleted file mode 100644 index 5ad18fe4..00000000 --- a/appgate/resource_appgate_client_connections.go +++ /dev/null @@ -1,189 +0,0 @@ -package appgate - -import ( - "context" - "fmt" - "log" - - "github.com/appgate/sdp-api-client-go/api/v19/openapi" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" -) - -func resourceClientConnections() *schema.Resource { - return &schema.Resource{ - - DeprecationMessage: "Deprecated resource, replaced by appgatesdp_client_profile", - - Create: resourceClientConnectionsCreate, - Read: resourceClientConnectionsRead, - Update: resourceClientConnectionsUpdate, - Delete: resourceClientConnectionsDelete, - Importer: &schema.ResourceImporter{ - State: schema.ImportStatePassthrough, - }, - SchemaVersion: 1, - Schema: map[string]*schema.Schema{ - "spa_mode": { - Type: schema.TypeString, - Optional: true, - ValidateFunc: func(v interface{}, name string) (warns []string, errs []error) { - s := v.(string) - list := []string{"Disabled", "TCP", "UDP-TCP"} - for _, x := range list { - if s == x { - return - } - } - errs = append(errs, fmt.Errorf("spa_mode must be on of %v, got %s", list, s)) - return - }, - }, - "profiles": { - Type: schema.TypeList, - Optional: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - - "name": { - Type: schema.TypeString, - Required: true, - }, - - "spa_key_name": { - Type: schema.TypeString, - Required: true, - }, - - "identity_provider_name": { - Type: schema.TypeString, - Required: true, - }, - "url": { - Type: schema.TypeString, - Computed: true, - }, - }, - }, - }, - }, - } -} - -func resourceClientConnectionsCreate(d *schema.ResourceData, meta interface{}) error { - //TODO: Fix function, as it causes overwrites each run & drops all the SPA Keys - return resourceClientConnectionsUpdate(d, meta) -} - -func resourceClientConnectionsRead(d *schema.ResourceData, meta interface{}) error { - log.Printf("[DEBUG] Reading Client Connections id: %+v", d.Id()) - token, err := meta.(*Client).GetToken() - if err != nil { - return err - } - api := meta.(*Client).API.ClientProfilesApi - ctx := context.TODO() - request := api.ClientConnectionsGet(ctx) - clientConnections, _, err := request.Authorization(token).Execute() - if err != nil { - d.SetId("") - return fmt.Errorf("Failed to read Client Connections, %w", err) - } - d.SetId("spa_mode") - if v, o := clientConnections.GetSpaModeOk(); o { - d.Set("spa_mode", v) - } - if profiles, o := clientConnections.GetProfilesOk(); o { - flattenProfiles := make([]map[string]interface{}, 0) - for _, p := range profiles { - profile := make(map[string]interface{}) - if v, o := p.GetNameOk(); o { - profile["name"] = *v - } - if v, o := p.GetSpaKeyNameOk(); o { - profile["spa_key_name"] = *v - } - if v, o := p.GetIdentityProviderNameOk(); o { - profile["identity_provider_name"] = *v - } - if v, o := p.GetUrlOk(); o { - profile["url"] = *v - } - flattenProfiles = append(flattenProfiles, profile) - } - d.Set("profiles", flattenProfiles) - } - return nil -} - -func resourceClientConnectionsUpdate(d *schema.ResourceData, meta interface{}) error { - log.Printf("[DEBUG] Updating Client Connections") - token, err := meta.(*Client).GetToken() - if err != nil { - return err - } - api := meta.(*Client).API.ClientProfilesApi - ctx := context.TODO() - request := api.ClientConnectionsGet(ctx) - originalclientConnections, _, err := request.Authorization(token).Execute() - if err != nil { - return fmt.Errorf("Failed to read Client Connections while updating, %w", err) - } - d.SetId("client_connections") - - if d.HasChange("spa_mode") { - originalclientConnections.SetSpaMode(d.Get("spa_mode").(string)) - } - if d.HasChange("profiles") { - _, v := d.GetChange("profiles") - profiles := readClientConnectionProfilesFromConfig(v.([]interface{})) - log.Printf("[DEBUG] Updating Client PROFILES SET %+v", profiles) - if err != nil { - return fmt.Errorf("Failed to read profiles %w", err) - } - originalclientConnections.SetProfiles(profiles) - } - - log.Printf("[DEBUG] Updating Client Connections %+v", originalclientConnections) - req := api.ClientConnectionsPut(ctx) - _, _, err = req.ClientConnections(*originalclientConnections).Authorization(token).Execute() - if err != nil { - return fmt.Errorf("Could not update Client Connections %w", prettyPrintAPIError(err)) - } - - return resourceClientConnectionsRead(d, meta) -} - -func readClientConnectionProfilesFromConfig(input []interface{}) []openapi.ClientConnectionsProfilesInner { - result := make([]openapi.ClientConnectionsProfilesInner, 0) - for _, p := range input { - rawProfile := p.(map[string]interface{}) - profile := openapi.ClientConnectionsProfilesInner{} - if v, o := rawProfile["name"]; o { - profile.SetName(v.(string)) - } - if v, o := rawProfile["spa_key_name"]; o { - profile.SetSpaKeyName(v.(string)) - } - if v, o := rawProfile["identity_provider_name"]; o { - profile.SetIdentityProviderName(v.(string)) - } - result = append(result, profile) - } - return result -} - -func resourceClientConnectionsDelete(d *schema.ResourceData, meta interface{}) error { - log.Printf("[DEBUG] Delete/Resetting Client Connections") - token, err := meta.(*Client).GetToken() - if err != nil { - return err - } - api := meta.(*Client).API.ClientProfilesApi - - if _, err := api.ClientConnectionsDelete(context.Background()).Authorization(token).Execute(); err != nil { - return fmt.Errorf("Could reset Client Connections %w", prettyPrintAPIError(err)) - } - d.SetId("") - return nil -} diff --git a/appgate/resource_appgate_client_connections_test.go b/appgate/resource_appgate_client_connections_test.go deleted file mode 100644 index 2b30d8ca..00000000 --- a/appgate/resource_appgate_client_connections_test.go +++ /dev/null @@ -1,85 +0,0 @@ -package appgate - -import ( - "context" - "fmt" - "testing" - - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" -) - -func TestAccClientConnectionsBasic(t *testing.T) { - resourceName := "appgatesdp_client_connections.test_example_client_connections" - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - Steps: []resource.TestStep{ - { - Config: testAccCheckClientConnectionsBasic(), - Check: resource.ComposeTestCheckFunc( - testAccCheckClientConnectionsExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "id", "spa_mode"), - resource.TestCheckResourceAttr(resourceName, "profiles.#", "1"), - resource.TestCheckResourceAttr(resourceName, "profiles.0.identity_provider_name", "local"), - resource.TestCheckResourceAttr(resourceName, "profiles.0.name", "Company Test"), - resource.TestCheckResourceAttr(resourceName, "profiles.0.spa_key_name", "test_key"), - resource.TestCheckResourceAttrSet(resourceName, "profiles.0.url"), - resource.TestCheckResourceAttr(resourceName, "spa_mode", "TCP"), - ), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccClientConnectionsImportStateCheckFunc(1), - }, - }, - }) -} - -func testAccCheckClientConnectionsBasic() string { - return ` - resource "appgatesdp_client_connections" "test_example_client_connections" { - spa_mode = "TCP" - profiles { - name = "Company Test" - spa_key_name = "test_key" - identity_provider_name = "local" - } - } -` -} - -func testAccCheckClientConnectionsExists(resource string) resource.TestCheckFunc { - return func(state *terraform.State) error { - token, err := testAccProvider.Meta().(*Client).GetToken() - if err != nil { - return err - } - api := testAccProvider.Meta().(*Client).API.ClientProfilesApi - - rs, ok := state.RootModule().Resources[resource] - if !ok { - return fmt.Errorf("Not found: %s", resource) - } - - if rs.Primary.ID == "" { - return fmt.Errorf("No Record ID is set") - } - - if _, _, err := api.ClientConnectionsGet(context.Background()).Authorization(token).Execute(); err != nil { - return fmt.Errorf("error fetching ClientConnections with resource %s. %s", resource, err) - } - return nil - } -} - -func testAccClientConnectionsImportStateCheckFunc(expectedStates int) resource.ImportStateCheckFunc { - return func(s []*terraform.InstanceState) error { - if len(s) != expectedStates { - return fmt.Errorf("expected %d states, got %d: %+v", expectedStates, len(s), s) - } - return nil - } -} diff --git a/appgate/resource_appgate_client_profile.go b/appgate/resource_appgate_client_profile.go index 3fb64c34..fa3c922a 100644 --- a/appgate/resource_appgate_client_profile.go +++ b/appgate/resource_appgate_client_profile.go @@ -4,15 +4,10 @@ import ( "context" "fmt" "log" - "math/rand" "net/http" - "strings" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" - "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -81,112 +76,30 @@ func resourceAppgateClientProfile() *schema.Resource { } } -func getIdFromProfile(profile openapi.ClientConnectionsProfilesInner) string { - // names are case sensitive and the controller only allows 1 per case type. - // so it will be suitable as the identitfer. - return profile.GetName() -} - -func resourceAppgateClientProfileCreateLegacy(ctx context.Context, d *schema.ResourceData, meta interface{}, token string) diag.Diagnostics { - api := meta.(*Client).API.ClientProfilesApi - - err := resource.Retry(d.Timeout(schema.TimeoutCreate), func() *resource.RetryError { - rand.Seed(time.Now().UnixNano()) - duration := rand.Intn(10) - time.Sleep(time.Duration(duration) * time.Second) - - // before we create a profile, make sure the controllers are in a healthy state - if err := applianceStatsRetryable(ctx, meta); err != nil { - return err - } - clientConnections, _, err := api.ClientConnectionsGet(ctx).Authorization(token).Execute() - if err != nil { - return resource.RetryableError(err) - } - existingProfiles := clientConnections.GetProfiles() - - profile := openapi.ClientConnectionsProfilesInner{} - if v, ok := d.GetOk("name"); ok { - profile.SetName(v.(string)) - } - if v, ok := d.GetOk("spa_key_name"); ok { - profile.SetSpaKeyName(v.(string)) - } - if v, ok := d.GetOk("identity_provider_name"); ok { - profile.SetIdentityProviderName(v.(string)) - } - - d.SetId(getIdFromProfile(profile)) - - existingProfiles = append(existingProfiles, profile) - clientConnections.SetProfiles(existingProfiles) - _, _, err = api.ClientConnectionsPut(ctx).ClientConnections(*clientConnections).Authorization(token).Execute() - if err != nil { - return resource.NonRetryableError(fmt.Errorf("Error updating client connection profile %s: %w", d.Id(), err)) - } - // check number of client profiles again and verify that is existingProfiles+1 - newConnections, _, err := api.ClientConnectionsGet(ctx).Authorization(token).Execute() - if err != nil { - return resource.RetryableError(err) - } - newProfiles := newConnections.GetProfiles() - beep := false - for _, existingProfile := range newProfiles { - log.Printf("[DEBUG] Creation Read Found profile %q - Looking for %s", profile.GetName(), d.Id()) - if strings.EqualFold(existingProfile.GetName(), profile.GetName()) { - log.Printf("[DEBUG] Found profile %s after create, OK!", profile.GetName()) - beep = true - } - } - if !beep { - return resource.RetryableError(fmt.Errorf("Profile %q did not get created", profile.GetName())) - } - // give the controller a moment before we check the initial status - time.Sleep(time.Duration(duration) * time.Second) - if err := waitForControllers(ctx, meta); err != nil { - return resource.NonRetryableError(fmt.Errorf("1 or more controller never reached a healthy state after creating a client_profile: %w", err)) - } - return nil - }) - if err != nil { - return diag.Errorf("Error create: %s", err) - } - return resourceAppgateClientProfileRead(ctx, d, meta) -} - func resourceAppgateClientProfileCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { token, err := meta.(*Client).GetToken() if err != nil { return diag.FromErr(err) } - currentVersion := meta.(*Client).ApplianceVersion - // starting from 6.1 we will use - // /admin/client-profiles - // instead of - // /admin/client-connections - if currentVersion.LessThan(Appliance61Version) { - log.Printf("[DEBUG] Create Client Profile Legacy %s", d.Get("name")) - return resourceAppgateClientProfileCreateLegacy(ctx, d, meta, token) - } log.Printf("[DEBUG] Create Client Profile %s", d.Get("name")) api := meta.(*Client).API.ClientProfilesApi - args := openapi.ClientProfile{} - args.SetName(d.Get("name").(string)) - args.SetNotes(d.Get("notes").(string)) - args.SetTags(schemaExtractTags(d)) + args := make(map[string]interface{}, 0) + args["name"] = d.Get("name").(string) + args["notes"] = d.Get("notes").(string) + args["tags"] = schemaExtractTags(d) if v, ok := d.GetOk("spa_key_name"); ok { - args.SetSpaKeyName(v.(string)) + args["spaKeyName"] = v.(string) } if v, ok := d.GetOk("identity_provider_name"); ok { - args.SetIdentityProviderName(v.(string)) + args["identityProviderName"] = v.(string) } if _, ok := d.GetOk("url"); ok { return diag.Errorf("url is not supported on your appliance version, use hostname instead") } if v, ok := d.GetOk("hostname"); ok { - args.SetHostname(v.(string)) + args["hostname"] = v.(string) } - profile, _, err := api.ClientProfilesPost(ctx).Authorization(token).ClientProfile(args).Execute() + profile, _, err := api.ClientProfilesPost(ctx).Authorization(token).Body(args).Execute() if err != nil { return diag.FromErr(fmt.Errorf("Could not create client profile %s", prettyPrintAPIError(err))) } @@ -194,43 +107,12 @@ func resourceAppgateClientProfileCreate(ctx context.Context, d *schema.ResourceD return resourceAppgateClientProfileRead(ctx, d, meta) } -func resourceAppgateClientProfileReadLegacy(ctx context.Context, d *schema.ResourceData, meta interface{}, token string) diag.Diagnostics { - api := meta.(*Client).API.ClientProfilesApi - clientConnections, _, err := api.ClientConnectionsGet(ctx).Authorization(token).Execute() - if err != nil { - return diag.Errorf("Could not read Client Connections %s", prettyPrintAPIError(err)) - } - existingProfiles := clientConnections.GetProfiles() - var p *openapi.ClientConnectionsProfilesInner - for _, profile := range existingProfiles { - log.Printf("[DEBUG] Reading Found profile %q - Looking for %s", profile.GetName(), d.Id()) - if strings.EqualFold(profile.GetName(), d.Id()) && profile.GetName() == d.Id() { - p = &profile - d.Set("name", p.GetName()) - d.Set("spa_key_name", p.GetSpaKeyName()) - d.Set("identity_provider_name", p.GetIdentityProviderName()) - d.Set("url", p.GetUrl()) - break - } - } - if p == nil { - log.Printf("[DEBUG] Client Profile id %q not found in client connections profiles", d.Id()) - d.SetId("") - } - return nil -} - func resourceAppgateClientProfileRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { var diags diag.Diagnostics token, err := meta.(*Client).GetToken() if err != nil { return diag.FromErr(err) } - currentVersion := meta.(*Client).ApplianceVersion - if currentVersion.LessThan(Appliance61Version) { - log.Printf("[DEBUG] Reading Client Profile Legacy id: %+v", d.Id()) - return resourceAppgateClientProfileReadLegacy(ctx, d, meta, token) - } log.Printf("[DEBUG] Reading Client Profile id: %+v", d.Id()) api := meta.(*Client).API.ClientProfilesApi profile, res, err := api.ClientProfilesIdGet(ctx, d.Id()).Authorization(token).Execute() @@ -245,15 +127,31 @@ func resourceAppgateClientProfileRead(ctx context.Context, d *schema.ResourceDat } return diag.FromErr(fmt.Errorf("Failed to read client profile, %s", err)) } - d.Set("id", profile.GetId()) - d.Set("name", profile.GetName()) - d.Set("notes", profile.GetNotes()) - d.Set("spa_key_name", profile.GetSpaKeyName()) - d.Set("identity_provider_name", profile.GetIdentityProviderName()) - d.Set("hostname", profile.GetHostname()) - d.Set("exported", profile.GetExported().String()) - url, _, err := api.ClientProfilesIdUrlGet(ctx, profile.GetId()).Authorization(token).Execute() + id, ok := profile["id"].(string) + if ok { + d.Set("id", id) + } + if name, ok := profile["name"].(string); ok { + d.Set("name", name) + } + if notes, ok := profile["notes"].(string); ok { + d.Set("notes", notes) + } + if spaKeyName, ok := profile["spa_key_name"].(string); ok { + d.Set("spa_key_name", spaKeyName) + } + if identityProviderName, ok := profile["identity_provider_name"].(string); ok { + d.Set("identity_provider_name", identityProviderName) + } + if hostname, ok := profile["hostname"].(string); ok { + d.Set("hostname", hostname) + } + if exported, ok := profile["exported"].(string); ok { + d.Set("exported", exported) + } + + url, _, err := api.ClientProfilesIdUrlGet(ctx, id).Authorization(token).Execute() if err != nil { diags = AppendFromErr(diags, err) return diags @@ -263,56 +161,6 @@ func resourceAppgateClientProfileRead(ctx context.Context, d *schema.ResourceDat return nil } -func resourceAppgateClientProfileDeleteLegacy(ctx context.Context, d *schema.ResourceData, meta interface{}, token string) diag.Diagnostics { - api := meta.(*Client).API.ClientProfilesApi - - err := resource.Retry(d.Timeout(schema.TimeoutDelete), func() *resource.RetryError { - rand.Seed(time.Now().UnixNano()) - duration := rand.Intn(10) // n will be between 0 and 20 - log.Printf("[DEBUG] Create Client Profile %s Sleep %d", d.Get("name"), duration) - time.Sleep(time.Duration(duration) * time.Second) - if err := applianceStatsRetryable(ctx, meta); err != nil { - return err - } - - clientConnections, _, err := api.ClientConnectionsGet(ctx).Authorization(token).Execute() - if err != nil { - return resource.RetryableError(fmt.Errorf("Could not read Client Connections during delete %w", prettyPrintAPIError(err))) - } - existingProfiles := clientConnections.GetProfiles() - var p *openapi.ClientConnectionsProfilesInner - var newProfiles []openapi.ClientConnectionsProfilesInner - for i, profile := range existingProfiles { - if strings.EqualFold(profile.GetName(), d.Id()) && profile.GetName() == d.Id() { - p = &profile - // remove the profile from the list and maintain order. - newProfiles = append(existingProfiles[:i], existingProfiles[i+1:]...) - break - } - } - if p == nil { - diag.FromErr(fmt.Errorf("could not find client profile %s during delete", d.Id())) - } - clientConnections.SetProfiles(newProfiles) - _, _, err = api.ClientConnectionsPut(ctx).ClientConnections(*clientConnections).Authorization(token).Execute() - if err != nil { - return resource.NonRetryableError(err) - } - // give the controller a moment before we check the initial status - time.Sleep(time.Duration(duration) * time.Second) - if err := waitForControllers(ctx, meta); err != nil { - return resource.NonRetryableError(fmt.Errorf("1 or more controller never reached a healthy state after deleting a client_profile: %w", err)) - } - return nil - }) - if err != nil { - return diag.Errorf("Could not delete Client profile %s after retry %s", d.Id(), err) - } - - d.SetId("") - return nil -} - func resourceAppgateClientProfileUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { token, err := meta.(*Client).GetToken() if err != nil { @@ -326,31 +174,31 @@ func resourceAppgateClientProfileUpdate(ctx context.Context, d *schema.ResourceD var diags diag.Diagnostics api := meta.(*Client).API.ClientProfilesApi - orginalProfile, _, err := api.ClientProfilesIdGet(ctx, d.Id()).Authorization(token).Execute() + originalProfile, _, err := api.ClientProfilesIdGet(ctx, d.Id()).Authorization(token).Execute() if err != nil { return diag.FromErr(fmt.Errorf("Failed to read profile while updating, %w", err)) } if d.HasChange("name") { - orginalProfile.SetName(d.Get("name").(string)) + originalProfile["name"] = d.Get("name").(string) } if d.HasChange("notes") { - orginalProfile.SetNotes(d.Get("notes").(string)) + originalProfile["notes"] = d.Get("notes").(string) } if d.HasChange("tags") { - orginalProfile.SetTags(schemaExtractTags(d)) + originalProfile["tags"] = schemaExtractTags(d) } if d.HasChange("spa_key_name") { - orginalProfile.SetSpaKeyName(d.Get("spa_key_name").(string)) + originalProfile["spa_key_name"] = d.Get("spa_key_name").(string) } if d.HasChange("identity_provider_name") { - orginalProfile.SetIdentityProviderName(d.Get("identity_provider_name").(string)) + originalProfile["identity_provider_name"] = d.Get("identity_provider_name").(string) } if d.HasChange("hostname") { - orginalProfile.SetHostname(d.Get("hostname").(string)) + originalProfile["hostname"] = d.Get("hostname").(string) } - if _, _, err := api.ClientProfilesIdPut(ctx, d.Id()).Authorization(token).ClientProfile(*orginalProfile).Execute(); err != nil { + if _, _, err := api.ClientProfilesIdPut(ctx, d.Id()).Authorization(token).Body(originalProfile).Execute(); err != nil { return diag.FromErr(fmt.Errorf("Could not update client profile %w", prettyPrintAPIError(err))) } @@ -362,11 +210,6 @@ func resourceAppgateClientProfileDelete(ctx context.Context, d *schema.ResourceD if err != nil { return diag.FromErr(err) } - currentVersion := meta.(*Client).ApplianceVersion - if currentVersion.LessThan(Appliance61Version) { - log.Printf("[DEBUG] Delete client profile Legacy %+v", d.Id()) - return resourceAppgateClientProfileDeleteLegacy(ctx, d, meta, token) - } log.Printf("[DEBUG] Delete client profile %+v", d.Id()) api := meta.(*Client).API.ClientProfilesApi if _, err := api.ClientProfilesIdDelete(ctx, d.Id()).Authorization(token).Execute(); err != nil { diff --git a/appgate/resource_appgate_client_profile_test.go b/appgate/resource_appgate_client_profile_test.go index e7ba9f4c..80c4a13c 100644 --- a/appgate/resource_appgate_client_profile_test.go +++ b/appgate/resource_appgate_client_profile_test.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "regexp" - "strings" "testing" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" @@ -14,9 +13,8 @@ import ( func TestAccClientProfileBasic(t *testing.T) { resourceName := "appgatesdp_client_profile.test_client_profile" resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckClientProfileDestroy, + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, Steps: []resource.TestStep{ { Config: testAccCheckClientProfileBasic(), @@ -46,30 +44,6 @@ resource "appgatesdp_client_profile" "test_client_profile" { ` } -func testAccCheckClientProfileDestroy(s *terraform.State) error { - for _, rs := range s.RootModule().Resources { - if rs.Type != "appgatesdp_client_profile" { - continue - } - token, err := testAccProvider.Meta().(*Client).GetToken() - if err != nil { - return err - } - api := testAccProvider.Meta().(*Client).API.ClientProfilesApi - clientConnections, _, err := api.ClientConnectionsGet(context.Background()).Authorization(token).Execute() - if err != nil { - return err - } - existingProfiles := clientConnections.GetProfiles() - for _, profile := range existingProfiles { - if strings.EqualFold(profile.GetName(), rs.Primary.ID) && profile.GetName() == rs.Primary.ID { - return fmt.Errorf("appgatesdp_client_profile %q still exists got %d profiles", rs.Primary.ID, len(existingProfiles)) - } - } - } - return nil -} - func testAccCheckClientProfileExists(resource string) resource.TestCheckFunc { return func(state *terraform.State) error { token, err := testAccProvider.Meta().(*Client).GetToken() @@ -77,7 +51,6 @@ func testAccCheckClientProfileExists(resource string) resource.TestCheckFunc { return err } api := testAccProvider.Meta().(*Client).API.ClientProfilesApi - currentVersion := testAccProvider.Meta().(*Client).ApplianceVersion rs, ok := state.RootModule().Resources[resource] if !ok { return fmt.Errorf("Not found: %s", resource) @@ -87,18 +60,6 @@ func testAccCheckClientProfileExists(resource string) resource.TestCheckFunc { return fmt.Errorf("No Record ID is set") } ctx := context.Background() - if currentVersion.LessThan(Appliance61Version) { - clientConnections, _, err := api.ClientConnectionsGet(ctx).Authorization(token).Execute() - if err != nil { - return fmt.Errorf("error fetching ClientConnections with resource %s. %s", resource, err) - } - - for _, profile := range clientConnections.GetProfiles() { - if strings.EqualFold(profile.GetName(), id) && profile.GetName() == id { - return nil - } - } - } if _, _, err := api.ClientProfilesIdGet(ctx, id).Authorization(token).Execute(); err == nil { return nil @@ -120,9 +81,8 @@ func testAccClientProfileImportStateCheckFunc(expectedStates int) resource.Impor func TestAccClientProfileBasic61(t *testing.T) { resourceName := "appgatesdp_client_profile.acme" resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckClientProfileDestroy, + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, Steps: []resource.TestStep{ { PreConfig: func() { diff --git a/appgate/resource_appgate_condition.go b/appgate/resource_appgate_condition.go index b4da66c3..594385c1 100644 --- a/appgate/resource_appgate_condition.go +++ b/appgate/resource_appgate_condition.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_criteria_script.go b/appgate/resource_appgate_criteria_script.go index 034c3cb0..da1dec3e 100644 --- a/appgate/resource_appgate_criteria_script.go +++ b/appgate/resource_appgate_criteria_script.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_device_script.go b/appgate/resource_appgate_device_script.go index 0e074de8..77121011 100644 --- a/appgate/resource_appgate_device_script.go +++ b/appgate/resource_appgate_device_script.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_entitlement.go b/appgate/resource_appgate_entitlement.go index 36fd07ec..14ea47ba 100644 --- a/appgate/resource_appgate_entitlement.go +++ b/appgate/resource_appgate_entitlement.go @@ -10,7 +10,7 @@ import ( "strings" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/hashicorp/go-version" @@ -297,11 +297,7 @@ func resourceAppgateEntitlementRuleCreate(ctx context.Context, d *schema.Resourc args.SetDisabled(d.Get("disabled").(bool)) if v, ok := d.GetOk("risk_sensitivity"); ok { - if currentVersion.LessThan(Appliance60Version) { - diags = append(diags, diag.Errorf("entitlement.risk_sensitivity is not supported on your version %s", currentVersion.String())...) - } else if currentVersion.GreaterThanOrEqual(Appliance60Version) { - args.SetRiskSensitivity(v.(string)) - } + args.SetRiskSensitivity(v.(string)) } if v, ok := d.GetOk("condition_logic"); ok { diff --git a/appgate/resource_appgate_entitlement_script.go b/appgate/resource_appgate_entitlement_script.go index 6c3b0a34..a2ae433c 100644 --- a/appgate/resource_appgate_entitlement_script.go +++ b/appgate/resource_appgate_entitlement_script.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_entitlement_test.go b/appgate/resource_appgate_entitlement_test.go index 80947c9f..d5472909 100644 --- a/appgate/resource_appgate_entitlement_test.go +++ b/appgate/resource_appgate_entitlement_test.go @@ -25,12 +25,11 @@ func TestAccEntitlementBasicPing(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "actions.#", "1"), resource.TestCheckResourceAttr(resourceName, "conditions.#", "1"), resource.TestCheckResourceAttr(resourceName, "actions.0.action", "allow"), - resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.#", "5"), + resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.#", "4"), resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.0", "10.0.0.0/24"), resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.1", "10.0.0.1"), - resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.2", "aws://security-group:accounting"), - resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.3", "dns://hostname.company.com"), - resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.4", "hostname.company.com"), + resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.2", "dns://hostname.company.com"), + resource.TestCheckResourceAttr(resourceName, "actions.0.hosts.3", "hostname.company.com"), resource.TestCheckResourceAttr(resourceName, "actions.0.ports.#", "0"), resource.TestCheckResourceAttr(resourceName, "actions.0.subtype", "icmp_up"), @@ -102,7 +101,7 @@ resource "appgatesdp_entitlement" "test_ping_item" { site = data.appgatesdp_site.default_site.id conditions = [ data.appgatesdp_condition.always.id - ] + ] tags = [ "terraform", @@ -122,7 +121,6 @@ resource "appgatesdp_entitlement" "test_ping_item" { "10.0.0.0/24", "hostname.company.com", "dns://hostname.company.com", - "aws://security-group:accounting" ] } diff --git a/appgate/resource_appgate_global_settings.go b/appgate/resource_appgate_global_settings.go index 7d48f0a7..8c794641 100644 --- a/appgate/resource_appgate_global_settings.go +++ b/appgate/resource_appgate_global_settings.go @@ -94,12 +94,6 @@ func resourceGlobalSettings() *schema.Resource { Computed: true, Sensitive: true, }, - "fips": { - Type: schema.TypeBool, - Description: "FIPS 140-2 Compliant Tunneling.", - Optional: true, - Computed: true, - }, "geo_ip_updates": { Type: schema.TypeBool, Description: "Whether the automatic GeoIp updates are enabled or not.", @@ -206,7 +200,6 @@ func resourceGlobalSettingsRead(ctx context.Context, d *schema.ResourceData, met } else { d.Set("backup_passphrase", settings.GetBackupPassphrase()) } - d.Set("fips", settings.GetFips()) d.Set("geo_ip_updates", settings.GetGeoIpUpdates()) d.Set("audit_log_persistence_mode", settings.GetAuditLogPersistenceMode()) d.Set("app_discovery_domains", settings.GetAppDiscoveryDomains()) @@ -216,16 +209,6 @@ func resourceGlobalSettingsRead(ctx context.Context, d *schema.ResourceData, met d.Set("spa_time_window_seconds", settings.GetSpaTimeWindowSeconds()) d.Set("spa_mode", settings.GetSpaMode()) - if currentVersion.GreaterThanOrEqual(Appliance54Version) { - ccAPI := meta.(*Client).API.ClientProfilesApi - request := ccAPI.ClientConnectionsGet(ctx) - clientConnections, _, err := request.Authorization(token).Execute() - if err != nil { - d.SetId("") - return diag.FromErr(fmt.Errorf("Failed to read Client Connections, %w", err)) - } - d.Set("profile_hostname", clientConnections.GetProfileHostname()) - } if currentVersion.GreaterThanOrEqual(Appliance62Version) { d.Set("registered_device_expiration_days", settings.GetRegisteredDeviceExpirationDays()) } @@ -271,9 +254,6 @@ func resourceGlobalSettingsUpdate(ctx context.Context, d *schema.ResourceData, m if d.HasChange("backup_passphrase") { originalsettings.SetBackupPassphrase(d.Get("backup_passphrase").(string)) } - if d.HasChange("fips") { - originalsettings.SetFips(d.Get("fips").(bool)) - } if d.HasChange("geo_ip_updates") { originalsettings.SetGeoIpUpdates(d.Get("geo_ip_updates").(bool)) } @@ -323,22 +303,6 @@ func resourceGlobalSettingsUpdate(ctx context.Context, d *schema.ResourceData, m return diag.FromErr(fmt.Errorf("Could not update Global settings %w", prettyPrintAPIError(err))) } - if currentVersion.GreaterThanOrEqual(Appliance54Version) && d.HasChange("profile_hostname") { - ccAPI := meta.(*Client).API.ClientProfilesApi - request := ccAPI.ClientConnectionsGet(ctx) - originalclientConnections, _, err := request.Authorization(token).Execute() - if err != nil { - d.SetId("") - return diag.FromErr(fmt.Errorf("Failed to read Client Connections, %w", err)) - } - _, v := d.GetChange("profile_hostname") - originalclientConnections.SetProfileHostname(v.(string)) - req := ccAPI.ClientConnectionsPut(ctx) - _, _, err = req.ClientConnections(*originalclientConnections).Authorization(token).Execute() - if err != nil { - return diag.FromErr(fmt.Errorf("Could not update Client Connections %w", prettyPrintAPIError(err))) - } - } return resourceGlobalSettingsRead(ctx, d, meta) } diff --git a/appgate/resource_appgate_global_settings_test.go b/appgate/resource_appgate_global_settings_test.go index 013ac651..21b1f2a3 100644 --- a/appgate/resource_appgate_global_settings_test.go +++ b/appgate/resource_appgate_global_settings_test.go @@ -30,7 +30,6 @@ func TestAccGlobalSettingsBasic(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "claims_token_expiration"), resource.TestCheckResourceAttrSet(resourceName, "collective_id"), resource.TestCheckResourceAttr(resourceName, "entitlement_token_expiration", "500"), - resource.TestCheckResourceAttrSet(resourceName, "fips"), resource.TestCheckResourceAttrSet(resourceName, "geo_ip_updates"), resource.TestCheckResourceAttr(resourceName, "login_banner_message", "Welcome"), resource.TestCheckResourceAttr(resourceName, "message_of_the_day", "hello world"), @@ -110,7 +109,6 @@ func TestAccGlobalSettings54ProfileHostname(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "claims_token_expiration"), resource.TestCheckResourceAttrSet(resourceName, "collective_id"), resource.TestCheckResourceAttrSet(resourceName, "entitlement_token_expiration"), - resource.TestCheckResourceAttrSet(resourceName, "fips"), resource.TestCheckResourceAttrSet(resourceName, "geo_ip_updates"), resource.TestCheckResourceAttrSet(resourceName, "vpn_certificate_expiration"), resource.TestCheckResourceAttr(resourceName, "profile_hostname", "xyz.appgate-sdp.com"), @@ -162,7 +160,6 @@ func TestAccGlobalSettings6AndAbove(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "backup_api_enabled"), resource.TestCheckResourceAttrSet(resourceName, "claims_token_expiration"), resource.TestCheckResourceAttrSet(resourceName, "collective_id"), - resource.TestCheckResourceAttrSet(resourceName, "fips"), resource.TestCheckResourceAttrSet(resourceName, "geo_ip_updates"), resource.TestCheckResourceAttrSet(resourceName, "vpn_certificate_expiration"), @@ -202,7 +199,6 @@ func TestAccGlobalSettings6AndAbove(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "backup_api_enabled"), resource.TestCheckResourceAttrSet(resourceName, "claims_token_expiration"), resource.TestCheckResourceAttrSet(resourceName, "collective_id"), - resource.TestCheckResourceAttrSet(resourceName, "fips"), resource.TestCheckResourceAttrSet(resourceName, "geo_ip_updates"), resource.TestCheckResourceAttrSet(resourceName, "vpn_certificate_expiration"), @@ -253,7 +249,6 @@ func TestAccGlobalSettings62AndAbove(t *testing.T) { resource.TestCheckResourceAttrSet(resourceName, "backup_api_enabled"), resource.TestCheckResourceAttrSet(resourceName, "claims_token_expiration"), resource.TestCheckResourceAttrSet(resourceName, "collective_id"), - resource.TestCheckResourceAttrSet(resourceName, "fips"), resource.TestCheckResourceAttrSet(resourceName, "geo_ip_updates"), resource.TestCheckResourceAttrSet(resourceName, "vpn_certificate_expiration"), diff --git a/appgate/resource_appgate_identity_provider_connector.go b/appgate/resource_appgate_identity_provider_connector.go index 67dd829b..92d5863e 100644 --- a/appgate/resource_appgate_identity_provider_connector.go +++ b/appgate/resource_appgate_identity_provider_connector.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_identity_provider_ldap.go b/appgate/resource_appgate_identity_provider_ldap.go index 5f0e2852..66a829d5 100644 --- a/appgate/resource_appgate_identity_provider_ldap.go +++ b/appgate/resource_appgate_identity_provider_ldap.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -164,7 +164,6 @@ func resourceAppgateLdapProviderRuleRead(d *schema.ResourceData, meta interface{ } api := meta.(*Client).API.LdapIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) ldap, res, err := request.Authorization(token).Execute() if err != nil { @@ -185,7 +184,7 @@ func resourceAppgateLdapProviderRuleRead(d *schema.ResourceData, meta interface{ d.Set("device_limit_per_user", *v) } if v, ok := ldap.GetOnBoarding2FAOk(); ok { - if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v, currentVersion)); err != nil { + if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v)); err != nil { return err } } @@ -281,7 +280,6 @@ func resourceAppgateLdapProviderRuleUpdate(d *schema.ResourceData, meta interfac } api := meta.(*Client).API.LdapIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) originalLdapProvider, _, err := request.Authorization(token).Execute() if err != nil { @@ -309,7 +307,7 @@ func resourceAppgateLdapProviderRuleUpdate(d *schema.ResourceData, meta interfac } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return err } diff --git a/appgate/resource_appgate_identity_provider_ldap_certificate.go b/appgate/resource_appgate_identity_provider_ldap_certificate.go index 5f9a8155..08c5d896 100644 --- a/appgate/resource_appgate_identity_provider_ldap_certificate.go +++ b/appgate/resource_appgate_identity_provider_ldap_certificate.go @@ -6,7 +6,7 @@ import ( "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -204,7 +204,6 @@ func resourceAppgateLdapCertificateProviderRuleRead(d *schema.ResourceData, meta return err } api := meta.(*Client).API.LdapCertificateIdentityProvidersApi - currentVersion := meta.(*Client).ApplianceVersion ctx := context.TODO() request := api.IdentityProvidersIdGet(ctx, d.Id()) ldap, res, err := request.Authorization(token).Execute() @@ -227,7 +226,7 @@ func resourceAppgateLdapCertificateProviderRuleRead(d *schema.ResourceData, meta d.Set("device_limit_per_user", *v) } if v, ok := ldap.GetOnBoarding2FAOk(); ok { - if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v, currentVersion)); err != nil { + if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v)); err != nil { return err } } @@ -298,7 +297,6 @@ func resourceAppgateLdapCertificateProviderRuleUpdate(d *schema.ResourceData, me } api := meta.(*Client).API.LdapCertificateIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) originalLdapCertificateProvider, _, err := request.Authorization(token).Execute() if err != nil { @@ -326,7 +324,7 @@ func resourceAppgateLdapCertificateProviderRuleUpdate(d *schema.ResourceData, me } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return err } diff --git a/appgate/resource_appgate_identity_provider_local_database.go b/appgate/resource_appgate_identity_provider_local_database.go index 433a63b5..0d55a417 100644 --- a/appgate/resource_appgate_identity_provider_local_database.go +++ b/appgate/resource_appgate_identity_provider_local_database.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -93,7 +93,6 @@ func resourceAppgateLocalDatabaseProviderRuleRead(d *schema.ResourceData, meta i } api := meta.(*Client).API.LocalDatabaseIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion localDatabase, err := getBuiltinLocalDatabaseProviderUUID(ctx, *api, token) if err != nil { d.SetId("") @@ -110,7 +109,7 @@ func resourceAppgateLocalDatabaseProviderRuleRead(d *schema.ResourceData, meta i // identity provider attributes d.Set("admin_provider", localDatabase.GetAdminProvider()) if v, ok := localDatabase.GetOnBoarding2FAOk(); ok { - if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v, currentVersion)); err != nil { + if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v)); err != nil { return err } } @@ -151,7 +150,6 @@ func resourceAppgateLocalDatabaseProviderRuleUpdate(d *schema.ResourceData, meta } api := meta.(*Client).API.LocalDatabaseIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) originalLocalDatabaseProvider, _, err := request.Authorization(token).Execute() if err != nil { @@ -177,7 +175,7 @@ func resourceAppgateLocalDatabaseProviderRuleUpdate(d *schema.ResourceData, meta } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return err } diff --git a/appgate/resource_appgate_identity_provider_oidc.go b/appgate/resource_appgate_identity_provider_oidc.go index 78794ada..311def70 100644 --- a/appgate/resource_appgate_identity_provider_oidc.go +++ b/appgate/resource_appgate_identity_provider_oidc.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -192,7 +192,6 @@ func resourceAppgateOidcProviderRuleRead(d *schema.ResourceData, meta interface{ } api := meta.(*Client).API.OidcIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) oidc, _, err := request.Authorization(token).Execute() if err != nil { @@ -212,7 +211,7 @@ func resourceAppgateOidcProviderRuleRead(d *schema.ResourceData, meta interface{ d.Set("device_limit_per_user", *v) } if v, ok := oidc.GetOnBoarding2FAOk(); ok { - if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v, currentVersion)); err != nil { + if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v)); err != nil { return err } } @@ -279,7 +278,6 @@ func resourceAppgateOidcProviderRuleUpdate(d *schema.ResourceData, meta interfac } api := meta.(*Client).API.OidcIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) originalOidcProvider, _, err := request.Authorization(token).Execute() if err != nil { @@ -307,7 +305,7 @@ func resourceAppgateOidcProviderRuleUpdate(d *schema.ResourceData, meta interfac } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return err } @@ -380,7 +378,7 @@ func resourceAppgateOidcProviderRuleUpdate(d *schema.ResourceData, meta interfac if d.HasChange("google") { _, v := d.GetChange("google") - googles := readOidcProviderGoogleFromConfig(v.([]interface{}), d) + googles := readOidcProviderGoogleFromConfig(v.([]interface{})) originalOidcProvider.SetGoogle(googles[0]) } @@ -393,7 +391,7 @@ func resourceAppgateOidcProviderRuleUpdate(d *schema.ResourceData, meta interfac return resourceAppgateOidcProviderRuleRead(d, meta) } -func readOidcProviderGoogleFromConfig(input []interface{}, d *schema.ResourceData) []openapi.OidcProviderAllOfGoogle { +func readOidcProviderGoogleFromConfig(input []interface{}) []openapi.OidcProviderAllOfGoogle { googles := make([]openapi.OidcProviderAllOfGoogle, 0) for _, raw := range input { google := raw.(map[string]interface{}) diff --git a/appgate/resource_appgate_identity_provider_radius.go b/appgate/resource_appgate_identity_provider_radius.go index 097a4137..6ac5bc54 100644 --- a/appgate/resource_appgate_identity_provider_radius.go +++ b/appgate/resource_appgate_identity_provider_radius.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -172,7 +172,6 @@ func resourceAppgateRadiusProviderRuleRead(d *schema.ResourceData, meta interfac } api := meta.(*Client).API.RadiusIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) radius, _, err := request.Authorization(token).Execute() if err != nil { @@ -192,7 +191,7 @@ func resourceAppgateRadiusProviderRuleRead(d *schema.ResourceData, meta interfac d.Set("device_limit_per_user", *v) } if v, ok := radius.GetOnBoarding2FAOk(); ok { - if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v, currentVersion)); err != nil { + if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v)); err != nil { return err } } @@ -246,7 +245,6 @@ func resourceAppgateRadiusProviderRuleUpdate(d *schema.ResourceData, meta interf } api := meta.(*Client).API.RadiusIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) originalRadiusProvider, _, err := request.Authorization(token).Execute() if err != nil { @@ -274,7 +272,7 @@ func resourceAppgateRadiusProviderRuleUpdate(d *schema.ResourceData, meta interf } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return err } diff --git a/appgate/resource_appgate_identity_provider_saml.go b/appgate/resource_appgate_identity_provider_saml.go index 420929b8..f3644ad9 100644 --- a/appgate/resource_appgate_identity_provider_saml.go +++ b/appgate/resource_appgate_identity_provider_saml.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -165,7 +165,6 @@ func resourceAppgateSamlProviderRuleRead(d *schema.ResourceData, meta interface{ } api := meta.(*Client).API.SamlIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) saml, _, err := request.Authorization(token).Execute() if err != nil { @@ -184,7 +183,7 @@ func resourceAppgateSamlProviderRuleRead(d *schema.ResourceData, meta interface{ d.Set("device_limit_per_user", *v) } if v, ok := saml.GetOnBoarding2FAOk(); ok { - if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v, currentVersion)); err != nil { + if err := d.Set("on_boarding_two_factor", flattenIdentityProviderOnboarding2fa(*v)); err != nil { return err } } @@ -229,7 +228,6 @@ func resourceAppgateSamlProviderRuleUpdate(d *schema.ResourceData, meta interfac } api := meta.(*Client).API.SamlIdentityProvidersApi ctx := context.TODO() - currentVersion := meta.(*Client).ApplianceVersion request := api.IdentityProvidersIdGet(ctx, d.Id()) originalSamlProvider, _, err := request.Authorization(token).Execute() if err != nil { @@ -257,7 +255,7 @@ func resourceAppgateSamlProviderRuleUpdate(d *schema.ResourceData, meta interfac } if d.HasChange("on_boarding_two_factor") { _, v := d.GetChange("on_boarding_two_factor") - onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion) + onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{})) if err != nil { return err } diff --git a/appgate/resource_appgate_ip_pool.go b/appgate/resource_appgate_ip_pool.go index 79c6f50c..760e32c2 100644 --- a/appgate/resource_appgate_ip_pool.go +++ b/appgate/resource_appgate_ip_pool.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_license.go b/appgate/resource_appgate_license.go index c245e451..c732a826 100644 --- a/appgate/resource_appgate_license.go +++ b/appgate/resource_appgate_license.go @@ -5,7 +5,7 @@ import ( "fmt" "log" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/appgate/resource_appgate_local_user.go b/appgate/resource_appgate_local_user.go index c5216a28..b2bebe56 100644 --- a/appgate/resource_appgate_local_user.go +++ b/appgate/resource_appgate_local_user.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" diff --git a/appgate/resource_appgate_mfa_provider.go b/appgate/resource_appgate_mfa_provider.go index 0d8e143e..83470121 100644 --- a/appgate/resource_appgate_mfa_provider.go +++ b/appgate/resource_appgate_mfa_provider.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_policy.go b/appgate/resource_appgate_policy.go index 48d5a498..85efb042 100644 --- a/appgate/resource_appgate_policy.go +++ b/appgate/resource_appgate_policy.go @@ -4,11 +4,12 @@ import ( "bytes" "context" "fmt" - "github.com/hashicorp/go-version" "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/hashicorp/go-version" + + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" diff --git a/appgate/resource_appgate_ringfence_rule.go b/appgate/resource_appgate_ringfence_rule.go index 95e2d250..d26b6004 100644 --- a/appgate/resource_appgate_ringfence_rule.go +++ b/appgate/resource_appgate_ringfence_rule.go @@ -6,7 +6,7 @@ import ( "log" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_site.go b/appgate/resource_appgate_site.go index ac28f091..19184fcd 100644 --- a/appgate/resource_appgate_site.go +++ b/appgate/resource_appgate_site.go @@ -8,7 +8,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/go-version" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -136,11 +136,6 @@ func resourceAppgateSite() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "state_sharing": { - Type: schema.TypeBool, - Required: true, - }, - "snat": { Type: schema.TypeBool, Required: true, @@ -302,6 +297,10 @@ func resourceAppgateSite() *schema.Resource { Optional: true, Default: true, }, + "partition": { + Type: schema.TypeString, + Optional: true, + }, "assumed_roles": { Type: schema.TypeList, Optional: true, @@ -429,6 +428,10 @@ func resourceAppgateSite() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "forwarding_rules_filter": { + Type: schema.TypeString, + Optional: true, + }, }, }, }, @@ -568,7 +571,7 @@ func resourceAppgateSiteCreate(d *schema.ResourceData, meta interface{}) error { } if v, ok := d.GetOk("vpn"); ok { - vpn, err := readSiteVPNFromConfig(currentVersion, v.([]interface{})) + vpn, err := readSiteVPNFromConfig(v.([]interface{})) if err != nil { return err } @@ -633,7 +636,7 @@ func resourceAppgateSiteRead(d *schema.ResourceData, meta interface{}) error { d.Set("entitlement_based_routing", site.EntitlementBasedRouting) if site.Vpn != nil { - if err = d.Set("vpn", flattenSiteVPN(currentVersion, *site.Vpn)); err != nil { + if err = d.Set("vpn", flattenSiteVPN(*site.Vpn)); err != nil { return err } } @@ -681,11 +684,8 @@ func flattenSiteDefaultGateway(in openapi.SiteAllOfDefaultGateway) []interface{} return []interface{}{m} } -func flattenSiteVPN(currentVersion *version.Version, in openapi.SiteAllOfVpn) []interface{} { +func flattenSiteVPN(in openapi.SiteAllOfVpn) []interface{} { m := make(map[string]interface{}) - if v, ok := in.GetStateSharingOk(); ok { - m["state_sharing"] = *v - } if v, ok := in.GetSnatOk(); ok { m["snat"] = *v } @@ -745,14 +745,12 @@ func flattenNameResolution(currentVersion *version.Version, local map[string]int if v, ok := in.GetGcpResolversOk(); ok { m["gcp_resolvers"] = flattenSiteGCPResolvers(v) } - if currentVersion.GreaterThanOrEqual(Appliance55Version) { - if v, ok := in.GetDnsForwardingOk(); ok { - dnsfwd, err := flattenSiteDnsForwading(*v) - if err != nil { - return nil, err - } - m["dns_forwarding"] = dnsfwd + if v, ok := in.GetDnsForwardingOk(); ok { + dnsfwd, err := flattenSiteDnsForwading(*v) + if err != nil { + return nil, err } + m["dns_forwarding"] = dnsfwd } if currentVersion.GreaterThanOrEqual(Appliance61Version) { if v, ok := in.GetIllumioResolversOk(); ok { @@ -893,7 +891,7 @@ func flattenSiteDNSResolver(in []openapi.SiteAllOfNameResolutionDnsResolvers) [] m["query_aaaa"] = v.GetQueryAAAA() m["default_ttl_seconds"] = v.GetDefaultTtlSeconds() m["servers"] = v.GetServers() - m["search_domains"] = v.GetSearchDomains() + m["search_domains"] = v.GetMatchDomains() out[i] = m } @@ -1003,7 +1001,7 @@ func resourceAppgateSiteUpdate(d *schema.ResourceData, meta interface{}) error { if d.HasChange("vpn") { _, v := d.GetChange("vpn") - vpn, err := readSiteVPNFromConfig(currentVersion, v.([]interface{})) + vpn, err := readSiteVPNFromConfig(v.([]interface{})) if err != nil { return err } @@ -1091,7 +1089,7 @@ func readSiteDefaultGatewayFromConfig(defaultGateways []interface{}) (openapi.Si return result, nil } -func readSiteVPNFromConfig(currentVersion *version.Version, vpns []interface{}) (openapi.SiteAllOfVpn, error) { +func readSiteVPNFromConfig(vpns []interface{}) (openapi.SiteAllOfVpn, error) { result := openapi.SiteAllOfVpn{} for _, vpn := range vpns { if vpn == nil { @@ -1099,9 +1097,6 @@ func readSiteVPNFromConfig(currentVersion *version.Version, vpns []interface{}) } raw := vpn.(map[string]interface{}) - if v, ok := raw["state_sharing"]; ok { - result.SetStateSharing(v.(bool)) - } if v, ok := raw["snat"]; ok { result.SetSnat(v.(bool)) } @@ -1269,7 +1264,7 @@ func readDNSResolversFromConfig(currentVersion *version.Version, dnsConfigs []in return result, fmt.Errorf("Failed to resolve dns search domains: %w", err) } if len(domains) > 0 { - row.SetSearchDomains(domains) + row.SetMatchDomains(domains) } } result = append(result, row) diff --git a/appgate/resource_appgate_site_test.go b/appgate/resource_appgate_site_test.go index c5962d1b..35b96ac8 100644 --- a/appgate/resource_appgate_site_test.go +++ b/appgate/resource_appgate_site_test.go @@ -92,7 +92,6 @@ func TestAccSiteBasic(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), ), @@ -633,7 +632,7 @@ func TestAccSiteBasicAwsResolverWithoutSecret(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", context["name"].(string)), resource.TestCheckResourceAttr(resourceName, "name_resolution.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "11"), + resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "12"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.access_key_id", ""), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.#", "0"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.https_proxy", ""), @@ -733,7 +732,7 @@ func TestAccSiteBasicAwsResolverresolveWithMasterCredentials(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", context["name"].(string)), resource.TestCheckResourceAttr(resourceName, "name_resolution.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "11"), + resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "12"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.access_key_id", "string1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.0.%", "4"), @@ -767,14 +766,13 @@ func TestAccSiteBasicAwsResolverresolveWithMasterCredentials(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.0", "api-created"), resource.TestCheckResourceAttr(resourceName, "tags.1", "developer"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -800,7 +798,7 @@ func TestAccSiteBasicAwsResolverresolveWithMasterCredentials(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name", context["name"].(string)), resource.TestCheckResourceAttr(resourceName, "name_resolution.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "11"), + resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "12"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.access_key_id", "string1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.0.%", "4"), @@ -834,14 +832,13 @@ func TestAccSiteBasicAwsResolverresolveWithMasterCredentials(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.0", "api-created"), resource.TestCheckResourceAttr(resourceName, "tags.1", "developer"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -858,7 +855,7 @@ func TestAccSiteBasicAwsResolverresolveWithMasterCredentials(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckSiteExists(resourceName), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "11"), + resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.%", "12"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.access_key_id", "string1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.0.assumed_roles.0.%", "4"), @@ -1217,7 +1214,7 @@ func TestAccSiteVPNRouteVia(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "default_test_site"), resource.TestCheckResourceAttr(resourceName, "tags.2", "terraform"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), @@ -1227,7 +1224,6 @@ func TestAccSiteVPNRouteVia(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv4", "10.10.10.10"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv6", "fdf8:f53b:82e4::53"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -1273,7 +1269,7 @@ func TestAccSiteVPNRouteVia(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "default_test_site"), resource.TestCheckResourceAttr(resourceName, "tags.2", "terraform"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), @@ -1283,7 +1279,6 @@ func TestAccSiteVPNRouteVia(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv4", "20.20.20.20"), // updated resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv6", "fdf8:f53b:82e4::53"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -1329,14 +1324,13 @@ func TestAccSiteVPNRouteVia(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "default_test_site"), resource.TestCheckResourceAttr(resourceName, "tags.2", "terraform"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), // deleted resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -1373,7 +1367,6 @@ func testAccSiteVPNRouteVia(context map[string]interface{}) string { } } vpn { - state_sharing = false ip_access_log_interval_seconds = 120 snat = false tls { @@ -1414,7 +1407,6 @@ func testAccSiteVPNRouteViaUpdatedV4Route(context map[string]interface{}) string } } vpn { - state_sharing = false ip_access_log_interval_seconds = 120 snat = false tls { @@ -1455,7 +1447,6 @@ func testAccSiteVPNRouteViaDeleted(context map[string]interface{}) string { } } vpn { - state_sharing = false ip_access_log_interval_seconds = 120 snat = false tls { @@ -1512,7 +1503,7 @@ func TestAccSiteVPNRouteViaIpv4Only(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "default_test"), resource.TestCheckResourceAttr(resourceName, "tags.2", "terraform"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), @@ -1522,7 +1513,6 @@ func TestAccSiteVPNRouteViaIpv4Only(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv4", "10.10.10.10"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv6", ""), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -1562,7 +1552,7 @@ func TestAccSiteVPNRouteViaIpv4Only(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "default_test"), resource.TestCheckResourceAttr(resourceName, "tags.2", "terraform"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), @@ -1572,7 +1562,6 @@ func TestAccSiteVPNRouteViaIpv4Only(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv4", "10.20.10.20"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv6", ""), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -1612,7 +1601,7 @@ func TestAccSiteVPNRouteViaIpv4Only(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.1", "default_test"), resource.TestCheckResourceAttr(resourceName, "tags.2", "terraform"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), @@ -1621,7 +1610,6 @@ func TestAccSiteVPNRouteViaIpv4Only(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.%", "2"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.0.ipv6", "fdf8:f53b:82e4::53"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -1650,7 +1638,6 @@ resource "appgatesdp_site" "d_test_site" { enabled_v6 = false } vpn { - state_sharing = false ip_access_log_interval_seconds = 120 snat = false tls { @@ -1682,7 +1669,6 @@ resource "appgatesdp_site" "d_test_site" { enabled_v6 = false } vpn { - state_sharing = false ip_access_log_interval_seconds = 120 snat = false tls { @@ -1714,7 +1700,6 @@ resource "appgatesdp_site" "d_test_site" { enabled_v6 = false } vpn { - state_sharing = false ip_access_log_interval_seconds = 120 snat = false tls { @@ -1803,14 +1788,13 @@ func TestAccSiteNameResolver6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "tags.0", "api-created"), resource.TestCheckResourceAttr(resourceName, "tags.1", "developer"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2030,7 +2014,7 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.name", "Illumio Resolver 1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.password", "adminadmin"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.port", "65530"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.update_interval", "5"), + resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.update_interval", "10"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.username", "admin"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.use_hosts_file", "false"), resource.TestCheckResourceAttr(resourceName, "network_subnets.#", "1"), @@ -2038,14 +2022,13 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "short_name", "ts0"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2091,14 +2074,13 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "short_name", "ts0"), resource.TestCheckResourceAttr(resourceName, "tags.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2137,14 +2119,13 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "short_name", "ts0"), resource.TestCheckResourceAttr(resourceName, "tags.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2269,7 +2250,7 @@ func TestAccSiteNameResolverIllumio62(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.name", "Illumio Resolver 1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.password", "adminadmin"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.port", "65530"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.update_interval", "5"), + resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.update_interval", "10"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.username", "admin"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.illumio_resolvers.0.org_id", "org12345"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.use_hosts_file", "false"), @@ -2278,14 +2259,13 @@ func TestAccSiteNameResolverIllumio62(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "Managed by terraform"), resource.TestCheckResourceAttr(resourceName, "short_name", "ts0"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2332,14 +2312,13 @@ func TestAccSiteNameResolverIllumio62(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "short_name", "ts0"), resource.TestCheckResourceAttr(resourceName, "tags.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2378,14 +2357,13 @@ func TestAccSiteNameResolverIllumio62(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "short_name", "ts0"), resource.TestCheckResourceAttr(resourceName, "tags.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "6"), + resource.TestCheckResourceAttr(resourceName, "vpn.0.%", "5"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.dtls.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.ip_access_log_interval_seconds", "120"), resource.TestCheckResourceAttr(resourceName, "vpn.0.route_via.#", "0"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.tls.0.enabled", "true"), @@ -2418,7 +2396,7 @@ resource "appgatesdp_site" "illumio_site" { illumio_resolvers { name = "Illumio Resolver 1" hostname = "illumio.acme.com" - update_interval = 5 + update_interval = 10 port = 65530 username = "admin" password = "adminadmin" @@ -2480,7 +2458,6 @@ func TestAccSiteBasic2(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "This object has been created for test purposes."), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), ), }, { @@ -2499,7 +2476,6 @@ func TestAccSiteBasic2(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "note updated"), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "true"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "true"), ), }, }, @@ -2515,7 +2491,6 @@ resource "appgatesdp_site" "test_site" { ] notes = "This object has been created for test purposes." vpn { - state_sharing = false snat = false } } @@ -2539,7 +2514,6 @@ resource "appgatesdp_site" "test_site" { "10.20.0.0/24", ] vpn { - state_sharing = true snat = true } } @@ -2570,7 +2544,6 @@ func TestAccSiteBasic3(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "This object has been created for test purposes."), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), ), }, { @@ -2589,7 +2562,6 @@ func TestAccSiteBasic3(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "notes", "This object has been created for test purposes."), resource.TestCheckResourceAttr(resourceName, "vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "vpn.0.snat", "false"), - resource.TestCheckResourceAttr(resourceName, "vpn.0.state_sharing", "false"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.#", "1"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.%", "2"), resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.address", "1.1.1.1"), @@ -2610,7 +2582,6 @@ resource "appgatesdp_site" "test_site" { ] notes = "This object has been created for test purposes." vpn { - state_sharing = false snat = false } } @@ -2626,7 +2597,6 @@ resource "appgatesdp_site" "test_site" { ] notes = "This object has been created for test purposes." vpn { - state_sharing = false snat = false } name_resolution { diff --git a/appgate/resource_appgate_stop_policy_test.go b/appgate/resource_appgate_stop_policy_test.go index c4d08234..3ca9a0f3 100644 --- a/appgate/resource_appgate_stop_policy_test.go +++ b/appgate/resource_appgate_stop_policy_test.go @@ -14,12 +14,13 @@ func TestAccPolicyStopBasic(t *testing.T) { "new_name": rName + "NEW", } resource.Test(t, resource.TestCase{ - PreCheck: func() { testFor62AndAbove(t) }, + PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckPolicyDestroy, Steps: []resource.TestStep{ { - Config: testAccCheckPolicyStopBasic(context), + PreConfig: func() { testFor62AndAbove(t) }, + Config: testAccCheckPolicyStopBasic(context), Check: resource.ComposeTestCheckFunc( testAccCheckPolicyExists(resourceName), resource.TestCheckResourceAttr(resourceName, "expression", emptyPolicyExpression), diff --git a/appgate/resource_appgate_trusted_certificate.go b/appgate/resource_appgate_trusted_certificate.go index 769d355c..23f270b3 100644 --- a/appgate/resource_appgate_trusted_certificate.go +++ b/appgate/resource_appgate_trusted_certificate.go @@ -7,7 +7,7 @@ import ( "net/http" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/resource_appgate_user_claim_script.go b/appgate/resource_appgate_user_claim_script.go index cfe0dbe3..74bc7a9f 100644 --- a/appgate/resource_appgate_user_claim_script.go +++ b/appgate/resource_appgate_user_claim_script.go @@ -6,7 +6,7 @@ import ( "log" "net/http" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) diff --git a/appgate/util.go b/appgate/util.go index 792d4816..c2b5b4c4 100644 --- a/appgate/util.go +++ b/appgate/util.go @@ -15,7 +15,7 @@ import ( "strings" "time" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" "github.com/cenkalti/backoff/v4" @@ -209,6 +209,17 @@ func readAllowedUsers(in []interface{}) ([]openapi.PrometheusExporterAllowedUser return r, nil } +func readLabelsDisabled(v []interface{}) ([]string, error) { + l := []string{} + for _, i := range v { + s, ok := i.(string) + if !ok { + return nil, fmt.Errorf("invalid type: 'i', expected string") + } + l = append(l, s) + } + return l, nil +} func readP12(in interface{}) (openapi.P12, error) { p12 := openapi.P12{} raw := in.(map[string]interface{}) @@ -226,6 +237,18 @@ func readP12(in interface{}) (openapi.P12, error) { return p12, nil } +func readArrayOfFunctionsFromConfig(list []interface{}) ([]openapi.ApplianceFunction, error) { + result := make([]openapi.ApplianceFunction, 0) + for _, item := range list { + if item == nil { + continue + } + function := openapi.ApplianceFunction(item.(string)) + result = append(result, function) + } + return result, nil +} + func readArrayOfStringsFromConfig(list []interface{}) ([]string, error) { result := make([]string, 0) for _, item := range list { @@ -237,10 +260,10 @@ func readArrayOfStringsFromConfig(list []interface{}) ([]string, error) { return result, nil } -func sliceToLowercase(l []string) []string { +func sliceToLowercase(l []openapi.ApplianceFunction) []string { result := make([]string, 0, len(l)) for _, s := range l { - result = append(result, strings.ToLower(s)) + result = append(result, strings.ToLower(string(s))) } return result } diff --git a/gen/gen-accessors.go b/gen/gen-accessors.go index ef4a8e93..ce126559 100644 --- a/gen/gen-accessors.go +++ b/gen/gen-accessors.go @@ -15,7 +15,7 @@ import ( "strings" "text/template" - "github.com/appgate/sdp-api-client-go/api/v19/openapi" + "github.com/appgate/sdp-api-client-go/api/v20/openapi" ) type Resource struct { diff --git a/website/docs/d/global_settings.html.markdown b/website/docs/d/global_settings.html.markdown index 7dfb1de6..8c1c70a3 100644 --- a/website/docs/d/global_settings.html.markdown +++ b/website/docs/d/global_settings.html.markdown @@ -26,7 +26,6 @@ data "appgatesdp_global_settings" "default_global_settings" {} * `message_of_the_day` - The onfigured message will be displayed after a successful logging. * `backup_api_enabled` - Whether the backup API is enabled or not. * `has_backup_passphrase` - Whether there is a backup passphrase set or not. Deprecated as of 5.0. Use backupApiEnabled instead. -* `fips` - FIPS 140-2 Compliant Tunneling. * `geo_ip_updates` - Whether the automatic GeoIp updates are enabled or not. * `audit_log_persistence_mode` - Audit Log persistence mode * `app_discovery_domains` - Domains to monitor for for App Discovery feature. diff --git a/website/docs/r/appliance.markdown b/website/docs/r/appliance.markdown index ebd628e8..ad06198c 100644 --- a/website/docs/r/appliance.markdown +++ b/website/docs/r/appliance.markdown @@ -544,6 +544,14 @@ Falcon Log Scale endpoints to connect and sent audit logs * `source_type`: (Optional) Translated to \#type inside Humio. If set, this is used to choose which Humio parser to use for extracting fields * `source`: (Optional) Translated to @source field in Humio. +#### Datadogs +Datadog endpoint to connect and send audit logs +* `site`: + +#### Coralogixs +Coralogix endpoint to connect and send audit logs +* `url`: + #### sites The sites to collect logs from and forward. diff --git a/website/docs/r/global_settings.markdown b/website/docs/r/global_settings.markdown index eea31517..68428b4e 100644 --- a/website/docs/r/global_settings.markdown +++ b/website/docs/r/global_settings.markdown @@ -44,7 +44,6 @@ The following arguments are supported: * `message_of_the_day`: (Optional) The configured message will be displayed after a successful login. * `backup_api_enabled`: (Optional) Whether the backup API is enabled or not. * `backup_passphrase`: (Optional) The passphrase to encrypt Appliance Backups when backup API is used. -* `fips`: (Optional) FIPS 140-2 Compliant Tunneling. * `geo_ip_updates`: (Optional) Whether the automatic GeoIp updates are enabled or not. * `audit_log_persistence_mode`: (Optional) Audit Log persistence mode. * `app_discovery_domains`: (Optional) Domains to monitor for App Discovery feature. diff --git a/website/docs/r/site.markdown b/website/docs/r/site.markdown index 953aa258..46684fe0 100644 --- a/website/docs/r/site.markdown +++ b/website/docs/r/site.markdown @@ -39,7 +39,6 @@ resource "appgatesdp_site" "gbg_site" { } entitlement_based_routing = true vpn { - state_sharing = false snat = false ip_access_log_interval_seconds = 120 tls { @@ -164,7 +163,6 @@ Default Gateway configuration. ### vpn VPN configuration for this Site. -* `state_sharing`: (Required) default value `false` Configuration for keeping track of states. * `snat`: (Required) default value `false` Source NAT. * `tls`: (Optional) VPN over TLS protocol configuration. * `dtls`: (Optional) VPN over DTLS protocol configuration. From 7c8b020944c39270cde9109069036e3b829cab03 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Wed, 17 Apr 2024 14:19:39 +0200 Subject: [PATCH 3/7] update api --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 3507d77a..31bd7501 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/appgate/terraform-provider-appgatesdp go 1.20 require ( - github.com/appgate/sdp-api-client-go v1.2.3 + github.com/appgate/sdp-api-client-go v1.2.4 github.com/cenkalti/backoff/v4 v4.2.1 github.com/denisbrodbeck/machineid v1.0.1 github.com/google/uuid v1.5.0 diff --git a/go.sum b/go.sum index b0598318..f9d36329 100644 --- a/go.sum +++ b/go.sum @@ -46,6 +46,8 @@ github.com/appgate/sdp-api-client-go v1.2.1 h1:FJCWN11HBdqEsUGbuse1gDuj0/Xn/lGGa github.com/appgate/sdp-api-client-go v1.2.1/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/appgate/sdp-api-client-go v1.2.3 h1:FVGg4fnj8EekYAMdw8qVLeRrbEt/5lTCfDeoW7P0qdE= github.com/appgate/sdp-api-client-go v1.2.3/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= +github.com/appgate/sdp-api-client-go v1.2.4 h1:JqgFuNx4znQscEfCfI9iX/4/QzsQMTewiZaZtIqT5fw= +github.com/appgate/sdp-api-client-go v1.2.4/go.mod h1:aPyFeh0fein8VSxFPZpEkeMi8m9dbN+I1RVO4QrONyk= github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= From 560cfb2b174ebf07974764286ed2f0cd0a616b5f Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Wed, 17 Apr 2024 14:31:43 +0200 Subject: [PATCH 4/7] Fix tests for 6.3 --- appgate/resource_appgate_appliance_test.go | 49 ++++-- appgate/resource_appgate_site_test.go | 187 +-------------------- appgate/util.go | 22 +-- 3 files changed, 39 insertions(+), 219 deletions(-) diff --git a/appgate/resource_appgate_appliance_test.go b/appgate/resource_appgate_appliance_test.go index 58075b9c..5f50d3e6 100644 --- a/appgate/resource_appgate_appliance_test.go +++ b/appgate/resource_appgate_appliance_test.go @@ -3143,8 +3143,9 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "5556"), resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), @@ -3267,8 +3268,9 @@ func TestAccApplianceLogServerFunction(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "ping.0.%", "1"), resource.TestCheckResourceAttr(resourceName, "ping.0.allow_sources.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "5556"), resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), @@ -3649,7 +3651,7 @@ func TestAccApplianceLogForwarderSplunkSumo61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "controller.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "customization", ""), resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "2"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "gateway.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.%", "3"), @@ -3759,8 +3761,9 @@ func TestAccApplianceLogForwarderSplunkSumo61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text", ""), resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text_color", ""), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "5556"), resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), @@ -3914,7 +3917,7 @@ func TestAccApplianceLogForwarderTcpClients(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "controller.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "customization", ""), resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), - resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "2"), + resource.TestCheckResourceAttr(resourceName, "gateway.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "gateway.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.0.%", "3"), @@ -3928,9 +3931,11 @@ func TestAccApplianceLogForwarderTcpClients(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "hostname", context["hostname"].(string)), resource.TestCheckResourceAttr(resourceName, "hostname_aliases.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.%", "9"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.%", "11"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.aws_kineses.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.#", "0"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.datadogs.#", "0"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.coralogixs.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.sites.#", "1"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.sites.0", "8a4add9e-0e99-4bb1-949c-c9faf9a49ad4"), @@ -4046,8 +4051,9 @@ func TestAccApplianceLogForwarderTcpClients(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text", ""), resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text_color", ""), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "5556"), resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), @@ -4220,7 +4226,6 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "443"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "Disabled"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "false"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "false"), resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), @@ -4251,9 +4256,11 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "hostname_aliases.#", "1"), resource.TestCheckResourceAttr(resourceName, "hostname_aliases.0", "y.com"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.%", "9"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.%", "11"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.aws_kineses.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.#", "0"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.datadogs.#", "0"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.coralogixs.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.sites.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.splunk.#", "0"), @@ -4330,8 +4337,9 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text", ""), resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text_color", ""), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "5556"), resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), @@ -4388,7 +4396,6 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "client_interface.0.https_port", "443"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.override_spa_mode", "Disabled"), resource.TestCheckResourceAttr(resourceName, "client_interface.0.proxy_protocol", "false"), - resource.TestCheckResourceAttr(resourceName, "connect_to_peers_using_client_port_with_spa", "false"), resource.TestCheckResourceAttr(resourceName, "connector.#", "1"), resource.TestCheckResourceAttr(resourceName, "connector.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "connector.0.advanced_clients.#", "0"), @@ -4418,9 +4425,11 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "hostname_aliases.#", "1"), resource.TestCheckResourceAttr(resourceName, "hostname_aliases.0", "y.com"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.#", "1"), - resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.%", "9"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.%", "11"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.aws_kineses.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.elasticsearch.#", "0"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.datadogs.#", "0"), + resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.coralogixs.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.sites.#", "0"), resource.TestCheckResourceAttr(resourceName, "log_forwarder.0.splunk.#", "0"), @@ -4497,8 +4506,9 @@ func TestAccApplianceBasicGateway6(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text", ""), resource.TestCheckResourceAttr(resourceName, "portal.0.sign_in_customization.0.text_color", ""), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "0"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "false"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "5556"), resource.TestCheckResourceAttr(resourceName, "rsyslog_destinations.#", "0"), @@ -4779,7 +4789,7 @@ func TestAccAppliance62MetricsAggregator(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.sites.#", "1"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.sites.0", "8a4add9e-0e99-4bb1-949c-c9faf9a49ad4"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.allow_sources.#", "1"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.allow_sources.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.allow_sources.0.address", "127.0.0.1"), @@ -4797,6 +4807,7 @@ func TestAccAppliance62MetricsAggregator(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.allowed_users.0.password", "foo123"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.allowed_users.1.username", "boo"), resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.allowed_users.1.password", "boo123"), + resource.TestCheckResourceAttr(resourceName, "metrics_aggregator.0.prometheus_exporter.0.labels_disabled.%", "0"), ), }, { @@ -4898,7 +4909,7 @@ func TestAccAppliance61(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { - testFor61(t) + testFor61AndAbove(t) }, Config: testAccAppliance61(context), Check: resource.ComposeTestCheckFunc( @@ -4954,7 +4965,7 @@ func TestAccAppliance61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "networking.0.routes.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "1"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.address", "127.0.0.1"), @@ -4962,6 +4973,7 @@ func TestAccAppliance61(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.nic", "eth0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.enabled", "true"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.port", "1234"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.%", "0"), resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), @@ -5067,7 +5079,7 @@ func TestAccAppliance62(t *testing.T) { Steps: []resource.TestStep{ { PreConfig: func() { - testFor62(t) + testFor62AndAbove(t) }, Config: testAccAppliance62(context), Check: resource.ComposeTestCheckFunc( @@ -5124,7 +5136,7 @@ func TestAccAppliance62(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "networking.0.routes.#", "0"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.#", "1"), - resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "7"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.%", "8"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.#", "1"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.%", "3"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allow_sources.0.address", "127.0.0.1"), @@ -5142,6 +5154,7 @@ func TestAccAppliance62(t *testing.T) { resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.0.password", "foo123"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.1.username", "boo"), resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.allowed_users.1.password", "boo123"), + resource.TestCheckResourceAttr(resourceName, "prometheus_exporter.0.labels_disabled.%", "0"), resource.TestCheckResourceAttr(resourceName, "gateway.#", "1"), resource.TestCheckResourceAttr(resourceName, "gateway.0.vpn.#", "1"), diff --git a/appgate/resource_appgate_site_test.go b/appgate/resource_appgate_site_test.go index 35b96ac8..ae39d5a4 100644 --- a/appgate/resource_appgate_site_test.go +++ b/appgate/resource_appgate_site_test.go @@ -975,188 +975,6 @@ func testAccSiteBasicAwsResolverConfiWithMasterCredentialsUpdated(context map[st } `, context) } -func TestAccSite55Attributes(t *testing.T) { - resourceName := "appgatesdp_site.test_site" - rName := RandStringFromCharSet(10, CharSetAlphaNum) - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckSiteDestroy, - Steps: []resource.TestStep{ - { - PreConfig: func() { - c := testAccProvider.Meta().(*Client) - c.GetToken() - currentVersion := c.ApplianceVersion - if currentVersion.LessThan(Appliance55Version) { - t.Skip("Test only for 5.5 and above, dns_forwarding only supported in > 5.5") - } - }, - Config: Nprintf(` - resource "appgatesdp_site" "test_site" { - name = "%{name}" - tags = [ - "developer", - "api-created" - ] - entitlement_based_routing = false - network_subnets = [ - "10.0.0.0/16" - ] - default_gateway { - enabled_v4 = false - enabled_v6 = false - excluded_subnets = [] - } - name_resolution { - azure_resolvers { - name = "AZ resolver 99" - client_id = "test_client" - secret = "test_secret" - update_interval = 60 - use_managed_identities = true - subscription_id = "AZ_test_subscription" - tenant_id = "AZ_test_tentant" - } - dns_forwarding { - site_ipv4 = "1.2.3.4" - site_ipv6 = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - dns_servers = [ - "1.1.1.1" - ] - allow_destinations { - address = "1.1.1.1" - netmask = 32 - } - allow_destinations { - address = "0.0.0.0" - netmask = 0 - } - allow_destinations { - address = "::" - netmask = 0 - } - } - } - } - `, map[string]interface{}{ - "name": rName, - }), - Check: resource.ComposeTestCheckFunc( - testAccCheckSiteExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.%", "7"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.client_id", "test_client"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.name", "AZ resolver 99"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.secret", "test_secret"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.subscription_id", "AZ_test_subscription"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.tenant_id", "AZ_test_tentant"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.update_interval", "60"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.use_managed_identities", "true"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.#", "3"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.%", "2"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.address", "0.0.0.0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.netmask", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.1.%", "2"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.1.address", "1.1.1.1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.1.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.2.%", "2"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.2.address", "::"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.2.netmask", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.dns_servers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.dns_servers.0", "1.1.1.1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.site_ipv4", "1.2.3.4"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.site_ipv6", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.esx_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.gcp_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.use_hosts_file", "false")), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccSiteImportStateCheckFunc(1), - }, - { - // Delete 2 dns_forwarding.allow_destinations - Config: Nprintf(` - resource "appgatesdp_site" "test_site" { - name = "%{name}" - tags = [ - "developer", - "api-created" - ] - entitlement_based_routing = false - network_subnets = [ - "10.0.0.0/16" - ] - default_gateway { - enabled_v4 = false - enabled_v6 = false - excluded_subnets = [] - } - name_resolution { - azure_resolvers { - name = "AZ resolver 99" - client_id = "test_client" - secret = "test_secret" - update_interval = 60 - use_managed_identities = true - subscription_id = "AZ_test_subscription" - tenant_id = "AZ_test_tentant" - } - dns_forwarding { - site_ipv4 = "1.2.3.4" - site_ipv6 = "2001:0db8:85a3:0000:0000:8a2e:0370:7334" - dns_servers = [ - "1.1.1.1" - ] - allow_destinations { - address = "1.1.1.1" - netmask = 32 - } - } - } - } - `, map[string]interface{}{ - "name": rName, - }), - Check: resource.ComposeTestCheckFunc( - testAccCheckSiteExists(resourceName), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.aws_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.%", "7"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.client_id", "test_client"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.name", "AZ resolver 99"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.secret", "test_secret"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.subscription_id", "AZ_test_subscription"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.tenant_id", "AZ_test_tentant"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.update_interval", "60"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.azure_resolvers.0.use_managed_identities", "true"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.%", "2"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.address", "1.1.1.1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.allow_destinations.0.netmask", "32"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.dns_servers.#", "1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.dns_servers.0", "1.1.1.1"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.site_ipv4", "1.2.3.4"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_forwarding.0.site_ipv6", "2001:0db8:85a3:0000:0000:8a2e:0370:7334"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.dns_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.esx_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.gcp_resolvers.#", "0"), - resource.TestCheckResourceAttr(resourceName, "name_resolution.0.use_hosts_file", "false")), - }, - { - ResourceName: resourceName, - ImportState: true, - ImportStateCheck: testAccSiteImportStateCheckFunc(1), - }, - }, - }) -} // Test for // https://github.com/appgate/terraform-provider-appgatesdp/pull/201 @@ -2038,6 +1856,9 @@ func TestAccSiteNameResolverIllumio61(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateCheck: testAccSiteImportStateCheckFunc(1), + ImportStateVerifyIgnore: []string{ + "name_resolution.0.illumio_resolvers.0.org_id", + }, }, { Config: testAccSiteNameResolverIllumioUpdated(rName), @@ -2158,7 +1979,7 @@ resource "appgatesdp_site" "illumio_site" { illumio_resolvers { name = "Illumio Resolver 1" hostname = "illumio.acme.com" - update_interval = 5 + update_interval = 10 port = 65530 username = "admin" password = "adminadmin" diff --git a/appgate/util.go b/appgate/util.go index c2b5b4c4..e836f43c 100644 --- a/appgate/util.go +++ b/appgate/util.go @@ -13,7 +13,6 @@ import ( "os" "sort" "strings" - "time" "github.com/appgate/sdp-api-client-go/api/v20/openapi" "github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode" @@ -21,7 +20,7 @@ import ( "github.com/google/uuid" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) @@ -377,12 +376,12 @@ func Nprintf(format string, params map[string]interface{}) string { return format } -func applianceStatsRetryable(ctx context.Context, meta interface{}) *resource.RetryError { +func applianceStatsRetryable(ctx context.Context, meta interface{}) *retry.RetryError { if err := checkApplianceStatus(ctx, meta)(); err != nil { if err, ok := err.(ApplianceStatsRetryableError); ok { - return resource.RetryableError(err) + return retry.RetryableError(err) } - return resource.NonRetryableError(err) + return retry.NonRetryableError(err) } return nil } @@ -430,19 +429,6 @@ func checkApplianceStatus(ctx context.Context, meta interface{}) func() error { } } -// waitForControllers is a blocking function that does exponential backOff on appliance stats -// and make sure all the controllers are healthy before returning nil -func waitForControllers(ctx context.Context, meta interface{}) error { - return backoff.Retry(checkApplianceStatus(ctx, meta), &backoff.ExponentialBackOff{ - InitialInterval: 2 * time.Second, - RandomizationFactor: 0.7, - Multiplier: 2, - MaxInterval: 5 * time.Minute, - Stop: backoff.Stop, - Clock: backoff.SystemClock, - }) -} - const ( ApplianceStateInit = "init" ApplianceStateWaitingConfig = "waiting_config" From 2af06dee7d893c66f8b6fb0d9f0ce73dbbe1d621 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Wed, 17 Apr 2024 14:33:34 +0200 Subject: [PATCH 5/7] remove unused functions --- appgate/util.go | 44 -------------------------------------------- 1 file changed, 44 deletions(-) diff --git a/appgate/util.go b/appgate/util.go index e836f43c..ba6af1e1 100644 --- a/appgate/util.go +++ b/appgate/util.go @@ -20,7 +20,6 @@ import ( "github.com/google/uuid" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" - "github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) @@ -376,16 +375,6 @@ func Nprintf(format string, params map[string]interface{}) string { return format } -func applianceStatsRetryable(ctx context.Context, meta interface{}) *retry.RetryError { - if err := checkApplianceStatus(ctx, meta)(); err != nil { - if err, ok := err.(ApplianceStatsRetryableError); ok { - return retry.RetryableError(err) - } - return retry.NonRetryableError(err) - } - return nil -} - // ApplianceStatsRetryableError is used when /stats/appliance should be retried. type ApplianceStatsRetryableError struct { err error @@ -396,39 +385,6 @@ func (e ApplianceStatsRetryableError) Error() string { return e.err.Error() } -func checkApplianceStatus(ctx context.Context, meta interface{}) func() error { - return func() error { - statsAPI := meta.(*Client).API.ApplianceStatsApi - token, err := meta.(*Client).GetToken() - if err != nil { - return err - } - stats, _, err := statsAPI.StatsAppliancesGet(ctx).Authorization(token).Execute() - if err != nil { - return ApplianceStatsRetryableError{err: err} - } - numberOfControllers := int(stats.GetControllerCount()) - controllers := make([]openapi.StatsAppliancesListAllOfData, 0, numberOfControllers) - for _, data := range stats.GetData() { - c := data.GetController() - // all none controller appliances will return n/a as status - if c.GetStatus() != "n/a" { - controllers = append(controllers, data) - } - } - if len(controllers) != numberOfControllers { - log.Printf("[DEBUG] Found %d controller expected %d", len(controllers), numberOfControllers) - } - for _, controller := range controllers { - log.Printf("[DEBUG] Wait for controllers %s %s %s", controller.GetName(), controller.GetState(), controller.GetStatus()) - if controller.GetStatus() == "busy" { - return ApplianceStatsRetryableError{err: fmt.Errorf("%s is busy, got %s", controller.GetName(), controller.GetStatus())} - } - } - return nil - } -} - const ( ApplianceStateInit = "init" ApplianceStateWaitingConfig = "waiting_config" From 0b9f5fa7f85503b234799118dc1c0e64b5ef0f8c Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Wed, 17 Apr 2024 14:38:12 +0200 Subject: [PATCH 6/7] update github actions --- .github/workflows/go.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 69f2ce6e..27483400 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -14,13 +14,13 @@ jobs: steps: - name: Set up Go 1.x - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: ^1.20 id: go - name: Check out code into the Go module directory - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Get dependencies run: | @@ -38,14 +38,14 @@ jobs: name: "Static analysis" runs-on: "ubuntu-latest" steps: - - uses: WillAbides/setup-go-faster@v1.7.0 + - uses: WillAbides/setup-go-faster@v1.14.0 with: go-version: "1.20.x" - run: "GO111MODULE=on go install honnef.co/go/tools/cmd/staticcheck@2023.1.2" - uses: actions/checkout@v1 with: fetch-depth: 1 - - uses: actions/cache@v2 + - uses: actions/cache@v4 with: path: ~/.cache/staticcheck key: staticcheck-${{ github.sha }} From 2fd40d56fccd0a399be1d4d2fcb104f1625499c3 Mon Sep 17 00:00:00 2001 From: Lars Kajes Date: Tue, 23 Apr 2024 09:33:29 +0200 Subject: [PATCH 7/7] Add docs for new fields --- website/docs/r/appliance.markdown | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/website/docs/r/appliance.markdown b/website/docs/r/appliance.markdown index ad06198c..9d244c6e 100644 --- a/website/docs/r/appliance.markdown +++ b/website/docs/r/appliance.markdown @@ -546,11 +546,18 @@ Falcon Log Scale endpoints to connect and sent audit logs #### Datadogs Datadog endpoint to connect and send audit logs -* `site`: +* `site`: Datadog site to send logs to. +* `apiKey`: API key to use for authentication. +* `source`: Source to use for the logs. +* `tags`: Tags to add to the logs. #### Coralogixs Coralogix endpoint to connect and send audit logs -* `url`: +* `url`: URL of the Coralogix collector to connect to. +* `privateKey`: Private key to use for authentication. +* `uuid`: UUID of the Coralogix collector to connect to. +* `applicationName`: Application name to use for the logs. +* `subsystemName`: Subsystem name to use for the logs. #### sites The sites to collect logs from and forward.