From 1be46f822844cc9a735447741e75001779fd0445 Mon Sep 17 00:00:00 2001 From: chkp-adambar <136433110+chkp-adambar@users.noreply.github.com> Date: Mon, 14 Aug 2023 13:59:26 +0300 Subject: [PATCH] v2.6.0 (#155) --- CHANGELOG.md | 15 + ...ource_checkpoint_management_lsm_cluster.go | 595 ++++++++ ...ource_checkpoint_management_lsm_gateway.go | 461 +++++++ ...ow_updatable_objects_repository_content.go | 49 +- ..._checkpoint_management_updatable_object.go | 225 +++ checkpoint/provider.go | 6 +- ...e_checkpoint_management_command_publish.go | 11 + ...ource_checkpoint_management_lsm_cluster.go | 1221 +++++++++++++++++ ...ource_checkpoint_management_lsm_gateway.go | 896 ++++++++++++ website/checkpoint.erb | 15 + ...point_management_lsm_cluster.html.markdown | 95 ++ ...point_management_lsm_gateway.html.markdown | 82 ++ ..._management_updatable_object.html.markdown | 50 + ...point_management_lsm_cluster.html.markdown | 114 ++ ...point_management_lsm_gateway.html.markdown | 97 ++ ...heckpoint_management_publish.html.markdown | 3 +- 16 files changed, 3890 insertions(+), 45 deletions(-) create mode 100644 checkpoint/data_source_checkpoint_management_lsm_cluster.go create mode 100644 checkpoint/data_source_checkpoint_management_lsm_gateway.go create mode 100644 checkpoint/data_source_checkpoint_management_updatable_object.go create mode 100644 checkpoint/resource_checkpoint_management_lsm_cluster.go create mode 100644 checkpoint/resource_checkpoint_management_lsm_gateway.go create mode 100644 website/docs/d/checkpoint_management_lsm_cluster.html.markdown create mode 100644 website/docs/d/checkpoint_management_lsm_gateway.html.markdown create mode 100644 website/docs/d/checkpoint_management_updatable_object.html.markdown create mode 100644 website/docs/r/checkpoint_management_lsm_cluster.html.markdown create mode 100644 website/docs/r/checkpoint_management_lsm_gateway.html.markdown diff --git a/CHANGELOG.md b/CHANGELOG.md index d0e4eb26..7f2f0cfe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,18 @@ +## 2.6.0 (August 14, 2023) + +FEATURES +* **New Resource:** `resouce_checkpoint_management_lsm_gateway` +* **New Resource:** `resouce_checkpoint_management_lsm_cluster` +* **New Data Source:** `data_source_checkpoint_management_lsm_gateway` +* **New Data Source:** `data_source_checkpoint_management_lsm_cluster` +* **New Data Source:** `data_source_checkpoint_management_updatable_object` + +BUG FIXES +* Fix data source `checkpoint_management_show_updatable_objects_repository_content` + +ENHANCEMENTS +* Add new flag `run_publish_on_destroy`to `checkpoint_management_publish` which indicates whether to run publish on destroy. + ## 2.5.1 (June 18, 2023) BUG FIXES diff --git a/checkpoint/data_source_checkpoint_management_lsm_cluster.go b/checkpoint/data_source_checkpoint_management_lsm_cluster.go new file mode 100644 index 00000000..4b328d9e --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_lsm_cluster.go @@ -0,0 +1,595 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementLsmCluster() *schema.Resource { + + return &schema.Resource{ + Read: dataSourceManagementLsmClusterRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object uid.", + }, + "dynamic_objects": { + Type: schema.TypeList, + Computed: true, + Description: "Dynamic Objects.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments.", + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Object name. Must be unique in the domain.", + }, + "resolved_ip_addresses": { + Type: schema.TypeList, + Computed: true, + Description: "Single IP-address or a range of addresses.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "IPv4 Address.", + }, + "ipv4_address_range": { + Type: schema.TypeList, + Computed: true, + Description: "IPv4 Address range.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "from_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + }, + }, + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "UID", + }, + }, + }, + }, + + "main_ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "Main IP address.", + }, + "interfaces": { + Type: schema.TypeList, + Optional: true, + Description: "Interfaces.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Interface name.", + }, + "new_name": { + Type: schema.TypeString, + Computed: true, + Description: "New name. Overrides the interface name on profile.", + }, + "ip_address_override": { + Type: schema.TypeString, + Optional: true, + Description: "IP address override. Net mask is defined by the attached LSM profile.", + }, + "cluster_ip_address_override": { + Type: schema.TypeString, + Computed: true, + Description: "IP address override. Net mask is defined by the attached LSM profile.", + }, + "member_network_override": { + Type: schema.TypeString, + Optional: true, + Description: "Member network override. Net mask is defined by the attached LSM profile.", + }, + }, + }, + }, + "members": { + Type: schema.TypeList, + Computed: true, + Description: "Cluster members.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "member_name": { + Type: schema.TypeString, + Computed: true, + Description: "Member Name. Consists of the member name in the LSM profile and the name or prefix or suffix of the cluster.", + }, + "member_uid": { + Type: schema.TypeString, + Computed: true, + Description: "Member UID", + }, + "device_id": { + Type: schema.TypeString, + Computed: true, + Description: "Device ID.", + }, + "interfaces": { + Type: schema.TypeList, + Computed: true, + Description: "Interfaces", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "IP address.", + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Interface name", + }, + }, + }, + }, + "main_ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "Main ip address", + }, + "provisioning_settings": { + Type: schema.TypeList, + Computed: true, + Description: "Provisioning settings. This field is relevant just for SMB clusters.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "provisioning_profile": { + Type: schema.TypeString, + Computed: true, + Description: "Provisioning profile.", + }, + }, + }, + }, + "provisioning_state": { + Type: schema.TypeString, + Computed: true, + Description: "Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings.", + }, + "sic_name": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication name", + }, + "sic_state": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication state", + }, + }, + }, + }, + "os_name": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform operating system.", + }, + "security_profile": { + Type: schema.TypeString, + Computed: true, + Description: "LSM profile.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "topology": { + Type: schema.TypeList, + Computed: true, + Description: "Topology.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "manual_vpn_domain": { + Type: schema.TypeList, + Computed: true, + Description: "A list of IP-addresses ranges, defined the VPN community network.This field is relevant only when manual option of vpn-domain is checked.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + "from_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + "vpn_domain": { + Type: schema.TypeString, + Computed: true, + Description: "VPN Domain type. 'external-interfaces-only' is relevnt only for Gaia devices. 'hide-behind-gateway-external-ip-address' is relevant only for SMB devices.", + }, + }, + }, + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform version.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the object. Should be one of existing colors.", + Default: "black", + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + }, + } + +} + +func dataSourceManagementLsmClusterRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + showLsmClusterRes, err := client.ApiCall("show-lsm-cluster", payload, client.GetSessionID(), true, client.IsProxyUsed()) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showLsmClusterRes.Success { + return fmt.Errorf(showLsmClusterRes.ErrorMsg) + } + + LsmCluster := showLsmClusterRes.GetData() + + log.Println("Read Lsm Cluster - Show JSON = ", LsmCluster) + + if v := LsmCluster["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + if v := LsmCluster["name"]; v != nil { + _ = d.Set("name", v) + } + if LsmCluster["dynamic-objects"] != nil { + + dynamicObjectsList := LsmCluster["dynamic-objects"].([]interface{}) + + if len(dynamicObjectsList) > 0 { + var dynamicObjectsToReturn []map[string]interface{} + + for i := range dynamicObjectsList { + + mapToAdd := make(map[string]interface{}) + + dynamicObject := dynamicObjectsList[i].(map[string]interface{}) + + if v := dynamicObject["name"]; v != nil { + mapToAdd["name"] = v + } + if v := dynamicObject["uid"]; v != nil { + mapToAdd["uid"] = v + } + + if v := dynamicObject["comments"]; v != nil { + mapToAdd["comments"] = v + } + + if v := dynamicObject["resolved-ip-addresses"]; v != nil { + + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesToReturn []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + innerMapToAdd := make(map[string]interface{}) + + resolvedIpAddress := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddress["ipv4-address"]; v != nil { + innerMapToAdd["ipv4_address"] = v + } + if v := resolvedIpAddress["ipv4-address-range"]; v != nil { + + rangeValues := v.(map[string]interface{}) + + rangeMapToReturn := make(map[string]interface{}) + + if v := rangeValues["from-ipv4-address"]; v != nil { + rangeMapToReturn["from_ipv4_address"] = v + } + + if v := rangeValues["to-ipv4-address"]; v != nil { + rangeMapToReturn["to_ipv4_address"] = v + } + innerMapToAdd["ipv4_address_range"] = []interface{}{rangeMapToReturn} + } else { + innerMapToAdd["ipv4_address_range"] = nil + } + resolvedIpAddressesToReturn = append(resolvedIpAddressesToReturn, innerMapToAdd) + } + + } + + mapToAdd["resolved_ip_addresses"] = resolvedIpAddressesToReturn + + } + + dynamicObjectsToReturn = append(dynamicObjectsToReturn, mapToAdd) + } + + _ = d.Set("dynamic_objects", dynamicObjectsToReturn) + } + } + if LsmCluster["interfaces"] != nil { + + interfacesList := LsmCluster["interfaces"].([]interface{}) + + if len(interfacesList) > 0 { + + var interfacesListToReturn []map[string]interface{} + + for i := range interfacesList { + + interfacesMap := interfacesList[i].(map[string]interface{}) + + interfacesMapToAdd := make(map[string]interface{}) + + if v, _ := interfacesMap["name"]; v != nil { + interfacesMapToAdd["name"] = v.(string) + } + if v, _ := interfacesMap["member-network-override"]; v != nil { + interfacesMapToAdd["member_network_override"] = v.(string) + } + if v, _ := interfacesMap["cluster-ip-address-override"]; v != nil { + interfacesMapToAdd["ip_address_override"] = v.(string) + } + interfacesListToReturn = append(interfacesListToReturn, interfacesMapToAdd) + } + + _ = d.Set("interfaces", interfacesListToReturn) + } + } else { + _ = d.Set("interfaces", nil) + } + if v := LsmCluster["main-ip-address"]; v != nil { + _ = d.Set("main_ip_address", v) + } + if LsmCluster["members"] != nil { + + var listOfMembersObject []map[string]interface{} + + listOfMembers := LsmCluster["members"].([]interface{}) + + for i := range listOfMembers { + + memeberObj := listOfMembers[i].(map[string]interface{}) + + memberMap := make(map[string]interface{}) + + if v := memeberObj["member-name"]; v != nil { + memberMap["member_name"] = v.(string) + } + + if v := memeberObj["member-uid"]; v != nil { + memberMap["member_uid"] = v.(string) + } + + if v := memeberObj["device-id"]; v != nil { + memberMap["device_id"] = v.(string) + } + if v := memeberObj["main-ip-address"]; v != nil { + memberMap["main_ip_address"] = v.(string) + } + if v := memeberObj["provisioning-state"]; v != nil { + memberMap["provisioning_state"] = v.(string) + } + if v := memeberObj["sic-name"]; v != nil { + memberMap["sic_name"] = v.(string) + } + if v := memeberObj["sic-state"]; v != nil { + memberMap["sic_state"] = v.(string) + } + if v, ok := memeberObj["provisioning-settings"]; ok { + + provisioningSettingsMap, ok := v.(map[string]interface{}) + if ok { + provisioningSettingsMapToReturn := make(map[string]interface{}) + + if v, _ := provisioningSettingsMap["provisioning-profile"]; v != nil { + provisioningSettingsMapToReturn["provisioning_profile"] = v.(string) + } + memberMap["provisioning_settings"] = []interface{}{provisioningSettingsMapToReturn} + } + } else { + memberMap["provisioning_settings"] = nil + } + + if v := memberMap["interfaces"]; v != nil { + + var interfacesList []map[string]interface{} + list := v.([]interface{}) + if len(list) > 0 { + + for j := range list { + + localMap := list[j].(map[string]interface{}) + mapToReturn := make(map[string]interface{}) + + if v := localMap["name"]; v != nil { + mapToReturn["name"] = v.(string) + } + if v := localMap["ip-address"]; v != nil { + mapToReturn["ip_address"] = v.(string) + } + + interfacesList = append(interfacesList, mapToReturn) + } + } + + memberMap["interfaces"] = interfacesList + } else { + memberMap["interfaces"] = nil + } + + listOfMembersObject = append(listOfMembersObject, memberMap) + } + + _ = d.Set("members", listOfMembersObject) + + } else { + _ = d.Set("members", nil) + } + if v := LsmCluster["os-name"]; v != nil { + _ = d.Set("os_name", v) + } + if v := LsmCluster["security-profile"]; v != nil { + _ = d.Set("security_profile", v) + } + if LsmCluster["tags"] != nil { + tagsJson := LsmCluster["tags"].([]interface{}) + var tagsIds = make([]string, 0) + if len(tagsJson) > 0 { + // Create slice of tag names + for _, tag := range tagsJson { + tag := tag.(map[string]interface{}) + tagsIds = append(tagsIds, tag["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } else { + _ = d.Set("tags", nil) + } + + if LsmCluster["topology"] != nil { + + topologyMap := LsmCluster["topology"].(map[string]interface{}) + + topologyMapToReturn := make(map[string]interface{}) + + if v, _ := topologyMap["vpn-domain"]; v != nil { + topologyMapToReturn["vpn_domain"] = v.(string) + } + if v, _ := topologyMap["manual-vpn-domain"]; v != nil { + + manualVpnDomainsList, ok := topologyMap["manual-vpn-domain"].([]interface{}) + + if ok { + var ManualVpnDomainsListToReturn []map[string]interface{} + + if len(manualVpnDomainsList) > 0 { + + for i := range manualVpnDomainsList { + + manualVpnDomainMap := manualVpnDomainsList[i].(map[string]interface{}) + + manualVpnDomainMapToAdd := make(map[string]interface{}) + + if v, _ := manualVpnDomainMap["comments"]; v != nil { + manualVpnDomainMapToAdd["comments"] = v + } + if v, _ := manualVpnDomainMap["from-ipv4-address"]; v != nil { + manualVpnDomainMapToAdd["from_ipv4_address"] = v + } + if v, _ := manualVpnDomainMap["to-ipv4-address"]; v != nil { + manualVpnDomainMapToAdd["to_ipv4_address"] = v + } + ManualVpnDomainsListToReturn = append(ManualVpnDomainsListToReturn, manualVpnDomainMapToAdd) + } + + } + + topologyMapToReturn["manual_vpn_domain"] = ManualVpnDomainsListToReturn + } + + } + + _ = d.Set("topology", []interface{}{topologyMapToReturn}) + + } else { + _ = d.Set("topology", nil) + } + if v := LsmCluster["version"]; v != nil { + _ = d.Set("version", v) + } + if v := LsmCluster["comments"]; v != nil { + _ = d.Set("comments", v) + } + if v := LsmCluster["color"]; v != nil { + _ = d.Set("color", v) + } + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_lsm_gateway.go b/checkpoint/data_source_checkpoint_management_lsm_gateway.go new file mode 100644 index 00000000..66d00fde --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_lsm_gateway.go @@ -0,0 +1,461 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementLsmGateway() *schema.Resource { + + return &schema.Resource{ + Read: dataSourceManagementLsmGatewayRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object uid.", + }, + "security_profile": { + Type: schema.TypeString, + Computed: true, + Description: "LSM profile.", + }, + "device_id": { + Type: schema.TypeString, + Computed: true, + Description: "Device ID.", + }, + "dynamic_objects": { + Type: schema.TypeList, + Computed: true, + Description: "Dynamic Objects.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments.", + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Object name. Must be unique in the domain.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "UID.", + }, + "resolved_ip_addresses": { + Type: schema.TypeList, + Computed: true, + Description: "Single IP-address or a range of addresses.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "IPv4 Address.", + }, + "ipv4_address_range": { + Type: schema.TypeList, + Computed: true, + Description: "IPv4 Address range.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "from_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "IP address", + }, + "os_name": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform operating system.", + }, + "provisioning_settings": { + Type: schema.TypeMap, + Computed: true, + Description: "Provisioning settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "provisioning_profile": { + Type: schema.TypeString, + Computed: true, + Description: "Provisioning profile.", + }, + }, + }, + }, + "provisioning_state": { + Type: schema.TypeString, + Computed: true, + Description: "Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile. If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings.", + }, + + "sic": { + Type: schema.TypeMap, + Computed: true, + Description: "Secure Internal Communication.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "one_time_password": { + Type: schema.TypeString, + Computed: true, + Description: "One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the gateway connects to the Security Management server for the first time.", + }, + "ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "IP address. When IP address is provided- initiate trusted communication immediately using this IP address", + }, + }, + }, + }, + "sic_name": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication name.", + }, + "sic_state": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication state.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "topology": { + Type: schema.TypeList, + Computed: true, + Description: "Topology.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "manual_vpn_domain": { + Type: schema.TypeList, + Computed: true, + Description: "A list of IP-addresses ranges, defined the VPN community network.This field is relevant only when 'manual' option of vpn-domain is checked.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + "from_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Computed: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + "vpn_domain": { + Type: schema.TypeString, + Computed: true, + Description: "VPN Domain type. 'external-interfaces-only' is relevnt only for Gaia devices. 'hide-behind-gateway-external-ip-address' is relevant only for SMB devices.", + }, + }, + }, + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform version.", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the object. Should be one of existing colors.", + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Computed: true, + Description: "Apply changes ignoring warnings.", + }, + "ignore_errors": { + Type: schema.TypeBool, + Computed: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + }, + }, + } + +} +func dataSourceManagementLsmGatewayRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showLsmGatewayRes, err := client.ApiCall("show-lsm-gateway", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showLsmGatewayRes.Success { + if objectNotFound(showLsmGatewayRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showLsmGatewayRes.ErrorMsg) + } + + lsmGateway := showLsmGatewayRes.GetData() + + log.Println("Read LsmGateway - Show JSON = ", lsmGateway) + + if v := lsmGateway["name"]; v != nil { + _ = d.Set("name", v) + } + if v := lsmGateway["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + if v := lsmGateway["device-id"]; v != nil { + _ = d.Set("device_id", v) + } + + if lsmGateway["dynamic-objects"] != nil { + + dynamicObjectsList := lsmGateway["dynamic-objects"].([]interface{}) + + if len(dynamicObjectsList) > 0 { + + var dynamicObjectsToReturn []map[string]interface{} + + for i := range dynamicObjectsList { + + mapToAdd := make(map[string]interface{}) + + dynamicObject := dynamicObjectsList[i].(map[string]interface{}) + + if v := dynamicObject["name"]; v != nil { + mapToAdd["name"] = v + } + if v := dynamicObject["uid"]; v != nil { + mapToAdd["uid"] = v + } + + if v := dynamicObject["comments"]; v != nil { + mapToAdd["comments"] = v + } + + if v := dynamicObject["resolved-ip-addresses"]; v != nil { + + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesToReturn []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + innerMapToAdd := make(map[string]interface{}) + + resolvedIpAddress := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddress["ipv4-address"]; v != nil { + innerMapToAdd["ipv4_address"] = v + } + if v := resolvedIpAddress["ipv4-address-range"]; v != nil { + + rangeValues := v.(map[string]interface{}) + + rangeMapToReturn := make(map[string]interface{}) + + if v := rangeValues["from-ipv4-address"]; v != nil { + rangeMapToReturn["from_ipv4_address"] = v + } + + if v := rangeValues["to-ipv4-address"]; v != nil { + rangeMapToReturn["to_ipv4_address"] = v + } + innerMapToAdd["ipv4_address_range"] = []interface{}{rangeMapToReturn} + } else { + innerMapToAdd["ipv4_address_range"] = nil + } + resolvedIpAddressesToReturn = append(resolvedIpAddressesToReturn, innerMapToAdd) + } + + } + + mapToAdd["resolved_ip_addresses"] = resolvedIpAddressesToReturn + + } + + dynamicObjectsToReturn = append(dynamicObjectsToReturn, mapToAdd) + } + + _ = d.Set("dynamic_objects", dynamicObjectsToReturn) + } + + } else { + _ = d.Set("dynamic_objects", nil) + } + if v := lsmGateway["ip-address"]; v != nil { + _ = d.Set("ip_address", v) + } + if v := lsmGateway["os-name"]; v != nil { + _ = d.Set("os_name", v) + } + if lsmGateway["provisioning-settings"] != nil { + + provisioningSettingsMap := lsmGateway["provisioning-settings"].(map[string]interface{}) + + provisioningSettingsMapToReturn := make(map[string]interface{}) + + if v, _ := provisioningSettingsMap["provisioning-profile"]; v != nil { + provisioningSettingsMapToReturn["provisioning_profile"] = v + } + _ = d.Set("provisioning_settings", provisioningSettingsMapToReturn) + } else { + _ = d.Set("provisioning_settings", nil) + } + + if v := lsmGateway["provisioning-state"]; v != nil { + _ = d.Set("provisioning_state", v) + } + + if v := lsmGateway["security-profile"]; v != nil { + _ = d.Set("security_profile", v) + } + if v := lsmGateway["sic-name"]; v != nil { + _ = d.Set("sic_name", v) + } + if v := lsmGateway["sic-state"]; v != nil { + _ = d.Set("sic_state", v) + } + + if lsmGateway["tags"] != nil { + tagsJson, ok := lsmGateway["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if lsmGateway["topology"] != nil { + + topologyMap, ok := lsmGateway["topology"].(map[string]interface{}) + + if ok { + topologyMapToReturn := make(map[string]interface{}) + + if v, ok := topologyMap["manual-vpn-domain"]; ok { + + manualVpnDomainList := v.([]interface{}) + + if len(manualVpnDomainList) > 0 { + + var manualVpnDomainMapToReturn []map[string]interface{} + + for i := range manualVpnDomainList { + + manualVpnDomain := manualVpnDomainList[i].(map[string]interface{}) + + mapToReturn := make(map[string]interface{}) + + if v, _ := manualVpnDomain["comments"]; v != nil { + mapToReturn["comments"] = v + } + if v, _ := manualVpnDomain["from-ipv4-address"]; v != nil { + mapToReturn["from_ipv4_address"] = v + } + if v, _ := manualVpnDomain["to-ipv4-address"]; v != nil { + mapToReturn["to_ipv4_address"] = v + } + + manualVpnDomainMapToReturn = append(manualVpnDomainMapToReturn, mapToReturn) + } + topologyMapToReturn["manual_vpn_domain"] = manualVpnDomainMapToReturn + } + + } + if v := topologyMap["vpn-domain"]; v != nil { + topologyMapToReturn["vpn_domain"] = v + } + _ = d.Set("topology", []interface{}{topologyMapToReturn}) + } + } else { + _ = d.Set("topology", nil) + } + if v := lsmGateway["version"]; v != nil { + _ = d.Set("version", v) + } + if v := lsmGateway["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := lsmGateway["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if v := lsmGateway["ignore-warnings"]; v != nil { + _ = d.Set("ignore_warnings", v) + } + + if v := lsmGateway["ignore-errors"]; v != nil { + _ = d.Set("ignore_errors", v) + } + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_show_updatable_objects_repository_content.go b/checkpoint/data_source_checkpoint_management_show_updatable_objects_repository_content.go index 99b1a095..f5f0f612 100644 --- a/checkpoint/data_source_checkpoint_management_show_updatable_objects_repository_content.go +++ b/checkpoint/data_source_checkpoint_management_show_updatable_objects_repository_content.go @@ -132,8 +132,9 @@ func dataSourceManagementShowUpdatableObjectsRepositoryContent() *schema.Resourc }, }, "updatable_object": { - Type: schema.TypeMap, + Type: schema.TypeList, Computed: true, + MaxItems: 1, Description: "The imported management object (if exists).", Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -152,30 +153,6 @@ func dataSourceManagementShowUpdatableObjectsRepositoryContent() *schema.Resourc Computed: true, Description: "Object type.", }, - "domain": { - Type: schema.TypeMap, - Computed: true, - Description: "Information about the domain that holds the Object.", - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "name": { - Type: schema.TypeString, - Computed: true, - Description: "Object name.", - }, - "uid": { - Type: schema.TypeString, - Computed: true, - Description: "Object unique identifier.", - }, - "domain_type": { - Type: schema.TypeString, - Computed: true, - Description: "Domain type.", - }, - }, - }, - }, }, }, }, @@ -304,6 +281,7 @@ func dataSourceManagementShowUpdatableObjectsRepositoryContentRead(d *schema.Res if v := additionalPropertiesJson["uri"]; v != nil { additionalPropertiesState["uri"] = v } + objectState["additional_properties"] = additionalPropertiesState } @@ -323,29 +301,14 @@ func dataSourceManagementShowUpdatableObjectsRepositoryContentRead(d *schema.Res updatableObjectState["type"] = v } - if v := updatableObjectJson["domain"]; v != nil { - domainJson := v.(map[string]interface{}) - domainState := make(map[string]interface{}) - - if v := domainJson["name"]; v != nil { - domainState["name"] = v - } - - if v := domainJson["uid"]; v != nil { - domainState["uid"] = v - } - - if v := domainJson["domain-type"]; v != nil { - domainState["domain_type"] = v - } - updatableObjectState["domain"] = domainState - } - objectState["updatable_object"] = updatableObjectState + objectState["updatable_object"] = []interface{}{updatableObjectState} } objectsListState = append(objectsListState, objectState) } + _ = d.Set("objects", objectsListState) + } else { _ = d.Set("objects", objectsList) } diff --git a/checkpoint/data_source_checkpoint_management_updatable_object.go b/checkpoint/data_source_checkpoint_management_updatable_object.go new file mode 100644 index 00000000..fa00acda --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_updatable_object.go @@ -0,0 +1,225 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementShowUpdatableObject() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementShowUpdatableObjectRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name. Should be unique in the domain.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "type": { + Type: schema.TypeString, + Computed: true, + Description: "Object type.", + }, + "name_in_updatable_objects_repository": { + Type: schema.TypeString, + Computed: true, + Description: "Object name in the Updatable Objects Repository.", + }, + "uid_in_updatable_objects_repository": { + Type: schema.TypeString, + Computed: true, + Description: "Unique identifier of the object in the Updatable Objects Repository.", + }, + "additional_properties": { + Type: schema.TypeMap, + Computed: true, + Description: "Additional properties on the object.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "description": { + Type: schema.TypeString, + Computed: true, + Description: "Sorts results by the given field in ascending order.", + }, + "info_text": { + Type: schema.TypeString, + Computed: true, + Description: "Information about the Updatable Object IP ranges source.", + }, + "info_url": { + Type: schema.TypeString, + Computed: true, + Description: "URL of the Updatable Object IP ranges source.", + }, + "uri": { + Type: schema.TypeString, + Computed: true, + Description: "URI of the Updatable Object under the Updatable Objects Repository.", + }, + }, + }, + }, + "updatable_object_meta_info": { + Type: schema.TypeList, + Computed: true, + MaxItems: 1, + Description: "", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "updated_on_updatable_objects_repository": { + Type: schema.TypeList, + Computed: true, + MaxItems: 1, + Description: "Last update time from the Updatable Objects Repository", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "iso_8601": { + Type: schema.TypeString, + Computed: true, + Description: "", + }, + "posix": { + Type: schema.TypeInt, + Computed: true, + Description: "", + }, + }, + }, + }, + }, + }, + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the object. Should be one of existing colors.", + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + }, + } +} +func dataSourceManagementShowUpdatableObjectRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := make(map[string]interface{}) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + showUpdatableObjectRes, err := client.ApiCall("show-updatable-object", payload, client.GetSessionID(), true, client.IsProxyUsed()) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showUpdatableObjectRes.Success { + return fmt.Errorf(showUpdatableObjectRes.ErrorMsg) + } + + updatableObjectJson := showUpdatableObjectRes.GetData() + + log.Println("Read updatable-object - Show JSON = ", updatableObjectJson) + + if v := updatableObjectJson["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := updatableObjectJson["name"]; v != nil { + _ = d.Set("name", v) + } + if v := updatableObjectJson["type"]; v != nil { + _ = d.Set("type", v) + } + if v := updatableObjectJson["name-in-updatable-objects-repository"]; v != nil { + + _ = d.Set("name_in_updatable_objects_repository", v.(string)) + + } + + if v := updatableObjectJson["uid-in-updatable-objects-repository"]; v != nil { + _ = d.Set("uid_in_updatable_objects_repository", v.(string)) + } + if v := updatableObjectJson["additional-properties"]; v != nil { + additionalPropertiesJson := v.(map[string]interface{}) + additionalPropertiesState := make(map[string]interface{}) + if v := additionalPropertiesJson["description"]; v != nil { + additionalPropertiesState["description"] = v + } + if v := additionalPropertiesJson["info-text"]; v != nil { + additionalPropertiesState["info_text"] = v + } + if v := additionalPropertiesJson["info-url"]; v != nil { + additionalPropertiesState["info_url"] = v + } + if v := additionalPropertiesJson["uri"]; v != nil { + additionalPropertiesState["uri"] = v + } + + _ = d.Set("additional_properties", additionalPropertiesState) + } else { + _ = d.Set("additional_properties", nil) + } + if v := updatableObjectJson["updatable-object-meta-info"]; v != nil { + metaInfoMap := v.(map[string]interface{}) + metaInfoMapToReturn := make(map[string]interface{}) + if v := metaInfoMap["updated-on-updatable-objects-repository"]; v != nil { + innerMap := v.(map[string]interface{}) + innerMapToReturn := make(map[string]interface{}) + if v := innerMap["iso-8601"]; v != nil { + innerMapToReturn["iso_8601"] = v + } + if v := innerMap["posix"]; v != nil { + innerMapToReturn["posix"] = v + } + metaInfoMapToReturn["updated_on_updatable_objects_repository"] = []interface{}{innerMapToReturn} + } + _ = d.Set("updatable_object_meta_info", []interface{}{metaInfoMapToReturn}) + } + if updatableObjectJson["tags"] != nil { + tagsJson, ok := updatableObjectJson["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if v := updatableObjectJson["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := updatableObjectJson["comments"]; v != nil { + _ = d.Set("comments", v) + } + return nil +} diff --git a/checkpoint/provider.go b/checkpoint/provider.go index d25d2a1c..2d05b8e6 100644 --- a/checkpoint/provider.go +++ b/checkpoint/provider.go @@ -111,6 +111,8 @@ func Provider() terraform.ResourceProvider { }, }, ResourcesMap: map[string]*schema.Resource{ + "checkpoint_management_lsm_cluster": resourceManagementLsmCluster(), + "checkpoint_management_lsm_gateway": resourceManagementLsmGateway(), "checkpoint_management_service_gtp": resourceManagementServiceGtp(), "checkpoint_management_smart_task": resourceManagementSmartTask(), "checkpoint_management_server_certificate": resourceManagementServerCertificate(), @@ -281,7 +283,9 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_global_assignment": resourceManagementGlobalAssignment(), }, DataSourcesMap: map[string]*schema.Resource{ - + "checkpoint_management_updatable_object": dataSourceManagementShowUpdatableObject(), + "checkpoint_management_lsm_cluster": dataSourceManagementLsmCluster(), + "checkpoint_management_lsm_gateway": dataSourceManagementLsmGateway(), "checkpoint_management_threat_rule_exception_rulebase": dataSourceManagementShowThreatRuleExceptionRuleBase(), "checkpoint_management_smart_task": dataSourceManagementSmartTask(), "checkpoint_management_service_gtp": dataSourceManagementServiceGtp(), diff --git a/checkpoint/resource_checkpoint_management_command_publish.go b/checkpoint/resource_checkpoint_management_command_publish.go index cd80b240..87c08ef6 100644 --- a/checkpoint/resource_checkpoint_management_command_publish.go +++ b/checkpoint/resource_checkpoint_management_command_publish.go @@ -33,6 +33,12 @@ func resourceManagementPublish() *schema.Resource { Type: schema.TypeString, }, }, + "run_publish_on_destroy": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: "Destroy publish resource will run publish when flag set to true", + }, }, } } @@ -62,6 +68,11 @@ func readManagementPublish(d *schema.ResourceData, m interface{}) error { } func deleteManagementPublish(d *schema.ResourceData, m interface{}) error { + if runPublish, ok := d.GetOkExists("run_publish_on_destroy"); ok { + if runPublish.(bool) { + _ = createManagementPublish(d, m) + } + } d.SetId("") return nil } diff --git a/checkpoint/resource_checkpoint_management_lsm_cluster.go b/checkpoint/resource_checkpoint_management_lsm_cluster.go new file mode 100644 index 00000000..f8b944bc --- /dev/null +++ b/checkpoint/resource_checkpoint_management_lsm_cluster.go @@ -0,0 +1,1221 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strconv" +) + +func resourceManagementLsmCluster() *schema.Resource { + return &schema.Resource{ + Create: createManagementLsmCluster, + Read: readManagementLsmCluster, + Update: updateManagementLsmCluster, + Delete: deleteManagementLsmCluster, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + + "main_ip_address": { + Type: schema.TypeString, + Required: true, + Description: "Main IP address.", + }, + "security_profile": { + Type: schema.TypeString, + Required: true, + Description: "LSM profile.", + }, + "dynamic_objects": { + Type: schema.TypeList, + Optional: true, + Description: "Dynamic Objects.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name. Must be unique in the domain.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "UID", + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments.", + }, + "resolved_ip_addresses": { + Type: schema.TypeList, + Optional: true, + Description: "Single IP-address or a range of addresses.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "IPv4 Address.", + }, + "ipv4_address_range": { + Type: schema.TypeList, + Optional: true, + Description: "IPv4 Address range.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "from_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "interfaces": { + Type: schema.TypeList, + Optional: true, + Description: "Interfaces.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Interface name.", + }, + "new_name": { + Type: schema.TypeString, + Optional: true, + Description: "New name. Overrides the interface name on profile.", + }, + "ip_address_override": { + Type: schema.TypeString, + Optional: true, + Description: "IP address override. Net mask is defined by the attached LSM profile.", + }, /** + "cluster_ip_address_override": { + Type: schema.TypeString, + Computed: true, + Description: "IP address override. Net mask is defined by the attached LSM profile.", + },*/ + "member_network_override": { + Type: schema.TypeString, + Optional: true, + Description: "Member network override. Net mask is defined by the attached LSM profile.", + }, + }, + }, + }, + "members": { + Type: schema.TypeList, + Optional: true, + Description: "Cluster members.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Member Name. Consists of the member name in the LSM profile and the name or prefix or suffix of the cluster.", + }, + "member_uid": { + Type: schema.TypeString, + Computed: true, + Description: "Member UID", + }, + "device_id": { + Type: schema.TypeString, + Optional: true, + Description: "Device ID.", + }, + "provisioning_state": { + Type: schema.TypeString, + Optional: true, + Description: "Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings.", + }, + "interfaces": { + Type: schema.TypeList, + Computed: true, + Description: "Interfaces", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "IP address.", + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Interface name", + }, + }, + }, + }, + "main_ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "Main ip address", + }, + + "provisioning_settings": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "Provisioning settings. This field is relevant just for SMB clusters.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "provisioning_profile": { + Type: schema.TypeString, + Optional: true, + Description: "Provisioning profile.", + Default: "No Provisioning Profile", + }, + }, + }, + }, + + "sic": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: "Secure Internal Communication.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ip_address": { + Type: schema.TypeString, + Optional: true, + Description: "IP address. When IP address is provided- initiate trusted communication immediately using this IP address.", + }, + "one_time_password": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Description: "One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the gateway connects to the Security Management server for the first time.", + }, + }, + }, + }, + "sic_name": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication name", + }, + "sic_state": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication state", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + }, + }, + }, + "os_name": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform operating system.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "topology": { + Type: schema.TypeList, + Optional: true, + Description: "Topology.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "manual_vpn_domain": { + Type: schema.TypeList, + Optional: true, + Description: "A list of IP-addresses ranges, defined the VPN community network.This field is relevant only when manual option of vpn-domain is checked.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "from_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + "vpn_domain": { + Type: schema.TypeString, + Optional: true, + Description: "VPN Domain type. 'external-interfaces-only' is relevnt only for Gaia devices. 'hide-behind-gateway-external-ip-address' is relevant only for SMB devices.", + }, + }, + }, + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform version.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the object. Should be one of existing colors.", + Default: "black", + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + }, + } +} + +func createManagementLsmCluster(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + lsmCluster := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + lsmCluster["name"] = v.(string) + } + if v, ok := d.GetOk("main_ip_address"); ok { + lsmCluster["main-ip-address"] = v.(string) + } + + if v, ok := d.GetOk("security_profile"); ok { + lsmCluster["security-profile"] = v.(string) + } + if v, ok := d.GetOk("dynamic_objects"); ok { + + dynamicObjectsList := v.([]interface{}) + + if len(dynamicObjectsList) > 0 { + + var dynamicObjectsPayload []map[string]interface{} + + for i := range dynamicObjectsList { + + dynamicObject := dynamicObjectsList[i].(map[string]interface{}) + + objectPayload := make(map[string]interface{}) + + if v, ok := dynamicObject["name"]; ok { + objectPayload["name"] = v.(string) + } + if v, ok := dynamicObject["resolved_ip_addresses"]; ok { + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesPayload []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + payLoad := make(map[string]interface{}) + resolvedIpAddressObj := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddressObj["ipv4_address"]; v != nil { + if len(v.(string)) > 0 { + payLoad["ipv4-address"] = v + } + + } + if v := resolvedIpAddressObj["ipv4_address_range"]; v != nil { + + list := v.([]interface{}) + if list != nil && len(list) > 0 { + + innerMap := list[0].(map[string]interface{}) + + mapToReturn := make(map[string]interface{}) + + if v := innerMap["from_ipv4_address"]; v != nil { + mapToReturn["from-ipv4-address"] = v + } + if v := innerMap["to_ipv4_address"]; v != nil { + mapToReturn["to-ipv4-address"] = v + } + payLoad["ipv4-address-range"] = mapToReturn + } + } + resolvedIpAddressesPayload = append(resolvedIpAddressesPayload, payLoad) + } + + } + objectPayload["resolved-ip-addresses"] = resolvedIpAddressesPayload + } + + dynamicObjectsPayload = append(dynamicObjectsPayload, objectPayload) + } + + lsmCluster["dynamic-objects"] = dynamicObjectsPayload + } + } + if v, ok := d.GetOk("interfaces"); ok { + + interfacesList := v.([]interface{}) + + if len(interfacesList) > 0 { + + var interfacesPayload []map[string]interface{} + + for i := range interfacesList { + + Payload := make(map[string]interface{}) + intObj := interfacesList[i].(map[string]interface{}) + if v := intObj["name"]; v != nil { + Payload["name"] = v.(string) + } + if v := intObj["new_name"]; v != nil { + Payload["new-name"] = v.(string) + } + if v := intObj["ip_address_override"]; v != nil { + Payload["ip-address-override"] = v.(string) + } + if v := intObj["member_address_override"]; v != nil { + Payload["member-network-override"] = v.(string) + } + interfacesPayload = append(interfacesPayload, Payload) + } + lsmCluster["interfaces"] = interfacesPayload + } + } + + if v, ok := d.GetOk("members"); ok { + + membersList := v.([]interface{}) + + var membersPayLoadList []map[string]interface{} + + if len(membersList) > 0 { + + for i := range membersList { + + memberPayload := make(map[string]interface{}) + + memberObj := membersList[i].(map[string]interface{}) + + if v := memberObj["name"]; v != nil { + memberPayload["name"] = v.(string) + } + if v := memberObj["device_id"]; v != nil { + memberPayload["device-id"] = v.(string) + } + if v := memberObj["provisioning_state"]; v != nil { + memberPayload["provisioning-state"] = v.(string) + } + if v := memberObj["provisioning_settings"]; v != nil { + + provisioningSettingsPayload := make(map[string]interface{}) + if (len(v.([]interface{}))) > 0 { + provisioningMap := v.([]interface{})[0].(map[string]interface{}) + + if v := provisioningMap["provisioning_profile"]; v != nil { + provisioningSettingsPayload["provisioning-profile"] = v.(string) + } + memberPayload["provisioning-settings"] = provisioningSettingsPayload + } + + } + + if v := memberObj["sic"]; v != nil { + + sicPayload := make(map[string]interface{}) + if (len(v.([]interface{}))) > 0 { + sicMap := v.([]interface{})[0].(map[string]interface{}) + if v := sicMap["ip_address"]; v != nil { + if len(v.(string)) > 0 { + sicPayload["ip-address"] = v.(string) + } + } + if v := sicMap["one_time_password"]; v != nil { + sicPayload["one-time-password"] = v.(string) + } + } + + memberPayload["sic"] = sicPayload + } + if v := memberObj["ignore_warnings"]; v != nil { + memberPayload["ignore-warnings"] = v.(bool) + } + if v := memberObj["ignore_errors"]; v != nil { + memberPayload["ignore-errors"] = v.(bool) + } + membersPayLoadList = append(membersPayLoadList, memberPayload) + + } + + lsmCluster["members"] = membersPayLoadList + } + } + if v, ok := d.GetOk("tags"); ok { + lsmCluster["tags"] = v.(*schema.Set).List() + } + + if _, ok := d.GetOk("topology"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("topology.0.vpn_domain"); ok { + res["vpn-domain"] = v.(string) + } + if v, ok := d.GetOk("topology.0.manual_vpn_domain"); ok { + + manualVpnDomainsList := v.([]interface{}) + + var manualVpnDomainsPayload []map[string]interface{} + + if len(manualVpnDomainsList) > 0 { + + for i := range manualVpnDomainsList { + + localMap := manualVpnDomainsList[i].(map[string]interface{}) + payload := make(map[string]interface{}) + + if v := localMap["commens"]; v != nil { + payload["comments"] = v.(string) + } + if v := localMap["from_ipv4_address"]; v != nil { + payload["from-ipv4-address"] = v.(string) + } + if v := localMap["to_ipv4_address"]; v != nil { + payload["to-ipv4-address"] = v.(string) + } + manualVpnDomainsPayload = append(manualVpnDomainsPayload, payload) + } + + } + + res["manual-vpn-domain"] = manualVpnDomainsPayload + } + + lsmCluster["topology"] = res + + } + if v, ok := d.GetOk("color"); ok { + lsmCluster["color"] = v.(string) + } + + if v, ok := d.GetOk("comments"); ok { + lsmCluster["comments"] = v.(string) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + lsmCluster["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + lsmCluster["ignore-errors"] = v.(bool) + } + + log.Println("Create LsmCluster - Map = ", lsmCluster) + + addLsmClusterRes, err := client.ApiCall("add-lsm-cluster", lsmCluster, client.GetSessionID(), true, false) + if err != nil || !addLsmClusterRes.Success { + if addLsmClusterRes.ErrorMsg != "" { + return fmt.Errorf(addLsmClusterRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addLsmClusterRes.GetData()["uid"].(string)) + + return readManagementLsmCluster(d, m) +} + +func readManagementLsmCluster(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showLsmClusterRes, err := client.ApiCall("show-lsm-cluster", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showLsmClusterRes.Success { + if objectNotFound(showLsmClusterRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showLsmClusterRes.ErrorMsg) + } + + lsmCluster := showLsmClusterRes.GetData() + + log.Println("Read LsmCluster - Show JSON = ", lsmCluster) + + if v := lsmCluster["name"]; v != nil { + _ = d.Set("name", v) + } + + if lsmCluster["dynamic-objects"] != nil { + + dynamicObjectsList := lsmCluster["dynamic-objects"].([]interface{}) + + if len(dynamicObjectsList) > 0 { + var dynamicObjectsToReturn []map[string]interface{} + + for i := range dynamicObjectsList { + + mapToAdd := make(map[string]interface{}) + + dynamicObject := dynamicObjectsList[i].(map[string]interface{}) + + if v := dynamicObject["name"]; v != nil { + mapToAdd["name"] = v + } + if v := dynamicObject["uid"]; v != nil { + mapToAdd["uid"] = v + } + + if v := dynamicObject["comments"]; v != nil { + mapToAdd["comments"] = v + } + + if v := dynamicObject["resolved-ip-addresses"]; v != nil { + + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesToReturn []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + innerMapToAdd := make(map[string]interface{}) + + resolvedIpAddress := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddress["ipv4-address"]; v != nil { + innerMapToAdd["ipv4_address"] = v + } + if v := resolvedIpAddress["ipv4-address-range"]; v != nil { + + rangeValues := v.(map[string]interface{}) + + rangeMapToReturn := make(map[string]interface{}) + + if v := rangeValues["from-ipv4-address"]; v != nil { + rangeMapToReturn["from_ipv4_address"] = v + } + + if v := rangeValues["to-ipv4-address"]; v != nil { + rangeMapToReturn["to_ipv4_address"] = v + } + innerMapToAdd["ipv4_address_range"] = []interface{}{rangeMapToReturn} + } else { + innerMapToAdd["ipv4_address_range"] = nil + } + resolvedIpAddressesToReturn = append(resolvedIpAddressesToReturn, innerMapToAdd) + } + + } + + mapToAdd["resolved_ip_addresses"] = resolvedIpAddressesToReturn + + } + + dynamicObjectsToReturn = append(dynamicObjectsToReturn, mapToAdd) + } + + _ = d.Set("dynamic_objects", dynamicObjectsToReturn) + } + + } else { + _ = d.Set("dynamic_objects", nil) + } + + if lsmCluster["interfaces"] != nil { + + interfacesList, ok := lsmCluster["interfaces"].([]interface{}) + + if ok { + + if len(interfacesList) > 0 { + + var interfacesListToReturn []map[string]interface{} + + for i := range interfacesList { + + interfacesMap := interfacesList[i].(map[string]interface{}) + + interfacesMapToAdd := make(map[string]interface{}) + + if v, _ := interfacesMap["name"]; v != nil { + interfacesMapToAdd["name"] = v + } + if v, _ := interfacesMap["member-network-override"]; v != nil { + interfacesMapToAdd["member_network_override"] = v + } + if v, _ := interfacesMap["cluster-ip-address-override"]; v != nil { + interfacesMapToAdd["ip_address_override"] = v + } + interfacesListToReturn = append(interfacesListToReturn, interfacesMapToAdd) + } + _ = d.Set("interfaces", interfacesListToReturn) + } + } + } + + if v := lsmCluster["main-ip-address"]; v != nil { + _ = d.Set("main_ip_address", v) + } + + if lsmCluster["members"] != nil { + + var listOfMembersObject []map[string]interface{} + + listOfMembers := lsmCluster["members"].([]interface{}) + + for i := range listOfMembers { + + memeberObj := listOfMembers[i].(map[string]interface{}) + + memberMap := make(map[string]interface{}) + + if v := memeberObj["member-name"]; v != nil { + memberMap["name"] = v.(string) + } + + if v := memeberObj["member-uid"]; v != nil { + memberMap["member_uid"] = v.(string) + } + + if v := memeberObj["device-id"]; v != nil { + memberMap["device_id"] = v.(string) + } + if v := memeberObj["main-ip-address"]; v != nil { + memberMap["main_ip_address"] = v.(string) + } + if v := memeberObj["provisioning-state"]; v != nil { + memberMap["provisioning_state"] = v.(string) + } + if v := memeberObj["sic-name"]; v != nil { + memberMap["sic_name"] = v.(string) + } + if v := memeberObj["sic-state"]; v != nil { + memberMap["sic_state"] = v.(string) + } + + if confMmebersList, ok := d.GetOk("members"); ok { + + for i := range confMmebersList.([]interface{}) { + if uid, ok := d.GetOk("members." + strconv.Itoa(i) + ".member_uid"); ok { + if memberMap["member_uid"] == uid { + sicMapToReturn := make(map[string]interface{}) + if sicObj, ok := d.GetOk("members." + strconv.Itoa(i) + ".sic.0"); ok { + sicMap := sicObj.(map[string]interface{}) + if v := sicMap["ip_address"]; v != nil { + sicMapToReturn["ip_address"] = v + } + if v := sicMap["one_time_password"]; v != nil { + sicMapToReturn["one_time_password"] = v + } + memberMap["sic"] = []interface{}{sicMapToReturn} + break + } + + } + } + + } + if memberMap["sic"] == nil { + memberMap["sic"] = []interface{}{} + } + } + + if v, ok := memeberObj["provisioning-settings"]; ok { + + provisioningSettingsMap, ok := v.(map[string]interface{}) + if ok { + provisioningSettingsMapToReturn := make(map[string]interface{}) + + if v, _ := provisioningSettingsMap["provisioning-profile"]; v != nil { + provisioningSettingsMapToReturn["provisioning_profile"] = v.(string) + } + memberMap["provisioning_settings"] = []interface{}{provisioningSettingsMapToReturn} + } + } else { + memberMap["provisioning_settings"] = nil + } + + if v := memberMap["interfaces"]; v != nil { + + var interfacesList []map[string]interface{} + list := v.([]interface{}) + if len(list) > 0 { + + for j := range list { + + localMap := list[j].(map[string]interface{}) + mapToReturn := make(map[string]interface{}) + + if v := localMap["name"]; v != nil { + mapToReturn["name"] = v.(string) + } + if v := localMap["ip-address"]; v != nil { + mapToReturn["ip_address"] = v.(string) + } + + interfacesList = append(interfacesList, mapToReturn) + } + } + + memberMap["interfaces"] = interfacesList + } else { + memberMap["interfaces"] = nil + } + + listOfMembersObject = append(listOfMembersObject, memberMap) + } + + _ = d.Set("members", listOfMembersObject) + + } else { + _ = d.Set("members", nil) + } + if v := lsmCluster["os-name"]; v != nil { + _ = d.Set("os_name", v) + } + if v := lsmCluster["security-profile"]; v != nil { + _ = d.Set("security_profile", v) + } + if v := lsmCluster["version"]; v != nil { + _ = d.Set("version", v) + } + + if lsmCluster["tags"] != nil { + tagsJson, ok := lsmCluster["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if lsmCluster["topology"] != nil { + + topologyMap, ok := lsmCluster["topology"].(map[string]interface{}) + + if ok { + topologyMapToReturn := make(map[string]interface{}) + + if v, ok := topologyMap["manual-vpn-domain"]; ok { + + manualVpnDomainList := v.([]interface{}) + + if len(manualVpnDomainList) > 0 { + + var manualVpnDomainMapToReturn []map[string]interface{} + + for i := range manualVpnDomainList { + + manualVpnDomain := manualVpnDomainList[i].(map[string]interface{}) + + mapToReturn := make(map[string]interface{}) + + if v, _ := manualVpnDomain["comments"]; v != nil { + mapToReturn["comments"] = v + } + if v, _ := manualVpnDomain["from-ipv4-address"]; v != nil { + mapToReturn["from_ipv4_address"] = v + } + if v, _ := manualVpnDomain["to-ipv4-address"]; v != nil { + mapToReturn["to_ipv4_address"] = v + } + + manualVpnDomainMapToReturn = append(manualVpnDomainMapToReturn, mapToReturn) + } + topologyMapToReturn["manual_vpn_domain"] = []interface{}{manualVpnDomainMapToReturn} + } + + } + if v := topologyMap["vpn-domain"]; v != nil { + topologyMapToReturn["vpn_domain"] = v + } + _ = d.Set("topology", topologyMapToReturn) + } + } else { + _ = d.Set("topology", nil) + } + + if v := lsmCluster["version"]; v != nil { + _ = d.Set("version", v) + } + + if v := lsmCluster["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := lsmCluster["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if v := lsmCluster["ignore-warnings"]; v != nil { + _ = d.Set("ignore_warnings", v) + } + + if v := lsmCluster["ignore-errors"]; v != nil { + _ = d.Set("ignore_errors", v) + } + + return nil + +} + +func updateManagementLsmCluster(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + lsmCluster := make(map[string]interface{}) + + if name, ok := d.GetOk("name"); ok { + + lsmCluster["name"] = name + + } else { + lsmCluster["uid"] = d.Id() + } + + if d.HasChange("dynamic_objects") { + + if v, ok := d.GetOk("dynamic_objects"); ok { + + dynamicObjectsList := v.([]interface{}) + + var dynamicObjectsToReturn []map[string]interface{} + + if len(dynamicObjectsList) > 0 { + + for j := range dynamicObjectsList { + + objectToReturn := make(map[string]interface{}) + + dynamicObject := dynamicObjectsList[j].(map[string]interface{}) + + if v := dynamicObject["name"]; v != nil { + if len(v.(string)) > 0 { + objectToReturn["name"] = v.(string) + } + + } else { + if v := dynamicObject["uid"]; v != nil { + if len(v.(string)) > 0 { + objectToReturn["uid"] = v.(string) + } + } + } + + if v := dynamicObject["resolved_ip_addresses"]; v != nil { + + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesToReturn []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + innerMapToAdd := make(map[string]interface{}) + + resolvedIpAddress := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddress["ipv4_address"]; v != nil { + if len(v.(string)) > 0 { + innerMapToAdd["ipv4-address"] = v.(string) + } + + } + if v := resolvedIpAddress["ipv4_address_range"]; v != nil { + + list := v.([]interface{}) + if len(list) > 0 { + rangeValues := list[0].(map[string]interface{}) + rangeMapToReturn := make(map[string]interface{}) + + if v := rangeValues["from_ipv4_address"]; v != nil { + rangeMapToReturn["from-ipv4-address"] = v + } + + if v := rangeValues["to_ipv4_address"]; v != nil { + rangeMapToReturn["to-ipv4-address"] = v + } + innerMapToAdd["ipv4-address-range"] = rangeMapToReturn + } + } + + resolvedIpAddressesToReturn = append(resolvedIpAddressesToReturn, innerMapToAdd) + } + + } + objectToReturn["resolved-ip-addresses"] = resolvedIpAddressesToReturn + + dynamicObjectsToReturn = append(dynamicObjectsToReturn, objectToReturn) + } + + } + + lsmCluster["dynamic-objects"] = dynamicObjectsToReturn + } + + } + + } + + if d.HasChange("interfaces") { + + if v, ok := d.GetOk("interfaces"); ok { + + interfacesList := v.([]interface{}) + + var interfacesPayload []map[string]interface{} + + for i := range interfacesList { + + Payload := make(map[string]interface{}) + + if _, ok = d.GetOk("interfaces." + strconv.Itoa(i) + ".name"); ok { + Payload["name"] = d.Get("interfaces." + strconv.Itoa(i) + ".name") + } + if _, ok = d.GetOk("interfaces." + strconv.Itoa(i) + ".new_name"); ok { + Payload["new-name"] = d.Get("interfaces." + strconv.Itoa(i) + ".new_name") + } + if _, ok = d.GetOk("interfaces." + strconv.Itoa(i) + ".ip_address_override"); ok { + Payload["ip-address-override"] = d.Get("interfaces." + strconv.Itoa(i) + ".ip_address_override") + } + if _, ok = d.GetOk("interfaces." + strconv.Itoa(i) + ".member_network_override"); ok { + Payload["member-network-override"] = d.Get("interfaces." + strconv.Itoa(i) + ".member_network_override") + } + interfacesPayload = append(interfacesPayload, Payload) + } + lsmCluster["interfaces"] = interfacesPayload + } else { + oldinterfaces, _ := d.GetChange("interfaces") + var interfacesToDelete []interface{} + for _, i := range oldinterfaces.([]interface{}) { + interfacesToDelete = append(interfacesToDelete, i.(map[string]interface{})["name"].(string)) + } + lsmCluster["interfaces"] = map[string]interface{}{"remove": interfacesToDelete} + } + } + + if d.HasChange("members") { + + if v, ok := d.GetOk("members"); ok { + + membersList := v.([]interface{}) + + if len(membersList) > 0 { + + var membersPayLoadList []map[string]interface{} + + for i := range membersList { + + memberObj := membersList[i].(map[string]interface{}) + memberMap := make(map[string]interface{}) + + if v := memberObj["name"]; v != nil { + memberMap["name"] = v + } + if v := memberObj["device_id"]; v != nil { + memberMap["device-id"] = v + } + if v := memberObj["provisioning_state"]; v != nil { + memberMap["provisioning-state"] = v + } + if v := memberObj["provisioning_settings"]; v != nil { + + provisioningSettingsPayload := make(map[string]interface{}) + provisioningObj := v.([]interface{})[0].(map[string]interface{}) + if v := provisioningObj["provisioning_profile"]; v != nil { + provisioningSettingsPayload["provisioning-profile"] = v + } + + memberMap["provisioning-settings"] = provisioningSettingsPayload + } + if v := memberObj["sic"]; v != nil { + sicMap := make(map[string]interface{}) + sicObj := v.([]interface{})[0].(map[string]interface{}) + if v := sicObj["one_time_password"]; v != nil { + sicMap["one-time-password"] = v + } + if v := sicObj["ip_address"]; v != nil { + if len(v.(string)) > 0 { + sicMap["ip-address"] = v + } + + } + memberMap["sic"] = sicMap + } + membersPayLoadList = append(membersPayLoadList, memberMap) + } + + lsmCluster["members"] = membersPayLoadList + } + } + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + lsmCluster["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + lsmCluster["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if d.HasChange("topology") { + + if _, ok := d.GetOk("topology"); ok { + + topologyPayload := make(map[string]interface{}) + + if v := d.Get("topology.0.vpn_domain"); v != nil { + + topologyPayload["vpn-domain"] = v.(string) + } + if v := d.Get("topology.0.manual_vpn_domain"); v != nil { + + var manualVpnDomainsToReturn []map[string]interface{} + + manualVpnDomainsList := v.([]interface{}) + + if len(manualVpnDomainsList) > 0 { + + for i := range manualVpnDomainsList { + + manualVpnDomainPayload := make(map[string]interface{}) + + manualVpnDomain := manualVpnDomainsList[i].(map[string]interface{}) + + if v := manualVpnDomain["comments"]; v != nil { + manualVpnDomainPayload["comments"] = v + } + if v := manualVpnDomain["from_ipv4_address"]; v != nil { + manualVpnDomainPayload["from-ipv4-address"] = v + } + if v := manualVpnDomain["to_ipv4_address"]; v != nil { + manualVpnDomainPayload["to-ipv4-address"] = v + } + manualVpnDomainsToReturn = append(manualVpnDomainsToReturn, manualVpnDomainPayload) + } + } + + topologyPayload["manual-vpn-domain"] = manualVpnDomainsToReturn + } + + lsmCluster["topology"] = topologyPayload + + } + } + + if ok := d.HasChange("color"); ok { + lsmCluster["color"] = d.Get("color") + } + + if ok := d.HasChange("comments"); ok { + lsmCluster["comments"] = d.Get("comments") + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + lsmCluster["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + lsmCluster["ignore-errors"] = v.(bool) + } + + log.Println("Update LsmCluster - Map = ", lsmCluster) + + updateLsmClusterRes, err := client.ApiCall("set-lsm-cluster", lsmCluster, client.GetSessionID(), true, false) + if err != nil || !updateLsmClusterRes.Success { + if updateLsmClusterRes.ErrorMsg != "" { + return fmt.Errorf(updateLsmClusterRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementLsmCluster(d, m) +} + +func deleteManagementLsmCluster(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + lsmClusterPayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete LsmCluster") + + deleteLsmClusterRes, err := client.ApiCall("delete-lsm-cluster", lsmClusterPayload, client.GetSessionID(), true, false) + if err != nil || !deleteLsmClusterRes.Success { + if deleteLsmClusterRes.ErrorMsg != "" { + return fmt.Errorf(deleteLsmClusterRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/checkpoint/resource_checkpoint_management_lsm_gateway.go b/checkpoint/resource_checkpoint_management_lsm_gateway.go new file mode 100644 index 00000000..283d00d6 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_lsm_gateway.go @@ -0,0 +1,896 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementLsmGateway() *schema.Resource { + return &schema.Resource{ + Create: createManagementLsmGateway, + Read: readManagementLsmGateway, + Update: updateManagementLsmGateway, + Delete: deleteManagementLsmGateway, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name.", + }, + "security_profile": { + Type: schema.TypeString, + Required: true, + Description: "LSM profile.", + }, + "device_id": { + Type: schema.TypeString, + Optional: true, + Description: "Device ID.", + }, + "dynamic_objects": { + Type: schema.TypeList, + Optional: true, + Description: "Dynamic Objects.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments.", + }, + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name. Must be unique in the domain.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "UID.", + }, + "resolved_ip_addresses": { + Type: schema.TypeList, + Optional: true, + Description: "Single IP-address or a range of addresses.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "IPv4 Address.", + }, + "ipv4_address_range": { + Type: schema.TypeList, + Optional: true, + Description: "IPv4 Address range.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "from_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "ip_address": { + Type: schema.TypeString, + Computed: true, + Description: "IP address", + }, + "os_name": { + Type: schema.TypeString, + Computed: true, + Description: "Device platform operating system.", + }, + "provisioning_settings": { + Type: schema.TypeMap, + Optional: true, + Description: "Provisioning settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "provisioning_profile": { + Type: schema.TypeString, + Optional: true, + Description: "Provisioning profile.", + Default: "No Provisioning Profile", + }, + }, + }, + }, + "provisioning_state": { + Type: schema.TypeString, + Optional: true, + Description: "Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile. If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings.", + }, + + "sic": { + Type: schema.TypeMap, + Optional: true, + Description: "Secure Internal Communication.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "one_time_password": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Description: "One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the gateway connects to the Security Management server for the first time.", + }, + "ip_address": { + Type: schema.TypeString, + Optional: true, + Description: "IP address. When IP address is provided- initiate trusted communication immediately using this IP address", + }, + }, + }, + }, + "sic_name": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication name.", + }, + "sic_state": { + Type: schema.TypeString, + Computed: true, + Description: "Secure Internal Communication state.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "topology": { + Type: schema.TypeList, + Optional: true, + Description: "Topology.", + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "manual_vpn_domain": { + Type: schema.TypeList, + Optional: true, + Description: "A list of IP-addresses ranges, defined the VPN community network.This field is relevant only when 'manual' option of vpn-domain is checked.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "from_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "First IPv4 address of the IP address range.", + }, + "to_ipv4_address": { + Type: schema.TypeString, + Optional: true, + Description: "Last IPv4 address of the IP address range.", + }, + }, + }, + }, + "vpn_domain": { + Type: schema.TypeString, + Optional: true, + Description: "VPN Domain type. 'external-interfaces-only' is relevnt only for Gaia devices. 'hide-behind-gateway-external-ip-address' is relevant only for SMB devices.", + }, + }, + }, + }, + "version": { + Type: schema.TypeString, + Optional: true, + Description: "Device platform version.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the object. Should be one of existing colors.", + Default: "black", + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + }, + } +} + +func createManagementLsmGateway(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + lsmGateway := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + lsmGateway["name"] = v.(string) + } + + if v, ok := d.GetOk("device_id"); ok { + lsmGateway["device-id"] = v.(string) + } + if v, ok := d.GetOk("dynamic_objects"); ok { + + dynamicObjectsList := v.([]interface{}) + + if len(dynamicObjectsList) > 0 { + + var dynamicObjectsMapToReturn []map[string]interface{} + + for j := range dynamicObjectsList { + + dynamicObject := dynamicObjectsList[j].(map[string]interface{}) + + objectPayload := make(map[string]interface{}) + + if v, ok := dynamicObject["name"]; ok { + + objectPayload["name"] = v.(string) + } + if v, ok := dynamicObject["resolved_ip_addresses"]; ok { + + resolvedIpAddressList := v.([]interface{}) + + var resolvedIpAddressesPayload []map[string]interface{} + + if len(resolvedIpAddressList) > 0 { + + for i := range resolvedIpAddressList { + + payLoad := make(map[string]interface{}) + resolvedIpAddressObj := resolvedIpAddressList[i].(map[string]interface{}) + + if v := resolvedIpAddressObj["ipv4_address"]; v != nil { + if len(v.(string)) > 0 { + payLoad["ipv4-address"] = v + } + + } + if v := resolvedIpAddressObj["ipv4_address_range"]; v != nil { + + list := v.([]interface{}) + if list != nil && len(list) > 0 { + + innerMap := list[0].(map[string]interface{}) + + mapToReturn := make(map[string]interface{}) + + if v := innerMap["from_ipv4_address"]; v != nil { + mapToReturn["from-ipv4-address"] = v + } + if v := innerMap["to_ipv4_address"]; v != nil { + mapToReturn["to-ipv4-address"] = v + } + payLoad["ipv4-address-range"] = mapToReturn + } + } + + resolvedIpAddressesPayload = append(resolvedIpAddressesPayload, payLoad) + + } + + } + + objectPayload["resolved-ip-addresses"] = resolvedIpAddressesPayload + } + dynamicObjectsMapToReturn = append(dynamicObjectsMapToReturn, objectPayload) + } + lsmGateway["dynamic-objects"] = dynamicObjectsMapToReturn + } + } + + if _, ok := d.GetOk("provisioning_settings"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("provisioning_settings.provisioning_profile"); ok { + res["provisioning-profile"] = v.(string) + } + lsmGateway["provisioning-settings"] = res + } + + if v, ok := d.GetOk("provisioning_state"); ok { + lsmGateway["provisioning-state"] = v.(string) + } + + if v, ok := d.GetOk("security_profile"); ok { + lsmGateway["security-profile"] = v.(string) + } + + if _, ok := d.GetOk("sic"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("sic.one_time_password"); ok { + res["one-time-password"] = v.(string) + } + if v, ok := d.GetOk("ip_address"); ok { + res["ip-address"] = v.(string) + } + lsmGateway["sic"] = res + } + + if v, ok := d.GetOk("tags"); ok { + lsmGateway["tags"] = v.(*schema.Set).List() + } + + if _, ok := d.GetOk("topology"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("topology.0.vpn_domain"); ok { + res["vpn-domain"] = v.(string) + } + if v, ok := d.GetOk("topology.0.manual_vpn_domain"); ok { + + manualVpnDomainsList := v.([]interface{}) + + var manualVpnDomainsPayload []map[string]interface{} + + if len(manualVpnDomainsList) > 0 { + + for i := range manualVpnDomainsList { + + localMap := manualVpnDomainsList[i].(map[string]interface{}) + payload := make(map[string]interface{}) + + if v := localMap["commens"]; v != nil { + payload["comments"] = v.(string) + } + if v := localMap["from_ipv4_address"]; v != nil { + payload["from-ipv4-address"] = v.(string) + } + if v := localMap["to_ipv4_address"]; v != nil { + payload["to-ipv4-address"] = v.(string) + } + manualVpnDomainsPayload = append(manualVpnDomainsPayload, payload) + } + + } + + res["manual-vpn-domain"] = manualVpnDomainsPayload + } + + lsmGateway["topology"] = res + + } + if v, ok := d.GetOk("version"); ok { + lsmGateway["version"] = v.(string) + } + + if v, ok := d.GetOk("color"); ok { + lsmGateway["color"] = v.(string) + } + + if v, ok := d.GetOk("comments"); ok { + lsmGateway["comments"] = v.(string) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + lsmGateway["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + lsmGateway["ignore-errors"] = v.(bool) + } + + log.Println("Create LsmGateway - Map = ", lsmGateway) + + addLsmGatewayRes, err := client.ApiCall("add-lsm-gateway", lsmGateway, client.GetSessionID(), true, false) + if err != nil || !addLsmGatewayRes.Success { + if addLsmGatewayRes.ErrorMsg != "" { + return fmt.Errorf(addLsmGatewayRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + d.SetId(addLsmGatewayRes.GetData()["uid"].(string)) + + return readManagementLsmGateway(d, m) +} + +func readManagementLsmGateway(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showLsmGatewayRes, err := client.ApiCall("show-lsm-gateway", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showLsmGatewayRes.Success { + if objectNotFound(showLsmGatewayRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showLsmGatewayRes.ErrorMsg) + } + + lsmGateway := showLsmGatewayRes.GetData() + + log.Println("Read LsmGateway - Show JSON = ", lsmGateway) + + if v := lsmGateway["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := lsmGateway["device-id"]; v != nil { + _ = d.Set("device_id", v) + } + + if lsmGateway["dynamic-objects"] != nil { + + dynamicObjectsList := lsmGateway["dynamic-objects"].([]interface{}) + + if len(dynamicObjectsList) > 0 { + + var dynamicObjectsToReturn []map[string]interface{} + + for i := range dynamicObjectsList { + + mapToAdd := make(map[string]interface{}) + + dynamicObject := dynamicObjectsList[i].(map[string]interface{}) + + if v := dynamicObject["name"]; v != nil { + mapToAdd["name"] = v + } + if v := dynamicObject["uid"]; v != nil { + mapToAdd["uid"] = v + } + + if v := dynamicObject["comments"]; v != nil { + mapToAdd["comments"] = v + } + + if v := dynamicObject["resolved-ip-addresses"]; v != nil { + + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesToReturn []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + innerMapToAdd := make(map[string]interface{}) + + resolvedIpAddress := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddress["ipv4-address"]; v != nil { + innerMapToAdd["ipv4_address"] = v + } + if v := resolvedIpAddress["ipv4-address-range"]; v != nil { + + rangeValues := v.(map[string]interface{}) + + rangeMapToReturn := make(map[string]interface{}) + + if v := rangeValues["from-ipv4-address"]; v != nil { + rangeMapToReturn["from_ipv4_address"] = v + } + + if v := rangeValues["to-ipv4-address"]; v != nil { + rangeMapToReturn["to_ipv4_address"] = v + } + innerMapToAdd["ipv4_address_range"] = []interface{}{rangeMapToReturn} + } else { + innerMapToAdd["ipv4_address_range"] = nil + } + resolvedIpAddressesToReturn = append(resolvedIpAddressesToReturn, innerMapToAdd) + } + + } + + mapToAdd["resolved_ip_addresses"] = resolvedIpAddressesToReturn + + } + + dynamicObjectsToReturn = append(dynamicObjectsToReturn, mapToAdd) + } + + _ = d.Set("dynamic_objects", dynamicObjectsToReturn) + } + + } else { + _ = d.Set("dynamic_objects", nil) + } + if v := lsmGateway["ip-address"]; v != nil { + _ = d.Set("ip_address", v) + } + if v := lsmGateway["os-name"]; v != nil { + _ = d.Set("os_name", v) + } + if lsmGateway["provisioning-settings"] != nil { + + provisioningSettingsMap := lsmGateway["provisioning-settings"].(map[string]interface{}) + + provisioningSettingsMapToReturn := make(map[string]interface{}) + + if v, _ := provisioningSettingsMap["provisioning-profile"]; v != nil { + provisioningSettingsMapToReturn["provisioning_profile"] = v + } + _ = d.Set("provisioning_settings", provisioningSettingsMapToReturn) + } else { + _ = d.Set("provisioning_settings", nil) + } + + if v := lsmGateway["provisioning-state"]; v != nil { + _ = d.Set("provisioning_state", v) + } + + if v := lsmGateway["security-profile"]; v != nil { + _ = d.Set("security_profile", v) + } + if v, ok := d.GetOk("sic"); ok { + sicObj := v.(map[string]interface{}) + sicMap := make(map[string]interface{}) + if v := sicObj["one_time_password"]; v != nil { + sicMap["one_time_password"] = v + } + if v := sicObj["ip_address"]; v != nil { + sicMap["ip_address"] = v + } + _ = d.Set("sic", sicMap) + } + if v := lsmGateway["sic-name"]; v != nil { + _ = d.Set("sic_name", v) + } + if v := lsmGateway["sic-state"]; v != nil { + _ = d.Set("sic_state", v) + } + + if lsmGateway["tags"] != nil { + tagsJson, ok := lsmGateway["tags"].([]interface{}) + if ok { + tagsIds := make([]string, 0) + if len(tagsJson) > 0 { + for _, tags := range tagsJson { + tags := tags.(map[string]interface{}) + tagsIds = append(tagsIds, tags["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } + } else { + _ = d.Set("tags", nil) + } + + if lsmGateway["topology"] != nil { + + topologyMap, ok := lsmGateway["topology"].(map[string]interface{}) + + if ok { + topologyMapToReturn := make(map[string]interface{}) + + if v, ok := topologyMap["manual-vpn-domain"]; ok { + + manualVpnDomainList := v.([]interface{}) + + if len(manualVpnDomainList) > 0 { + + var manualVpnDomainMapToReturn []map[string]interface{} + + for i := range manualVpnDomainList { + + manualVpnDomain := manualVpnDomainList[i].(map[string]interface{}) + + mapToReturn := make(map[string]interface{}) + + if v := manualVpnDomain["comments"]; v != nil { + mapToReturn["comments"] = v + } + if v := manualVpnDomain["from-ipv4-address"]; v != nil { + mapToReturn["from_ipv4_address"] = v + } + if v := manualVpnDomain["to-ipv4-address"]; v != nil { + mapToReturn["to_ipv4_address"] = v + } + + manualVpnDomainMapToReturn = append(manualVpnDomainMapToReturn, mapToReturn) + } + topologyMapToReturn["manual_vpn_domain"] = manualVpnDomainMapToReturn + } + + } + if v := topologyMap["vpn-domain"]; v != nil { + topologyMapToReturn["vpn_domain"] = v + } + + _ = d.Set("topology", []interface{}{topologyMapToReturn}) + } + } else { + _ = d.Set("topology", nil) + } + if v := lsmGateway["version"]; v != nil { + _ = d.Set("version", v) + } + if v := lsmGateway["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := lsmGateway["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if v := lsmGateway["ignore-warnings"]; v != nil { + _ = d.Set("ignore_warnings", v) + } + + if v := lsmGateway["ignore-errors"]; v != nil { + _ = d.Set("ignore_errors", v) + } + + return nil + +} + +func updateManagementLsmGateway(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + lsmGateway := make(map[string]interface{}) + + if ok := d.HasChange("name"); ok { + oldName, newName := d.GetChange("name") + lsmGateway["name"] = oldName + lsmGateway["new-name"] = newName + } else { + lsmGateway["name"] = d.Get("name") + } + + if ok := d.HasChange("device_id"); ok { + lsmGateway["device-id"] = d.Get("device_id") + } + + if d.HasChange("dynamic_objects") { + + if v, ok := d.GetOk("dynamic_objects"); ok { + + dynamicObjectsList := v.([]interface{}) + + var dynamicObjectsToReturn []map[string]interface{} + + if len(dynamicObjectsList) > 0 { + + for j := range dynamicObjectsList { + + objectToReturn := make(map[string]interface{}) + + dynamicObject := dynamicObjectsList[j].(map[string]interface{}) + + if v := dynamicObject["name"]; v != nil { + if len(v.(string)) > 0 { + objectToReturn["name"] = v.(string) + } + + } else { + if v := dynamicObject["uid"]; v != nil { + if len(v.(string)) > 0 { + objectToReturn["uid"] = v.(string) + } + } + } + + if v := dynamicObject["resolved_ip_addresses"]; v != nil { + + resolvedIpAddressesList := v.([]interface{}) + + var resolvedIpAddressesToReturn []map[string]interface{} + + if len(resolvedIpAddressesList) > 0 { + + for j := range resolvedIpAddressesList { + + innerMapToAdd := make(map[string]interface{}) + + resolvedIpAddress := resolvedIpAddressesList[j].(map[string]interface{}) + + if v := resolvedIpAddress["ipv4_address"]; v != nil { + if len(v.(string)) > 0 { + innerMapToAdd["ipv4-address"] = v.(string) + } + + } + if v := resolvedIpAddress["ipv4_address_range"]; v != nil { + + list := v.([]interface{}) + if len(list) > 0 { + rangeValues := list[0].(map[string]interface{}) + rangeMapToReturn := make(map[string]interface{}) + + if v := rangeValues["from_ipv4_address"]; v != nil { + rangeMapToReturn["from-ipv4-address"] = v + } + + if v := rangeValues["to_ipv4_address"]; v != nil { + rangeMapToReturn["to-ipv4-address"] = v + } + innerMapToAdd["ipv4-address-range"] = rangeMapToReturn + } + } + + resolvedIpAddressesToReturn = append(resolvedIpAddressesToReturn, innerMapToAdd) + } + + } + objectToReturn["resolved-ip-addresses"] = resolvedIpAddressesToReturn + + dynamicObjectsToReturn = append(dynamicObjectsToReturn, objectToReturn) + } + + } + + lsmGateway["dynamic-objects"] = dynamicObjectsToReturn + } + + } + + } + + if d.HasChange("provisioning_settings") { + + if _, ok := d.GetOk("provisioning_settings"); ok { + + res := make(map[string]interface{}) + + if d.HasChange("provisioning_settings.provisioning_profile") { + res["provisioning-profile"] = d.Get("provisioning_settings.provisioning_profile") + } + lsmGateway["provisioning-settings"] = res + } + } + + if ok := d.HasChange("provisioning_state"); ok { + lsmGateway["provisioning-state"] = d.Get("provisioning_state") + } + + if d.HasChange("sic") { + + if _, ok := d.GetOk("sic"); ok { + + res := make(map[string]interface{}) + + if v, ok := d.GetOk("sic.one_time_password"); ok { + res["one-time-password"] = v.(string) + } + lsmGateway["sic"] = res + } + } + + if d.HasChange("tags") { + if v, ok := d.GetOk("tags"); ok { + lsmGateway["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + lsmGateway["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if d.HasChange("topology") { + + if _, ok := d.GetOk("topology"); ok { + + topologyPayload := make(map[string]interface{}) + + if v := d.Get("topology.0.vpn_domain"); v != nil { + + topologyPayload["vpn-domain"] = v.(string) + } + if v := d.Get("topology.0.manual_vpn_domain"); v != nil { + + var manualVpnDomainsToReturn []map[string]interface{} + + manualVpnDomainsList := v.([]interface{}) + + if len(manualVpnDomainsList) > 0 { + + for i := range manualVpnDomainsList { + + manualVpnDomainPayload := make(map[string]interface{}) + + manualVpnDomain := manualVpnDomainsList[i].(map[string]interface{}) + + if v := manualVpnDomain["comments"]; v != nil { + manualVpnDomainPayload["comments"] = v + } + if v := manualVpnDomain["from_ipv4_address"]; v != nil { + manualVpnDomainPayload["from-ipv4-address"] = v + } + if v := manualVpnDomain["to_ipv4_address"]; v != nil { + manualVpnDomainPayload["to-ipv4-address"] = v + } + manualVpnDomainsToReturn = append(manualVpnDomainsToReturn, manualVpnDomainPayload) + } + } + + topologyPayload["manual-vpn-domain"] = manualVpnDomainsToReturn + } + + lsmGateway["topology"] = topologyPayload + + } + } + + if ok := d.HasChange("color"); ok { + lsmGateway["color"] = d.Get("color") + } + + if ok := d.HasChange("comments"); ok { + lsmGateway["comments"] = d.Get("comments") + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + lsmGateway["ignore-warnings"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + lsmGateway["ignore-errors"] = v.(bool) + } + + log.Println("Update LsmGateway - Map = ", lsmGateway) + + updateLsmGatewayRes, err := client.ApiCall("set-lsm-gateway", lsmGateway, client.GetSessionID(), true, false) + if err != nil || !updateLsmGatewayRes.Success { + if updateLsmGatewayRes.ErrorMsg != "" { + return fmt.Errorf(updateLsmGatewayRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + + return readManagementLsmGateway(d, m) +} + +func deleteManagementLsmGateway(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + lsmGatewayPayload := map[string]interface{}{ + "uid": d.Id(), + } + + log.Println("Delete LsmGateway") + + deleteLsmGatewayRes, err := client.ApiCall("delete-lsm-gateway", lsmGatewayPayload, client.GetSessionID(), true, false) + if err != nil || !deleteLsmGatewayRes.Success { + if deleteLsmGatewayRes.ErrorMsg != "" { + return fmt.Errorf(deleteLsmGatewayRes.ErrorMsg) + } + return fmt.Errorf(err.Error()) + } + d.SetId("") + + return nil +} diff --git a/website/checkpoint.erb b/website/checkpoint.erb index 45935da6..f11236f8 100644 --- a/website/checkpoint.erb +++ b/website/checkpoint.erb @@ -511,6 +511,12 @@ > checkpoint_management_server_certificate + > + checkpoint_management_lsm_gateway + + > + checkpoint_management_lsm_cluster + @@ -892,6 +898,15 @@ > checkpoint_management_server_certificate + > + checkpoint_management_lsm_gateway + + > + checkpoint_management_lsm_cluster + + > + checkpoint_management_updatable_object + diff --git a/website/docs/d/checkpoint_management_lsm_cluster.html.markdown b/website/docs/d/checkpoint_management_lsm_cluster.html.markdown new file mode 100644 index 00000000..a0956f13 --- /dev/null +++ b/website/docs/d/checkpoint_management_lsm_cluster.html.markdown @@ -0,0 +1,95 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_lsm_cluster" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-lsm-cluster" +description: |- +Use this data source to get information on an existing Check Point Lsm Cluster. +--- + +# Data Source: checkpoint_management_lsm_cluster + +Use this data source to get information on an existing Check Point Lsm Cluster. + +## Example Usage + + +```hcl +data "checkpoint_management_lsm_cluster" "data_cluster"{ + uid = "${checkpoint_management_lsm_cluster.cluster1.id}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. +* `uid` - (Optional) Object uid. +* `main_ip_address` - Main IP address. +* `security_profile` - LSM profile. +* `os_name` - Device platform operating system. +* `dynamic_objects` - Dynamic Objects.dynamic_objects blocks are documented below. +* `interfaces` - Interfaces.interfaces blocks are documented below. +* `members` - Cluster members.members blocks are documented below. +* `tags` - Collection of tag identifiers.tags blocks are documented below. +* `topology` - Topology.topology blocks are documented below. +* `color` - Color of the object. Should be one of existing colors. +* `comments` - Comments string. + + + + +`dynamic_objects` supports the following: + +* `name` - Object name. Must be unique in the domain. +* `resolved_ip_addresses` - Single IP-address or a range of addresses.resolved_ip_addresses blocks are documented below. + + +`interfaces` supports the following: + +* `name` - Interface name. +* `ip-address-override` Cluster IP address override. +* `member_network_override` - Member network override. Net mask is defined by the attached LSM profile. + + +`members` supports the following: + +* `name` - Member Name. Consists of the member name in the LSM profile and the name or prefix or suffix of the cluster. +* `device_id` - Device ID. +* `provisioning_settings` - Provisioning settings. This field is relevant just for SMB clusters.provisioning_settings blocks are documented below. +* `provisioning_state` - Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. +* `sic_name` - Secure Internal Communication name. +* `sic_state`- Secure Internal Communication state. + + + +`topology` supports the following: + +* `manual_vpn_domain` - A list of IP-addresses ranges, defined the VPN community network. +This field is relevant only when 'manual' option of vpn-domain is checked.manual_vpn_domain blocks are documented below. +* `vpn_domain` - VPN Domain type. + 'external-interfaces-only' is relevnt only for Gaia devices. +'hide-behind-gateway-external-ip-address' is relevant only for SMB devices. + + +`resolved_ip_addresses` supports the following: + +* `ipv4_address` - IPv4 Address. +* `ipv4_address_range` - IPv4 Address range.ipv4_address_range blocks are documented below. + + +`provisioning_settings` supports the following: + +* `provisioning_profile` - Provisioning profile. + +`manual_vpn_domain` supports the following: + +* `comments` - Comments string. +* `from_ipv4_address` - First IPv4 address of the IP address range. +* `to_ipv4_address` - Last IPv4 address of the IP address range. + + +`ipv4_address_range` supports the following: + +* `from_ipv4_address` - First IPv4 address of the IP address range. +* `to_ipv4_address` - Last IPv4 address of the IP address range. diff --git a/website/docs/d/checkpoint_management_lsm_gateway.html.markdown b/website/docs/d/checkpoint_management_lsm_gateway.html.markdown new file mode 100644 index 00000000..4eda3cb5 --- /dev/null +++ b/website/docs/d/checkpoint_management_lsm_gateway.html.markdown @@ -0,0 +1,82 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_lsm_gateway" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-lsm-gateway" +description: |- +Use this data source to get information on an existing Check Point Lsm Gateway. +--- + +# Data Source: checkpoint_management_lsm_gateway + +Use this data source to get information on an existing Check Point Lsm Gateway. + +## Example Usage + + +```hcl +data "checkpoint_management_lsm_gateway" "data_lsm" { + name = "${checkpoint_management_lsm_gateway.lsm_gw.name}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) Object name. +* `uid` - (Optional) Object uid. +* `security_profile` - LSM profile. +* `device_id` - Device ID. +* `dynamic_objects` - Dynamic Objects.dynamic_objects blocks are documented below. +* `provisioning_settings` - Provisioning settings.provisioning_settings blocks are documented below. +* `provisioning_state` - Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile. +If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. +* `sic_name` - Secure Internal Communication name. +* `sic_state`- Secure Internal Communication state. +* `tags` - Collection of tag identifiers.tags blocks are documented below. +* `topology` - Topology. topology blocks are documented below. +* `version` - Device platform version. +* `color` - Color of the object. Should be one of existing colors. +* `comments` - Comments string. +* `ignore_warnings` - Apply changes ignoring warnings. +* `ignore_errors` - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + +`dynamic_objects` supports the following: + +* `name` - Object name. Must be unique in the domain. +* `uid`- Dynamic Object UID. +* `comments` - Comments. +* `resolved_ip_addresses` - Single IP-address or a range of addresses.resolved_ip_addresses blocks are documented below. + + +`provisioning_settings` supports the following: + +* `provisioning_profile` - Provisioning profile. + +`topology` supports the following: + +* `manual_vpn_domain` - A list of IP-addresses ranges, defined the VPN community network. +This field is relevant only when 'manual' option of vpn-domain is checked.manual_vpn_domain blocks are documented below. +* `vpn_domain` - VPN Domain type. + 'external-interfaces-only' is relevnt only for Gaia devices. +'hide-behind-gateway-external-ip-address' is relevant only for SMB devices. + + +`resolved_ip_addresses` supports the following: + +* `ipv4_address` - IPv4 Address. +* `ipv4_address_range` - IPv4 Address range.ipv4_address_range blocks are documented below. + + +`manual_vpn_domain` supports the following: + +* `comments` - Comments string. +* `from_ipv4_address` - First IPv4 address of the IP address range. +* `to_ipv4_address` - Last IPv4 address of the IP address range. + + +`ipv4_address_range` supports the following: + +* `from_ipv4_address` - (Optional) First IPv4 address of the IP address range. +* `to_ipv4_address` - (Optional) Last IPv4 address of the IP address range. diff --git a/website/docs/d/checkpoint_management_updatable_object.html.markdown b/website/docs/d/checkpoint_management_updatable_object.html.markdown new file mode 100644 index 00000000..0dc3695d --- /dev/null +++ b/website/docs/d/checkpoint_management_updatable_object.html.markdown @@ -0,0 +1,50 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_updatable_object" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-updatable-object" +description: |- +Use this data source to get information on an existing Check Point Updatable Object +--- + +# Data Source: checkpoint_management_updatable_object + +Use this data source to get information on an existing Check Point Updatable Object + +## Example Usage + + +```hcl +data "checkpoint_management_updatable_object" "updatable_object"{ + name = "Amazon US East 1 Services" +} +``` + +## Argument Reference + +* `name` - (Optional) Object Name. +* `uid` - (Optional) Object UID. +* `type` - Object Type. +* `name_in_updatable_objects_repository` - Object name in the Updatable Objects Repository. +* `uid_in_updatable_objects_repository` - Unique identifier of the object in the Updatable Objects Repository. +* `additional_properties` - Additional properties on the object. additional_properties blocks are documented below. +* `updatable_object_meta_info` - Meta Info about the Updatable Object. +* `tags` - Collection of tag identifiers. +* `color` - Color of the object. Should be one of existing colors. +* `comments` - Comments string. + +`additional_properties` supports the following: + +* `description` - Description of retrieved Updatable Object. +* `info_text` - Information about the Updatable Object IP ranges source. +* `info_url` - URL of the Updatable Object IP ranges source. +* `uri` - URI of the Updatable Object under the Updatable Objects Repository. + +`updatable_object_meta_info` supports the following: + +* `updated_on_updatable_objects_repository` - Last update time from the Updatable Objects Repository. + +`updated_on_updatable_objects_repository` supports the following: + +* `iso_8601` - Last update time in iso format. +* `posix` - Last update time in posix format. + diff --git a/website/docs/r/checkpoint_management_lsm_cluster.html.markdown b/website/docs/r/checkpoint_management_lsm_cluster.html.markdown new file mode 100644 index 00000000..08ed68ac --- /dev/null +++ b/website/docs/r/checkpoint_management_lsm_cluster.html.markdown @@ -0,0 +1,114 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_lsm_cluster" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-lsm-cluster" +description: |- +This resource allows you to execute Check Point Lsm Cluster. +--- + +# Resource: checkpoint_management_lsm_cluster + +This resource allows you to execute Check Point Lsm Cluster. + +## Example Usage + +```hcl +resource "checkpoint_management_lsm_cluster" "cluster" { + name = "Gaia_" + main_ip_address = "192.168.8.0" + security_profile = "my_security_profile" + interfaces { + name= "et0" + ip_address_override = "170.150.0.1" + member_network_override = "192.168.8.0" + + } + members { + name = "Gaia_mem1" + provisioning_state = "off" + provisioning_settings { + provisioning_profile = "No Provisioning Profile" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `main_ip_address` - (Required) Main IP address. +* `security_profile` - (Required) LSM profile. +* `dynamic_objects` - (Optional) Dynamic Objects.dynamic_objects blocks are documented below. +* `interfaces` - (Optional) Interfaces.interfaces blocks are documented below. +* `members` - (Optional) Cluster members.members blocks are documented below. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `topology` - (Optional) Topology.topology blocks are documented below. +* `color` - (Optional) Color of the object. Should be one of existing colors. +* `comments` - (Optional) Comments string. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + + +`dynamic_objects` supports the following: + +* `name` - (Optional) Object name. Must be unique in the domain. +* `resolved_ip_addresses` - (Optional) Single IP-address or a range of addresses.resolved_ip_addresses blocks are documented below. + + +`interfaces` supports the following: + +* `name` - (Optional) Interface name. +* `member_network_override` - (Optional) Member network override. Net mask is defined by the attached LSM profile. + + +`members` supports the following: + +* `name` - (Optional) Member Name. Consists of the member name in the LSM profile and the name or prefix or suffix of the cluster. +* `device_id` - (Optional) Device ID. +* `provisioning_settings` - (Optional) Provisioning settings. This field is relevant just for SMB clusters.provisioning_settings blocks are documented below. +* `provisioning_state` - (Optional) Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. +* `sic` - (Optional) Secure Internal Communication.sic blocks are documented below. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + +`topology` supports the following: + +* `manual_vpn_domain` - (Optional) A list of IP-addresses ranges, defined the VPN community network. +This field is relevant only when 'manual' option of vpn-domain is checked.manual_vpn_domain blocks are documented below. +* `vpn_domain` - (Optional) VPN Domain type. + 'external-interfaces-only' is relevnt only for Gaia devices. +'hide-behind-gateway-external-ip-address' is relevant only for SMB devices. + + +`resolved_ip_addresses` supports the following: + +* `ipv4_address` - (Optional) IPv4 Address. +* `ipv4_address_range` - (Optional) IPv4 Address range.ipv4_address_range blocks are documented below. + + +`provisioning_settings` supports the following: + +* `provisioning_profile` - (Optional) Provisioning profile. + + +`sic` supports the following: + +* `one_time_password` - (Optional) One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the gateway connects to the Security Management server for the first time. +* `ip_address` - (Optional) IP address. When IP address is provided- initiate trusted communication immediately using this IP address. + + +`manual_vpn_domain` supports the following: + +* `comments` - (Optional) Comments string. +* `from_ipv4_address` - (Optional) First IPv4 address of the IP address range. +* `to_ipv4_address` - (Optional) Last IPv4 address of the IP address range. + + +`ipv4_address_range` supports the following: + +* `from_ipv4_address` - (Optional) First IPv4 address of the IP address range. +* `to_ipv4_address` - (Optional) Last IPv4 address of the IP address range. diff --git a/website/docs/r/checkpoint_management_lsm_gateway.html.markdown b/website/docs/r/checkpoint_management_lsm_gateway.html.markdown new file mode 100644 index 00000000..f656c604 --- /dev/null +++ b/website/docs/r/checkpoint_management_lsm_gateway.html.markdown @@ -0,0 +1,97 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_lsm_gateway" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-lsm-gateway" +description: |- +This resource allows you to execute Check Point Lsm Gateway. +--- + +# Resource: checkpoint_management_lsm_gateway + +This resource allows you to execute Check Point Lsm Gateway. + +## Example Usage + + +```hcl +resource "checkpoint_management_lsm_gateway" "lsm_gw" { + name = "lsm_gateway" + security_profile = "lsm_profile" + provisioning_state = "using-profile" + provisioning_settings = { + "provisioning_profile" = "my_proviosioning_profile" + } + topology { + vpn_domain = "manual" + manual_vpn_domain { + comments = "domain1" + from_ipv4_address = "192.168.10.0" + to_ipv4_address = "192.168.10.255" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. +* `security_profile` - (Required) LSM profile. +* `device_id` - (Optional) Device ID. +* `dynamic_objects` - (Optional) Dynamic Objects.dynamic_objects blocks are documented below. +* `provisioning_settings` - (Optional) Provisioning settings.provisioning_settings blocks are documented below. +* `provisioning_state` - (Optional) Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile. +If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings. +* `sic` - (Optional) Secure Internal Communication.sic blocks are documented below. +* `tags` - (Optional) Collection of tag identifiers.tags blocks are documented below. +* `topology` - (Optional) Topology.topology blocks are documented below. +* `version` - (Optional) Device platform version. +* `color` - (Optional) Color of the object. Should be one of existing colors. +* `comments` - (Optional) Comments string. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + + +`dynamic_objects` supports the following: + +* `name` - (Optional) Object name. Must be unique in the domain. +* `resolved_ip_addresses` - (Optional) Single IP-address or a range of addresses.resolved_ip_addresses blocks are documented below. + + +`provisioning_settings` supports the following: + +* `provisioning_profile` - (Optional) Provisioning profile. + + +`sic` supports the following: + +* `one_time_password` - (Optional) One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the gateway connects to the Security Management server for the first time. +* `ip_address` - (Optional) IP address. When IP address is provided- initiate trusted communication immediately using this IP address. + +`topology` supports the following: + +* `manual_vpn_domain` - (Optional) A list of IP-addresses ranges, defined the VPN community network. +This field is relevant only when 'manual' option of vpn-domain is checked.manual_vpn_domain blocks are documented below. +* `vpn_domain` - (Optional) VPN Domain type. + 'external-interfaces-only' is relevnt only for Gaia devices. +'hide-behind-gateway-external-ip-address' is relevant only for SMB devices. + + +`resolved_ip_addresses` supports the following: + +* `ipv4_address` - (Optional) IPv4 Address. +* `ipv4_address_range` - (Optional) IPv4 Address range.ipv4_address_range blocks are documented below. + + +`manual_vpn_domain` supports the following: + +* `comments` - (Optional) Comments string. +* `from_ipv4_address` - (Optional) First IPv4 address of the IP address range. +* `to_ipv4_address` - (Optional) Last IPv4 address of the IP address range. + + +`ipv4_address_range` supports the following: + +* `from_ipv4_address` - (Optional) First IPv4 address of the IP address range. +* `to_ipv4_address` - (Optional) Last IPv4 address of the IP address range. diff --git a/website/docs/r/checkpoint_management_publish.html.markdown b/website/docs/r/checkpoint_management_publish.html.markdown index c1f9c95b..df33c6ec 100644 --- a/website/docs/r/checkpoint_management_publish.html.markdown +++ b/website/docs/r/checkpoint_management_publish.html.markdown @@ -22,7 +22,8 @@ The following arguments are supported: * `uid` - (Optional) Session unique identifier. Specify it to publish a different session than the one you currently use. * `triggers` - (Optional) Triggers a publish if there are any changes to objects in this list. -* `task_id` - (Computed) Asynchronous task unique identifier. +* `run_publish_on_destroy`- (Optional) Destroy publish resource will run publish when flag set to true. +* `task_id` - (Computed) Asynchronous task unique identifier. ## How To Use