From b8f74ca946aff0e65fb78339a7d8f7728ba5b8d2 Mon Sep 17 00:00:00 2001 From: royl Date: Mon, 22 Mar 2021 11:53:58 +0200 Subject: [PATCH] v1.4.0 --- CHANGELOG.md | 19 +- ...ce_checkpoint_management_simple_cluster.go | 2 +- ...ce_checkpoint_management_threat_profile.go | 775 +++++++++ ...eckpoint_management_threat_profile_test.go | 50 + checkpoint/provider.go | 3 +- ...ource_checkpoint_management_access_rule.go | 3 + ..._checkpoint_management_access_rule_test.go | 3 + ...ce_checkpoint_management_simple_cluster.go | 28 +- ...ce_checkpoint_management_simple_gateway.go | 101 +- ...ce_checkpoint_management_threat_profile.go | 1387 +++++++++++++++++ ...eckpoint_management_threat_profile_test.go | 116 ++ checkpoint/utils.go | 25 + website/checkpoint.erb | 6 + ...nt_management_threat_profile.html.markdown | 125 ++ ...point_management_access_rule.html.markdown | 8 + ...nt_management_threat_profile.html.markdown | 121 ++ 16 files changed, 2691 insertions(+), 81 deletions(-) create mode 100644 checkpoint/data_source_checkpoint_management_threat_profile.go create mode 100644 checkpoint/data_source_checkpoint_management_threat_profile_test.go create mode 100644 checkpoint/resource_checkpoint_management_threat_profile.go create mode 100644 checkpoint/resource_checkpoint_management_threat_profile_test.go create mode 100644 website/docs/d/checkpoint_management_threat_profile.html.markdown create mode 100644 website/docs/r/checkpoint_management_threat_profile.html.markdown diff --git a/CHANGELOG.md b/CHANGELOG.md index 309516b3..66a3b246 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,21 @@ -## 1.4.0 (Unreleased) +## 1.5.0 (Unreleased) + +## 1.4.0 (March 22, 2021) + +FEATURES + +* **New Resource:** `checkpoint_management_threat_profile` +* **New Data Source:** `checkpoint_management_threat_profile` + +ENHANCEMENTS + +* `checkpoint_management_simple_gateway`: Add support for default logs settings. + +BUG FIXES + +* `checkpoint_management_access_rule`: Add inline layer to payload if action field has changed. +* `checkpoint_management_simple_cluster`: Change members field to type list. + ## 1.3.0 (January 12, 2021) FEATURES diff --git a/checkpoint/data_source_checkpoint_management_simple_cluster.go b/checkpoint/data_source_checkpoint_management_simple_cluster.go index e64a02bd..92bfa45d 100644 --- a/checkpoint/data_source_checkpoint_management_simple_cluster.go +++ b/checkpoint/data_source_checkpoint_management_simple_cluster.go @@ -183,7 +183,7 @@ func dataSourceManagementSimpleCluster() *schema.Resource { }, }, "members": { - Type: schema.TypeMap, + Type: schema.TypeList, Computed: true, Description: "Cluster members.", Elem: &schema.Resource{ diff --git a/checkpoint/data_source_checkpoint_management_threat_profile.go b/checkpoint/data_source_checkpoint_management_threat_profile.go new file mode 100644 index 00000000..a6c2d5c0 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_threat_profile.go @@ -0,0 +1,775 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "reflect" +) + +func dataSourceManagementThreatProfile() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementThreatProfileRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Optional: true, + Description: "Object name. Should be unique in the domain.", + }, + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "Object unique identifier.", + }, + "active_protections_performance_impact": { + Type: schema.TypeString, + Computed: true, + Description: "Protections with this performance impact only will be activated in the profile.", + }, + "active_protections_severity": { + Type: schema.TypeString, + Computed: true, + Description: "Protections with this severity only will be activated in the profile.", + }, + "confidence_level_high": { + Type: schema.TypeString, + Computed: true, + Description: "Action for protections with high confidence level.", + }, + "confidence_level_low": { + Type: schema.TypeString, + Computed: true, + Description: "Action for protections with low confidence level.", + }, + "confidence_level_medium": { + Type: schema.TypeString, + Computed: true, + Description: "Action for protections with medium confidence level.", + }, + "indicator_overrides": { + Type: schema.TypeList, + Computed: true, + Description: "Indicators whose action will be overridden in this profile.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Computed: true, + Description: "The indicator's action in this profile.", + }, + "indicator": { + Type: schema.TypeString, + Computed: true, + Description: "The indicator whose action is to be overriden.", + }, + }, + }, + }, + "ips_settings": { + Type: schema.TypeMap, + Computed: true, + Description: "IPS blade settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "exclude_protection_with_performance_impact": { + Type: schema.TypeBool, + Computed: true, + Description: "Whether to exclude protections depending on their level of performance impact.", + }, + "exclude_protection_with_performance_impact_mode": { + Type: schema.TypeString, + Computed: true, + Description: "Exclude protections with this level of performance impact.", + }, + "exclude_protection_with_severity": { + Type: schema.TypeBool, + Computed: true, + Description: "Whether to exclude protections depending on their level of severity.", + }, + "exclude_protection_with_severity_mode": { + Type: schema.TypeString, + Computed: true, + Description: "Exclude protections with this level of severity.", + }, + "newly_updated_protections": { + Type: schema.TypeString, + Computed: true, + Description: "Activation of newly updated protections.", + }, + }, + }, + }, + "malicious_mail_policy_settings": { + Type: schema.TypeMap, + Computed: true, + Description: "Malicious Mail Policy for MTA Gateways.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "add_customized_text_to_email_body": { + Type: schema.TypeBool, + Computed: true, + Description: "Add customized text to the malicious email body.", + }, + "add_email_subject_prefix": { + Type: schema.TypeBool, + Computed: true, + Description: "Add a prefix to the malicious email subject.", + }, + "add_x_header_to_email": { + Type: schema.TypeBool, + Computed: true, + Description: "Add an X-Header to the malicious email.", + }, + "email_action": { + Type: schema.TypeString, + Computed: true, + Description: "Block - block the entire malicious email. Allow - pass the malicious email and apply email changes (like: remove attachments and links, add x-header, etc...).", + }, + "email_body_customized_text": { + Type: schema.TypeString, + Computed: true, + Description: "Customized text for the malicious email body. Available predefined fields: $verdicts$ - the malicious/error attachments/links verdict.", + }, + "email_subject_prefix_text": { + Type: schema.TypeString, + Computed: true, + Description: "Prefix for the malicious email subject.", + }, + "failed_to_scan_attachments_text": { + Type: schema.TypeString, + Computed: true, + Description: "Replace attachments that failed to be scanned with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file.", + }, + "malicious_attachments_text": { + Type: schema.TypeString, + Computed: true, + Description: "Replace malicious attachments with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file.", + }, + "malicious_links_text": { + Type: schema.TypeString, + Computed: true, + Description: "Replace malicious links with this text. Available predefined fields: $neutralized_url$ - neutralized malicious link.", + }, + "remove_attachments_and_links": { + Type: schema.TypeBool, + Computed: true, + Description: "Remove attachments and links from the malicious email.", + }, + "send_copy": { + Type: schema.TypeBool, + Computed: true, + Description: "Send a copy of the malicious email to the recipient list.", + }, + "send_copy_list": { + Type: schema.TypeSet, + Computed: true, + Description: "Recipient list to send a copy of the malicious email.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "overrides": { + Type: schema.TypeList, + Computed: true, + Description: "Overrides per profile for this protection.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "protection": { + Type: schema.TypeString, + Computed: true, + Description: "IPS protection identified by name", + }, + "action": { + Type: schema.TypeString, + Computed: true, + Description: "Protection action.", + }, + "capture_packets": { + Type: schema.TypeBool, + Computed: true, + Description: "Capture packets.", + }, + "track": { + Type: schema.TypeString, + Computed: true, + Description: "Tracking method for protection.", + }, + "default": { + Type: schema.TypeMap, + Computed: true, + Description: "Default settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Computed: true, + Description: "Protection action.", + }, + "capture_packets": { + Type: schema.TypeBool, + Computed: true, + Description: "Capture packets.", + }, + "track": { + Type: schema.TypeString, + Computed: true, + Description: "Tracking method for protection.", + }, + }, + }, + }, + "final": { + Type: schema.TypeMap, + Computed: true, + Description: "Final settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Computed: true, + Description: "Protection action.", + }, + "capture_packets": { + Type: schema.TypeBool, + Computed: true, + Description: "Capture packets.", + }, + "track": { + Type: schema.TypeString, + Computed: true, + Description: "Tracking method for protection.", + }, + }, + }, + }, + "protection_external_info": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "protection_uid": { + Type: schema.TypeString, + Computed: true, + Description: "IPS protection unique identifier.", + }, + }, + }, + }, + "scan_malicious_links": { + Type: schema.TypeMap, + Computed: true, + Description: "Scans malicious links (URLs) inside email messages.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_bytes": { + Type: schema.TypeInt, + Computed: true, + Description: "Scan links in the first bytes of the mail body.", + }, + "max_links": { + Type: schema.TypeInt, + Computed: true, + Description: "Maximum links to scan in mail body.", + }, + }, + }, + }, + "use_indicators": { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates whether the profile should make use of indicators.", + }, + "anti_bot": { + Type: schema.TypeBool, + Computed: true, + Description: "Is Anti-Bot blade activated.", + }, + "anti_virus": { + Type: schema.TypeBool, + Computed: true, + Description: "Is Anti-Virus blade activated.", + }, + "ips": { + Type: schema.TypeBool, + Computed: true, + Description: "Is IPS blade activated.", + }, + "threat_emulation": { + Type: schema.TypeBool, + Computed: true, + Description: "Is Threat Emulation blade activated.", + }, + "activate_protections_by_extended_attributes": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Activate protections by these extended attributes.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "IPS tag unique identifier.", + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: "IPS tag name.", + }, + "category": { + Type: schema.TypeString, + Computed: true, + Description: "IPS tag category name.", + }, + "values": { + Type: schema.TypeList, + Computed: true, + Description: "IPS protection extended attribute values", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + }, + }, + }, + }, + }, + }, + "deactivate_protections_by_extended_attributes": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Deactivate protections by these extended attributes.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "IPS tag unique identifier.", + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: "IPS tag name.", + }, + "category": { + Type: schema.TypeString, + Computed: true, + Description: "IPS tag category name.", + }, + "values": { + Type: schema.TypeList, + Computed: true, + Description: "IPS protection extended attribute values", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + }, + }, + }, + }, + }, + }, + "use_extended_attributes": { + Type: schema.TypeBool, + Computed: true, + Description: "Whether to activate/deactivate IPS protections according to the extended attributes.", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the object. Should be one of existing colors.", + }, + "comments": { + Type: schema.TypeString, + Computed: true, + Description: "Comments string.", + }, + "tags": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementThreatProfileRead(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + name := d.Get("name").(string) + uid := d.Get("uid").(string) + + payload := make(map[string]interface{}) + + if name != "" { + payload["name"] = name + } else if uid != "" { + payload["uid"] = uid + } + + showThreatProfileRes, err := client.ApiCall("show-threat-profile", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showThreatProfileRes.Success { + return fmt.Errorf(showThreatProfileRes.ErrorMsg) + } + + threatProfile := showThreatProfileRes.GetData() + + log.Println("Read Threat Profile - Show JSON = ", threatProfile) + + if v := threatProfile["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := threatProfile["uid"]; v != nil { + _ = d.Set("uid", v) + d.SetId(v.(string)) + } + + if v := threatProfile["active-protections-performance-impact"]; v != nil { + _ = d.Set("active_protections_performance_impact", v) + } + if v := threatProfile["active-protections-severity"]; v != nil { + _ = d.Set("active_protections_severity", v) + } + if v := threatProfile["confidence-level-high"]; v != nil { + _ = d.Set("confidence_level_high", v) + } + if v := threatProfile["confidence-level-low"]; v != nil { + _ = d.Set("confidence_level_low", v) + } + if v := threatProfile["confidence-level-medium"]; v != nil { + _ = d.Set("confidence_level_medium", v) + } + + if threatProfile["indicator-overrides"] != nil { + indicatorOverridesList := threatProfile["indicator-overrides"].([]interface{}) + if len(indicatorOverridesList) > 0 { + var indicatorOverridesListState []map[string]interface{} + for i := range indicatorOverridesList { + indicatorOverridesJson := indicatorOverridesList[i].(map[string]interface{}) + indicatorOverride := make(map[string]interface{}) + if v, _ := indicatorOverridesJson["action"]; v != nil { + indicatorOverride["action"] = v + } + if v, _ := indicatorOverridesJson["indicator"]; v != nil { + indicatorOverride["indicator"] = v + } + indicatorOverridesListState = append(indicatorOverridesListState, indicatorOverride) + } + _ = d.Set("indicator_overrides", indicatorOverridesListState) + } else { + _ = d.Set("indicator_overrides", indicatorOverridesList) + } + } else { + _ = d.Set("indicator_overrides", nil) + } + + if v := threatProfile["ips-settings"]; v != nil { + ipsSettingsJson := threatProfile["ips-settings"].(map[string]interface{}) + ipsSettingsState := make(map[string]interface{}) + if v := ipsSettingsJson["exclude-protection-with-performance-impact"]; v != nil { + ipsSettingsState["exclude_protection_with_performance_impact"] = v + } + if v := ipsSettingsJson["exclude-protection-with-performance-impact-mode"]; v != nil { + ipsSettingsState["exclude_protection_with_performance_impact_mode"] = v + } + if v := ipsSettingsJson["exclude-protection-with-severity"]; v != nil { + ipsSettingsState["exclude_protection_with_severity"] = v + } + if v := ipsSettingsJson["exclude-protection-with-severity-mode"]; v != nil { + ipsSettingsState["exclude_protection_with_severity_mode"] = v + } + if v := ipsSettingsJson["newly-updated-protections"]; v != nil { + ipsSettingsState["newly_updated_protections"] = v + } + _, ipsSettingsInConf := d.GetOk("ips_settings") + defaultIpsSettings := map[string]interface{}{ + "newly_updated_protections": "active", + "exclude_protection_with_performance_impact": false, + "exclude_protection_with_severity": false, + } + if reflect.DeepEqual(defaultIpsSettings, ipsSettingsState) && !ipsSettingsInConf { + _ = d.Set("ips_settings", map[string]interface{}{}) + } else { + _ = d.Set("ips_settings", ipsSettingsState) + } + }else{ + _ = d.Set("ips_settings", nil) + } + + if v := threatProfile["malicious-mail-policy-settings"]; v != nil { + maliciousMailPolicySettingsJson := threatProfile["malicious-mail-policy-settings"].(map[string]interface{}) + maliciousMailPolicySettingsState := make(map[string]interface{}) + if v := maliciousMailPolicySettingsJson["add-customized-text-to-email-body"]; v != nil { + maliciousMailPolicySettingsState["add_customized_text_to_email_body"] = v + } + if v := maliciousMailPolicySettingsJson["add-email-subject-prefix"]; v != nil { + maliciousMailPolicySettingsState["add_email_subject_prefix"] = v + } + if v := maliciousMailPolicySettingsJson["add-x-header-to-email"]; v != nil { + maliciousMailPolicySettingsState["add_x_header_to_email"] = v + } + if v := maliciousMailPolicySettingsJson["email-action"]; v != nil { + maliciousMailPolicySettingsState["email_action"] = v + } + if v := maliciousMailPolicySettingsJson["email-body-customized-text"]; v != nil { + maliciousMailPolicySettingsState["email_body_customized_text"] = v + } + if v := maliciousMailPolicySettingsJson["email-subject-prefix-text"]; v != nil { + maliciousMailPolicySettingsState["email_subject_prefix_text"] = v + } + if v := maliciousMailPolicySettingsJson["failed-to-scan-attachments-text"]; v != nil { + maliciousMailPolicySettingsState["failed_to_scan_attachments_text"] = v + } + if v := maliciousMailPolicySettingsJson["malicious-attachments-text"]; v != nil { + maliciousMailPolicySettingsState["malicious_attachments_text"] = v + } + if v := maliciousMailPolicySettingsJson["malicious-links-text"]; v != nil { + maliciousMailPolicySettingsState["malicious_links_text"] = v + } + if v := maliciousMailPolicySettingsJson["remove-attachments-and-links"]; v != nil { + maliciousMailPolicySettingsState["remove_attachments_and_links"] = v + } + if v := maliciousMailPolicySettingsJson["send-copy"]; v != nil { + maliciousMailPolicySettingsState["send_copy"] = v + } + if v := maliciousMailPolicySettingsJson["send-copy-list"]; v != nil { + maliciousMailPolicySettingsState["send_copy_list"] = v + } + + _, maliciousMailPolicySettingsInConf := d.GetOk("malicious_mail_policy_settings") + defaultMaliciousMailPolicySettings := map[string]interface{}{ + "email_action": "allow", + "remove_attachments_and_links": true, + "malicious_attachments_text": "Malicious email attachment '$filename$' removed by Check Point.", + "failed_to_scan_attachments_text": "Email attachment '$filename$' failed to be scanned and removed by Check Point.", + "malicious_links_text": "[Check Point] Malicious link: $neutralized_url$ [Check Point]", + "add_x_header_to_email": false, + "add_email_subject_prefix": false, + "email_subject_prefix_text": "Attachment was found malicious. It is recommended not to open this mail.", + "add_customized_text_to_email_body": false, + "email_body_customized_text": "[Check Point]
The following verdicts were determined by Check Point:
$verdicts$
[Check Point]", + "send_copy": false, + } + if reflect.DeepEqual(defaultMaliciousMailPolicySettings, maliciousMailPolicySettingsState) && !maliciousMailPolicySettingsInConf { + _ = d.Set("malicious_mail_policy_settings", map[string]interface{}{}) + } else { + _ = d.Set("malicious_mail_policy_settings", maliciousMailPolicySettingsState) + } + }else{ + _ = d.Set("malicious_mail_policy_settings", nil) + } + + if threatProfile["overrides"] != nil { + overridesList := threatProfile["overrides"].([]interface{}) + if len(overridesList) > 0 { + var overridesListState []map[string]interface{} + for i := range overridesList { + overridesJson := overridesList[i].(map[string]interface{}) + overrideState := make(map[string]interface{}) + if v, _ := overridesJson["protection"]; v != nil { + overrideState["protection"] = v + } + if v, _ := overridesJson["override"]; v != nil { + overrideObject := v.(map[string]interface{}) + if v, _ = overrideObject["action"]; v != nil { + overrideState["action"] = v + } + if v, _ = overrideObject["capture-packets"]; v != nil { + overrideState["capture_packets"] = v + } + if v, _ = overrideObject["track"]; v != nil { + overrideState["track"] = v + } + } + if v, _ := overridesJson["protection-external-info"]; v != nil { + overrideState["protection_external_info"] = v + } + if v, _ := overridesJson["protection-uid"]; v != nil { + overrideState["protection_uid"] = v + } + + if v, _ := overridesJson["default"]; v != nil { + defaultJson := v.(map[string]interface{}) + defaultState := make(map[string]interface{}) + if v, _ = defaultJson["action"]; v != nil { + defaultState["action"] = v + } + if v, _ = defaultJson["capture-packets"]; v != nil { + defaultState["capture_packets"] = v + } + if v, _ = defaultJson["track"]; v != nil { + defaultState["track"] = v + } + overrideState["default"] = defaultState + } + + if v, _ := overridesJson["final"]; v != nil { + finalJson := v.(map[string]interface{}) + finalState := make(map[string]interface{}) + if v, _ = finalJson["action"]; v != nil { + finalState["action"] = v + } + if v, _ = finalJson["capture-packets"]; v != nil { + finalState["capture_packets"] = v + } + if v, _ = finalJson["track"]; v != nil { + finalState["track"] = v + } + overrideState["final"] = finalState + } + overridesListState = append(overridesListState, overrideState) + } + _ = d.Set("overrides", overridesListState) + } else { + _ = d.Set("overrides", overridesList) + } + } else { + _ = d.Set("overrides", nil) + } + + if v := threatProfile["scan-malicious-links"]; v != nil { + scanMaliciousLinksJson := threatProfile["scan-malicious-links"].(map[string]interface{}) + scanMaliciousLinksState := make(map[string]interface{}) + if v := scanMaliciousLinksJson["max-bytes"]; v != nil { + scanMaliciousLinksState["max_bytes"] = v + } + if v := scanMaliciousLinksJson["max-links"]; v != nil { + scanMaliciousLinksState["max_links"] = v + } + _ = d.Set("scan_malicious_links", scanMaliciousLinksState) + }else{ + _ = d.Set("scan_malicious_links", nil) + } + + if v := threatProfile["extended-attributes-to-activate"]; v != nil { + extendedAttributesToActivateList := threatProfile["extended-attributes-to-activate"].([]interface{}) + if len(extendedAttributesToActivateList) > 0 { + var extendedAttributesToActivateState []interface{} + for i := range extendedAttributesToActivateList { + extendedAttributesToActivateJson := extendedAttributesToActivateList[i].(map[string]interface{}) + extendedAttributesToActivate := make(map[string]interface{}) + if v := extendedAttributesToActivateJson["uid"]; v != nil { + extendedAttributesToActivate["uid"] = v + } + if v := extendedAttributesToActivateJson["name"]; v != nil { + extendedAttributesToActivate["name"] = v + } + if v := extendedAttributesToActivateJson["values"]; v != nil { + extendedAttributesToActivate["values"] = v + } + extendedAttributesToActivateState = append(extendedAttributesToActivateState, extendedAttributesToActivate) + } + _ = d.Set("activate_protections_by_extended_attributes", extendedAttributesToActivateState) + }else{ + _ = d.Set("activate_protections_by_extended_attributes", extendedAttributesToActivateList) + } + }else{ + _ = d.Set("activate_protections_by_extended_attributes", nil) + } + + if v := threatProfile["extended-attributes-to-deactivate"]; v != nil { + extendedAttributesToDeactivateList := threatProfile["extended-attributes-to-deactivate"].([]interface{}) + if len(extendedAttributesToDeactivateList) > 0 { + var extendedAttributesToDeactivateState []interface{} + for i := range extendedAttributesToDeactivateList { + extendedAttributesToActivateJson := extendedAttributesToDeactivateList[i].(map[string]interface{}) + extendedAttributesToDeactivate := make(map[string]interface{}) + if v := extendedAttributesToActivateJson["uid"]; v != nil { + extendedAttributesToDeactivate["uid"] = v + } + if v := extendedAttributesToActivateJson["name"]; v != nil { + extendedAttributesToDeactivate["name"] = v + } + if v := extendedAttributesToActivateJson["values"]; v != nil { + extendedAttributesToDeactivate["values"] = v + } + extendedAttributesToDeactivateState = append(extendedAttributesToDeactivateState, extendedAttributesToDeactivate) + } + _ = d.Set("deactivate_protections_by_extended_attributes", extendedAttributesToDeactivateState) + }else{ + _ = d.Set("deactivate_protections_by_extended_attributes", extendedAttributesToDeactivateList) + } + }else{ + _ = d.Set("deactivate_protections_by_extended_attributes", nil) + } + + if v := threatProfile["use-indicators"]; v != nil { + _ = d.Set("use_indicators", v) + } + + if v := threatProfile["anti-bot"]; v != nil { + _ = d.Set("anti_bot", v) + } + + if v := threatProfile["anti-virus"]; v != nil { + _ = d.Set("anti_virus", v) + } + + if v := threatProfile["ips"]; v != nil { + _ = d.Set("ips", v) + } + + if v := threatProfile["threat-emulation"]; v != nil { + _ = d.Set("threat_emulation", v) + } + + if v := threatProfile["use-extended-attributes"]; v != nil { + _ = d.Set("use_extended_attributes", v) + } + + if v := threatProfile["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := threatProfile["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if threatProfile["tags"] != nil { + tagsJson := threatProfile["tags"].([]interface{}) + var tagsIds = make([]string, 0) + if len(tagsJson) > 0 { + // Create slice of tag names + for _, tag := range tagsJson { + tag := tag.(map[string]interface{}) + tagsIds = append(tagsIds, tag["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } else { + _ = d.Set("tags", nil) + } + + return nil +} \ No newline at end of file diff --git a/checkpoint/data_source_checkpoint_management_threat_profile_test.go b/checkpoint/data_source_checkpoint_management_threat_profile_test.go new file mode 100644 index 00000000..81311d77 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_threat_profile_test.go @@ -0,0 +1,50 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementThreatProfile_basic(t *testing.T) { + + objName := "ThreatProfile" + acctest.RandString(2) + resourceName := "checkpoint_management_threat_profile.threat_profile" + dataSourceName := "data.checkpoint_management_threat_profile.test_threat_profile" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementThreatProfileConfig(objName,"high", "Critical"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "active_protections_performance_impact", resourceName, "active_protections_performance_impact"), + resource.TestCheckResourceAttrPair(dataSourceName, "active_protections_severity", resourceName, "active_protections_severity"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementThreatProfileConfig(name string, performanceImpact string, protectionsSeverity string) string { + return fmt.Sprintf(` +resource "checkpoint_management_threat_profile" "threat_profile" { + name = "%s" + active_protections_performance_impact = "%s" + active_protections_severity = "%s" +} + +data "checkpoint_management_threat_profile" "test_threat_profile" { + name = "${checkpoint_management_threat_profile.threat_profile.name}" +} +`, name, performanceImpact, protectionsSeverity) +} diff --git a/checkpoint/provider.go b/checkpoint/provider.go index 1a91f1b2..1e9d6d6e 100644 --- a/checkpoint/provider.go +++ b/checkpoint/provider.go @@ -157,7 +157,7 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_threat_exception": resourceManagementThreatException(), "checkpoint_management_simple_gateway": resourceManagementSimpleGateway(), "checkpoint_management_simple_cluster": resourceManagementSimpleCluster(), - + "checkpoint_management_threat_profile": resourceManagementThreatProfile(), }, DataSourcesMap: map[string]*schema.Resource{ "checkpoint_management_data_host": dataSourceManagementHost(), @@ -215,6 +215,7 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_threat_exception": dataSourceManagementThreatException(), "checkpoint_management_simple_cluster": dataSourceManagementSimpleCluster(), "checkpoint_management_simple_gateway": dataSourceManagementSimpleGateway(), + "checkpoint_management_threat_profile": dataSourceManagementThreatProfile(), }, ConfigureFunc: providerConfigure, } diff --git a/checkpoint/resource_checkpoint_management_access_rule.go b/checkpoint/resource_checkpoint_management_access_rule.go index b6511c0a..fec901dc 100644 --- a/checkpoint/resource_checkpoint_management_access_rule.go +++ b/checkpoint/resource_checkpoint_management_access_rule.go @@ -872,6 +872,9 @@ func updateManagementAccessRule(d *schema.ResourceData, m interface{}) error { if d.HasChange("action") { accessRule["action"] = d.Get("action") + if val, ok := d.GetOk("inline_layer"); ok { + accessRule["inline-layer"] = val.(string) + } } if d.HasChange("action_settings") { diff --git a/checkpoint/resource_checkpoint_management_access_rule_test.go b/checkpoint/resource_checkpoint_management_access_rule_test.go index b9f6a54d..58cf9214 100644 --- a/checkpoint/resource_checkpoint_management_access_rule_test.go +++ b/checkpoint/resource_checkpoint_management_access_rule_test.go @@ -114,6 +114,9 @@ resource "checkpoint_management_access_rule" "test" { name = "%s" layer = "%s" position = {top = "top"} + source = ["Any"] + destination = ["Any"] + service = ["Any"] } `, name, layer) } diff --git a/checkpoint/resource_checkpoint_management_simple_cluster.go b/checkpoint/resource_checkpoint_management_simple_cluster.go index a884fea3..fa26c791 100644 --- a/checkpoint/resource_checkpoint_management_simple_cluster.go +++ b/checkpoint/resource_checkpoint_management_simple_cluster.go @@ -190,7 +190,7 @@ func resourceManagementSimpleCluster() *schema.Resource { }, }, "members": { - Type: schema.TypeMap, + Type: schema.TypeList, Optional: true, Description: "Cluster members.", Elem: &schema.Resource{ @@ -1216,18 +1216,7 @@ func createManagementSimpleCluster(d *schema.ResourceData, m interface{}) error if addClusterRes.ErrorMsg != "" { return fmt.Errorf(addClusterRes.ErrorMsg) } - msg := fmt.Sprintf("fail to add-simple-cluster.") - if v, ok := addClusterRes.GetData()["tasks"].([]interface{}); ok { - if len(v) > 0 { - task := v[0].(map[string]interface{}) - msg += fmt.Sprintf(" task-id [%s]", task["task-id"]) - if task["status"] != "succeeded" { - if len(task["task-details"].([]interface{})) > 0 { - msg += "\n" + task["task-details"].([]interface{})[0].(map[string]interface{})["fault-message"].(string) - } - } - } - } + msg := createTaskFailMessage("add-simple-cluster", addClusterRes.GetData()) return fmt.Errorf(msg) } @@ -2283,18 +2272,7 @@ func updateManagementSimpleCluster(d *schema.ResourceData, m interface{}) error if updateSimpleClusterRes.ErrorMsg != "" { return fmt.Errorf(updateSimpleClusterRes.ErrorMsg) } - msg := fmt.Sprintf("fail to set-simple-cluster.") - if v, ok := updateSimpleClusterRes.GetData()["tasks"].([]interface{}); ok { - if len(v) > 0 { - task := v[0].(map[string]interface{}) - msg += fmt.Sprintf(" task-id [%s]", task["task-id"]) - if task["status"] != "succeeded" { - if len(task["task-details"].([]interface{})) > 0 { - msg += "\n" + task["task-details"].([]interface{})[0].(map[string]interface{})["fault-message"].(string) - } - } - } - } + msg := createTaskFailMessage("set-simple-cluster", updateSimpleClusterRes.GetData()) return fmt.Errorf(msg) } diff --git a/checkpoint/resource_checkpoint_management_simple_gateway.go b/checkpoint/resource_checkpoint_management_simple_gateway.go index 27b4602a..be3ed210 100644 --- a/checkpoint/resource_checkpoint_management_simple_gateway.go +++ b/checkpoint/resource_checkpoint_management_simple_gateway.go @@ -5,6 +5,7 @@ import ( checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" "github.com/hashicorp/terraform-plugin-sdk/helper/schema" "log" + "reflect" "strconv" ) @@ -334,10 +335,25 @@ func resourceManagementSimpleGateway() *schema.Resource { Optional: true, Description: "Enable alert when free disk space is below threshold.", }, - "alert_when_free_disk_space_below_metrics": { + "free_disk_space_metrics": { + Type: schema.TypeString, + Optional: true, + Description: "Free disk space metrics.", + }, + "delete_index_files_when_index_size_above_metrics": { Type: schema.TypeString, Computed: true, - Description: "Alert when free disk space below metrics.", + Description: "Delete index files when index size above metrics", + }, + "delete_when_free_disk_space_below_metrics": { + Type: schema.TypeString, + Computed: true, + Description: "Delete when free disk space below metric.", + }, + "stop_logging_when_free_disk_space_below_metrics": { + Type: schema.TypeString, + Computed: true, + Description: "Stop logging when free disk space below metrics", }, "alert_when_free_disk_space_below_threshold": { Type: schema.TypeInt, @@ -385,11 +401,6 @@ func resourceManagementSimpleGateway() *schema.Resource { Optional: true, Description: "Enable delete index files when index size above.", }, - "delete_index_files_when_index_size_above_metrics": { - Type: schema.TypeString, - Computed: true, - Description: "", - }, "delete_index_files_when_index_size_above_threshold": { Type: schema.TypeInt, Optional: true, @@ -400,11 +411,6 @@ func resourceManagementSimpleGateway() *schema.Resource { Optional: true, Description: "Enable delete when free disk space below.", }, - "delete_when_free_disk_space_below_metrics": { - Type: schema.TypeString, - Computed: true, - Description: "Delete when free disk space below metric.", - }, "delete_when_free_disk_space_below_threshold": { Type: schema.TypeInt, Optional: true, @@ -430,11 +436,6 @@ func resourceManagementSimpleGateway() *schema.Resource { Optional: true, Description: "Forward logs to log server schedule name.", }, - "free_disk_space_metrics": { - Type: schema.TypeString, - Optional: true, - Description: "Free disk space metrics.", - }, "perform_log_rotate_before_log_forwarding": { Type: schema.TypeBool, Optional: true, @@ -1546,9 +1547,18 @@ func readManagementSimpleGateway(d *schema.ResourceData, m interface{}) error { logSettingsState["alert_when_free_disk_space_below"] = v } if v := logSettingsJson["alert-when-free-disk-space-below-metrics"]; v != nil { - logSettingsState["alert_when_free_disk_space_below_metrics"] = v + logSettingsState["free_disk_space_metrics"] = v } - if v := logSettingsJson["alert_when_free_disk_space_below_threshold"]; v != nil { + if v := logSettingsJson["delete-index-files-when-index-size-above-metrics"]; v != nil { + logSettingsState["delete_index_files_when_index_size_above_metrics"] = v + } + if v := logSettingsJson["delete-when-free-disk-space-below-metrics"]; v != nil { + logSettingsState["delete_when_free_disk_space_below_metrics"] = v + } + if v := logSettingsJson["stop-logging-when-free-disk-space-below-metrics"]; v != nil { + logSettingsState["stop_logging_when_free_disk_space_below_metrics"] = v + } + if v := logSettingsJson["alert-when-free-disk-space-below-threshold"]; v != nil { logSettingsState["alert_when_free_disk_space_below_threshold"] = v } if v := logSettingsJson["alert-when-free-disk-space-below-type"]; v != nil { @@ -1575,18 +1585,12 @@ func readManagementSimpleGateway(d *schema.ResourceData, m interface{}) error { if v := logSettingsJson["delete-index-files-when-index-size-above"]; v != nil { logSettingsState["delete_index_files_when_index_size_above"] = v } - if v := logSettingsJson["delete-index-files-when-index-size-above-metrics"]; v != nil { - logSettingsState["delete_index_files_when_index_size_above_metrics"] = v - } if v := logSettingsJson["delete-index-files-when-index-size-above-threshold"]; v != nil { logSettingsState["delete_index_files_when_index_size_above_threshold"] = v } if v := logSettingsJson["delete-when-free-disk-space-below"]; v != nil { logSettingsState["delete_when_free_disk_space_below"] = v } - if v := logSettingsJson["delete-when-free-disk-space-below-metrics"]; v != nil { - logSettingsState["delete_when_free_disk_space_below_metrics"] = v - } if v := logSettingsJson["delete-when-free-disk-space-below-threshold"]; v != nil { logSettingsState["delete_when_free_disk_space_below_threshold"] = v } @@ -1629,9 +1633,6 @@ func readManagementSimpleGateway(d *schema.ResourceData, m interface{}) error { if v := logSettingsJson["stop-logging-when-free-disk-space-below"]; v != nil { logSettingsState["stop_logging_when_free_disk_space_below"] = v } - if v := logSettingsJson["stop-logging-when-free-disk-space-below-metrics"]; v != nil { - logSettingsState["stop_logging_when_free_disk_space_below_metrics"] = v - } if v := logSettingsJson["stop-logging-when-free-disk-space-below-threshold"]; v != nil { logSettingsState["stop_logging_when_free_disk_space_below_threshold"] = v } @@ -1642,48 +1643,44 @@ func readManagementSimpleGateway(d *schema.ResourceData, m interface{}) error { logSettingsState["update_account_log_every"] = v } - _ = d.Set("logs_settings", logSettingsState) - - /* _, logsSettingsInConf := d.GetOk("logs_settings") defaultLogsSettings := map[string]interface{}{ - "rotate_log_by_file_size": false, - "rotate_log_file_size_threshold": 1000, - "rotate_log_on_schedule": false, - "alert_when_free_disk_space_below_metrics": "mbytes", "alert_when_free_disk_space_below": true, - "alert_when_free_disk_space_below_threshold": 20, - "alert_when_free_disk_space_below_type": "popup alert", + "free_disk_space_metrics": "mbytes", + "delete_index_files_when_index_size_above_metrics": "mbytes", "delete_when_free_disk_space_below_metrics": "mbytes", - "delete_when_free_disk_space_below": true, - "delete_when_free_disk_space_below_threshold": 5000, + "stop_logging_when_free_disk_space_below_metrics": "mbytes", + "alert_when_free_disk_space_below_type": "popup alert", + "alert_when_free_disk_space_below_threshold": 20, "before_delete_keep_logs_from_the_last_days": false, "before_delete_keep_logs_from_the_last_days_threshold": 3664, "before_delete_run_script": false, "before_delete_run_script_command": "", - "stop_logging_when_free_disk_space_below_metrics": "mbytes", - "stop_logging_when_free_disk_space_below": true, - "stop_logging_when_free_disk_space_below_threshold": 100, - "reject_connections_when_free_disk_space_below_threshold": false, - "reserve_for_packet_capture_metrics": "mbytes", - "reserve_for_packet_capture_threshold": 500, - "delete_index_files_when_index_size_above_metrics": "mbytes", - "delete_index_files_when_index_size_above": false, - "delete_index_files_when_index_size_above_threshold": 100000, "delete_index_files_older_than_days": false, "delete_index_files_older_than_days_threshold": 14, + "delete_index_files_when_index_size_above": false, + "delete_index_files_when_index_size_above_threshold": 100000, + "delete_when_free_disk_space_below": true, + "delete_when_free_disk_space_below_threshold": 5000, + "detect_new_citrix_ica_application_names": false, "forward_logs_to_log_server": false, "perform_log_rotate_before_log_forwarding": false, - "update_account_log_every": 3600, - "detect_new_citrix_ica_application_names": false, + "reject_connections_when_free_disk_space_below_threshold": false, + "reserve_for_packet_capture_metrics": "mbytes", + "reserve_for_packet_capture_threshold": 500, + "rotate_log_by_file_size": false, + "rotate_log_file_size_threshold": 1000, + "rotate_log_on_schedule": false, + "stop_logging_when_free_disk_space_below": true, + "stop_logging_when_free_disk_space_below_threshold": 100, "turn_on_qos_logging": true, + "update_account_log_every": 3600, } if reflect.DeepEqual(defaultLogsSettings, logSettingsState) && !logsSettingsInConf { _ = d.Set("logs_settings", map[string]interface{}{}) } else { _ = d.Set("logs_settings", logSettingsState) } - */ }else{ _ = d.Set("logs_settings", nil) } @@ -2406,8 +2403,6 @@ func updateManagementSimpleGateway(d *schema.ResourceData, m interface{}) error logsSettings["update-account-log-every"] = d.Get("logs_settings.update_account_log_every").(int) } gateway["logs-settings"] = logsSettings - }else{ - // Set default ? } } diff --git a/checkpoint/resource_checkpoint_management_threat_profile.go b/checkpoint/resource_checkpoint_management_threat_profile.go new file mode 100644 index 00000000..af2c0ddd --- /dev/null +++ b/checkpoint/resource_checkpoint_management_threat_profile.go @@ -0,0 +1,1387 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "reflect" + "strconv" +) + +func resourceManagementThreatProfile() *schema.Resource { + return &schema.Resource{ + Create: createManagementThreatProfile, + Read: readManagementThreatProfile, + Update: updateManagementThreatProfile, + Delete: deleteManagementThreatProfile, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Object name. Should be unique in the domain.", + }, + "active_protections_performance_impact": { + Type: schema.TypeString, + Optional: true, + Description: "Protections with this performance impact only will be activated in the profile.", + }, + "active_protections_severity": { + Type: schema.TypeString, + Optional: true, + Description: "Protections with this severity only will be activated in the profile.", + }, + "confidence_level_high": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "Prevent", + Description: "Action for protections with high confidence level.", + }, + "confidence_level_low": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "Detect", + Description: "Action for protections with low confidence level.", + }, + "confidence_level_medium": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "Prevent", + Description: "Action for protections with medium confidence level.", + }, + "indicator_overrides": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Description: "Indicators whose action will be overridden in this profile.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Optional: true, + Description: "The indicator's action in this profile.", + }, + "indicator": { + Type: schema.TypeString, + Optional: true, + Description: "The indicator whose action is to be overriden.", + }, + }, + }, + }, + "ips_settings": &schema.Schema{ + Type: schema.TypeMap, + Optional: true, + Description: "IPS blade settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "exclude_protection_with_performance_impact": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether to exclude protections depending on their level of performance impact.", + }, + "exclude_protection_with_performance_impact_mode": { + Type: schema.TypeString, + Optional: true, + Description: "Exclude protections with this level of performance impact.", + }, + "exclude_protection_with_severity": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether to exclude protections depending on their level of severity.", + }, + "exclude_protection_with_severity_mode": { + Type: schema.TypeString, + Optional: true, + Description: "Exclude protections with this level of severity.", + }, + "newly_updated_protections": { + Type: schema.TypeString, + Optional: true, + Description: "Activation of newly updated protections.", + }, + }, + }, + }, + "malicious_mail_policy_settings": &schema.Schema{ + Type: schema.TypeMap, + Optional: true, + Description: "Malicious Mail Policy for MTA Gateways.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "add_customized_text_to_email_body": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Add customized text to the malicious email body.", + }, + "add_email_subject_prefix": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Add a prefix to the malicious email subject.", + }, + "add_x_header_to_email": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: "Add an X-Header to the malicious email.", + }, + "email_action": { + Type: schema.TypeString, + Optional: true, + Description: "Block - block the entire malicious email. Allow - pass the malicious email and apply email changes (like: remove attachments and links, add x-header, etc...).", + }, + "email_body_customized_text": { + Type: schema.TypeString, + Optional: true, + Description: "Customized text for the malicious email body. Available predefined fields: $verdicts$ - the malicious/error attachments/links verdict.", + }, + "email_subject_prefix_text": { + Type: schema.TypeString, + Optional: true, + Description: "Prefix for the malicious email subject.", + }, + "failed_to_scan_attachments_text": { + Type: schema.TypeString, + Optional: true, + Description: "Replace attachments that failed to be scanned with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file.", + }, + "malicious_attachments_text": { + Type: schema.TypeString, + Optional: true, + Description: "Replace malicious attachments with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file.", + }, + "malicious_links_text": { + Type: schema.TypeString, + Optional: true, + Description: "Replace malicious links with this text. Available predefined fields: $neutralized_url$ - neutralized malicious link.", + }, + "remove_attachments_and_links": { + Type: schema.TypeBool, + Optional: true, + Description: "Remove attachments and links from the malicious email.", + }, + "send_copy": { + Type: schema.TypeBool, + Optional: true, + Description: "Send a copy of the malicious email to the recipient list.", + }, + "send_copy_list": { + Type: schema.TypeSet, + Optional: true, + Description: "Recipient list to send a copy of the malicious email.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + "overrides": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Description: "Overrides per profile for this protection.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "protection": { + Type: schema.TypeString, + Required: true, + Description: "IPS protection identified by name.", + }, + "action": { + Type: schema.TypeString, + Required: true, + Description: "Protection action.", + }, + "capture_packets": { + Type: schema.TypeBool, + Optional: true, + Description: "Capture packets.", + }, + "track": { + Type: schema.TypeString, + Optional: true, + Description: "Tracking method for protection.", + }, + "default": { + Type: schema.TypeMap, + Computed: true, + Description: "Default settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Computed: true, + Description: "Protection action.", + }, + "capture_packets": { + Type: schema.TypeBool, + Computed: true, + Description: "Capture packets.", + }, + "track": { + Type: schema.TypeString, + Computed: true, + Description: "Tracking method for protection.", + }, + }, + }, + }, + "final": { + Type: schema.TypeMap, + Computed: true, + Description: "Final settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "action": { + Type: schema.TypeString, + Computed: true, + Description: "Protection action.", + }, + "capture_packets": { + Type: schema.TypeBool, + Computed: true, + Description: "Capture packets.", + }, + "track": { + Type: schema.TypeString, + Computed: true, + Description: "Tracking method for protection.", + }, + }, + }, + }, + "protection_external_info": { + Type: schema.TypeSet, + Computed: true, + Description: "Collection of industry reference (CVE).", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "protection_uid": { + Type: schema.TypeString, + Computed: true, + Description: "IPS protection unique identifier.", + }, + }, + }, + }, + "scan_malicious_links": &schema.Schema{ + Type: schema.TypeMap, + Optional: true, + Description: "Scans malicious links (URLs) inside email messages.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_bytes": { + Type: schema.TypeInt, + Optional: true, + Description: "Scan links in the first bytes of the mail body.", + }, + "max_links": { + Type: schema.TypeInt, + Optional: true, + Description: "Maximum links to scan in mail body.", + }, + }, + }, + }, + "use_indicators": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Indicates whether the profile should make use of indicators.", + }, + "anti_bot": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Is Anti-Bot blade activated.", + }, + "anti_virus": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Is Anti-Virus blade activated.", + }, + "ips": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Is IPS blade activated.", + }, + "threat_emulation": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Is Threat Emulation blade activated.", + }, + "activate_protections_by_extended_attributes": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Description: "Activate protections by these extended attributes.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "IPS tag unique identifier.", + }, + "name": { + Type: schema.TypeString, + Optional: true, + Description: "IPS tag name.", + }, + "category": { + Type: schema.TypeString, + Optional: true, + Description: "IPS tag category name.", + }, + "values": { + Type: schema.TypeList, + Computed: true, + Description: "IPS protection extended attribute values", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + }, + }, + }, + }, + }, + }, + "deactivate_protections_by_extended_attributes": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Description: "Deactivate protections by these extended attributes.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "uid": { + Type: schema.TypeString, + Optional: true, + Description: "IPS tag unique identifier.", + }, + "name": { + Type: schema.TypeString, + Optional: true, + Description: "IPS tag name.", + }, + "category": { + Type: schema.TypeString, + Optional: true, + Description: "IPS tag category name.", + }, + "values": { + Type: schema.TypeList, + Computed: true, + Description: "IPS protection extended attribute values", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Object name.", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Object unique identifier.", + }, + }, + }, + }, + }, + }, + }, + "use_extended_attributes": { + Type: schema.TypeBool, + Optional: true, + Description: "Whether to activate/deactivate IPS protections according to the extended attributes.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the object. Should be one of existing colors.", + Default: "black", + }, + "comments": { + Type: schema.TypeString, + Optional: true, + Description: "Comments string.", + }, + "tags": { + Type: schema.TypeSet, + Optional: true, + Description: "Collection of tag identifiers.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "ignore_warnings": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring warnings.", + Default: false, + }, + "ignore_errors": { + Type: schema.TypeBool, + Optional: true, + Description: "Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.", + Default: false, + }, + }, + } +} + +func createManagementThreatProfile(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + threatProfile := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + threatProfile["name"] = v.(string) + } + + if v, ok := d.GetOk("active_protections_performance_impact"); ok { + threatProfile["active-protections-performance-impact"] = v.(string) + } + + if v, ok := d.GetOk("active_protections_severity"); ok { + threatProfile["active-protections-severity"] = v.(string) + } + + if v, ok := d.GetOk("confidence_level_high"); ok { + threatProfile["confidence-level-high"] = v.(string) + } + + if v, ok := d.GetOk("confidence_level_low"); ok { + threatProfile["confidence-level-low"] = v.(string) + } + + if v, ok := d.GetOk("confidence_level_medium"); ok { + threatProfile["confidence-level-medium"] = v.(string) + } + + if v, ok := d.GetOk("indicator_overrides"); ok { + indicatorOverridesList := v.([]interface{}) + if len(indicatorOverridesList) > 0 { + var indicatorOverridesPayload []map[string]interface{} + for i := range indicatorOverridesList { + indicatorOverride := make(map[string]interface{}) + if v, ok := d.GetOk("indicator_overrides." + strconv.Itoa(i) + ".action"); ok { + indicatorOverride["action"] = v.(string) + } + if v, ok := d.GetOk("indicator_overrides." + strconv.Itoa(i) + ".indicator"); ok { + indicatorOverride["indicator"] = v.(string) + } + indicatorOverridesPayload = append(indicatorOverridesPayload, indicatorOverride) + } + threatProfile["indicator-overrides"] = indicatorOverridesPayload + } + } + + if _, ok := d.GetOk("ips_settings"); ok { + ipsSettingsPayload := make(map[string]interface{}) + + if v, ok := d.GetOkExists("ips_settings.exclude_protection_with_performance_impact"); ok { + ipsSettingsPayload["exclude-protection-with-performance-impact"] = v.(bool) + } + if v, ok := d.GetOk("ips_settings.exclude_protection_with_performance_impact_mode"); ok { + ipsSettingsPayload["exclude-protection-with-performance-impact-mode"] = v.(string) + } + if v, ok := d.GetOkExists("ips_settings.exclude_protection_with_severity"); ok { + ipsSettingsPayload["exclude-protection-with-severity"] = v.(bool) + } + if v, ok := d.GetOk("ips_settings.exclude_protection_with_severity_mode"); ok { + ipsSettingsPayload["exclude-protection-with-severity-mode"] = v.(string) + } + if v, ok := d.GetOk("ips_settings.newly_updated_protections"); ok { + ipsSettingsPayload["newly-updated-protections"] = v.(string) + } + + threatProfile["ips-settings"] = ipsSettingsPayload + } + + if _, ok := d.GetOk("malicious_mail_policy_settings"); ok { + maliciousMailPolicySettingsPayload := make(map[string]interface{}) + + if v, ok := d.GetOkExists("malicious_mail_policy_settings.add_customized_text_to_email_body"); ok { + maliciousMailPolicySettingsPayload["add-customized-text-to-email-body"] = v.(bool) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.add_email_subject_prefix"); ok { + maliciousMailPolicySettingsPayload["add-email-subject-prefix"] = v.(bool) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.add_x_header_to_email"); ok { + maliciousMailPolicySettingsPayload["add-x-header-to-email"] = v.(bool) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.email_action"); ok { + maliciousMailPolicySettingsPayload["email-action"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.email_body_customized_text"); ok { + maliciousMailPolicySettingsPayload["email-body-customized-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.email_subject_prefix_text"); ok { + maliciousMailPolicySettingsPayload["email-subject-prefix-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.failed_to_scan_attachments_text"); ok { + maliciousMailPolicySettingsPayload["failed-to-scan-attachments-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.malicious_attachments_text"); ok { + maliciousMailPolicySettingsPayload["malicious-attachments-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.malicious_links_text"); ok { + maliciousMailPolicySettingsPayload["malicious-links-text"] = v.(string) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.remove_attachments_and_links"); ok { + maliciousMailPolicySettingsPayload["remove-attachments-and-links"] = v.(bool) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.send_copy"); ok { + maliciousMailPolicySettingsPayload["send-copy"] = v.(bool) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.send_copy_list"); ok { + maliciousMailPolicySettingsPayload["send-copy-list"] = v.(*schema.Set).List() + } + + threatProfile["malicious-mail-policy-settings"] = maliciousMailPolicySettingsPayload + } + + if v, ok := d.GetOk("overrides"); ok { + overridesList := v.([]interface{}) + if len(overridesList) > 0 { + var overridesPayload []map[string]interface{} + for i := range overridesList { + override := make(map[string]interface{}) + if v, ok := d.GetOk("overrides." + strconv.Itoa(i) + ".action"); ok { + override["action"] = v.(string) + } + if v, ok := d.GetOk("overrides." + strconv.Itoa(i) + ".protection"); ok { + override["protection"] = v.(string) + } + if v, ok := d.GetOkExists("overrides." + strconv.Itoa(i) + ".capture_packets"); ok { + override["capture-packets"] = v.(bool) + } + if v, ok := d.GetOk("overrides." + strconv.Itoa(i) + ".track"); ok { + override["track"] = v.(string) + } + overridesPayload = append(overridesPayload, override) + } + threatProfile["overrides"] = overridesPayload + } + } + + if _, ok := d.GetOk("scan_malicious_links"); ok { + scanMaliciousLinksPayload := make(map[string]interface{}) + if v, ok := d.GetOk("scan_malicious_links.max_bytes"); ok { + scanMaliciousLinksPayload["max-bytes"] = v.(int) + } + if v, ok := d.GetOk("profile_overrides.max_links"); ok { + scanMaliciousLinksPayload["max-links"] = v.(int) + } + threatProfile["scan-malicious-links"] = scanMaliciousLinksPayload + } + + if v, ok := d.GetOkExists("use_indicators"); ok { + threatProfile["use-indicators"] = v.(bool) + } + + if v, ok := d.GetOkExists("anti_bot"); ok { + threatProfile["anti-bot"] = v.(bool) + } + + if v, ok := d.GetOkExists("anti_virus"); ok { + threatProfile["anti-virus"] = v.(bool) + } + + if v, ok := d.GetOkExists("ips"); ok { + threatProfile["ips"] = v.(bool) + } + + if v, ok := d.GetOkExists("threat_emulation"); ok { + threatProfile["threat-emulation"] = v.(bool) + } + + if v, ok := d.GetOkExists("use_extended_attributes"); ok { + threatProfile["use-extended-attributes"] = v.(bool) + } + + if v, ok := d.GetOk("activate_protections_by_extended_attributes"); ok { + activateProtectionsByExtendedAttributesList := v.([]interface{}) + if len(activateProtectionsByExtendedAttributesList) > 0 { + var activateProtectionsByExtendedAttributesPayload []map[string]interface{} + for i := range activateProtectionsByExtendedAttributesList { + activateProtectionsByExtendedAttributes := make(map[string]interface{}) + if v, ok := d.GetOk("activate_protections_by_extended_attributes." + strconv.Itoa(i) + ".uid"); ok { + activateProtectionsByExtendedAttributes["uid"] = v.(string) + } + if v, ok := d.GetOk("activate_protections_by_extended_attributes." + strconv.Itoa(i) + ".name"); ok { + activateProtectionsByExtendedAttributes["name"] = v.(string) + } + if v, ok := d.GetOk("activate_protections_by_extended_attributes." + strconv.Itoa(i) + ".category"); ok { + activateProtectionsByExtendedAttributes["category"] = v.(string) + } + activateProtectionsByExtendedAttributesPayload = append(activateProtectionsByExtendedAttributesPayload, activateProtectionsByExtendedAttributes) + } + threatProfile["activate-protections-by-extended-attributes"] = activateProtectionsByExtendedAttributesPayload + } + } + + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes"); ok { + deactivateProtectionsByExtendedAttributesList := v.([]interface{}) + if len(deactivateProtectionsByExtendedAttributesList) > 0 { + var deactivateProtectionsByExtendedAttributesPayload []map[string]interface{} + for i := range deactivateProtectionsByExtendedAttributesList { + deactivateProtectionsByExtendedAttributes := make(map[string]interface{}) + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes." + strconv.Itoa(i) + ".uid"); ok { + deactivateProtectionsByExtendedAttributes["uid"] = v.(string) + } + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes." + strconv.Itoa(i) + ".name"); ok { + deactivateProtectionsByExtendedAttributes["name"] = v.(string) + } + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes." + strconv.Itoa(i) + ".category"); ok { + deactivateProtectionsByExtendedAttributes["category"] = v.(string) + } + deactivateProtectionsByExtendedAttributesPayload = append(deactivateProtectionsByExtendedAttributesPayload, deactivateProtectionsByExtendedAttributes) + } + threatProfile["deactivate-protections-by-extended-attributes"] = deactivateProtectionsByExtendedAttributesPayload + } + } + + if v, ok := d.GetOk("comments"); ok { + threatProfile["comments"] = v.(string) + } + + if v, ok := d.GetOk("tags"); ok { + threatProfile["tags"] = v.(*schema.Set).List() + } + + if v, ok := d.GetOk("color"); ok { + threatProfile["color"] = v.(string) + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + threatProfile["ignore-errors"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + threatProfile["ignore-warnings"] = v.(bool) + } + + log.Println("Create Threat Profile - Map = ", threatProfile) + + threatProfileRes, err := client.ApiCall("add-threat-profile", threatProfile, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !threatProfileRes.Success { + if threatProfileRes.ErrorMsg != "" { + return fmt.Errorf(threatProfileRes.ErrorMsg) + } + msg := createTaskFailMessage("add-threat-profile", threatProfileRes.GetData()) + return fmt.Errorf(msg) + } + + showThreatProfileRes, err := client.ApiCall("show-threat-profile", map[string]interface{}{"name": d.Get("name")}, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showThreatProfileRes.Success { + return fmt.Errorf(showThreatProfileRes.ErrorMsg) + } + + d.SetId(showThreatProfileRes.GetData()["uid"].(string)) + + return readManagementThreatProfile(d, m) +} + +func readManagementThreatProfile(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + payload := map[string]interface{}{ + "uid": d.Id(), + } + + showThreatProfileRes, err := client.ApiCall("show-threat-profile", payload, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + if !showThreatProfileRes.Success { + // Handle delete resource from other clients + if objectNotFound(showThreatProfileRes.GetData()["code"].(string)) { + d.SetId("") + return nil + } + return fmt.Errorf(showThreatProfileRes.ErrorMsg) + } + + threatProfile := showThreatProfileRes.GetData() + + log.Println("Read Threat Profile - Show JSON = ", threatProfile) + + if v := threatProfile["name"]; v != nil { + _ = d.Set("name", v) + } + + if v := threatProfile["active-protections-performance-impact"]; v != nil { + _ = d.Set("active_protections_performance_impact", v) + } + if v := threatProfile["active-protections-severity"]; v != nil { + _ = d.Set("active_protections_severity", v) + } + if v := threatProfile["confidence-level-high"]; v != nil { + _ = d.Set("confidence_level_high", v) + } + if v := threatProfile["confidence-level-low"]; v != nil { + _ = d.Set("confidence_level_low", v) + } + if v := threatProfile["confidence-level-medium"]; v != nil { + _ = d.Set("confidence_level_medium", v) + } + + if threatProfile["indicator-overrides"] != nil { + indicatorOverridesList := threatProfile["indicator-overrides"].([]interface{}) + if len(indicatorOverridesList) > 0 { + var indicatorOverridesListState []map[string]interface{} + for i := range indicatorOverridesList { + indicatorOverridesJson := indicatorOverridesList[i].(map[string]interface{}) + indicatorOverride := make(map[string]interface{}) + if v, _ := indicatorOverridesJson["action"]; v != nil { + indicatorOverride["action"] = v + } + if v, _ := indicatorOverridesJson["indicator"]; v != nil { + indicatorOverride["indicator"] = v + } + indicatorOverridesListState = append(indicatorOverridesListState, indicatorOverride) + } + _ = d.Set("indicator_overrides", indicatorOverridesListState) + } else { + _ = d.Set("indicator_overrides", indicatorOverridesList) + } + } else { + _ = d.Set("indicator_overrides", nil) + } + + if v := threatProfile["ips-settings"]; v != nil { + ipsSettingsJson := threatProfile["ips-settings"].(map[string]interface{}) + ipsSettingsState := make(map[string]interface{}) + if v := ipsSettingsJson["exclude-protection-with-performance-impact"]; v != nil { + ipsSettingsState["exclude_protection_with_performance_impact"] = v + } + if v := ipsSettingsJson["exclude-protection-with-performance-impact-mode"]; v != nil { + ipsSettingsState["exclude_protection_with_performance_impact_mode"] = v + } + if v := ipsSettingsJson["exclude-protection-with-severity"]; v != nil { + ipsSettingsState["exclude_protection_with_severity"] = v + } + if v := ipsSettingsJson["exclude-protection-with-severity-mode"]; v != nil { + ipsSettingsState["exclude_protection_with_severity_mode"] = v + } + if v := ipsSettingsJson["newly-updated-protections"]; v != nil { + ipsSettingsState["newly_updated_protections"] = v + } + _, ipsSettingsInConf := d.GetOk("ips_settings") + defaultIpsSettings := map[string]interface{}{ + "newly_updated_protections": "active", + "exclude_protection_with_performance_impact": false, + "exclude_protection_with_severity": false, + } + if reflect.DeepEqual(defaultIpsSettings, ipsSettingsState) && !ipsSettingsInConf { + _ = d.Set("ips_settings", map[string]interface{}{}) + } else { + _ = d.Set("ips_settings", ipsSettingsState) + } + }else{ + _ = d.Set("ips_settings", nil) + } + + if v := threatProfile["malicious-mail-policy-settings"]; v != nil { + maliciousMailPolicySettingsJson := threatProfile["malicious-mail-policy-settings"].(map[string]interface{}) + maliciousMailPolicySettingsState := make(map[string]interface{}) + if v := maliciousMailPolicySettingsJson["add-customized-text-to-email-body"]; v != nil { + maliciousMailPolicySettingsState["add_customized_text_to_email_body"] = v + } + if v := maliciousMailPolicySettingsJson["add-email-subject-prefix"]; v != nil { + maliciousMailPolicySettingsState["add_email_subject_prefix"] = v + } + if v := maliciousMailPolicySettingsJson["add-x-header-to-email"]; v != nil { + maliciousMailPolicySettingsState["add_x_header_to_email"] = v + } + if v := maliciousMailPolicySettingsJson["email-action"]; v != nil { + maliciousMailPolicySettingsState["email_action"] = v + } + if v := maliciousMailPolicySettingsJson["email-body-customized-text"]; v != nil { + maliciousMailPolicySettingsState["email_body_customized_text"] = v + } + if v := maliciousMailPolicySettingsJson["email-subject-prefix-text"]; v != nil { + maliciousMailPolicySettingsState["email_subject_prefix_text"] = v + } + if v := maliciousMailPolicySettingsJson["failed-to-scan-attachments-text"]; v != nil { + maliciousMailPolicySettingsState["failed_to_scan_attachments_text"] = v + } + if v := maliciousMailPolicySettingsJson["malicious-attachments-text"]; v != nil { + maliciousMailPolicySettingsState["malicious_attachments_text"] = v + } + if v := maliciousMailPolicySettingsJson["malicious-links-text"]; v != nil { + maliciousMailPolicySettingsState["malicious_links_text"] = v + } + if v := maliciousMailPolicySettingsJson["remove-attachments-and-links"]; v != nil { + maliciousMailPolicySettingsState["remove_attachments_and_links"] = v + } + if v := maliciousMailPolicySettingsJson["send-copy"]; v != nil { + maliciousMailPolicySettingsState["send_copy"] = v + } + if v := maliciousMailPolicySettingsJson["send-copy-list"]; v != nil { + maliciousMailPolicySettingsState["send_copy_list"] = v + } + + _, maliciousMailPolicySettingsInConf := d.GetOk("malicious_mail_policy_settings") + defaultMaliciousMailPolicySettings := map[string]interface{}{ + "email_action": "allow", + "remove_attachments_and_links": true, + "malicious_attachments_text": "Malicious email attachment '$filename$' removed by Check Point.", + "failed_to_scan_attachments_text": "Email attachment '$filename$' failed to be scanned and removed by Check Point.", + "malicious_links_text": "[Check Point] Malicious link: $neutralized_url$ [Check Point]", + "add_x_header_to_email": false, + "add_email_subject_prefix": false, + "email_subject_prefix_text": "Attachment was found malicious. It is recommended not to open this mail.", + "add_customized_text_to_email_body": false, + "email_body_customized_text": "[Check Point]
The following verdicts were determined by Check Point:
$verdicts$
[Check Point]", + "send_copy": false, + } + if reflect.DeepEqual(defaultMaliciousMailPolicySettings, maliciousMailPolicySettingsState) && !maliciousMailPolicySettingsInConf { + _ = d.Set("malicious_mail_policy_settings", map[string]interface{}{}) + } else { + _ = d.Set("malicious_mail_policy_settings", maliciousMailPolicySettingsState) + } + }else{ + _ = d.Set("malicious_mail_policy_settings", nil) + } + + if threatProfile["overrides"] != nil { + overridesList := threatProfile["overrides"].([]interface{}) + if len(overridesList) > 0 { + var overridesListState []map[string]interface{} + for i := range overridesList { + overridesJson := overridesList[i].(map[string]interface{}) + overrideState := make(map[string]interface{}) + if v, _ := overridesJson["protection"]; v != nil { + overrideState["protection"] = v + } + if v, _ := overridesJson["override"]; v != nil { + overrideObject := v.(map[string]interface{}) + if v, _ = overrideObject["action"]; v != nil { + overrideState["action"] = v + } + if v, _ = overrideObject["capture-packets"]; v != nil { + overrideState["capture_packets"] = v + } + if v, _ = overrideObject["track"]; v != nil { + overrideState["track"] = v + } + } + if v, _ := overridesJson["protection-external-info"]; v != nil { + overrideState["protection_external_info"] = v + } + if v, _ := overridesJson["protection-uid"]; v != nil { + overrideState["protection_uid"] = v + } + + if v, _ := overridesJson["default"]; v != nil { + defaultJson := v.(map[string]interface{}) + defaultState := make(map[string]interface{}) + if v, _ = defaultJson["action"]; v != nil { + defaultState["action"] = v + } + if v, _ = defaultJson["capture-packets"]; v != nil { + defaultState["capture_packets"] = v + } + if v, _ = defaultJson["track"]; v != nil { + defaultState["track"] = v + } + overrideState["default"] = defaultState + } + + if v, _ := overridesJson["final"]; v != nil { + finalJson := v.(map[string]interface{}) + finalState := make(map[string]interface{}) + if v, _ = finalJson["action"]; v != nil { + finalState["action"] = v + } + if v, _ = finalJson["capture-packets"]; v != nil { + finalState["capture_packets"] = v + } + if v, _ = finalJson["track"]; v != nil { + finalState["track"] = v + } + overrideState["final"] = finalState + } + overridesListState = append(overridesListState, overrideState) + } + _ = d.Set("overrides", overridesListState) + } else { + _ = d.Set("overrides", overridesList) + } + } else { + _ = d.Set("overrides", nil) + } + + if v := threatProfile["scan-malicious-links"]; v != nil { + scanMaliciousLinksJson := threatProfile["scan-malicious-links"].(map[string]interface{}) + scanMaliciousLinksState := make(map[string]interface{}) + if v := scanMaliciousLinksJson["max-bytes"]; v != nil { + scanMaliciousLinksState["max_bytes"] = v + } + if v := scanMaliciousLinksJson["max-links"]; v != nil { + scanMaliciousLinksState["max_links"] = v + } + _ = d.Set("scan_malicious_links", scanMaliciousLinksState) + }else{ + _ = d.Set("scan_malicious_links", nil) + } + + if v := threatProfile["extended-attributes-to-activate"]; v != nil { + extendedAttributesToActivateList := threatProfile["extended-attributes-to-activate"].([]interface{}) + if len(extendedAttributesToActivateList) > 0 { + var extendedAttributesToActivateState []interface{} + for i := range extendedAttributesToActivateList { + extendedAttributesToActivateJson := extendedAttributesToActivateList[i].(map[string]interface{}) + extendedAttributesToActivate := make(map[string]interface{}) + if v := extendedAttributesToActivateJson["uid"]; v != nil { + extendedAttributesToActivate["uid"] = v + } + if v := extendedAttributesToActivateJson["name"]; v != nil { + extendedAttributesToActivate["name"] = v + } + if v := extendedAttributesToActivateJson["values"]; v != nil { + extendedAttributesToActivate["values"] = v + } + extendedAttributesToActivateState = append(extendedAttributesToActivateState, extendedAttributesToActivate) + } + _ = d.Set("activate_protections_by_extended_attributes", extendedAttributesToActivateState) + }else{ + _ = d.Set("activate_protections_by_extended_attributes", extendedAttributesToActivateList) + } + }else{ + _ = d.Set("activate_protections_by_extended_attributes", nil) + } + + if v := threatProfile["extended-attributes-to-deactivate"]; v != nil { + extendedAttributesToDeactivateList := threatProfile["extended-attributes-to-deactivate"].([]interface{}) + if len(extendedAttributesToDeactivateList) > 0 { + var extendedAttributesToDeactivateState []interface{} + for i := range extendedAttributesToDeactivateList { + extendedAttributesToActivateJson := extendedAttributesToDeactivateList[i].(map[string]interface{}) + extendedAttributesToDeactivate := make(map[string]interface{}) + if v := extendedAttributesToActivateJson["uid"]; v != nil { + extendedAttributesToDeactivate["uid"] = v + } + if v := extendedAttributesToActivateJson["name"]; v != nil { + extendedAttributesToDeactivate["name"] = v + } + if v := extendedAttributesToActivateJson["values"]; v != nil { + extendedAttributesToDeactivate["values"] = v + } + extendedAttributesToDeactivateState = append(extendedAttributesToDeactivateState, extendedAttributesToDeactivate) + } + _ = d.Set("deactivate_protections_by_extended_attributes", extendedAttributesToDeactivateState) + }else{ + _ = d.Set("deactivate_protections_by_extended_attributes", extendedAttributesToDeactivateList) + } + }else{ + _ = d.Set("deactivate_protections_by_extended_attributes", nil) + } + + if v := threatProfile["use-indicators"]; v != nil { + _ = d.Set("use_indicators", v) + } + + if v := threatProfile["anti-bot"]; v != nil { + _ = d.Set("anti_bot", v) + } + + if v := threatProfile["anti-virus"]; v != nil { + _ = d.Set("anti_virus", v) + } + + if v := threatProfile["ips"]; v != nil { + _ = d.Set("ips", v) + } + + if v := threatProfile["threat-emulation"]; v != nil { + _ = d.Set("threat_emulation", v) + } + + if v := threatProfile["use-extended-attributes"]; v != nil { + _ = d.Set("use_extended_attributes", v) + } + + if v := threatProfile["color"]; v != nil { + _ = d.Set("color", v) + } + + if v := threatProfile["comments"]; v != nil { + _ = d.Set("comments", v) + } + + if threatProfile["tags"] != nil { + tagsJson := threatProfile["tags"].([]interface{}) + var tagsIds = make([]string, 0) + if len(tagsJson) > 0 { + // Create slice of tag names + for _, tag := range tagsJson { + tag := tag.(map[string]interface{}) + tagsIds = append(tagsIds, tag["name"].(string)) + } + } + _ = d.Set("tags", tagsIds) + } else { + _ = d.Set("tags", nil) + } + + return nil +} + +func updateManagementThreatProfile(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + threatProfile := make(map[string]interface{}) + + threatProfile["uid"] = d.Id() + + if d.HasChange("name") { + threatProfile["new-name"] = d.Get("name") + } + + if ok := d.HasChange("active_protections_performance_impact"); ok { + threatProfile["active-protections-performance-impact"] = d.Get("active_protections_performance_impact") + } + + if ok := d.HasChange("active_protections_severity"); ok { + threatProfile["active-protections-severity"] = d.Get("active_protections_severity") + } + + if ok := d.HasChange("confidence_level_high"); ok { + threatProfile["confidence-level-high"] = d.Get("confidence_level_high") + } + + if ok := d.HasChange("confidence_level_low"); ok { + threatProfile["confidence-level-low"] = d.Get("confidence_level_low") + } + + if ok := d.HasChange("confidence_level_medium"); ok { + threatProfile["confidence-level-medium"] = d.Get("confidence_level_medium") + } + + if ok := d.HasChange("indicator_overrides"); ok { + if v, ok := d.GetOk("indicator_overrides"); ok { + indicatorOverridesList := v.([]interface{}) + if len(indicatorOverridesList) > 0 { + var indicatorOverridesPayload []map[string]interface{} + for i := range indicatorOverridesList { + indicatorOverride := make(map[string]interface{}) + if v, ok := d.GetOk("indicator_overrides." + strconv.Itoa(i) + ".action"); ok { + indicatorOverride["action"] = v.(string) + } + if v, ok := d.GetOk("indicator_overrides." + strconv.Itoa(i) + ".indicator"); ok { + indicatorOverride["indicator"] = v.(string) + } + indicatorOverridesPayload = append(indicatorOverridesPayload, indicatorOverride) + } + threatProfile["indicator-overrides"] = indicatorOverridesPayload + } + }else{ + oldVal, _ := d.GetChange("indicator_overrides") + indicatorOverridesList := oldVal.([]interface{}) + if len(indicatorOverridesList) > 0 { + var indicatorOverridesPayload []interface{} + for i := range indicatorOverridesList { + indicatorOverridesPayload = append(indicatorOverridesPayload, indicatorOverridesList[i].(map[string]interface{})["indicator"]) + } + threatProfile["indicator-overrides"] = map[string]interface{}{"remove": indicatorOverridesPayload} + } + } + } + + if ok := d.HasChange("ips_settings"); ok { + ipsSettingsPayload := make(map[string]interface{}) + if v, ok := d.GetOkExists("ips_settings.exclude_protection_with_performance_impact"); ok { + ipsSettingsPayload["exclude-protection-with-performance-impact"] = v.(bool) + } + if v, ok := d.GetOk("ips_settings.exclude_protection_with_performance_impact_mode"); ok { + ipsSettingsPayload["exclude-protection-with-performance-impact-mode"] = v.(string) + } + if v, ok := d.GetOkExists("ips_settings.exclude_protection_with_severity"); ok { + ipsSettingsPayload["exclude-protection-with-severity"] = v.(bool) + } + if v, ok := d.GetOk("ips_settings.exclude_protection_with_severity_mode"); ok { + ipsSettingsPayload["exclude-protection-with-severity-mode"] = v.(string) + } + if v, ok := d.GetOk("ips_settings.newly_updated_protections"); ok { + ipsSettingsPayload["newly-updated-protections"] = v.(string) + } + threatProfile["ips-settings"] = ipsSettingsPayload + } + + if ok := d.HasChange("malicious_mail_policy_settings"); ok { + maliciousMailPolicySettingsPayload := make(map[string]interface{}) + + if v, ok := d.GetOkExists("malicious_mail_policy_settings.add_customized_text_to_email_body"); ok { + maliciousMailPolicySettingsPayload["add-customized-text-to-email-body"] = v.(bool) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.add_email_subject_prefix"); ok { + maliciousMailPolicySettingsPayload["add-email-subject-prefix"] = v.(bool) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.add_x_header_to_email"); ok { + maliciousMailPolicySettingsPayload["add-x-header-to-email"] = v.(bool) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.email_action"); ok { + maliciousMailPolicySettingsPayload["email-action"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.email_body_customized_text"); ok { + maliciousMailPolicySettingsPayload["email-body-customized-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.email_subject_prefix_text"); ok { + maliciousMailPolicySettingsPayload["email-subject-prefix-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.failed_to_scan_attachments_text"); ok { + maliciousMailPolicySettingsPayload["failed-to-scan-attachments-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.malicious_attachments_text"); ok { + maliciousMailPolicySettingsPayload["malicious-attachments-text"] = v.(string) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.malicious_links_text"); ok { + maliciousMailPolicySettingsPayload["malicious-links-text"] = v.(string) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.remove_attachments_and_links"); ok { + maliciousMailPolicySettingsPayload["remove-attachments-and-links"] = v.(bool) + } + if v, ok := d.GetOkExists("malicious_mail_policy_settings.send_copy"); ok { + maliciousMailPolicySettingsPayload["send-copy"] = v.(bool) + } + if v, ok := d.GetOk("malicious_mail_policy_settings.send_copy_list"); ok { + maliciousMailPolicySettingsPayload["send-copy-list"] = v.(*schema.Set).List() + } + threatProfile["malicious-mail-policy-settings"] = maliciousMailPolicySettingsPayload + } + + if ok := d.HasChange("overrides"); ok { + if v, ok := d.GetOk("overrides"); ok { + overridesList := v.([]interface{}) + if len(overridesList) > 0 { + var overridesPayload []map[string]interface{} + for i := range overridesList { + override := make(map[string]interface{}) + if v, ok := d.GetOk("overrides." + strconv.Itoa(i) + ".action"); ok { + override["action"] = v.(string) + } + if v, ok := d.GetOk("overrides." + strconv.Itoa(i) + ".protection"); ok { + override["protection"] = v.(string) + } + if v, ok := d.GetOkExists("overrides." + strconv.Itoa(i) + ".capture_packets"); ok { + override["capture-packets"] = v.(bool) + } + if v, ok := d.GetOk("overrides." + strconv.Itoa(i) + ".track"); ok { + override["track"] = v.(string) + } + overridesPayload = append(overridesPayload, override) + } + threatProfile["overrides"] = overridesPayload + } + }else{ + oldVal, _ := d.GetChange("overrides") + overridesList := oldVal.([]interface{}) + if len(overridesList) > 0 { + var overridesPayload []interface{} + for i := range overridesList { + overridesPayload = append(overridesPayload, overridesList[i].(map[string]interface{})["protection"]) + } + threatProfile["overrides"] = map[string]interface{}{"remove": overridesPayload} + } + } + } + + if ok := d.HasChange("scan_malicious_links"); ok { + scanMaliciousLinksPayload := make(map[string]interface{}) + if v, ok := d.GetOk("scan_malicious_links.max_bytes"); ok { + scanMaliciousLinksPayload["max-bytes"] = v.(int) + } + if v, ok := d.GetOk("profile_overrides.max_links"); ok { + scanMaliciousLinksPayload["max-links"] = v.(int) + } + threatProfile["scan-malicious-links"] = scanMaliciousLinksPayload + } + + if ok := d.HasChange("use_indicators"); ok { + threatProfile["use-indicators"] = d.Get("use_indicators") + } + + if ok := d.HasChange("anti_bot"); ok { + threatProfile["anti-bot"] = d.Get("anti_bot") + } + + if ok := d.HasChange("anti_virus"); ok { + threatProfile["anti-virus"] = d.Get("anti_virus") + } + + if ok := d.HasChange("ips"); ok { + threatProfile["ips"] = d.Get("ips") + } + + if ok := d.HasChange("threat_emulation"); ok { + threatProfile["threat-emulation"] = d.Get("threat_emulation") + } + + if ok := d.HasChange("use_extended_attributes"); ok { + threatProfile["use-extended-attributes"] = d.Get("use_extended_attributes") + } + + if ok := d.HasChange("activate_protections_by_extended_attributes"); ok { + if v, ok := d.GetOk("activate_protections_by_extended_attributes"); ok { + activateProtectionsByExtendedAttributesList := v.([]interface{}) + if len(activateProtectionsByExtendedAttributesList) > 0 { + var activateProtectionsByExtendedAttributesPayload []map[string]interface{} + for i := range activateProtectionsByExtendedAttributesList { + activateProtectionsByExtendedAttributes := make(map[string]interface{}) + if v, ok := d.GetOk("activate_protections_by_extended_attributes." + strconv.Itoa(i) + ".uid"); ok { + activateProtectionsByExtendedAttributes["uid"] = v.(string) + } + if v, ok := d.GetOk("activate_protections_by_extended_attributes." + strconv.Itoa(i) + ".name"); ok { + activateProtectionsByExtendedAttributes["name"] = v.(string) + } + if v, ok := d.GetOk("activate_protections_by_extended_attributes." + strconv.Itoa(i) + ".category"); ok { + activateProtectionsByExtendedAttributes["category"] = v.(string) + } + activateProtectionsByExtendedAttributesPayload = append(activateProtectionsByExtendedAttributesPayload, activateProtectionsByExtendedAttributes) + } + threatProfile["activate-protections-by-extended-attributes"] = activateProtectionsByExtendedAttributesPayload + } + }else{ + oldVal, _ := d.GetChange("activate_protections_by_extended_attributes") + activateProtectionsByExtendedAttributesList := oldVal.([]interface{}) + if len(activateProtectionsByExtendedAttributesList) > 0 { + var activateProtectionsByExtendedAttributesPayload []map[string]interface{} + for i := range activateProtectionsByExtendedAttributesList { + activateProtectionsByExtendedAttributes := make(map[string]interface{}) + activateProtectionsByExtendedAttributes["uid"] = activateProtectionsByExtendedAttributesList[i].(map[string]interface{})["uid"] + activateProtectionsByExtendedAttributesPayload = append(activateProtectionsByExtendedAttributesPayload, activateProtectionsByExtendedAttributes) + } + threatProfile["activate-protections-by-extended-attributes"] = map[string]interface{}{"remove": activateProtectionsByExtendedAttributesPayload} + } + } + } + + if ok := d.HasChange("deactivate_protections_by_extended_attributes"); ok { + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes"); ok { + deactivateProtectionsByExtendedAttributesList := v.([]interface{}) + if len(deactivateProtectionsByExtendedAttributesList) > 0 { + var deactivateProtectionsByExtendedAttributesPayload []map[string]interface{} + for i := range deactivateProtectionsByExtendedAttributesList { + deactivateProtectionsByExtendedAttributes := make(map[string]interface{}) + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes." + strconv.Itoa(i) + ".uid"); ok { + deactivateProtectionsByExtendedAttributes["uid"] = v.(string) + } + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes." + strconv.Itoa(i) + ".name"); ok { + deactivateProtectionsByExtendedAttributes["name"] = v.(string) + } + if v, ok := d.GetOk("deactivate_protections_by_extended_attributes." + strconv.Itoa(i) + ".category"); ok { + deactivateProtectionsByExtendedAttributes["category"] = v.(string) + } + deactivateProtectionsByExtendedAttributesPayload = append(deactivateProtectionsByExtendedAttributesPayload, deactivateProtectionsByExtendedAttributes) + } + threatProfile["deactivate-protections-by-extended-attributes"] = deactivateProtectionsByExtendedAttributesPayload + } + }else{ + oldVal, _ := d.GetChange("deactivate_protections_by_extended_attributes") + deactivateProtectionsByExtendedAttributesList := oldVal.([]interface{}) + if len(deactivateProtectionsByExtendedAttributesList) > 0 { + var deactivateProtectionsByExtendedAttributesPayload []map[string]interface{} + for i := range deactivateProtectionsByExtendedAttributesList { + deactivateProtectionsByExtendedAttributes := make(map[string]interface{}) + deactivateProtectionsByExtendedAttributes["uid"] = deactivateProtectionsByExtendedAttributesList[i].(map[string]interface{})["uid"] + deactivateProtectionsByExtendedAttributesPayload = append(deactivateProtectionsByExtendedAttributesPayload, deactivateProtectionsByExtendedAttributes) + } + threatProfile["deactivate-protections-by-extended-attributes"] = map[string]interface{}{"remove": deactivateProtectionsByExtendedAttributesPayload} + } + } + } + + if ok := d.HasChange("tags"); ok { + if v, ok := d.GetOk("tags"); ok { + threatProfile["tags"] = v.(*schema.Set).List() + } else { + oldTags, _ := d.GetChange("tags") + threatProfile["tags"] = map[string]interface{}{"remove": oldTags.(*schema.Set).List()} + } + } + + if ok := d.HasChange("comments"); ok { + threatProfile["comments"] = d.Get("comments") + } + + if ok := d.HasChange("color"); ok { + threatProfile["color"] = d.Get("color") + } + + if v, ok := d.GetOkExists("ignore_errors"); ok { + threatProfile["ignore-errors"] = v.(bool) + } + + if v, ok := d.GetOkExists("ignore_warnings"); ok { + threatProfile["ignore-warnings"] = v.(bool) + } + + log.Println("Update Threat Profile - Map = ", threatProfile) + + threatProfileRes, err := client.ApiCall("set-threat-profile", threatProfile, client.GetSessionID(), true, false) + if err != nil { + return fmt.Errorf(err.Error()) + } + + if !threatProfileRes.Success { + if threatProfileRes.ErrorMsg != "" { + return fmt.Errorf(threatProfileRes.ErrorMsg) + } + msg := createTaskFailMessage("set-threat-profile", threatProfileRes.GetData()) + return fmt.Errorf(msg) + } + + return readManagementThreatProfile(d, m) +} + +func deleteManagementThreatProfile(d *schema.ResourceData, m interface{}) error { + + client := m.(*checkpoint.ApiClient) + + threatProfilePayload := map[string]interface{}{ + "uid": d.Id(), + } + + deleteThreatProfileRes, err := client.ApiCall("delete-threat-profile", threatProfilePayload, client.GetSessionID(), true, false) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + if !deleteThreatProfileRes.Success { + if deleteThreatProfileRes.ErrorMsg != "" { + return fmt.Errorf(deleteThreatProfileRes.ErrorMsg) + } + msg := createTaskFailMessage("delete-threat-profile", deleteThreatProfileRes.GetData()) + return fmt.Errorf(msg) + } + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_threat_profile_test.go b/checkpoint/resource_checkpoint_management_threat_profile_test.go new file mode 100644 index 00000000..aef16df6 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_threat_profile_test.go @@ -0,0 +1,116 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementThreatProfile_basic(t *testing.T) { + var threatProfile map[string]interface{} + resourceName := "checkpoint_management_threat_profile.test" + objName := "tfTestManagementThreatProfile_" + acctest.RandString(6) + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context != "web_api" { + t.Skip("Skipping management test") + } else if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this acc test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointThreatProfileDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementThreatProfileConfig(objName, "high", "Critical"), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointThreatProfileExists(resourceName, &threatProfile), + testAccCheckCheckpointThreatProfileAttributes(&threatProfile, objName,"high", "Critical"), + ), + }, + }, + }) +} + +func testAccCheckpointThreatProfileDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_threat_profile" { + continue + } + if rs.Primary.ID != "" { + res, _ := client.ApiCall("show-threat-profile", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if res.Success { // Resource still exists. failed to destroy. + return fmt.Errorf("threat profile object (%s) still exists", rs.Primary.ID) + } + } + break + } + return nil +} + +func testAccCheckCheckpointThreatProfileExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("threat profile ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + response, _ := client.ApiCall("show-threat-profile", map[string]interface{}{"uid": rs.Primary.ID}, client.GetSessionID(), true, false) + if !response.Success { + return fmt.Errorf(response.ErrorMsg) + } + + *res = response.GetData() + + return nil + } +} + +func testAccCheckCheckpointThreatProfileAttributes(threatProfile *map[string]interface{}, name string, performanceImpact string, protectionsSeverity string) resource.TestCheckFunc { + return func(s *terraform.State) error { + + threatProfile := *threatProfile + if threatProfile == nil { + return fmt.Errorf("threat profile is nil") + } + + threatProfileName := threatProfile["name"].(string) + if threatProfileName != name { + return fmt.Errorf("name is %s, expected %s", threatProfileName, name) + } + + performanceImpactValue := threatProfile["active-protections-performance-impact"].(string) + if performanceImpactValue != performanceImpact { + return fmt.Errorf("performance impact is %s, expected %s", performanceImpactValue, performanceImpact) + } + + protectionsSeverityValue := threatProfile["active-protections-severity"].(string) + if protectionsSeverityValue != protectionsSeverity { + return fmt.Errorf("protections severity is %s, expected %s", protectionsSeverityValue, protectionsSeverity) + } + return nil + } +} + +func testAccManagementThreatProfileConfig(name string, performanceImpact string, protectionsSeverity string) string { + return fmt.Sprintf(` +resource "checkpoint_management_threat_profile" "test" { + name = "%s" + active_protections_performance_impact = "%s" + active_protections_severity = "%s" +} +`, name, performanceImpact, protectionsSeverity) +} \ No newline at end of file diff --git a/checkpoint/utils.go b/checkpoint/utils.go index e71e3355..af37f38b 100644 --- a/checkpoint/utils.go +++ b/checkpoint/utils.go @@ -2,6 +2,7 @@ package checkpoint import ( "encoding/json" + "fmt" checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" "io/ioutil" "os" @@ -99,4 +100,28 @@ func resolveTaskIds(data map[string]interface{}) []interface{} { } } return nil +} + +func createTaskFailMessage(command string, data map[string]interface{}) string { + msg := fmt.Sprintf("fail to %s.", command) + if data != nil { + if v, ok := data["tasks"].([]interface{}); ok { + if len(v) > 0 { + task := v[0].(map[string]interface{}) + msg += fmt.Sprintf(" task-id [%s]", task["task-id"]) + if task["status"] != "succeeded" { + if len(task["task-details"].([]interface{})) > 0 { + myTask := task["task-details"].([]interface{})[0].(map[string]interface{}) + if v, ok := myTask["fault-message"]; ok { + msg += "\nMessage: " + v.(string) + } + if v, ok := myTask["statusDescription"]; ok { + msg += "\nDescription: " + v.(string) + } + } + } + } + } + } + return msg } \ No newline at end of file diff --git a/website/checkpoint.erb b/website/checkpoint.erb index 86c1dba5..c1c23967 100644 --- a/website/checkpoint.erb +++ b/website/checkpoint.erb @@ -304,6 +304,9 @@ > checkpoint_management_simple_cluster + > + checkpoint_management_threat_profile + @@ -490,6 +493,9 @@ > checkpoint_management_simple_cluster + > + checkpoint_management_threat_profile + diff --git a/website/docs/d/checkpoint_management_threat_profile.html.markdown b/website/docs/d/checkpoint_management_threat_profile.html.markdown new file mode 100644 index 00000000..0fc06df2 --- /dev/null +++ b/website/docs/d/checkpoint_management_threat_profile.html.markdown @@ -0,0 +1,125 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_threat_profile" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-threat-profile" +description: |- + This resource allows you to execute Check Point Threat Profile. +--- + +# Data Source: checkpoint_management_threat_profile + +This resource allows you to execute Check Point Threat Profile. + +## Example Usage + + +```hcl +resource "checkpoint_management_threat_profile" "threat_profile" { + name = "my threat profile" + active_protections_performance_impact = "high" + active_protections_severity = "Critical" +} + +data "checkpoint_management_threat_profile" "test_threat_profile" { + name = "${checkpoint_management_threat_profile.threat_profile.name}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. Should be unique in the domain. +* `active_protections_performance_impact` - (Optional) Protections with this performance impact only will be activated in the profile. +* `active_protections_severity` - (Optional) Protections with this severity only will be activated in the profile. +* `confidence_level_high` - (Optional) Action for protections with high confidence level. +* `confidence_level_medium` - (Optional) Action for protections with medium confidence level. +* `confidence_level_low` - (Optional) Action for protections with low confidence level. +* `indicator_overrides` - (Optional) Indicators whose action will be overridden in this profile. indicator_overrides blocks are documented below. +* `ips_settings` - (Optional) IPS blade settings. ips_settings blocks are documented below. +* `malicious_mail_policy_settings` - (Optional) Malicious Mail Policy for MTA Gateways. malicious_mail_policy_settings blocks are documented below. +* `overrides` - (Optional) Overrides per profile for this protection. overrides blocks are documented below. +* `scan_malicious_links` - (Optional) Scans malicious links (URLs) inside email messages. scan_malicious_links blocks are documented below. +* `use_indicators` - (Optional) Indicates whether the profile should make use of indicators. +* `anti_virus` - (Optional) Is Anti-Virus blade activated. +* `anti_bot` - (Optional) Is Anti-Bot blade activated. +* `ips` - (Optional) Is IPS blade activated. +* `threat_emulation` - (Optional) Is Threat Emulation blade activated. +* `use_extended_attributes` - (Optional) Whether to activate/deactivate IPS protections according to the extended attributes. +* `activate_protections_by_extended_attributes` - (Optional) Activate protections by these extended attributes. activate_protections_by_extended_attributes blocks are documented below. +* `deactivate_protections_by_extended_attributes` - (Optional) Deactivate protections by these extended attributes. deactivate_protections_by_extended_attributes blocks are documented below. +* `color` - (Optional) Color of the object. Should be one of existing colors. +* `comments` - (Optional) Comments string. +* `tags` - (Optional) Collection of tag identifiers. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + +`indicator_overrides` supports the following: + +* `action` - (Optional) The indicator's action in this profile. +* `indicator` - (Optional) The indicator whose action is to be overriden. + +`ips_settings` supports the following: + +* `exclude_protection_with_performance_impact` - (Optional) Whether to exclude protections depending on their level of performance impact. +* `exclude_protection_with_performance_impact_mode` - (Optional) Exclude protections with this level of performance impact. +* `exclude_protection_with_severity` - (Optional) Whether to exclude protections depending on their level of severity. +* `exclude_protection_with_severity_mode` - (Optional) Exclude protections with this level of severity. +* `newly_updated_protections` - (Optional) Activation of newly updated protections. + +`malicious_mail_policy_settings` supports the following: + +* `add_customized_text_to_email_body` - Add customized text to the malicious email body. +* `add_email_subject_prefix` - Add a prefix to the malicious email subject. +* `add_x_header_to_email` - Add an X-Header to the malicious email. +* `email_action` - Block - block the entire malicious email. Allow - pass the malicious email and apply email changes (like: remove attachments and links, add x-header, etc...). +* `email_body_customized_text` - Customized text for the malicious email body. Available predefined fields: $verdicts$ - the malicious/error attachments/links verdict. +* `email_subject_prefix_text` - Prefix for the malicious email subject. +* `failed_to_scan_attachments_text` - Replace attachments that failed to be scanned with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file. +* `malicious_attachments_text` - Replace malicious attachments with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file. +* `malicious_links_text` - Replace malicious links with this text. Available predefined fields: $neutralized_url$ - neutralized malicious link. +* `remove_attachments_and_links` - Remove attachments and links from the malicious email. +* `send_copy` - Send a copy of the malicious email to the recipient list. +* `send_copy_list` - Recipient list to send a copy of the malicious email. + +`overrides` supports the following: + +* `protection` - IPS protection identified by name. +* `action` - Protection action. +* `capture_packets` - Capture packets. +* `track` - Tracking method for protection. +* `default` - Default settings. default blocks are documented below. +* `final` - Final settings. final blocks are documented below. +* `protection_external_info` - Collection of industry reference (CVE). +* `protection_uid` - IPS protection unique identifier. + +`scan_malicious_links` supports the following: + +* `max_bytes` - Scan links in the first bytes of the mail body. +* `max_links` - Maximum links to scan in mail body. + +`activate_protections_by_extended_attributes` supports the following: + +* `uid` - IPS tag unique identifier. +* `name` - IPS tag name. +* `category` - IPS tag category name. +* `values` - Collection of IPS protection extended attribute values (name and uid). + +`deactivate_protections_by_extended_attributes` supports the following: + +* `uid` - IPS tag unique identifier. +* `name` - IPS tag name. +* `category` - IPS tag category name. +* `values` - Collection of IPS protection extended attribute values (name and uid). + +`default` supports the following: + +* `action` - Protection action. +* `capture_packets` - Capture packets. +* `track` - Tracking method for protection. + +`final` supports the following: + +* `action` - Protection action. +* `capture_packets` - Capture packets. +* `track` - Tracking method for protection. \ No newline at end of file diff --git a/website/docs/r/checkpoint_management_access_rule.html.markdown b/website/docs/r/checkpoint_management_access_rule.html.markdown index 77601012..9477540b 100644 --- a/website/docs/r/checkpoint_management_access_rule.html.markdown +++ b/website/docs/r/checkpoint_management_access_rule.html.markdown @@ -47,6 +47,11 @@ resource "checkpoint_management_access_rule" "rule4" { name = "test4" track = { type = "Log" + accounting = false + alert = "none" + enable_firewall_session = false + per_connection = true + per_session = false } enabled = false } @@ -56,6 +61,9 @@ resource "checkpoint_management_access_rule" "rule5" { position = {below = checkpoint_management_access_rule.rule4.name} name = "test5" action = "Accept" + action_settings = { + enable_identity_captive_portal = false + } } resource "checkpoint_management_access_rule" "rule6" { diff --git a/website/docs/r/checkpoint_management_threat_profile.html.markdown b/website/docs/r/checkpoint_management_threat_profile.html.markdown new file mode 100644 index 00000000..64d2d164 --- /dev/null +++ b/website/docs/r/checkpoint_management_threat_profile.html.markdown @@ -0,0 +1,121 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_threat_profile" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-threat-profile" +description: |- + This resource allows you to add/update/delete Check Point Threat Profile. +--- + +# Resource: checkpoint_management_threat_profile + +This resource allows you to add/update/delete Check Point Threat Profile. + +## Example Usage + + +```hcl +resource "checkpoint_management_threat_profile" "example" { + name = "my theat profile" + active_protections_performance_impact = "high" + active_protections_severity = "Critical" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Object name. Should be unique in the domain. +* `active_protections_performance_impact` - (Optional) Protections with this performance impact only will be activated in the profile. +* `active_protections_severity` - (Optional) Protections with this severity only will be activated in the profile. +* `confidence_level_high` - (Optional) Action for protections with high confidence level. +* `confidence_level_medium` - (Optional) Action for protections with medium confidence level. +* `confidence_level_low` - (Optional) Action for protections with low confidence level. +* `indicator_overrides` - (Optional) Indicators whose action will be overridden in this profile. indicator_overrides blocks are documented below. +* `ips_settings` - (Optional) IPS blade settings. ips_settings blocks are documented below. +* `malicious_mail_policy_settings` - (Optional) Malicious Mail Policy for MTA Gateways. malicious_mail_policy_settings blocks are documented below. +* `overrides` - (Optional) Overrides per profile for this protection. overrides blocks are documented below. +* `scan_malicious_links` - (Optional) Scans malicious links (URLs) inside email messages. scan_malicious_links blocks are documented below. +* `use_indicators` - (Optional) Indicates whether the profile should make use of indicators. +* `anti_virus` - (Optional) Is Anti-Virus blade activated. +* `anti_bot` - (Optional) Is Anti-Bot blade activated. +* `ips` - (Optional) Is IPS blade activated. +* `threat_emulation` - (Optional) Is Threat Emulation blade activated. +* `use_extended_attributes` - (Optional) Whether to activate/deactivate IPS protections according to the extended attributes. +* `activate_protections_by_extended_attributes` - (Optional) Activate protections by these extended attributes. activate_protections_by_extended_attributes blocks are documented below. +* `deactivate_protections_by_extended_attributes` - (Optional) Deactivate protections by these extended attributes. deactivate_protections_by_extended_attributes blocks are documented below. +* `color` - (Optional) Color of the object. Should be one of existing colors. +* `comments` - (Optional) Comments string. +* `tags` - (Optional) Collection of tag identifiers. +* `ignore_warnings` - (Optional) Apply changes ignoring warnings. +* `ignore_errors` - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. + +`indicator_overrides` supports the following: + +* `action` - (Optional) The indicator's action in this profile. +* `indicator` - (Optional) The indicator whose action is to be overriden. + +`ips_settings` supports the following: + +* `exclude_protection_with_performance_impact` - (Optional) Whether to exclude protections depending on their level of performance impact. +* `exclude_protection_with_performance_impact_mode` - (Optional) Exclude protections with this level of performance impact. +* `exclude_protection_with_severity` - (Optional) Whether to exclude protections depending on their level of severity. +* `exclude_protection_with_severity_mode` - (Optional) Exclude protections with this level of severity. +* `newly_updated_protections` - (Optional) Activation of newly updated protections. + +`malicious_mail_policy_settings` supports the following: + +* `add_customized_text_to_email_body` - (Optional) Add customized text to the malicious email body. +* `add_email_subject_prefix` - (Optional) Add a prefix to the malicious email subject. +* `add_x_header_to_email` - (Optional) Add an X-Header to the malicious email. +* `email_action` - (Optional) Block - block the entire malicious email. Allow - pass the malicious email and apply email changes (like: remove attachments and links, add x-header, etc...). +* `email_body_customized_text` - (Optional) Customized text for the malicious email body. Available predefined fields: $verdicts$ - the malicious/error attachments/links verdict. +* `email_subject_prefix_text` - (Optional) Prefix for the malicious email subject. +* `failed_to_scan_attachments_text` - (Optional) Replace attachments that failed to be scanned with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file. +* `malicious_attachments_text` - (Optional) Replace malicious attachments with this text. Available predefined fields: $filename$ - the malicious file name. $md5$ - MD5 of the malicious file. +* `malicious_links_text` - (Optional) Replace malicious links with this text. Available predefined fields: $neutralized_url$ - neutralized malicious link. +* `remove_attachments_and_links` - (Optional) Remove attachments and links from the malicious email. +* `send_copy` - (Optional) Send a copy of the malicious email to the recipient list. +* `send_copy_list` - (Optional) Recipient list to send a copy of the malicious email. + +`overrides` supports the following: + +* `protection` - (Required) IPS protection identified by name. +* `action` - (Required) Protection action. +* `capture_packets` - (Optional) Capture packets. +* `track` - (Optional) Tracking method for protection. +* `default` - Default settings. default blocks are documented below. +* `final` - Final settings. final blocks are documented below. +* `protection_external_info` - Collection of industry reference (CVE). +* `protection_uid` - IPS protection unique identifier. + +`scan_malicious_links` supports the following: + +* `max_bytes` - (Optional) Scan links in the first bytes of the mail body. +* `max_links` - (Optional) Maximum links to scan in mail body. + +`activate_protections_by_extended_attributes` supports the following: + +* `uid` - (Optional) IPS tag unique identifier. +* `name` - (Optional) IPS tag name. +* `category` - (Optional) IPS tag category name. +* `values` - Collection of IPS protection extended attribute values (name and uid). + +`deactivate_protections_by_extended_attributes` supports the following: + +* `uid` - (Optional) IPS tag unique identifier. +* `name` - (Optional) IPS tag name. +* `category` - (Optional) IPS tag category name. +* `values` - Collection of IPS protection extended attribute values (name and uid). + +`default` supports the following: + +* `action` - Protection action. +* `capture_packets` - Capture packets. +* `track` - Tracking method for protection. + +`final` supports the following: + +* `action` - Protection action. +* `capture_packets` - Capture packets. +* `track` - Tracking method for protection. \ No newline at end of file