Fix bugs in vpn,exception group and threat exception resources (#133)

CheckPointSW · Dec 18, 2022 · dda06b8 · dda06b8
1 parent 309894a
commit dda06b8
Show file tree

Hide file tree

Showing 7 changed files with 162 additions and 39 deletions.
diff --git a/checkpoint/data_source_checkpoint_management_cloud_services.go b/checkpoint/data_source_checkpoint_management_cloud_services.go
@@ -41,6 +41,39 @@ func dataSourceManagementCloudServices() *schema.Resource {
 				Computed:    true,
 				Description: "The Management Server's public URL.",
 			},
+			"tenant_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Tenant ID of Infinity Portal.",
+			},
+			"gateways_onboarding_settings": {
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Computed:    true,
+				Description: "Gateways on-boarding to Infinity Portal settings.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"connection_method": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Indicate whether Gateways will be connected to Infinity Portal automatically or only after policy installation.",
+						},
+						"participant_gateways": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Which Gateways will be connected to Infinity Portal.",
+						},
+						"specific_gateways": {
+							Type:        schema.TypeSet,
+							Computed:    true,
+							Description: "Collection of targets identified by Name or UID.",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
 		},
 	}
 }
@@ -62,7 +95,7 @@ func dataSourceManagementCloudServicesRead(d *schema.ResourceData, m interface{}
 
 	if v := showCloudServicesRes["status"]; v != nil {
 		_ = d.Set("status", v)
-	}else{
+	} else {
 		_ = d.Set("status", nil)
 	}
 
@@ -77,16 +110,50 @@ func dataSourceManagementCloudServicesRead(d *schema.ResourceData, m interface{}
 			}
 			_ = d.Set("connected_at", connectedAtState)
 		}
-	}else{
+	} else {
 		_ = d.Set("connected_at", nil)
 	}
 
 	if v := showCloudServicesRes["management-url"]; v != nil {
 		_ = d.Set("management_url", v)
-	}else{
+	} else {
 		_ = d.Set("management_url", nil)
 	}
 
+	if v := showCloudServicesRes["tenant-id"]; v != nil {
+		_ = d.Set("tenant_id", v)
+	} else {
+		_ = d.Set("tenant_id", nil)
+	}
+
+	if v := showCloudServicesRes["gateways-onboarding-settings"]; v != nil {
+		gatewaysOnboardingSettingsMap := v.(map[string]interface{})
+		gatewaysOnboardingSettings := make(map[string]interface{})
+
+		if v := gatewaysOnboardingSettingsMap["connection-method"]; v != nil {
+			gatewaysOnboardingSettings["connection_method"] = v.(string)
+		}
+
+		if v := gatewaysOnboardingSettingsMap["participant-gateways"]; v != nil {
+			gatewaysOnboardingSettings["participant_gateways"] = v.(string)
+		}
+
+		if v := gatewaysOnboardingSettingsMap["specific-gateways"]; v != nil {
+			specificGatewaysJson, _ := v.([]interface{})
+			specificGatewaysRes := make([]string, 0)
+			if len(specificGatewaysJson) > 0 {
+				for _, gw := range specificGatewaysJson {
+					gw := gw.(map[string]interface{})
+					specificGatewaysRes = append(specificGatewaysRes, gw["name"].(string))
+				}
+			}
+			gatewaysOnboardingSettings["specific_gateways"] = specificGatewaysRes
+		}
+		_ = d.Set("gateways_onboarding_settings", []interface{}{gatewaysOnboardingSettings})
+	} else {
+		_ = d.Set("gateways_onboarding_settings", nil)
+	}
+
 	d.SetId("show-cloud-services-" + acctest.RandString(5))
 
 	return nil

diff --git a/checkpoint/resource_checkpoint_management_exception_group.go b/checkpoint/resource_checkpoint_management_exception_group.go
@@ -140,23 +140,45 @@ func createManagementExceptionGroup(d *schema.ResourceData, m interface{}) error
 
 			for i := range appliedThreatRulesList {
 
-				Payload := make(map[string]interface{})
+				appliedThreatRule := make(map[string]interface{})
 
 				if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".layer"); ok {
-					Payload["layer"] = v.(string)
+					appliedThreatRule["layer"] = v.(string)
 				}
 				if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".name"); ok {
-					Payload["name"] = v.(string)
+					appliedThreatRule["name"] = v.(string)
 				}
 				if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".rule_number"); ok {
-					Payload["rule-number"] = v.(string)
+					appliedThreatRule["rule-number"] = v.(string)
 				}
-				if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".position"); ok {
-					Payload["position"] = v.(string)
+				if _, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".position"); ok {
+					if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".position.top"); ok {
+						if v.(string) == "top" {
+							appliedThreatRule["position"] = "top"
+						} else {
+							appliedThreatRule["position"] = map[string]interface{}{"top": v.(string)}
+						}
+					}
+
+					if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".position.above"); ok {
+						appliedThreatRule["position"] = map[string]interface{}{"above": v.(string)}
+					}
+
+					if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".position.below"); ok {
+						appliedThreatRule["position"] = map[string]interface{}{"below": v.(string)}
+					}
+
+					if v, ok := d.GetOk("applied_threat_rules." + strconv.Itoa(i) + ".position.bottom"); ok {
+						if v.(string) == "bottom" {
+							appliedThreatRule["position"] = "bottom" // entire rule-base
+						} else {
+							appliedThreatRule["position"] = map[string]interface{}{"bottom": v.(string)} // section-name
+						}
+					}
 				}
-				appliedThreatRulesPayload = append(appliedThreatRulesPayload, Payload)
+				appliedThreatRulesPayload = append(appliedThreatRulesPayload, appliedThreatRule)
 			}
-			exceptionGroup["appliedThreatRules"] = appliedThreatRulesPayload
+			exceptionGroup["applied-threat-rules"] = appliedThreatRulesPayload
 		}
 	}
 

diff --git a/checkpoint/resource_checkpoint_management_threat_exception.go b/checkpoint/resource_checkpoint_management_threat_exception.go
@@ -37,7 +37,7 @@ func resourceManagementThreatException() *schema.Resource {
 			},
 			"layer": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				Description: "Layer that the rule belongs to identified by the name or UID.",
 			},
 			"position": {

diff --git a/checkpoint/resource_checkpoint_management_vpn_community_star.go b/checkpoint/resource_checkpoint_management_vpn_community_star.go
@@ -67,7 +67,7 @@ func resourceManagementVpnCommunityStar() *schema.Resource {
 							Default:     "aes-256",
 						},
 						"ike_p1_rekey_time": {
-							Type:        schema.TypeInt,
+							Type:        schema.TypeString,
 							Optional:    true,
 							Description: "Indicates the time interval for IKE phase 1 renegotiation.",
 							Default:     1440,
@@ -106,7 +106,7 @@ func resourceManagementVpnCommunityStar() *schema.Resource {
 							Default:     "group-2",
 						},
 						"ike_p2_rekey_time": {
-							Type:        schema.TypeInt,
+							Type:        schema.TypeString,
 							Optional:    true,
 							Description: "Indicates the time interval for IKE phase 2 renegotiation.",
 							Default:     1440,
@@ -180,7 +180,7 @@ func resourceManagementVpnCommunityStar() *schema.Resource {
 					Schema: map[string]*schema.Schema{
 						"internal_gateway": {
 							Type:        schema.TypeString,
-							Required: true,
+							Required:    true,
 							Description: "Internally managed Check Point gateway identified by name or UID, or 'Any' for all internal-gateways participants in this community.",
 						},
 						"external_gateway": {
@@ -223,7 +223,7 @@ func resourceManagementVpnCommunityStar() *schema.Resource {
 										Default:     "aes-256",
 									},
 									"ike_p1_rekey_time": {
-										Type:        schema.TypeInt,
+										Type:        schema.TypeString,
 										Optional:    true,
 										Description: "Indicates the time interval for IKE phase 1 renegotiation.",
 										Default:     1440,
@@ -262,7 +262,7 @@ func resourceManagementVpnCommunityStar() *schema.Resource {
 										Default:     "group-2",
 									},
 									"ike_p2_rekey_time": {
-										Type:        schema.TypeInt,
+										Type:        schema.TypeString,
 										Optional:    true,
 										Description: "Indicates the time interval for IKE phase 2 renegotiation.",
 										Default:     1440,
@@ -349,7 +349,7 @@ func createManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) err
 			res["encryption-algorithm"] = v.(string)
 		}
 		if v, ok := d.GetOk("ike_phase_1.ike_p1_rekey_time"); ok {
-			res["ike-p1-rekey-time"] = v.(int)
+			res["ike-p1-rekey-time"] = v.(string)
 		}
 		vpnCommunityStar["ike-phase-1"] = res
 	}
@@ -371,7 +371,7 @@ func createManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) err
 			res["ike-p2-pfs-dh-grp"] = v.(bool)
 		}
 		if v, ok := d.GetOk("ike_phase_2.ike_p2_rekey_time"); ok {
-			res["ike-p2-rekey-time"] = v.(int)
+			res["ike-p2-rekey-time"] = v.(string)
 		}
 		vpnCommunityStar["ike-phase-2"] = res
 	}
@@ -467,7 +467,7 @@ func createManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) err
 						ikePhase1Payload["diffie-hellman-group"] = v.(string)
 					}
 					if v, ok := d.GetOk("granular_encryptions." + strconv.Itoa(i) + ".ike_phase_1.ike_p1_rekey_time"); ok {
-						ikePhase1Payload["ike-p1-rekey-time"] = v.(int)
+						ikePhase1Payload["ike-p1-rekey-time"] = v.(string)
 					}
 					payload["ike-phase-1"] = ikePhase1Payload
 				}
@@ -486,7 +486,7 @@ func createManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) err
 						ikePhase2Payload["ike-p2-pfs-dh-grp"] = v.(bool)
 					}
 					if v, ok := d.GetOk("granular_encryptions." + strconv.Itoa(i) + ".ike_phase_2.ike_p2_rekey_time"); ok {
-						ikePhase2Payload["ike-p2-rekey-time"] = v.(int)
+						ikePhase2Payload["ike-p2-rekey-time"] = v.(string)
 					}
 					payload["ike-phase-2"] = ikePhase2Payload
 				}
@@ -603,7 +603,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 			ikePhase1MapToReturn["encryption_algorithm"] = v
 		}
 		if v := ikePhase1Map["ike-p1-rekey-time"]; v != nil {
-			ikePhase1MapToReturn["ike_p1_rekey_time"] = v
+			ikePhase1MapToReturn["ike_p1_rekey_time"] = strconv.Itoa(int(v.(float64)))
 		}
 		_, ikePhase1InConf := d.GetOk("ike_phase_1")
 		defaultIkePhase1 := map[string]interface{}{"encryption_algorithm": "aes-256", "diffie_hellman_group": "group-2", "data_integrity": "sha1"}
@@ -635,7 +635,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 			ikePhase2MapToReturn["ike_p2_pfs_dh_grp"] = v
 		}
 		if v := ikePhase2Map["ike-p2-rekey-time"]; v != nil {
-			ikePhase2MapToReturn["ike_p2_rekey_time"] = v
+			ikePhase2MapToReturn["ike_p2_rekey_time"] = strconv.Itoa(int(v.(float64)))
 		}
 		_, ikePhase2InConf := d.GetOk("ike_phase_2")
 		defaultIkePhase2 := map[string]interface{}{"encryption_algorithm": "aes-128", "data_integrity": "sha1"}
@@ -673,7 +673,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 			}
 		}
 		_ = d.Set("override_vpn_domains", overrideVpnDomainsListToReturn)
-	}else{
+	} else {
 		_ = d.Set("override_vpn_domains", nil)
 	}
 
@@ -726,7 +726,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 			}
 		}
 		_ = d.Set("shared_secrets", sharedSecretsListToReturn)
-	}else{
+	} else {
 		_ = d.Set("shared_secrets", nil)
 	}
 
@@ -749,7 +749,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 							if obj["name"] != nil {
 								internalGatewayName = obj["name"].(string)
 							}
-						}else if val, ok := v.(string); ok {
+						} else if val, ok := v.(string); ok {
 							internalGatewayName = val
 						}
 						granularEncryptionState["internal_gateway"] = internalGatewayName
@@ -762,7 +762,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 							if obj["name"] != nil {
 								externalGatewayName = obj["name"].(string)
 							}
-						}else if val, ok := v.(string); ok {
+						} else if val, ok := v.(string); ok {
 							externalGatewayName = val
 						}
 						granularEncryptionState["external_gateway"] = externalGatewayName
@@ -789,7 +789,7 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 							ikePhase1State["diffie_hellman_group"] = v
 						}
 						if v := ikePhase1Show["ike-p1-rekey-time"]; v != nil {
-							ikePhase1State["ike_p1_rekey_time"] = v
+							ikePhase1State["ike_p1_rekey_time"] = strconv.Itoa(int(v.(float64)))
 						}
 						granularEncryptionState["ike_phase_1"] = ikePhase1State
 					}
@@ -810,14 +810,14 @@ func readManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) error
 							ikePhase2State["ike_p2_pfs_dh_grp"] = v
 						}
 						if v := ikePhase2Show["ike-p2-rekey-time"]; v != nil {
-							ikePhase2State["ike_p2_rekey_time"] = v
+							ikePhase2State["ike_p2_rekey_time"] = strconv.Itoa(int(v.(float64)))
 						}
 						granularEncryptionState["ike_phase_2"] = ikePhase2State
 					}
 					granularEncryptionsState = append(granularEncryptionsState, granularEncryptionState)
 				}
 				_ = d.Set("granular_encryptions", granularEncryptionsState)
-			}else{
+			} else {
 				_ = d.Set("granular_encryptions", nil)
 			}
 		}
@@ -1055,7 +1055,7 @@ func updateManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) err
 							ikePhase1Payload["diffie-hellman-group"] = v.(string)
 						}
 						if v, ok := d.GetOk("granular_encryptions." + strconv.Itoa(i) + ".ike_phase_1.ike_p1_rekey_time"); ok {
-							ikePhase1Payload["ike-p1-rekey-time"] = v.(int)
+							ikePhase1Payload["ike-p1-rekey-time"] = v.(string)
 						}
 						payload["ike-phase-1"] = ikePhase1Payload
 					}
@@ -1074,15 +1074,15 @@ func updateManagementVpnCommunityStar(d *schema.ResourceData, m interface{}) err
 							ikePhase2Payload["ike-p2-pfs-dh-grp"] = v.(bool)
 						}
 						if v, ok := d.GetOk("granular_encryptions." + strconv.Itoa(i) + ".ike_phase_2.ike_p2_rekey_time"); ok {
-							ikePhase2Payload["ike-p2-rekey-time"] = v.(int)
+							ikePhase2Payload["ike-p2-rekey-time"] = v.(string)
 						}
 						payload["ike-phase-2"] = ikePhase2Payload
 					}
 					granularEncryptionsPayload = append(granularEncryptionsPayload, payload)
 				}
 				vpnCommunityStar["granular-encryptions"] = granularEncryptionsPayload
 			}
-		}else{
+		} else {
 			granularEncryptions, _ := d.GetChange("granular_encryptions")
 			oldValues := granularEncryptions.([]interface{})
 			if len(oldValues) > 0 {

diff --git a/website/checkpoint.erb b/website/checkpoint.erb
@@ -493,6 +493,15 @@
             <li<%= sidebar_current("docs-checkpoint-resource-checkpoint-management-radius-group") %>>
               <a href="/docs/providers/checkpoint/r/checkpoint_management_radius_group.html">checkpoint_management_radius_group</a>
             </li>
+            <li<%= sidebar_current("docs-checkpoint-resource-checkpoint-management-gaia-best-practice") %>>
+             <a href="/docs/providers/checkpoint/r/checkpoint_management_gaia_best_practice.html">checkpoint_management_gaia_best_practice</a>
+            </li>
+            <li<%= sidebar_current("docs-checkpoint-resource-checkpoint-management-dynamic-global-network-object") %>>
+             <a href="/docs/providers/checkpoint/r/checkpoint_management_dynamic_global_network_object.html">checkpoint_management_dynamic_global_network_object</a>
+            </li>
+            <li<%= sidebar_current("docs-checkpoint-resource-checkpoint-management-global-assignment") %>>
+             <a href="/docs/providers/checkpoint/r/checkpoint_management_global_assignment.html">checkpoint_management_global_assignment</a>
+            </li>
           </ul>
         </li>
 
@@ -853,6 +862,15 @@
                  <li<%= sidebar_current("docs-checkpoint-data-source-checkpoint-management-radius-group") %>>
                    <a href="/docs/providers/checkpoint/d/checkpoint_management_radius_group.html">checkpoint_management_radius_group</a>
                  </li>
+                 <li<%= sidebar_current("docs-checkpoint-data-source-checkpoint-management-gaia-best-practice") %>>
+                  <a href="/docs/providers/checkpoint/d/checkpoint_management_gaia_best_practice.html">checkpoint_management_gaia_best_practice</a>
+                 </li>
+                 <li<%= sidebar_current("docs-checkpoint-data-source-checkpoint-management-dynamic-global-network-object") %>>
+                  <a href="/docs/providers/checkpoint/d/checkpoint_management_dynamic_global_network_object.html">checkpoint_management_dynamic_global_network_object</a>
+                 </li>
+                 <li<%= sidebar_current("docs-checkpoint-data-source-checkpoint-management-global-assignment") %>>
+                  <a href="/docs/providers/checkpoint/d/checkpoint_management_global_assignment.html">checkpoint_management_global_assignment</a>
+                 </li>
             </ul>
          </li>
         </ul>