Merge branch 'main' into CXF-97293-NIMF-Documentation-Fix

.github/workflows/golangci-lint.yml

@@ -0,0 +1,30 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+permissions:
+  contents: read
+  pull-requests: read # Remove along with only-new-issues by 2025
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+      - name: Determine golangci-lint version
+        id: golangcilint
+        run: |
+          line=$(grep GOLANGCI_LINT_VERSION= GNUmakefile)
+          version=$(echo ${line} | cut -d = -f2)
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          args: --whole-files # Remove along with only-new-issues by 2025
+          version: ${{ steps.golangcilint.outputs.version }}
+          only-new-issues: true # Remove along with pull-requests: read permission by 2025

.github/workflows/acctest.yml → .github/workflows/metal_acctest.yml

@@ -1,4 +1,4 @@
-name: Acceptance Tests
+name: Metal Acceptance Tests
 # This workflow determines whether a PR comes from an external fork
 # (which requires approval from us) or from a branch on this repository
 # (which means it was made by us and can run immediately).  Once a PR
@@ -110,7 +110,7 @@ jobs:
         METAL_AUTH_TOKEN: ${{ secrets.METAL_AUTH_TOKEN }}
         TF_ACC_METAL_DEDICATED_CONNECTION_ID: ${{ secrets.TF_ACC_METAL_DEDICATED_CONNECTION_ID }}
       run: |
-        go test ./... -v -coverprofile coverage.txt -covermode=atomic -count 1 -parallel 8 -run "(Metal)|(Provider)|(Migration)" -timeout 180m
+        go test ./... -v -coverprofile coverage.txt -covermode=atomic -count 1 -parallel 8 -run "(Metal)" -timeout 180m
 
     - name: Sweeper
       if: ${{ always() }}

.github/workflows/release.yml

@@ -1,19 +1,5 @@
-# This GitHub action can publish assets for release when a tag is created.
-# Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
-#
-# This uses an action (paultyng/ghaction-import-gpg) that assumes you set your
-# private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
-# secret. If you would rather own your own GPG handling, please fork this action
-# or use an alternative one for key handling.
-#
-# You will need to pass the `--batch` flag to `gpg` in your signing step
-# in `goreleaser` to indicate this is being used in a non-interactive mode.
-#
-name: release
+name: Generate Next Release
 on:
-  push:
-    tags:
-      - 'v*'
   workflow_dispatch:
 
 jobs:
@@ -42,6 +28,17 @@ jobs:
         gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
         passphrase: ${{ secrets.PASSPHRASE }}
 
+    - name: Release
+      uses: cycjimmy/semantic-release-action@v3
+      with:
+        semantic_version: 19.0.5
+        extra_plugins: |
+          @semantic-release/[email protected]
+          @semantic-release/[email protected]
+          [email protected]
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     - name: Run GoReleaser
       uses: goreleaser/goreleaser-action@v6
       with:

.github/workflows/test.yml

@@ -50,7 +50,7 @@ jobs:
       run: go build -v .
 
     - name: TF tests
-      run: go test -v --coverprofile coverage.txt -covermode=atomic -parallel 4 $(go list ./... |grep -v 'tests')
+      run: go test -v --coverprofile coverage.txt -covermode=atomic -parallel 4 ./...
 
     - name: Upload coverage to Codecov
       if: ${{ always() }}

.golangci.yaml

@@ -0,0 +1,13 @@
+run:
+  modules-download-mode: readonly
+  skip-dirs:
+    - cmd/migration-tool
+linters:
+  enable:
+    - errcheck
+    - goimports
+    - gosimple
+    - govet
+    - ineffassign
+    - staticcheck
+    - unused

.goreleaser.yml

@@ -87,7 +87,6 @@ signs:
       - "--detach-sign"
       - "${artifact}"
 release:
-  # If you want to manually examine the release before its live, uncomment this line:
-  # draft: true
+  mode: "keep-existing"
 changelog:
   disable: true

.releaserc.json

@@ -0,0 +1,37 @@
+{
+  "branches": [
+    "main"
+  ],
+  "ci": false,
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "conventionalcommits"
+      }
+    ],
+    [
+      "@semantic-release/release-notes-generator",
+      {
+        "preset": "conventionalcommits"
+      }
+    ],
+    [
+      "@semantic-release/github",
+      {
+        "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+        "labels": false,
+        "releasedLabels": false
+      }
+    ],
+    [
+      "@semantic-release/git",
+      {
+        "message": "ci: regenerate code for version ${nextRelease.version}",
+        "assets": [
+          "."
+        ]
+      }
+    ]
+  ]
+}

CODEOWNERS

@@ -1,12 +1,13 @@
 # See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners#example-of-a-codeowners-file
 #
-*                       @equinix/governor-devrel-engineering
-/cmd/migration-tool     @equinix/governor-metal-client-interfaces
-*metal*                 @equinix/governor-metal-client-interfaces
-docs/guides/network_types.md      @equinix/governor-metal-client-interfaces
-*fabric*                @equinix/governor-digin-fabric
-*connection_e2e*        @equinix/governor-digin-fabric
-*resource_network_*     @equinix/governor-ne-network-edge-engineering
-docs/**/network_*      @equinix/governor-ne-network-edge-engineering
-*data_source_network_*  @equinix/governor-ne-network-edge-engineering
-**/edge-networking      @equinix/governor-ne-network-edge-engineering
+*                            @equinix/governor-devrel-engineering
+/cmd/migration-tool          @equinix/governor-metal-client-interfaces
+*metal*                      @equinix/governor-metal-client-interfaces
+docs/guides/network_types.md @equinix/governor-metal-client-interfaces
+*fabric*                     @equinix/governor-digin-fabric
+*connection_e2e*             @equinix/governor-digin-fabric
+*resource_network_*          @equinix/governor-ne-network-edge-engineering
+*data_source_network_*       @equinix/governor-ne-network-edge-engineering
+**/edge-networking           @equinix/governor-ne-network-edge-engineering
+docs/**/network_*            @equinix/governor-ne-network-edge-engineering
+templates/**/network_*       @equinix/governor-ne-network-edge-engineering

GNUmakefile

@@ -11,6 +11,9 @@ ACCTEST_COUNT       ?= 1
 GOFMT_FILES         ?=$$(find . -name '*.go' |grep -v vendor)
 PKG_NAME            =equinix
 
+GOLANGCI_LINT_VERSION=v1.56
+GOLANGCI_LINT=go run github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCI_LINT_VERSION}
+
 ifneq ($(origin TESTS_REGEXP), undefined)
 	TESTARGS = -run='$(TESTS_REGEXP)'
 endif
@@ -45,6 +48,8 @@ clean:
 	${GOCMD} clean
 	rm -f ${BINARY}
 
+lint:
+	${GOLANGCI_LINT} run -v
 
 vet:
 	@echo "go vet ."
@@ -117,4 +122,4 @@ tfproviderdocs-check:
 		echo "Unexpected issues found in code with bflad/tfproviderdocs."; \
 		exit 1)
 
-.PHONY: test testacc build install clean  fmt fmtcheck errcheck test-compile docs-lint docs-lint-fix tfproviderlint tfproviderlint-fix tfproviderdocs-check
+.PHONY: test testacc build install clean lint fmt fmtcheck errcheck test-compile docs-lint docs-lint-fix tfproviderlint tfproviderlint-fix tfproviderdocs-check

RELEASE.md

@@ -0,0 +1,22 @@
+# Release Instructions
+
+These build and release instructions are intended for the maintainers and future maintainers of this project.
+
+## Preparing a new version
+
+There are no preparation steps.
+
+* the version is computed from [Conventional Commit](https://www.conventionalcommits.org/en/v1.0.0/) tags
+* There is no changelog; the GitHub release notes are generated based on [Conventional Commit](https://www.conventionalcommits.org/en/v1.0.0/) tags 
+
+## Releasing
+
+Run the GitHub Actions [Release Workflow](.github/workflows/release.yml) on the `main` branch.
+
+The release workflow:
+- Uses [Semantic Release](.releaserc.json) to determine the next version number and create the GitHub release
+- Uses [GoReleaser](.goreleaser.yml) to build the terraform provider plugins and attach them to the GitHub release
+
+This will build and release plugins for several different OS and Architecture combinations.
+
+Any special instructions or notes should be added by editing the release notes that the workflow publishes. These notes can be found at https://github.com/equinix/terraform-provider-equinix/releases

docs/resources/network_device.md

@@ -349,6 +349,54 @@ resource "equinix_network_device" "bluecat-edge-service-point-ha" {
 }
 ```
 
+```terraform
+# Create PA-VM firewall cluster with Panorama Server Integration
+# with Panorama Server IP and Panorama Auth Key in vendor Configuration
+
+data "equinix_network_account" "sv" {
+  metro_code = "SV"
+}
+
+resource "equinix_network_device" "panw-cluster" {
+  name            = "tf-panw"
+  metro_code      = data.equinix_network_account.sv.metro_code
+  type_code       = "PA-VM"
+  self_managed    = true
+  byol            = true
+  package_code    = "VM100"
+  notifications   = ["[email protected]", "[email protected]", "[email protected]"]
+  term_length     = 12
+  account_number  = data.equinix_network_account.sv.number
+  version         = "11.1.3"
+  interface_count = 10
+  core_count      = 2
+  ssh_key {
+    username = "test"
+    key_name = "test-key"
+  }
+  acl_template_id = "0bff6e05-f0e7-44cd-804a-25b92b835f8b"
+  cluster_details {
+    cluster_name = "tf-panw-cluster"
+    node0 {
+      vendor_configuration {
+        hostname            = "panw-node0"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+    node1 {
+      vendor_configuration {
+        hostname            = "panw-node1"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+  }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -378,7 +426,7 @@ The following arguments are supported:
 * `additional_bandwidth` - (Optional) Additional Internet bandwidth, in Mbps, that will be allocated to the device (in addition to default 15Mbps).
 * `interface_count` - (Optional) Number of network interfaces on a device. If not specified, default number for a given device type will be used.
 * `wan_interafce_id` - (Optional) Specify the WAN/SSH interface id. If not specified, default WAN/SSH interface for a given device type will be used.
-* `vendor_configuration` - (Optional) Map of vendor specific configuration parameters for a device (controller1, activationKey, managementType, siteId, systemIpAddress, privateAddress, privateCidrMask, privateGateway, licenseKey, licenseId)
+* `vendor_configuration` - (Optional) Map of vendor specific configuration parameters for a device (controller1, activationKey, managementType, siteId, systemIpAddress, privateAddress, privateCidrMask, privateGateway, licenseKey, licenseId, panoramaAuthKey, panoramaIpAddress)
 * `ssh-key` - (Optional) Definition of SSH key that will be provisioned on a device (max one key). See [SSH Key](#ssh-key) below for more details.
 * `secondary_device` - (Optional) Definition of secondary device for redundant device configurations. See [Secondary Device](#secondary-device) below for more details.
 * `cluster_details` - (Optional) An object that has the cluster details. See [Cluster Details](#cluster-details) below for more details.
@@ -402,7 +450,7 @@ The `secondary_device` block supports the following arguments:
 * `account_number` - (Required) Billing account number for secondary device.
 * `notifications` - (Required) List of email addresses that will receive notifications about secondary device.
 * `additional_bandwidth` - (Optional) Additional Internet bandwidth, in Mbps, for a secondary device.
-* `vendor_configuration` - (Optional) Key/Value pairs of vendor specific configuration parameters for a secondary device. Key values are `controller1`, `activationKey`, `managementType`, `siteId`, `systemIpAddress`, `privateAddress`, `privateCidrMask`, `privateGateway`, `licenseKey`, `licenseId`.
+* `vendor_configuration` - (Optional) Key/Value pairs of vendor specific configuration parameters for a secondary device. Key values are `controller1`, `activationKey`, `managementType`, `siteId`, `systemIpAddress`, `privateAddress`, `privateCidrMask`, `privateGateway`, `licenseKey`, `licenseId`, `panoramaAuthKey`, `panoramaIpAddress`.
 * `acl_template_id` - (Optional) Identifier of a WAN interface ACL template that will be applied on a secondary device.
 * `mgmt_acl_template_uuid` - (Optional) Identifier of an MGMT interface ACL template that will be applied on a secondary device.
 * `ssh-key` - (Optional) Up to one definition of SSH key that will be provisioned on a secondary device.
@@ -442,6 +490,8 @@ The `vendor_configuration` block supports the following arguments:
 * `activation_key` - (Optional) Activation key. This is required for Velocloud clusters.
 * `controller_fqdn` - (Optional) Controller fqdn. This is required for Velocloud clusters.
 * `root_password` - (Optional) The CLI password of the device. This field is relevant only for the Velocloud SDWAN cluster.
+* `panorama_ip_address` - (Optional) Panorama Server IP Address. This field is relevant only for the PA-VM firewall devices to have integration with Panorama Server.
+* `panorama_auth_key` - (Optional) Panorama Server Auth Key. This field is relevant only for the PA-VM firewall devices to have integration with Panorama Server.
 
 ## Attributes Reference
 

equinix/data_source_network_device.go

@@ -661,6 +661,17 @@ func createDataSourceVendorConfigurationSchema() map[string]*schema.Schema {
 			Sensitive:   true,
 			Description: neDeviceVendorConfigDescriptions["LicenseID"],
 		},
+		neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]: {
+			Type:        schema.TypeString,
+			Computed:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaIPAddress"],
+		},
+		neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]: {
+			Type:        schema.TypeString,
+			Sensitive:   true,
+			Computed:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaAuthKey"],
+		},
 	}
 }
 

equinix/provider.go

@@ -193,6 +193,10 @@ func configureProvider(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	return &config, nil
 }
 
+// stringsFound returns true if all strings in source are found in target
+// Deprecated: stringsFound is shared between provider, tests, and resources
+// and is being relocated for package refactoring.
+// Use github.com/equinix/terraform-provider-equinix/internal/comparisons.Subsets
 func stringsFound(source []string, target []string) bool {
 	for i := range source {
 		if !slices.Contains(target, source[i]) {
@@ -202,6 +206,10 @@ func stringsFound(source []string, target []string) bool {
 	return true
 }
 
+// isEmpty returns true if the value is nil or zero
+// Deprecated: isEmpty is shared between provider, tests, and resources
+// and is being relocated for package refactoring.
+// Use github.com/equinix/terraform-provider-equinix/internal/comparisons.IsEmpty
 func isEmpty(v interface{}) bool {
 	switch v := v.(type) {
 	case int:
@@ -219,6 +227,10 @@ func isEmpty(v interface{}) bool {
 	}
 }
 
+// slicesMatch returns true if all strings in s1 are found in s2
+// Deprecated: slicesMatch is shared between provider, tests, and resources
+// and is being relocated for package refactoring.
+// Use github.com/equinix/terraform-provider-equinix/internal/comparisons.SlicesMatch
 func slicesMatch(s1, s2 []string) bool {
 	if len(s1) != len(s2) {
 		return false