feat: PA-VM Integration with Panorama Server (#727)

feat: PA-VM Integration with Panorama Server Allow additional parameters in vendor config (panoramaAuthKey, panoramaIpAddress)
equinix · Jul 16, 2024 · 17f240c · 17f240c
1 parent 54b4ae7
commit 17f240c
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 15 deletions.
diff --git a/docs/resources/network_device.md b/docs/resources/network_device.md
@@ -349,6 +349,54 @@ resource "equinix_network_device" "bluecat-edge-service-point-ha" {
 }
 ```
 
+```terraform
+# Create PA-VM firewall cluster with Panorama Server Integration
+# with Panorama Server IP and Panorama Auth Key in vendor Configuration
+
+data "equinix_network_account" "sv" {
+  metro_code = "SV"
+}
+
+resource "equinix_network_device" "panw-cluster" {
+  name            = "tf-panw"
+  metro_code      = data.equinix_network_account.sv.metro_code
+  type_code       = "PA-VM"
+  self_managed    = true
+  byol            = true
+  package_code    = "VM100"
+  notifications   = ["[email protected]", "[email protected]", "[email protected]"]
+  term_length     = 12
+  account_number  = data.equinix_network_account.sv.number
+  version         = "11.1.3"
+  interface_count = 10
+  core_count      = 2
+  ssh_key {
+    username = "test"
+    key_name = "test-key"
+  }
+  acl_template_id = "0bff6e05-f0e7-44cd-804a-25b92b835f8b"
+  cluster_details {
+    cluster_name = "tf-panw-cluster"
+    node0 {
+      vendor_configuration {
+        hostname            = "panw-node0"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+    node1 {
+      vendor_configuration {
+        hostname            = "panw-node1"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+  }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -378,7 +426,7 @@ The following arguments are supported:
 * `additional_bandwidth` - (Optional) Additional Internet bandwidth, in Mbps, that will be allocated to the device (in addition to default 15Mbps).
 * `interface_count` - (Optional) Number of network interfaces on a device. If not specified, default number for a given device type will be used.
 * `wan_interafce_id` - (Optional) Specify the WAN/SSH interface id. If not specified, default WAN/SSH interface for a given device type will be used.
-* `vendor_configuration` - (Optional) Map of vendor specific configuration parameters for a device (controller1, activationKey, managementType, siteId, systemIpAddress, privateAddress, privateCidrMask, privateGateway, licenseKey, licenseId)
+* `vendor_configuration` - (Optional) Map of vendor specific configuration parameters for a device (controller1, activationKey, managementType, siteId, systemIpAddress, privateAddress, privateCidrMask, privateGateway, licenseKey, licenseId, panoramaAuthKey, panoramaIpAddress)
 * `ssh-key` - (Optional) Definition of SSH key that will be provisioned on a device (max one key). See [SSH Key](#ssh-key) below for more details.
 * `secondary_device` - (Optional) Definition of secondary device for redundant device configurations. See [Secondary Device](#secondary-device) below for more details.
 * `cluster_details` - (Optional) An object that has the cluster details. See [Cluster Details](#cluster-details) below for more details.
@@ -402,7 +450,7 @@ The `secondary_device` block supports the following arguments:
 * `account_number` - (Required) Billing account number for secondary device.
 * `notifications` - (Required) List of email addresses that will receive notifications about secondary device.
 * `additional_bandwidth` - (Optional) Additional Internet bandwidth, in Mbps, for a secondary device.
-* `vendor_configuration` - (Optional) Key/Value pairs of vendor specific configuration parameters for a secondary device. Key values are `controller1`, `activationKey`, `managementType`, `siteId`, `systemIpAddress`, `privateAddress`, `privateCidrMask`, `privateGateway`, `licenseKey`, `licenseId`.
+* `vendor_configuration` - (Optional) Key/Value pairs of vendor specific configuration parameters for a secondary device. Key values are `controller1`, `activationKey`, `managementType`, `siteId`, `systemIpAddress`, `privateAddress`, `privateCidrMask`, `privateGateway`, `licenseKey`, `licenseId`, `panoramaAuthKey`, `panoramaIpAddress`.
 * `acl_template_id` - (Optional) Identifier of a WAN interface ACL template that will be applied on a secondary device.
 * `mgmt_acl_template_uuid` - (Optional) Identifier of an MGMT interface ACL template that will be applied on a secondary device.
 * `ssh-key` - (Optional) Up to one definition of SSH key that will be provisioned on a secondary device.
@@ -442,6 +490,8 @@ The `vendor_configuration` block supports the following arguments:
 * `activation_key` - (Optional) Activation key. This is required for Velocloud clusters.
 * `controller_fqdn` - (Optional) Controller fqdn. This is required for Velocloud clusters.
 * `root_password` - (Optional) The CLI password of the device. This field is relevant only for the Velocloud SDWAN cluster.
+* `panorama_ip_address` - (Optional) Panorama Server IP Address. This field is relevant only for the PA-VM firewall devices to have integration with Panorama Server.
+* `panorama_auth_key` - (Optional) Panorama Server Auth Key. This field is relevant only for the PA-VM firewall devices to have integration with Panorama Server.
 
 ## Attributes Reference
 

diff --git a/equinix/data_source_network_device.go b/equinix/data_source_network_device.go
@@ -661,6 +661,17 @@ func createDataSourceVendorConfigurationSchema() map[string]*schema.Schema {
 			Sensitive:   true,
 			Description: neDeviceVendorConfigDescriptions["LicenseID"],
 		},
+		neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]: {
+			Type:        schema.TypeString,
+			Computed:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaIPAddress"],
+		},
+		neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]: {
+			Type:        schema.TypeString,
+			Sensitive:   true,
+			Computed:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaAuthKey"],
+		},
 	}
 }
 

diff --git a/equinix/resource_network_device.go b/equinix/resource_network_device.go
@@ -186,17 +186,19 @@ var neDeviceClusterNodeDescriptions = map[string]string{
 }
 
 var neDeviceVendorConfigSchemaNames = map[string]string{
-	"Hostname":        "hostname",
-	"AdminPassword":   "admin_password",
-	"Controller1":     "controller1",
-	"ActivationKey":   "activation_key",
-	"ControllerFqdn":  "controller_fqdn",
-	"RootPassword":    "root_password",
-	"PrivateAddress":  "private_address",
-	"PrivateCIDRMask": "private_cidr_mask",
-	"PrivateGateway":  "private_gateway",
-	"LicenseKey":      "license_key",
-	"LicenseID":       "license_id",
+	"Hostname":          "hostname",
+	"AdminPassword":     "admin_password",
+	"Controller1":       "controller1",
+	"ActivationKey":     "activation_key",
+	"ControllerFqdn":    "controller_fqdn",
+	"RootPassword":      "root_password",
+	"PrivateAddress":    "private_address",
+	"PrivateCIDRMask":   "private_cidr_mask",
+	"PrivateGateway":    "private_gateway",
+	"LicenseKey":        "license_key",
+	"LicenseID":         "license_id",
+	"PanoramaIPAddress": "panorama_ip_address",
+	"PanoramaAuthKey":   "panorama_auth_key",
 }
 
 var neDeviceVendorConfigDescriptions = map[string]string{
@@ -212,6 +214,8 @@ var neDeviceVendorConfigDescriptions = map[string]string{
 	"PrivateGateway":    "Private gateway. This field is relevant only for the BlueCat DNS and DHCP Server",
 	"LicenseKey":        "License key. This field is relevant only for the BlueCat DNS and DHCP Server",
 	"LicenseID":         "License id. This field is relevant only for the BlueCat DNS and DHCP Server",
+	"PanoramaIPAddress": "Panorama Server IP Address. This field is relevant only for Palo Alto Networks Firewall devices",
+	"PanoramaAuthKey":   "Panorama Server Auth Key. This field is relevant only for Palo Alto Networks Firewall devices",
 }
 
 func resourceNetworkDevice() *schema.Resource {
@@ -950,6 +954,19 @@ func createVendorConfigurationSchema() map[string]*schema.Schema {
 			ForceNew:    true,
 			Description: neDeviceVendorConfigDescriptions["LicenseID"],
 		},
+		neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]: {
+			Type:        schema.TypeString,
+			Optional:    true,
+			ForceNew:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaIPAddress"],
+		},
+		neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]: {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Sensitive:   true,
+			ForceNew:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaAuthKey"],
+		},
 	}
 }
 
@@ -1541,6 +1558,12 @@ func flattenVendorConfiguration(vendorConfig map[string]string) interface{} {
 	if v, ok := vendorConfig["licenseId"]; ok {
 		transformed[neDeviceVendorConfigSchemaNames["LicenseID"]] = v
 	}
+	if v, ok := vendorConfig["panoramaIpAddress"]; ok {
+		transformed[neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]] = v
+	}
+	if v, ok := vendorConfig["panoramaAuthKey"]; ok {
+		transformed[neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]] = v
+	}
 	return []interface{}{transformed}
 }
 
@@ -1622,6 +1645,12 @@ func expandVendorConfiguration(vendorConfigs []interface{}) map[string]string {
 	if v, ok := vendorConfig[neDeviceVendorConfigSchemaNames["PrivateGateway"]]; ok && !isEmpty(v) {
 		transformed["privateGateway"] = v.(string)
 	}
+	if v, ok := vendorConfig[neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]]; ok && !isEmpty(v) {
+		transformed["panoramaIpAddress"] = v.(string)
+	}
+	if v, ok := vendorConfig[neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]]; ok && !isEmpty(v) {
+		transformed["panoramaAuthKey"] = v.(string)
+	}
 	return transformed
 }
 

diff --git a/examples/resources/network_device/example_9.tf b/examples/resources/network_device/example_9.tf
@@ -0,0 +1,45 @@
+# Create PA-VM firewall cluster with Panorama Server Integration
+# with Panorama Server IP and Panorama Auth Key in vendor Configuration
+
+data "equinix_network_account" "sv" {
+  metro_code = "SV"
+}
+
+resource "equinix_network_device" "panw-cluster" {
+  name            = "tf-panw"
+  metro_code      = data.equinix_network_account.sv.metro_code
+  type_code       = "PA-VM"
+  self_managed    = true
+  byol            = true
+  package_code    = "VM100"
+  notifications   = ["[email protected]", "[email protected]", "[email protected]"]
+  term_length     = 12
+  account_number  = data.equinix_network_account.sv.number
+  version         = "11.1.3"
+  interface_count = 10
+  core_count      = 2
+  ssh_key {
+    username = "test"
+    key_name = "test-key"
+  }
+  acl_template_id = "0bff6e05-f0e7-44cd-804a-25b92b835f8b"
+  cluster_details {
+    cluster_name = "tf-panw-cluster"
+    node0 {
+      vendor_configuration {
+        hostname            = "panw-node0"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+    node1 {
+      vendor_configuration {
+        hostname            = "panw-node1"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+  }
+}
diff --git a/templates/resources/network_device.md.tmpl b/templates/resources/network_device.md.tmpl
@@ -38,6 +38,8 @@ In addition to management modes, there are two software license modes available:
 
 {{tffile "examples/resources/network_device/example_8.tf"}}
 
+{{tffile "examples/resources/network_device/example_9.tf"}}
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -67,7 +69,7 @@ The following arguments are supported:
 * `additional_bandwidth` - (Optional) Additional Internet bandwidth, in Mbps, that will be allocated to the device (in addition to default 15Mbps).
 * `interface_count` - (Optional) Number of network interfaces on a device. If not specified, default number for a given device type will be used.
 * `wan_interafce_id` - (Optional) Specify the WAN/SSH interface id. If not specified, default WAN/SSH interface for a given device type will be used.
-* `vendor_configuration` - (Optional) Map of vendor specific configuration parameters for a device (controller1, activationKey, managementType, siteId, systemIpAddress, privateAddress, privateCidrMask, privateGateway, licenseKey, licenseId)
+* `vendor_configuration` - (Optional) Map of vendor specific configuration parameters for a device (controller1, activationKey, managementType, siteId, systemIpAddress, privateAddress, privateCidrMask, privateGateway, licenseKey, licenseId, panoramaAuthKey, panoramaIpAddress)
 * `ssh-key` - (Optional) Definition of SSH key that will be provisioned on a device (max one key). See [SSH Key](#ssh-key) below for more details.
 * `secondary_device` - (Optional) Definition of secondary device for redundant device configurations. See [Secondary Device](#secondary-device) below for more details.
 * `cluster_details` - (Optional) An object that has the cluster details. See [Cluster Details](#cluster-details) below for more details.
@@ -91,7 +93,7 @@ The `secondary_device` block supports the following arguments:
 * `account_number` - (Required) Billing account number for secondary device.
 * `notifications` - (Required) List of email addresses that will receive notifications about secondary device.
 * `additional_bandwidth` - (Optional) Additional Internet bandwidth, in Mbps, for a secondary device.
-* `vendor_configuration` - (Optional) Key/Value pairs of vendor specific configuration parameters for a secondary device. Key values are `controller1`, `activationKey`, `managementType`, `siteId`, `systemIpAddress`, `privateAddress`, `privateCidrMask`, `privateGateway`, `licenseKey`, `licenseId`.
+* `vendor_configuration` - (Optional) Key/Value pairs of vendor specific configuration parameters for a secondary device. Key values are `controller1`, `activationKey`, `managementType`, `siteId`, `systemIpAddress`, `privateAddress`, `privateCidrMask`, `privateGateway`, `licenseKey`, `licenseId`, `panoramaAuthKey`, `panoramaIpAddress`.
 * `acl_template_id` - (Optional) Identifier of a WAN interface ACL template that will be applied on a secondary device.
 * `mgmt_acl_template_uuid` - (Optional) Identifier of an MGMT interface ACL template that will be applied on a secondary device.
 * `ssh-key` - (Optional) Up to one definition of SSH key that will be provisioned on a secondary device.
@@ -131,6 +133,8 @@ The `vendor_configuration` block supports the following arguments:
 * `activation_key` - (Optional) Activation key. This is required for Velocloud clusters.
 * `controller_fqdn` - (Optional) Controller fqdn. This is required for Velocloud clusters.
 * `root_password` - (Optional) The CLI password of the device. This field is relevant only for the Velocloud SDWAN cluster.
+* `panorama_ip_address` - (Optional) Panorama Server IP Address. This field is relevant only for the PA-VM firewall devices to have integration with Panorama Server.
+* `panorama_auth_key` - (Optional) Panorama Server Auth Key. This field is relevant only for the PA-VM firewall devices to have integration with Panorama Server.
 
 ## Attributes Reference