From 86a639ebd687bdbfd2888c7cdfcf06357d0f289a Mon Sep 17 00:00:00 2001 From: FTNT-HQCM Date: Mon, 11 Nov 2024 13:55:35 -0800 Subject: [PATCH] init/updateFortiAnalyzerTerraform: 1.4.2 Signed-off-by: FTNT-HQCM --- CHANGELOG.md | 6 ++ faz/resource_fmupdate_fwmsetting.go | 31 ++++++ faz/resource_system_admin_ldap.go | 32 ++++++ faz/resource_system_connector.go | 32 ++++++ faz/resource_system_csf.go | 32 ++++++ faz/resource_system_global.go | 97 +++++++++++++++++++ faz/resource_system_mail.go | 32 ++++++ faz/resource_system_syslog.go | 32 ++++++ test/lint_check.sh | 10 -- test/test.sh | 0 ...analyzer_fmupdate_fwmsetting.html.markdown | 1 + ...tianalyzer_system_admin_ldap.html.markdown | 2 + ...rtianalyzer_system_connector.html.markdown | 2 + .../r/fortianalyzer_system_csf.html.markdown | 2 + .../fortianalyzer_system_global.html.markdown | 6 ++ .../r/fortianalyzer_system_mail.html.markdown | 2 + .../fortianalyzer_system_syslog.html.markdown | 2 + 17 files changed, 311 insertions(+), 10 deletions(-) delete mode 100644 test/lint_check.sh delete mode 100644 test/test.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 83abd7d..40d2f4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ ## 1.5.0 (Unreleased) +## 1.4.2 (November 12, 2024) + +IMPROVEMENTS: + +* Support FortiAnalyzer v7.0.13, v7.2.6, v7.2.7, v7.4.4, v7.4.5, v7.6.1; + ## 1.4.1 (August 27, 2024) IMPROVEMENTS: diff --git a/faz/resource_fmupdate_fwmsetting.go b/faz/resource_fmupdate_fwmsetting.go index 652d1f2..94ed5b9 100644 --- a/faz/resource_fmupdate_fwmsetting.go +++ b/faz/resource_fmupdate_fwmsetting.go @@ -99,6 +99,10 @@ func resourceFmupdateFwmSetting() *schema.Resource { Optional: true, Computed: true, }, + "send_image_retry": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + }, "upgrade_timeout": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -306,6 +310,10 @@ func flattenFmupdateFwmSettingRevisionDiffFfb(v interface{}, d *schema.ResourceD return v } +func flattenFmupdateFwmSettingSendImageRetryFfb(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenFmupdateFwmSettingUpgradeTimeoutFfb(v interface{}, d *schema.ResourceData, pre string) []map[string]interface{} { if v == nil { return nil @@ -588,6 +596,16 @@ func refreshObjectFmupdateFwmSetting(d *schema.ResourceData, o map[string]interf } } + if err = d.Set("send_image_retry", flattenFmupdateFwmSettingSendImageRetryFfb(o["send-image-retry"], d, "send_image_retry")); err != nil { + if vv, ok := fortiAPIPatch(o["send-image-retry"], "FmupdateFwmSetting-SendImageRetry"); ok { + if err = d.Set("send_image_retry", vv); err != nil { + return fmt.Errorf("Error reading send_image_retry: %v", err) + } + } else { + return fmt.Errorf("Error reading send_image_retry: %v", err) + } + } + if isImportTable() { if err = d.Set("upgrade_timeout", flattenFmupdateFwmSettingUpgradeTimeoutFfb(o["upgrade-timeout"], d, "upgrade_timeout")); err != nil { if vv, ok := fortiAPIPatch(o["upgrade-timeout"], "FmupdateFwmSetting-UpgradeTimeout"); ok { @@ -677,6 +695,10 @@ func expandFmupdateFwmSettingRevisionDiffFfb(d *schema.ResourceData, v interface return v, nil } +func expandFmupdateFwmSettingSendImageRetryFfb(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandFmupdateFwmSettingUpgradeTimeoutFfb(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { @@ -932,6 +954,15 @@ func getObjectFmupdateFwmSetting(d *schema.ResourceData) (*map[string]interface{ } } + if v, ok := d.GetOk("send_image_retry"); ok || d.HasChange("send_image_retry") { + t, err := expandFmupdateFwmSettingSendImageRetryFfb(d, v, "send_image_retry") + if err != nil { + return &obj, err + } else if t != nil { + obj["send-image-retry"] = t + } + } + if v, ok := d.GetOk("upgrade_timeout"); ok || d.HasChange("upgrade_timeout") { t, err := expandFmupdateFwmSettingUpgradeTimeoutFfb(d, v, "upgrade_timeout") if err != nil { diff --git a/faz/resource_system_admin_ldap.go b/faz/resource_system_admin_ldap.go index 799bfb2..9241ff6 100644 --- a/faz/resource_system_admin_ldap.go +++ b/faz/resource_system_admin_ldap.go @@ -119,6 +119,11 @@ func resourceSystemAdminLdap() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "tertiary_server": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -336,6 +341,10 @@ func flattenSystemAdminLdapServer(v interface{}, d *schema.ResourceData, pre str return v } +func flattenSystemAdminLdapSslProtocol(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenSystemAdminLdapTertiaryServer(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -535,6 +544,16 @@ func refreshObjectSystemAdminLdap(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("ssl_protocol", flattenSystemAdminLdapSslProtocol(o["ssl-protocol"], d, "ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["ssl-protocol"], "SystemAdminLdap-SslProtocol"); ok { + if err = d.Set("ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } + if err = d.Set("tertiary_server", flattenSystemAdminLdapTertiaryServer(o["tertiary-server"], d, "tertiary_server")); err != nil { if vv, ok := fortiAPIPatch(o["tertiary-server"], "SystemAdminLdap-TertiaryServer"); ok { if err = d.Set("tertiary_server", vv); err != nil { @@ -673,6 +692,10 @@ func expandSystemAdminLdapServer(d *schema.ResourceData, v interface{}, pre stri return v, nil } +func expandSystemAdminLdapSslProtocol(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandSystemAdminLdapTertiaryServer(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -850,6 +873,15 @@ func getObjectSystemAdminLdap(d *schema.ResourceData) (*map[string]interface{}, } } + if v, ok := d.GetOk("ssl_protocol"); ok || d.HasChange("ssl_protocol") { + t, err := expandSystemAdminLdapSslProtocol(d, v, "ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["ssl-protocol"] = t + } + } + if v, ok := d.GetOk("tertiary_server"); ok || d.HasChange("tertiary_server") { t, err := expandSystemAdminLdapTertiaryServer(d, v, "tertiary_server") if err != nil { diff --git a/faz/resource_system_connector.go b/faz/resource_system_connector.go index 271fffe..505e36d 100644 --- a/faz/resource_system_connector.go +++ b/faz/resource_system_connector.go @@ -39,6 +39,11 @@ func resourceSystemConnector() *schema.Resource { Optional: true, Computed: true, }, + "conn_ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "faznotify_msg_queue_max": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -149,6 +154,10 @@ func flattenSystemConnectorConnRefreshInterval(v interface{}, d *schema.Resource return v } +func flattenSystemConnectorConnSslProtocol(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenSystemConnectorFaznotifyMsgQueueMax(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -196,6 +205,16 @@ func refreshObjectSystemConnector(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("conn_ssl_protocol", flattenSystemConnectorConnSslProtocol(o["conn-ssl-protocol"], d, "conn_ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["conn-ssl-protocol"], "SystemConnector-ConnSslProtocol"); ok { + if err = d.Set("conn_ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading conn_ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading conn_ssl_protocol: %v", err) + } + } + if err = d.Set("faznotify_msg_queue_max", flattenSystemConnectorFaznotifyMsgQueueMax(o["faznotify-msg-queue-max"], d, "faznotify_msg_queue_max")); err != nil { if vv, ok := fortiAPIPatch(o["faznotify-msg-queue-max"], "SystemConnector-FaznotifyMsgQueueMax"); ok { if err = d.Set("faznotify_msg_queue_max", vv); err != nil { @@ -273,6 +292,10 @@ func expandSystemConnectorConnRefreshInterval(d *schema.ResourceData, v interfac return v, nil } +func expandSystemConnectorConnSslProtocol(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandSystemConnectorFaznotifyMsgQueueMax(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -318,6 +341,15 @@ func getObjectSystemConnector(d *schema.ResourceData) (*map[string]interface{}, } } + if v, ok := d.GetOk("conn_ssl_protocol"); ok || d.HasChange("conn_ssl_protocol") { + t, err := expandSystemConnectorConnSslProtocol(d, v, "conn_ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["conn-ssl-protocol"] = t + } + } + if v, ok := d.GetOk("faznotify_msg_queue_max"); ok || d.HasChange("faznotify_msg_queue_max") { t, err := expandSystemConnectorFaznotifyMsgQueueMax(d, v, "faznotify_msg_queue_max") if err != nil { diff --git a/faz/resource_system_csf.go b/faz/resource_system_csf.go index ee2f81f..f00f61c 100644 --- a/faz/resource_system_csf.go +++ b/faz/resource_system_csf.go @@ -129,6 +129,11 @@ func resourceSystemCsf() *schema.Resource { Optional: true, Computed: true, }, + "ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "saml_configuration_sync": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -394,6 +399,10 @@ func flattenSystemCsfLogUnification(v interface{}, d *schema.ResourceData, pre s return v } +func flattenSystemCsfSslProtocol(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenSystemCsfSamlConfigurationSync(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -688,6 +697,16 @@ func refreshObjectSystemCsf(d *schema.ResourceData, o map[string]interface{}) er } } + if err = d.Set("ssl_protocol", flattenSystemCsfSslProtocol(o["ssl-protocol"], d, "ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["ssl-protocol"], "SystemCsf-SslProtocol"); ok { + if err = d.Set("ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } + if err = d.Set("saml_configuration_sync", flattenSystemCsfSamlConfigurationSync(o["saml-configuration-sync"], d, "saml_configuration_sync")); err != nil { if vv, ok := fortiAPIPatch(o["saml-configuration-sync"], "SystemCsf-SamlConfigurationSync"); ok { if err = d.Set("saml_configuration_sync", vv); err != nil { @@ -884,6 +903,10 @@ func expandSystemCsfLogUnification(d *schema.ResourceData, v interface{}, pre st return v, nil } +func expandSystemCsfSslProtocol(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandSystemCsfSamlConfigurationSync(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -1154,6 +1177,15 @@ func getObjectSystemCsf(d *schema.ResourceData) (*map[string]interface{}, error) } } + if v, ok := d.GetOk("ssl_protocol"); ok || d.HasChange("ssl_protocol") { + t, err := expandSystemCsfSslProtocol(d, v, "ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["ssl-protocol"] = t + } + } + if v, ok := d.GetOk("saml_configuration_sync"); ok || d.HasChange("saml_configuration_sync") { t, err := expandSystemCsfSamlConfigurationSync(d, v, "saml_configuration_sync") if err != nil { diff --git a/faz/resource_system_global.go b/faz/resource_system_global.go index 7512ee7..51c0b2b 100644 --- a/faz/resource_system_global.go +++ b/faz/resource_system_global.go @@ -202,6 +202,11 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "global_ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "gui_curl_timeout": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -227,6 +232,12 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "httpd_ssl_protocol": &schema.Schema{ + Type: schema.TypeSet, + Elem: &schema.Schema{Type: schema.TypeString}, + Optional: true, + Computed: true, + }, "language": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -289,6 +300,11 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "mapclient_ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "max_aggregation_tasks": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -706,6 +722,10 @@ func flattenSystemGlobalFortiservicePortSga(v interface{}, d *schema.ResourceDat return v } +func flattenSystemGlobalGlobalSslProtocolSga(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenSystemGlobalGuiCurlTimeoutSga(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -726,6 +746,10 @@ func flattenSystemGlobalJsonapiLogSga(v interface{}, d *schema.ResourceData, pre return v } +func flattenSystemGlobalHttpdSslProtocolSga(v interface{}, d *schema.ResourceData, pre string) interface{} { + return flattenStringList(v) +} + func flattenSystemGlobalLanguageSga(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -778,6 +802,10 @@ func flattenSystemGlobalManagementPortSga(v interface{}, d *schema.ResourceData, return v } +func flattenSystemGlobalMapclientSslProtocolSga(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenSystemGlobalMaxAggregationTasksSga(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1328,6 +1356,16 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}) } } + if err = d.Set("global_ssl_protocol", flattenSystemGlobalGlobalSslProtocolSga(o["global-ssl-protocol"], d, "global_ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["global-ssl-protocol"], "SystemGlobal-GlobalSslProtocol"); ok { + if err = d.Set("global_ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading global_ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading global_ssl_protocol: %v", err) + } + } + if err = d.Set("gui_curl_timeout", flattenSystemGlobalGuiCurlTimeoutSga(o["gui-curl-timeout"], d, "gui_curl_timeout")); err != nil { if vv, ok := fortiAPIPatch(o["gui-curl-timeout"], "SystemGlobal-GuiCurlTimeout"); ok { if err = d.Set("gui_curl_timeout", vv); err != nil { @@ -1378,6 +1416,16 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}) } } + if err = d.Set("httpd_ssl_protocol", flattenSystemGlobalHttpdSslProtocolSga(o["httpd-ssl-protocol"], d, "httpd_ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["httpd-ssl-protocol"], "SystemGlobal-HttpdSslProtocol"); ok { + if err = d.Set("httpd_ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading httpd_ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading httpd_ssl_protocol: %v", err) + } + } + if err = d.Set("language", flattenSystemGlobalLanguageSga(o["language"], d, "language")); err != nil { if vv, ok := fortiAPIPatch(o["language"], "SystemGlobal-Language"); ok { if err = d.Set("language", vv); err != nil { @@ -1508,6 +1556,16 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}) } } + if err = d.Set("mapclient_ssl_protocol", flattenSystemGlobalMapclientSslProtocolSga(o["mapclient-ssl-protocol"], d, "mapclient_ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["mapclient-ssl-protocol"], "SystemGlobal-MapclientSslProtocol"); ok { + if err = d.Set("mapclient_ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading mapclient_ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading mapclient_ssl_protocol: %v", err) + } + } + if err = d.Set("max_aggregation_tasks", flattenSystemGlobalMaxAggregationTasksSga(o["max-aggregation-tasks"], d, "max_aggregation_tasks")); err != nil { if vv, ok := fortiAPIPatch(o["max-aggregation-tasks"], "SystemGlobal-MaxAggregationTasks"); ok { if err = d.Set("max_aggregation_tasks", vv); err != nil { @@ -2031,6 +2089,10 @@ func expandSystemGlobalFortiservicePortSga(d *schema.ResourceData, v interface{} return v, nil } +func expandSystemGlobalGlobalSslProtocolSga(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalGuiCurlTimeoutSga(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -2051,6 +2113,10 @@ func expandSystemGlobalJsonapiLogSga(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemGlobalHttpdSslProtocolSga(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return expandStringList(v.(*schema.Set).List()), nil +} + func expandSystemGlobalLanguageSga(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -2103,6 +2169,10 @@ func expandSystemGlobalManagementPortSga(d *schema.ResourceData, v interface{}, return v, nil } +func expandSystemGlobalMapclientSslProtocolSga(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalMaxAggregationTasksSga(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -2610,6 +2680,15 @@ func getObjectSystemGlobal(d *schema.ResourceData) (*map[string]interface{}, err } } + if v, ok := d.GetOk("global_ssl_protocol"); ok || d.HasChange("global_ssl_protocol") { + t, err := expandSystemGlobalGlobalSslProtocolSga(d, v, "global_ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["global-ssl-protocol"] = t + } + } + if v, ok := d.GetOk("gui_curl_timeout"); ok || d.HasChange("gui_curl_timeout") { t, err := expandSystemGlobalGuiCurlTimeoutSga(d, v, "gui_curl_timeout") if err != nil { @@ -2655,6 +2734,15 @@ func getObjectSystemGlobal(d *schema.ResourceData) (*map[string]interface{}, err } } + if v, ok := d.GetOk("httpd_ssl_protocol"); ok || d.HasChange("httpd_ssl_protocol") { + t, err := expandSystemGlobalHttpdSslProtocolSga(d, v, "httpd_ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["httpd-ssl-protocol"] = t + } + } + if v, ok := d.GetOk("language"); ok || d.HasChange("language") { t, err := expandSystemGlobalLanguageSga(d, v, "language") if err != nil { @@ -2772,6 +2860,15 @@ func getObjectSystemGlobal(d *schema.ResourceData) (*map[string]interface{}, err } } + if v, ok := d.GetOk("mapclient_ssl_protocol"); ok || d.HasChange("mapclient_ssl_protocol") { + t, err := expandSystemGlobalMapclientSslProtocolSga(d, v, "mapclient_ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["mapclient-ssl-protocol"] = t + } + } + if v, ok := d.GetOk("max_aggregation_tasks"); ok || d.HasChange("max_aggregation_tasks") { t, err := expandSystemGlobalMaxAggregationTasksSga(d, v, "max_aggregation_tasks") if err != nil { diff --git a/faz/resource_system_mail.go b/faz/resource_system_mail.go index 97e134e..486be93 100644 --- a/faz/resource_system_mail.go +++ b/faz/resource_system_mail.go @@ -72,6 +72,11 @@ func resourceSystemMail() *schema.Resource { Type: schema.TypeString, Optional: true, }, + "ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "user": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -206,6 +211,10 @@ func flattenSystemMailServer(v interface{}, d *schema.ResourceData, pre string) return v } +func flattenSystemMailSslProtocol(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func flattenSystemMailUser(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -293,6 +302,16 @@ func refreshObjectSystemMail(d *schema.ResourceData, o map[string]interface{}) e } } + if err = d.Set("ssl_protocol", flattenSystemMailSslProtocol(o["ssl-protocol"], d, "ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["ssl-protocol"], "SystemMail-SslProtocol"); ok { + if err = d.Set("ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } + if err = d.Set("user", flattenSystemMailUser(o["user"], d, "user")); err != nil { if vv, ok := fortiAPIPatch(o["user"], "SystemMail-User"); ok { if err = d.Set("user", vv); err != nil { @@ -348,6 +367,10 @@ func expandSystemMailServer(d *schema.ResourceData, v interface{}, pre string) ( return v, nil } +func expandSystemMailSslProtocol(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func expandSystemMailUser(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { return v, nil } @@ -436,6 +459,15 @@ func getObjectSystemMail(d *schema.ResourceData) (*map[string]interface{}, error } } + if v, ok := d.GetOk("ssl_protocol"); ok || d.HasChange("ssl_protocol") { + t, err := expandSystemMailSslProtocol(d, v, "ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["ssl-protocol"] = t + } + } + if v, ok := d.GetOk("user"); ok || d.HasChange("user") { t, err := expandSystemMailUser(d, v, "user") if err != nil { diff --git a/faz/resource_system_syslog.go b/faz/resource_system_syslog.go index e3ed1be..8bb6534 100644 --- a/faz/resource_system_syslog.go +++ b/faz/resource_system_syslog.go @@ -62,6 +62,11 @@ func resourceSystemSyslog() *schema.Resource { Optional: true, Computed: true, }, + "ssl_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } @@ -184,6 +189,10 @@ func flattenSystemSyslogSecureConnection(v interface{}, d *schema.ResourceData, return v } +func flattenSystemSyslogSslProtocol(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func refreshObjectSystemSyslog(d *schema.ResourceData, o map[string]interface{}) error { var err error @@ -257,6 +266,16 @@ func refreshObjectSystemSyslog(d *schema.ResourceData, o map[string]interface{}) } } + if err = d.Set("ssl_protocol", flattenSystemSyslogSslProtocol(o["ssl-protocol"], d, "ssl_protocol")); err != nil { + if vv, ok := fortiAPIPatch(o["ssl-protocol"], "SystemSyslog-SslProtocol"); ok { + if err = d.Set("ssl_protocol", vv); err != nil { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } else { + return fmt.Errorf("Error reading ssl_protocol: %v", err) + } + } + return nil } @@ -294,6 +313,10 @@ func expandSystemSyslogSecureConnection(d *schema.ResourceData, v interface{}, p return v, nil } +func expandSystemSyslogSslProtocol(d *schema.ResourceData, v interface{}, pre string) (interface{}, error) { + return v, nil +} + func getObjectSystemSyslog(d *schema.ResourceData) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -360,5 +383,14 @@ func getObjectSystemSyslog(d *schema.ResourceData) (*map[string]interface{}, err } } + if v, ok := d.GetOk("ssl_protocol"); ok || d.HasChange("ssl_protocol") { + t, err := expandSystemSyslogSslProtocol(d, v, "ssl_protocol") + if err != nil { + return &obj, err + } else if t != nil { + obj["ssl-protocol"] = t + } + } + return &obj, nil } diff --git a/test/lint_check.sh b/test/lint_check.sh deleted file mode 100644 index a9f775f..0000000 --- a/test/lint_check.sh +++ /dev/null @@ -1,10 +0,0 @@ -p=$(dirname "$PWD"); -export GOPATH=${p%/*/*/*/*}"/" -make -C ../ fmt -golint ../faz -golint ../vendor/github.com/fortinetdev/forti-sdk-go/fortianalyzer/auth -golint ../vendor/github.com/fortinetdev/forti-sdk-go/fortianalyzer/config -golint ../vendor/github.com/fortinetdev/forti-sdk-go/fortianalyzer/request -golint ../vendor/github.com/fortinetdev/forti-sdk-go/fortianalyzer/sdkcore -make -C ../ build - diff --git a/test/test.sh b/test/test.sh deleted file mode 100644 index e69de29..0000000 diff --git a/website/docs/r/fortianalyzer_fmupdate_fwmsetting.html.markdown b/website/docs/r/fortianalyzer_fmupdate_fwmsetting.html.markdown index e0f5578..70626c5 100644 --- a/website/docs/r/fortianalyzer_fmupdate_fwmsetting.html.markdown +++ b/website/docs/r/fortianalyzer_fmupdate_fwmsetting.html.markdown @@ -50,6 +50,7 @@ The following arguments are supported: * `retry_max` - max retry times(0-100, default=10) * `revision_diff` - calculate diff script after upgrade disable - Disable setting. enable - Enable setting. Valid values: `disable`, `enable`. +* `send_image_retry` - retry send image when failed(0-2, default=0(no retry)) * `upgrade_timeout` - Upgrade-Timeout. The structure of `upgrade_timeout` block is documented below. The `upgrade_timeout` block supports: diff --git a/website/docs/r/fortianalyzer_system_admin_ldap.html.markdown b/website/docs/r/fortianalyzer_system_admin_ldap.html.markdown index d4488ab..1bdfda1 100644 --- a/website/docs/r/fortianalyzer_system_admin_ldap.html.markdown +++ b/website/docs/r/fortianalyzer_system_admin_ldap.html.markdown @@ -53,6 +53,8 @@ The following arguments are supported: * `secure` - SSL connection. disable - No SSL. starttls - Use StartTLS. ldaps - Use LDAPS. Valid values: `disable`, `starttls`, `ldaps`. * `server` - {} LDAP server domain name or IP. +* `ssl_protocol` - set the lowest SSL protocol version for connection to ldap server. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `follow-global-ssl-protocol`, `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `tertiary_server` - {} tertiary LDAP server domain name or IP. * `type` - Type of LDAP binding. simple - Simple password authentication without search. anonymous - Bind using anonymous user search. regular - Bind using username/password and then search. Valid values: `simple`, `anonymous`, `regular`. diff --git a/website/docs/r/fortianalyzer_system_connector.html.markdown b/website/docs/r/fortianalyzer_system_connector.html.markdown index 37c115c..9b453d8 100644 --- a/website/docs/r/fortianalyzer_system_connector.html.markdown +++ b/website/docs/r/fortianalyzer_system_connector.html.markdown @@ -27,6 +27,8 @@ The following arguments are supported: * `cloud_orchest_refresh_interval` - Cloud Orchestration refresh interval (300 - 1800 seconds). * `conn_refresh_interval` - connector refresh interval (60 - 1800 seconds). +* `conn_ssl_protocol` - set the lowest SSL protocol version for connector. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `follow-global-ssl-protocol`, `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `faznotify_msg_queue_max` - faznotify max queued message per connector (10 - 10000). * `faznotify_msg_timeout` - faznotify message timeout (1 - 720 hours). * `fsso_refresh_interval` - FSSO refresh interval (60 - 600 seconds). diff --git a/website/docs/r/fortianalyzer_system_csf.html.markdown b/website/docs/r/fortianalyzer_system_csf.html.markdown index 8d88761..a442eb1 100644 --- a/website/docs/r/fortianalyzer_system_csf.html.markdown +++ b/website/docs/r/fortianalyzer_system_csf.html.markdown @@ -40,6 +40,8 @@ The following arguments are supported: * `group_password` - Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. * `log_unification` - Enable/disable broadcast of discovery messages for log unification. disable - Disable broadcast of discovery messages for log unification. enable - Enable broadcast of discovery messages for log unification. Valid values: `disable`, `enable`. +* `ssl_protocol` - set the lowest SSL protocol version for upstream and downstream connections. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `follow-global-ssl-protocol`, `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `saml_configuration_sync` - SAML setting configuration synchronization. local - Do not apply SAML configuration generated by root. default - SAML setting for fabric members is created by fabric root. Valid values: `local`, `default`. * `status` - Enable/disable Security Fabric. disable - Disable Security Fabric. enable - Enable Security Fabric. Valid values: `disable`, `enable`. diff --git a/website/docs/r/fortianalyzer_system_global.html.markdown b/website/docs/r/fortianalyzer_system_global.html.markdown index 356a43b..df3d66a 100644 --- a/website/docs/r/fortianalyzer_system_global.html.markdown +++ b/website/docs/r/fortianalyzer_system_global.html.markdown @@ -108,6 +108,8 @@ The following arguments are supported: * `fgfm_ssl_protocol` - set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. * `fortiservice_port` - FortiService port (1 - 65535, default = 8013). Used by FortiClient endpoint compliance. Older versions of FortiClient used a different port. +* `global_ssl_protocol` - set the lowest SSL protocol version for all SSL connections. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `gui_curl_timeout` - GUI curl timeout in seconds (5-900 default 30). * `gui_polling_interval` - GUI polling interval in seconds (1-288000 default 5). * `ha_member_auto_grouping` - Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Valid values: `disable`, `enable`. @@ -115,6 +117,8 @@ The following arguments are supported: * `hostname` - System hostname. * `jsonapi_log` - enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Valid values: `disable`, `request`, `response`, `all`. +* `httpd_ssl_protocol` - set SSL protocols for apache daemon (httpd) sslv3 - Enable SSLv3. tlsv1.0 - Enable TLSv1.0. tlsv1.1 - Enable TLSv1.1. tlsv1.2 - Enable TLSv1.2. tlsv1.3 - Enable TLSv1.3. Valid values: `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `language` - System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Valid values: `english`, `simch`, `japanese`, `korean`, `spanish`, `trach`. * `latitude` - fmg location latitude @@ -133,6 +137,8 @@ The following arguments are supported: * `longitude` - fmg location longitude * `management_ip` - Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. * `management_port` - Overriding port for management connection (Overrides admin port). +* `mapclient_ssl_protocol` - set the lowest SSL protocol version for connection to mapserver. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `follow-global-ssl-protocol`, `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `max_aggregation_tasks` - Maximum number of concurrent tasks of a log aggregation session. * `max_log_forward` - Maximum number of log-forward and aggregation settings. * `max_running_reports` - Maximum number of reports generating at one time. diff --git a/website/docs/r/fortianalyzer_system_mail.html.markdown b/website/docs/r/fortianalyzer_system_mail.html.markdown index 63629b2..f92e932 100644 --- a/website/docs/r/fortianalyzer_system_mail.html.markdown +++ b/website/docs/r/fortianalyzer_system_mail.html.markdown @@ -40,6 +40,8 @@ The following arguments are supported: * `secure_option` - Communication secure option. default - Try STARTTLS, proceed as plain text communication otherwise. none - Communication will be in plain text format. smtps - Communication will be protected by SMTPS. starttls - Communication will be protected by STARTTLS. Valid values: `default`, `none`, `smtps`, `starttls`. * `server` - SMTP server. +* `ssl_protocol` - set the lowest SSL protocol version for connection to mail server. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `follow-global-ssl-protocol`, `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + * `user` - SMTP account username. diff --git a/website/docs/r/fortianalyzer_system_syslog.html.markdown b/website/docs/r/fortianalyzer_system_syslog.html.markdown index 7bdd934..f17f89c 100644 --- a/website/docs/r/fortianalyzer_system_syslog.html.markdown +++ b/website/docs/r/fortianalyzer_system_syslog.html.markdown @@ -34,6 +34,8 @@ The following arguments are supported: * `secure_connection` - Enable/disable connection secured by TLS/SSL. disable - Disable SSL connection. enable - Enable SSL connection. Valid values: `disable`, `enable`. +* `ssl_protocol` - set the lowest SSL protocol version for connection to syslog server. follow-global-ssl-protocol - Follow system.global.global-ssl-protocol setting (default). sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version. tlsv1.3 - set TLSv1.3 as the lowest version. Valid values: `follow-global-ssl-protocol`, `sslv3`, `tlsv1.0`, `tlsv1.1`, `tlsv1.2`, `tlsv1.3`. + ## Attribute Reference