From cd5ed5417300f3bb658b89886ca7dde3f60685c7 Mon Sep 17 00:00:00 2001 From: -HQCM Date: Mon, 11 Sep 2023 11:22:10 -0700 Subject: [PATCH] init/updateFortiOSTerraform: 1.18.0 Signed-off-by: -HQCM --- CHANGELOG.md | 28 +- fortios/data_source_firewall_policy.go | 28 + fortios/data_source_firewall_proxypolicy.go | 42 + fortios/data_source_router_bgp.go | 52 + fortios/data_source_router_policy6.go | 28 + fortios/data_source_router_routemap.go | 13 + fortios/data_source_routerbgp_neighbor.go | 28 + fortios/data_source_system_accprofile.go | 26 + fortios/data_source_system_dnsdatabase.go | 28 + fortios/data_source_system_dnsserver.go | 28 + fortios/data_source_system_ftmpush.go | 14 + fortios/data_source_system_global.go | 140 ++ fortios/data_source_system_ha.go | 14 + fortios/data_source_system_interface.go | 96 ++ fortios/data_source_system_sessionttl.go | 13 + fortios/data_source_user_saml.go | 14 + fortios/provider.go | 32 +- fortios/resource_authentication_rule.go | 57 + fortios/resource_casb_profile.go | 1168 +++++++++++++ fortios/resource_casb_saasapplication.go | 452 +++++ fortios/resource_casb_useractivity.go | 1491 +++++++++++++++++ fortios/resource_certificate_ca.go | 29 + fortios/resource_certificate_local.go | 232 +++ fortios/resource_dnsfilter_profile.go | 112 ++ fortios/resource_firewall_accessproxy.go | 582 +++++++ fortios/resource_firewall_accessproxy6.go | 582 +++++++ .../resource_firewall_centralsnatmap_sort.go | 98 +- fortios/resource_firewall_interfacepolicy.go | 57 + fortios/resource_firewall_interfacepolicy6.go | 57 + fortios/resource_firewall_policy.go | 60 + fortios/resource_firewall_policy_move.go | 170 ++ fortios/resource_firewall_policy_sort.go | 210 +++ fortios/resource_firewall_profilegroup.go | 58 + fortios/resource_firewall_proxypolicy.go | 86 + fortios/resource_firewall_proxypolicy_sort.go | 98 +- fortios/resource_firewall_security_policy.go | 9 +- .../resource_firewall_security_policyseq.go | 31 +- .../resource_firewall_security_policysort.go | 37 +- fortios/resource_firewall_securitypolicy.go | 58 + .../resource_firewall_securitypolicy_move.go | 170 ++ .../resource_firewall_securitypolicy_sort.go | 210 +++ fortios/resource_firewall_sniffer.go | 57 + fortios/resource_firewall_sslsshprofile.go | 44 + fortios/resource_firewall_vip.go | 328 ++++ fortios/resource_firewall_vip46.go | 4 +- fortios/resource_firewall_vip64.go | 4 +- ...ource_logfortianalyzer2_overridesetting.go | 65 + fortios/resource_logfortianalyzer2_setting.go | 65 + ...ource_logfortianalyzer3_overridesetting.go | 65 + fortios/resource_logfortianalyzer3_setting.go | 65 + ...source_logfortianalyzer_overridesetting.go | 65 + fortios/resource_logfortianalyzer_setting.go | 65 + fortios/resource_router_bgp.go | 96 ++ fortios/resource_router_policy6.go | 58 + fortios/resource_router_routemap.go | 23 + fortios/resource_routerbgp_neighbor.go | 58 + fortios/resource_rule_otdt.go | 749 +++++++++ fortios/resource_rule_otvp.go | 719 ++++++++ ...urce_switchcontroller_fortilinksettings.go | 28 + fortios/resource_switchcontroller_global.go | 32 + .../resource_switchcontroller_lldpprofile.go | 172 ++ ...resource_switchcontroller_managedswitch.go | 343 ++++ ...rce_switchcontrollerptp_interfacepolicy.go | 296 ++++ .../resource_switchcontrollerptp_profile.go | 379 +++++ fortios/resource_system_accprofile.go | 44 + fortios/resource_system_affinityinterrupt.go | 29 + fortios/resource_system_dnsdatabase.go | 56 + fortios/resource_system_dnsserver.go | 56 + fortios/resource_system_ftmpush.go | 32 + fortios/resource_system_global.go | 326 +++- fortios/resource_system_ha.go | 32 + fortios/resource_system_interface.go | 186 ++ fortios/resource_system_sdwan.go | 164 ++ fortios/resource_system_sessionttl.go | 23 + fortios/resource_system_settings.go | 96 ++ fortios/resource_system_speedtestschedule.go | 28 + fortios/resource_system_speedtestsetting.go | 218 +++ fortios/resource_user_ldap.go | 28 + fortios/resource_user_passwordpolicy.go | 230 +++ fortios/resource_user_peer.go | 114 ++ fortios/resource_user_radius.go | 84 + fortios/resource_user_saml.go | 28 + fortios/resource_user_setting.go | 33 + fortios/resource_virtualpatch_profile.go | 667 ++++++++ fortios/resource_vpncertificate_ca.go | 29 + fortios/resource_vpncertificate_local.go | 232 +++ fortios/resource_vpnipsec_phase1.go | 112 ++ fortios/resource_vpnipsec_phase1interface.go | 227 ++- fortios/resource_vpnsslweb_portal.go | 56 + fortios/resource_webproxy_fastfallback.go | 322 ++++ fortios/resource_webproxy_forwardserver.go | 28 + fortios/resource_webproxy_urlmatch.go | 29 + .../resource_wirelesscontroller_bleprofile.go | 173 ++ ...resource_wirelesscontroller_widsprofile.go | 224 +++ fortios/resource_wirelesscontroller_wtp.go | 58 + .../resource_wirelesscontroller_wtpgroup.go | 29 + .../resource_wirelesscontroller_wtpprofile.go | 385 +++++ sdk/request/request.go | 20 + sdk/sdkcore/firewall_centralsnatmap_move.go | 10 +- sdk/sdkcore/firewall_centralsnatmap_sort.go | 161 +- sdk/sdkcore/firewall_policy_move.go | 109 ++ sdk/sdkcore/firewall_policy_sort.go | 294 ++++ sdk/sdkcore/firewall_proxypolicy_move.go | 10 +- sdk/sdkcore/firewall_proxypolicy_sort.go | 161 +- sdk/sdkcore/firewall_security_policyseq.go | 20 +- sdk/sdkcore/firewall_security_policysort.go | 13 +- sdk/sdkcore/firewall_securitypolicy_move.go | 109 ++ sdk/sdkcore/firewall_securitypolicy_sort.go | 294 ++++ sdk/sdkcore/forticlient.go | 4 +- sdk/sdkcore/sdkfos.go | 1261 ++++++++++---- sdk/sdkcore/sdkutils.go | 12 +- .../d/fortios_firewall_policy.html.markdown | 2 + ...fortios_firewall_proxypolicy.html.markdown | 3 + .../docs/d/fortios_router_bgp.html.markdown | 4 + .../d/fortios_router_policy6.html.markdown | 2 + .../d/fortios_router_routemap.html.markdown | 1 + .../fortios_routerbgp_neighbor.html.markdown | 2 + .../d/fortios_system_accprofile.html.markdown | 2 + .../fortios_system_dnsdatabase.html.markdown | 2 + .../d/fortios_system_dnsserver.html.markdown | 2 + .../d/fortios_system_ftmpush.html.markdown | 1 + .../d/fortios_system_global.html.markdown | 10 + .../docs/d/fortios_system_ha.html.markdown | 1 + .../d/fortios_system_interface.html.markdown | 7 + .../d/fortios_system_sessionttl.html.markdown | 1 + .../docs/d/fortios_user_saml.html.markdown | 1 + website/docs/guides/fgt_policymove.html.md | 4 +- website/docs/guides/fgt_policysort.html.md | 4 +- .../fortios_authentication_rule.html.markdown | 2 + .../docs/r/fortios_casb_profile.html.markdown | 83 + ...fortios_casb_saasapplication.html.markdown | 46 + .../r/fortios_casb_useractivity.html.markdown | 94 ++ .../r/fortios_certificate_ca.html.markdown | 1 + ...entialstore_domaincontroller.html.markdown | 2 +- .../r/fortios_dnsfilter_profile.html.markdown | 5 + .../r/fortios_emailfilter_bwl.html.markdown | 2 +- ...dpointcontrol_fctemsoverride.html.markdown | 2 +- ...ios_endpointcontrol_settings.html.markdown | 2 +- ..._extendercontroller_dataplan.html.markdown | 2 +- ...ercontroller_extenderprofile.html.markdown | 2 +- ...fortios_firewall_accessproxy.html.markdown | 29 + ...ortios_firewall_accessproxy6.html.markdown | 29 + ...firewall_centralsnatmap_sort.html.markdown | 7 +- ...ios_firewall_interfacepolicy.html.markdown | 2 + ...os_firewall_interfacepolicy6.html.markdown | 2 + ...rewall_internetserviceappend.html.markdown | 2 +- .../r/fortios_firewall_policy.html.markdown | 2 + ...fortios_firewall_policy_move.html.markdown | 49 + ...fortios_firewall_policy_sort.html.markdown | 48 + ...ortios_firewall_profilegroup.html.markdown | 2 + ...fortios_firewall_proxypolicy.html.markdown | 3 + ...os_firewall_proxypolicy_sort.html.markdown | 7 +- ..._firewall_security_policyseq.html.markdown | 2 + ...firewall_security_policysort.html.markdown | 2 + ...tios_firewall_securitypolicy.html.markdown | 2 + ...firewall_securitypolicy_move.html.markdown | 49 + ...firewall_securitypolicy_sort.html.markdown | 48 + .../r/fortios_firewall_sniffer.html.markdown | 2 + ...rtios_firewall_sslsshprofile.html.markdown | 2 + .../docs/r/fortios_firewall_vip.html.markdown | 15 + .../docs/r/fortios_ips_global.html.markdown | 2 +- ...rtianalyzer2_overridesetting.html.markdown | 4 +- ...os_logfortianalyzer2_setting.html.markdown | 4 +- ...rtianalyzer3_overridesetting.html.markdown | 4 +- ...os_logfortianalyzer3_setting.html.markdown | 4 +- ...ortianalyzer_overridesetting.html.markdown | 4 +- ...ios_logfortianalyzer_setting.html.markdown | 4 +- ...ogfortianalyzercloud_setting.html.markdown | 2 +- ...ortios_logfortiguard_setting.html.markdown | 2 +- ..._logsyslogd2_overridesetting.html.markdown | 2 +- .../fortios_logsyslogd2_setting.html.markdown | 2 +- ..._logsyslogd3_overridesetting.html.markdown | 2 +- .../fortios_logsyslogd3_setting.html.markdown | 2 +- ..._logsyslogd4_overridesetting.html.markdown | 2 +- .../fortios_logsyslogd4_setting.html.markdown | 2 +- ...s_logsyslogd_overridesetting.html.markdown | 2 +- .../fortios_logsyslogd_setting.html.markdown | 2 +- .../docs/r/fortios_router_bgp.html.markdown | 4 + .../r/fortios_router_policy6.html.markdown | 2 + .../r/fortios_router_routemap.html.markdown | 1 + .../fortios_routerbgp_neighbor.html.markdown | 2 + .../docs/r/fortios_rule_otdt.html.markdown | 58 + .../docs/r/fortios_rule_otvp.html.markdown | 56 + ...controller_fortilinksettings.html.markdown | 1 + ...tios_switchcontroller_global.html.markdown | 1 + ...switchcontroller_lldpprofile.html.markdown | 6 + ...itchcontroller_managedswitch.html.markdown | 14 + ...s_switchcontroller_nacdevice.html.markdown | 2 +- ...switchcontroller_nacsettings.html.markdown | 2 +- ..._switchcontroller_portpolicy.html.markdown | 2 +- ...ontrollerptp_interfacepolicy.html.markdown | 38 + ...s_switchcontrollerptp_policy.html.markdown | 2 +- ..._switchcontrollerptp_profile.html.markdown | 41 + ...switchcontrollerptp_settings.html.markdown | 2 +- .../r/fortios_system_accprofile.html.markdown | 2 + ...ios_system_affinityinterrupt.html.markdown | 1 + ...fortios_system_deviceupgrade.html.markdown | 2 +- .../fortios_system_dnsdatabase.html.markdown | 2 + .../r/fortios_system_dnsserver.html.markdown | 2 + .../fortios_system_emailserver.html.markdown | 2 +- .../fortios_system_fortisandbox.html.markdown | 2 +- .../r/fortios_system_ftmpush.html.markdown | 1 + .../r/fortios_system_global.html.markdown | 12 +- .../r/fortios_system_interface.html.markdown | 7 + .../fortios_system_linkmonitor.html.markdown | 2 +- .../docs/r/fortios_system_sdwan.html.markdown | 9 +- .../r/fortios_system_sessionttl.html.markdown | 1 + .../r/fortios_system_settings.html.markdown | 3 + ...ios_system_speedtestschedule.html.markdown | 1 + ...tios_system_speedtestsetting.html.markdown | 36 + .../r/fortios_user_exchange.html.markdown | 2 +- .../docs/r/fortios_user_ldap.html.markdown | 3 +- .../fortios_user_passwordpolicy.html.markdown | 8 + .../docs/r/fortios_user_peer.html.markdown | 4 + .../docs/r/fortios_user_pop3.html.markdown | 2 +- .../docs/r/fortios_user_radius.html.markdown | 5 +- .../docs/r/fortios_user_saml.html.markdown | 1 + .../docs/r/fortios_user_setting.html.markdown | 3 +- ...fortios_virtualpatch_profile.html.markdown | 57 + .../r/fortios_vpn_kmipserver.html.markdown | 2 +- .../docs/r/fortios_vpn_ocvpn.html.markdown | 2 +- .../r/fortios_vpncertificate_ca.html.markdown | 1 + ...fortios_vpncertificate_local.html.markdown | 8 + ...rtios_vpncertificate_setting.html.markdown | 2 +- .../r/fortios_vpnipsec_phase1.html.markdown | 5 + ...ios_vpnipsec_phase1interface.html.markdown | 7 + .../r/fortios_vpnsslweb_portal.html.markdown | 2 + ...ortios_webproxy_fastfallback.html.markdown | 39 + ...rtios_webproxy_forwardserver.html.markdown | 3 +- .../r/fortios_webproxy_urlmatch.html.markdown | 1 + ...s_wirelesscontroller_address.html.markdown | 2 +- ...s_wirelesscontroller_addrgrp.html.markdown | 2 +- ...irelesscontroller_bleprofile.html.markdown | 6 + ...rtios_wirelesscontroller_vap.html.markdown | 6 +- ...relesscontroller_widsprofile.html.markdown | 10 + ...rtios_wirelesscontroller_wtp.html.markdown | 2 + ..._wirelesscontroller_wtpgroup.html.markdown | 1 + ...irelesscontroller_wtpprofile.html.markdown | 17 + 238 files changed, 17949 insertions(+), 589 deletions(-) create mode 100644 fortios/resource_casb_profile.go create mode 100644 fortios/resource_casb_saasapplication.go create mode 100644 fortios/resource_casb_useractivity.go create mode 100644 fortios/resource_firewall_policy_move.go create mode 100644 fortios/resource_firewall_policy_sort.go create mode 100644 fortios/resource_firewall_securitypolicy_move.go create mode 100644 fortios/resource_firewall_securitypolicy_sort.go create mode 100644 fortios/resource_rule_otdt.go create mode 100644 fortios/resource_rule_otvp.go create mode 100644 fortios/resource_switchcontrollerptp_interfacepolicy.go create mode 100644 fortios/resource_switchcontrollerptp_profile.go create mode 100644 fortios/resource_system_speedtestsetting.go create mode 100644 fortios/resource_virtualpatch_profile.go create mode 100644 fortios/resource_webproxy_fastfallback.go create mode 100644 sdk/sdkcore/firewall_policy_move.go create mode 100644 sdk/sdkcore/firewall_policy_sort.go create mode 100644 sdk/sdkcore/firewall_securitypolicy_move.go create mode 100644 sdk/sdkcore/firewall_securitypolicy_sort.go create mode 100644 website/docs/r/fortios_casb_profile.html.markdown create mode 100644 website/docs/r/fortios_casb_saasapplication.html.markdown create mode 100644 website/docs/r/fortios_casb_useractivity.html.markdown create mode 100644 website/docs/r/fortios_firewall_policy_move.html.markdown create mode 100644 website/docs/r/fortios_firewall_policy_sort.html.markdown create mode 100644 website/docs/r/fortios_firewall_securitypolicy_move.html.markdown create mode 100644 website/docs/r/fortios_firewall_securitypolicy_sort.html.markdown create mode 100644 website/docs/r/fortios_rule_otdt.html.markdown create mode 100644 website/docs/r/fortios_rule_otvp.html.markdown create mode 100644 website/docs/r/fortios_switchcontrollerptp_interfacepolicy.html.markdown create mode 100644 website/docs/r/fortios_switchcontrollerptp_profile.html.markdown create mode 100644 website/docs/r/fortios_system_speedtestsetting.html.markdown create mode 100644 website/docs/r/fortios_virtualpatch_profile.html.markdown create mode 100644 website/docs/r/fortios_webproxy_fastfallback.html.markdown diff --git a/CHANGELOG.md b/CHANGELOG.md index fd5266563..8cf268e64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,32 @@ -## 1.18.0 (Unreleased) +## 1.19.0 (Unreleased) +## 1.18.0 (Sep 11, 2023) +BUG FIXES: + +* Fix crash issue (#291); + +IMPROVEMENTS: + +* Support FortiOS v6.4.13, v6.4.14, v7.0.12, v7.4.1; + +FEATURES: + +* **New Resource:** `fortios_casb_useractivity` +* **New Resource:** `fortios_casb_saasapplication` +* **New Resource:** `fortios_casb_profile` +* **New Resource:** `fortios_rule_otvp` +* **New Resource:** `fortios_rule_otdt` +* **New Resource:** `fortios_switchcontrollerptp_profile` +* **New Resource:** `fortios_switchcontrollerptp_interfacepolicy` +* **New Resource:** `fortios_system_speedtestsetting` +* **New Resource:** `fortios_virtualpatch_profile` +* **New Resource:** `fortios_webproxy_fastfallback` +* **New Resource:** `fortios_firewall_policy_sort` +* **New Resource:** `fortios_firewall_policy_move` +* **New Resource:** `fortios_firewall_securitypolicy_sort` +* **New Resource:** `fortiof_firewall_securitypolicy_move` + ## 1.17.0 (Jun 22, 2023) BUG FIXES: diff --git a/fortios/data_source_firewall_policy.go b/fortios/data_source_firewall_policy.go index 46e1c3a03..b700d0d24 100644 --- a/fortios/data_source_firewall_policy.go +++ b/fortios/data_source_firewall_policy.go @@ -640,6 +640,10 @@ func dataSourceFirewallPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "icap_profile": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -660,6 +664,10 @@ func dataSourceFirewallPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "profile_protocol_options": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -2595,6 +2603,10 @@ func dataSourceFlattenFirewallPolicySctpFilterProfile(v interface{}, d *schema.R return v } +func dataSourceFlattenFirewallPolicyVirtualPatchProfile(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenFirewallPolicyIcapProfile(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -2615,6 +2627,10 @@ func dataSourceFlattenFirewallPolicySshFilterProfile(v interface{}, d *schema.Re return v } +func dataSourceFlattenFirewallPolicyCasbProfile(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenFirewallPolicyProfileProtocolOptions(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -4027,6 +4043,12 @@ func dataSourceRefreshObjectFirewallPolicy(d *schema.ResourceData, o map[string] } } + if err = d.Set("virtual_patch_profile", dataSourceFlattenFirewallPolicyVirtualPatchProfile(o["virtual-patch-profile"], d, "virtual_patch_profile")); err != nil { + if !fortiAPIPatch(o["virtual-patch-profile"]) { + return fmt.Errorf("Error reading virtual_patch_profile: %v", err) + } + } + if err = d.Set("icap_profile", dataSourceFlattenFirewallPolicyIcapProfile(o["icap-profile"], d, "icap_profile")); err != nil { if !fortiAPIPatch(o["icap-profile"]) { return fmt.Errorf("Error reading icap_profile: %v", err) @@ -4057,6 +4079,12 @@ func dataSourceRefreshObjectFirewallPolicy(d *schema.ResourceData, o map[string] } } + if err = d.Set("casb_profile", dataSourceFlattenFirewallPolicyCasbProfile(o["casb-profile"], d, "casb_profile")); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("profile_protocol_options", dataSourceFlattenFirewallPolicyProfileProtocolOptions(o["profile-protocol-options"], d, "profile_protocol_options")); err != nil { if !fortiAPIPatch(o["profile-protocol-options"]) { return fmt.Errorf("Error reading profile_protocol_options: %v", err) diff --git a/fortios/data_source_firewall_proxypolicy.go b/fortios/data_source_firewall_proxypolicy.go index 798d3fe13..e6ee021cc 100644 --- a/fortios/data_source_firewall_proxypolicy.go +++ b/fortios/data_source_firewall_proxypolicy.go @@ -456,6 +456,10 @@ func dataSourceFirewallProxyPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "icap_profile": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -476,6 +480,10 @@ func dataSourceFirewallProxyPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "profile_protocol_options": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -520,6 +528,10 @@ func dataSourceFirewallProxyPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "detect_https_in_http_request": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -1523,6 +1535,10 @@ func dataSourceFlattenFirewallProxyPolicySctpFilterProfile(v interface{}, d *sch return v } +func dataSourceFlattenFirewallProxyPolicyVirtualPatchProfile(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenFirewallProxyPolicyIcapProfile(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1543,6 +1559,10 @@ func dataSourceFlattenFirewallProxyPolicySshFilterProfile(v interface{}, d *sche return v } +func dataSourceFlattenFirewallProxyPolicyCasbProfile(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenFirewallProxyPolicyProfileProtocolOptions(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1587,6 +1607,10 @@ func dataSourceFlattenFirewallProxyPolicyDecryptedTrafficMirror(v interface{}, d return v } +func dataSourceFlattenFirewallProxyPolicyDetectHttpsInHttpRequest(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceRefreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[string]interface{}) error { var err error @@ -1968,6 +1992,12 @@ func dataSourceRefreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[st } } + if err = d.Set("virtual_patch_profile", dataSourceFlattenFirewallProxyPolicyVirtualPatchProfile(o["virtual-patch-profile"], d, "virtual_patch_profile")); err != nil { + if !fortiAPIPatch(o["virtual-patch-profile"]) { + return fmt.Errorf("Error reading virtual_patch_profile: %v", err) + } + } + if err = d.Set("icap_profile", dataSourceFlattenFirewallProxyPolicyIcapProfile(o["icap-profile"], d, "icap_profile")); err != nil { if !fortiAPIPatch(o["icap-profile"]) { return fmt.Errorf("Error reading icap_profile: %v", err) @@ -1998,6 +2028,12 @@ func dataSourceRefreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[st } } + if err = d.Set("casb_profile", dataSourceFlattenFirewallProxyPolicyCasbProfile(o["casb-profile"], d, "casb_profile")); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("profile_protocol_options", dataSourceFlattenFirewallProxyPolicyProfileProtocolOptions(o["profile-protocol-options"], d, "profile_protocol_options")); err != nil { if !fortiAPIPatch(o["profile-protocol-options"]) { return fmt.Errorf("Error reading profile_protocol_options: %v", err) @@ -2064,6 +2100,12 @@ func dataSourceRefreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[st } } + if err = d.Set("detect_https_in_http_request", dataSourceFlattenFirewallProxyPolicyDetectHttpsInHttpRequest(o["detect-https-in-http-request"], d, "detect_https_in_http_request")); err != nil { + if !fortiAPIPatch(o["detect-https-in-http-request"]) { + return fmt.Errorf("Error reading detect_https_in_http_request: %v", err) + } + } + return nil } diff --git a/fortios/data_source_router_bgp.go b/fortios/data_source_router_bgp.go index 45f0c0150..6f47cf1c3 100644 --- a/fortios/data_source_router_bgp.go +++ b/fortios/data_source_router_bgp.go @@ -581,6 +581,10 @@ func dataSourceRouterBgp() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "filter_list_in_vpnv4": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "filter_list_out": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -589,6 +593,10 @@ func dataSourceRouterBgp() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "filter_list_out_vpnv4": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "interface": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1138,6 +1146,10 @@ func dataSourceRouterBgp() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "filter_list_in_vpnv4": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "filter_list_out": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1146,6 +1158,10 @@ func dataSourceRouterBgp() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "filter_list_out_vpnv4": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "interface": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -2483,6 +2499,11 @@ func dataSourceFlattenRouterBgpNeighbor(v interface{}, d *schema.ResourceData, p tmp["filter_list_in6"] = dataSourceFlattenRouterBgpNeighborFilterListIn6(i["filter-list-in6"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_in_vpnv4" + if _, ok := i["filter-list-in-vpnv4"]; ok { + tmp["filter_list_in_vpnv4"] = dataSourceFlattenRouterBgpNeighborFilterListInVpnv4(i["filter-list-in-vpnv4"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out" if _, ok := i["filter-list-out"]; ok { tmp["filter_list_out"] = dataSourceFlattenRouterBgpNeighborFilterListOut(i["filter-list-out"], d, pre_append) @@ -2493,6 +2514,11 @@ func dataSourceFlattenRouterBgpNeighbor(v interface{}, d *schema.ResourceData, p tmp["filter_list_out6"] = dataSourceFlattenRouterBgpNeighborFilterListOut6(i["filter-list-out6"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out_vpnv4" + if _, ok := i["filter-list-out-vpnv4"]; ok { + tmp["filter_list_out_vpnv4"] = dataSourceFlattenRouterBgpNeighborFilterListOutVpnv4(i["filter-list-out-vpnv4"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface" if _, ok := i["interface"]; ok { tmp["interface"] = dataSourceFlattenRouterBgpNeighborInterface(i["interface"], d, pre_append) @@ -3069,6 +3095,10 @@ func dataSourceFlattenRouterBgpNeighborFilterListIn6(v interface{}, d *schema.Re return v } +func dataSourceFlattenRouterBgpNeighborFilterListInVpnv4(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterBgpNeighborFilterListOut(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -3077,6 +3107,10 @@ func dataSourceFlattenRouterBgpNeighborFilterListOut6(v interface{}, d *schema.R return v } +func dataSourceFlattenRouterBgpNeighborFilterListOutVpnv4(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterBgpNeighborInterface(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -3775,6 +3809,11 @@ func dataSourceFlattenRouterBgpNeighborGroup(v interface{}, d *schema.ResourceDa tmp["filter_list_in6"] = dataSourceFlattenRouterBgpNeighborGroupFilterListIn6(i["filter-list-in6"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_in_vpnv4" + if _, ok := i["filter-list-in-vpnv4"]; ok { + tmp["filter_list_in_vpnv4"] = dataSourceFlattenRouterBgpNeighborGroupFilterListInVpnv4(i["filter-list-in-vpnv4"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out" if _, ok := i["filter-list-out"]; ok { tmp["filter_list_out"] = dataSourceFlattenRouterBgpNeighborGroupFilterListOut(i["filter-list-out"], d, pre_append) @@ -3785,6 +3824,11 @@ func dataSourceFlattenRouterBgpNeighborGroup(v interface{}, d *schema.ResourceDa tmp["filter_list_out6"] = dataSourceFlattenRouterBgpNeighborGroupFilterListOut6(i["filter-list-out6"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out_vpnv4" + if _, ok := i["filter-list-out-vpnv4"]; ok { + tmp["filter_list_out_vpnv4"] = dataSourceFlattenRouterBgpNeighborGroupFilterListOutVpnv4(i["filter-list-out-vpnv4"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface" if _, ok := i["interface"]; ok { tmp["interface"] = dataSourceFlattenRouterBgpNeighborGroupInterface(i["interface"], d, pre_append) @@ -4351,6 +4395,10 @@ func dataSourceFlattenRouterBgpNeighborGroupFilterListIn6(v interface{}, d *sche return v } +func dataSourceFlattenRouterBgpNeighborGroupFilterListInVpnv4(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterBgpNeighborGroupFilterListOut(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -4359,6 +4407,10 @@ func dataSourceFlattenRouterBgpNeighborGroupFilterListOut6(v interface{}, d *sch return v } +func dataSourceFlattenRouterBgpNeighborGroupFilterListOutVpnv4(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterBgpNeighborGroupInterface(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } diff --git a/fortios/data_source_router_policy6.go b/fortios/data_source_router_policy6.go index edec544ef..332f78be2 100644 --- a/fortios/data_source_router_policy6.go +++ b/fortios/data_source_router_policy6.go @@ -96,6 +96,14 @@ func dataSourceRouterPolicy6() *schema.Resource { Type: schema.TypeInt, Computed: true, }, + "start_source_port": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, + "end_source_port": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, "gateway": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -307,6 +315,14 @@ func dataSourceFlattenRouterPolicy6EndPort(v interface{}, d *schema.ResourceData return v } +func dataSourceFlattenRouterPolicy6StartSourcePort(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenRouterPolicy6EndSourcePort(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterPolicy6Gateway(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -484,6 +500,18 @@ func dataSourceRefreshObjectRouterPolicy6(d *schema.ResourceData, o map[string]i } } + if err = d.Set("start_source_port", dataSourceFlattenRouterPolicy6StartSourcePort(o["start-source-port"], d, "start_source_port")); err != nil { + if !fortiAPIPatch(o["start-source-port"]) { + return fmt.Errorf("Error reading start_source_port: %v", err) + } + } + + if err = d.Set("end_source_port", dataSourceFlattenRouterPolicy6EndSourcePort(o["end-source-port"], d, "end_source_port")); err != nil { + if !fortiAPIPatch(o["end-source-port"]) { + return fmt.Errorf("Error reading end_source_port: %v", err) + } + } + if err = d.Set("gateway", dataSourceFlattenRouterPolicy6Gateway(o["gateway"], d, "gateway")); err != nil { if !fortiAPIPatch(o["gateway"]) { return fmt.Errorf("Error reading gateway: %v", err) diff --git a/fortios/data_source_router_routemap.go b/fortios/data_source_router_routemap.go index 6610cded7..709db3244 100644 --- a/fortios/data_source_router_routemap.go +++ b/fortios/data_source_router_routemap.go @@ -209,6 +209,10 @@ func dataSourceRouterRouteMap() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "set_vpnv4_nexthop": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "set_ip6_nexthop": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -508,6 +512,11 @@ func dataSourceFlattenRouterRouteMapRule(v interface{}, d *schema.ResourceData, tmp["set_ip_prefsrc"] = dataSourceFlattenRouterRouteMapRuleSetIpPrefsrc(i["set-ip-prefsrc"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "set_vpnv4_nexthop" + if _, ok := i["set-vpnv4-nexthop"]; ok { + tmp["set_vpnv4_nexthop"] = dataSourceFlattenRouterRouteMapRuleSetVpnv4Nexthop(i["set-vpnv4-nexthop"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "set_ip6_nexthop" if _, ok := i["set-ip6-nexthop"]; ok { tmp["set_ip6_nexthop"] = dataSourceFlattenRouterRouteMapRuleSetIp6Nexthop(i["set-ip6-nexthop"], d, pre_append) @@ -845,6 +854,10 @@ func dataSourceFlattenRouterRouteMapRuleSetIpPrefsrc(v interface{}, d *schema.Re return v } +func dataSourceFlattenRouterRouteMapRuleSetVpnv4Nexthop(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterRouteMapRuleSetIp6Nexthop(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } diff --git a/fortios/data_source_routerbgp_neighbor.go b/fortios/data_source_routerbgp_neighbor.go index 148787fa2..aac2ee30e 100644 --- a/fortios/data_source_routerbgp_neighbor.go +++ b/fortios/data_source_routerbgp_neighbor.go @@ -312,6 +312,10 @@ func dataSourceRouterbgpNeighbor() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "filter_list_in_vpnv4": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "filter_list_out": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -320,6 +324,10 @@ func dataSourceRouterbgpNeighbor() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "filter_list_out_vpnv4": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "interface": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -908,6 +916,10 @@ func dataSourceFlattenRouterbgpNeighborFilterListIn6(v interface{}, d *schema.Re return v } +func dataSourceFlattenRouterbgpNeighborFilterListInVpnv4(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterbgpNeighborFilterListOut(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -916,6 +928,10 @@ func dataSourceFlattenRouterbgpNeighborFilterListOut6(v interface{}, d *schema.R return v } +func dataSourceFlattenRouterbgpNeighborFilterListOutVpnv4(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterbgpNeighborInterface(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1669,6 +1685,12 @@ func dataSourceRefreshObjectRouterbgpNeighbor(d *schema.ResourceData, o map[stri } } + if err = d.Set("filter_list_in_vpnv4", dataSourceFlattenRouterbgpNeighborFilterListInVpnv4(o["filter-list-in-vpnv4"], d, "filter_list_in_vpnv4")); err != nil { + if !fortiAPIPatch(o["filter-list-in-vpnv4"]) { + return fmt.Errorf("Error reading filter_list_in_vpnv4: %v", err) + } + } + if err = d.Set("filter_list_out", dataSourceFlattenRouterbgpNeighborFilterListOut(o["filter-list-out"], d, "filter_list_out")); err != nil { if !fortiAPIPatch(o["filter-list-out"]) { return fmt.Errorf("Error reading filter_list_out: %v", err) @@ -1681,6 +1703,12 @@ func dataSourceRefreshObjectRouterbgpNeighbor(d *schema.ResourceData, o map[stri } } + if err = d.Set("filter_list_out_vpnv4", dataSourceFlattenRouterbgpNeighborFilterListOutVpnv4(o["filter-list-out-vpnv4"], d, "filter_list_out_vpnv4")); err != nil { + if !fortiAPIPatch(o["filter-list-out-vpnv4"]) { + return fmt.Errorf("Error reading filter_list_out_vpnv4: %v", err) + } + } + if err = d.Set("interface", dataSourceFlattenRouterbgpNeighborInterface(o["interface"], d, "interface")); err != nil { if !fortiAPIPatch(o["interface"]) { return fmt.Errorf("Error reading interface: %v", err) diff --git a/fortios/data_source_system_accprofile.go b/fortios/data_source_system_accprofile.go index db023f174..12be2598f 100644 --- a/fortios/data_source_system_accprofile.go +++ b/fortios/data_source_system_accprofile.go @@ -245,6 +245,14 @@ func dataSourceSystemAccprofile() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "virtual_patch": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "casb": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, }, }, }, @@ -651,6 +659,16 @@ func dataSourceFlattenSystemAccprofileUtmgrpPermission(v interface{}, d *schema. result["videofilter"] = dataSourceFlattenSystemAccprofileUtmgrpPermissionVideofilter(i["videofilter"], d, pre_append) } + pre_append = pre + ".0." + "virtual_patch" + if _, ok := i["virtual-patch"]; ok { + result["virtual_patch"] = dataSourceFlattenSystemAccprofileUtmgrpPermissionVirtualPatch(i["virtual-patch"], d, pre_append) + } + + pre_append = pre + ".0." + "casb" + if _, ok := i["casb"]; ok { + result["casb"] = dataSourceFlattenSystemAccprofileUtmgrpPermissionCasb(i["casb"], d, pre_append) + } + lastresult := []map[string]interface{}{result} return lastresult } @@ -715,6 +733,14 @@ func dataSourceFlattenSystemAccprofileUtmgrpPermissionVideofilter(v interface{}, return v } +func dataSourceFlattenSystemAccprofileUtmgrpPermissionVirtualPatch(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemAccprofileUtmgrpPermissionCasb(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemAccprofileAdmintimeoutOverride(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } diff --git a/fortios/data_source_system_dnsdatabase.go b/fortios/data_source_system_dnsdatabase.go index 40004c71a..1db435ff0 100644 --- a/fortios/data_source_system_dnsdatabase.go +++ b/fortios/data_source_system_dnsdatabase.go @@ -80,10 +80,18 @@ func dataSourceSystemDnsDatabase() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "forwarder6": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "source_ip": &schema.Schema{ Type: schema.TypeString, Computed: true, }, + "source_ip6": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "rr_max": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -231,10 +239,18 @@ func dataSourceFlattenSystemDnsDatabaseForwarder(v interface{}, d *schema.Resour return v } +func dataSourceFlattenSystemDnsDatabaseForwarder6(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemDnsDatabaseSourceIp(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } +func dataSourceFlattenSystemDnsDatabaseSourceIp6(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemDnsDatabaseRrMax(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -428,12 +444,24 @@ func dataSourceRefreshObjectSystemDnsDatabase(d *schema.ResourceData, o map[stri } } + if err = d.Set("forwarder6", dataSourceFlattenSystemDnsDatabaseForwarder6(o["forwarder6"], d, "forwarder6")); err != nil { + if !fortiAPIPatch(o["forwarder6"]) { + return fmt.Errorf("Error reading forwarder6: %v", err) + } + } + if err = d.Set("source_ip", dataSourceFlattenSystemDnsDatabaseSourceIp(o["source-ip"], d, "source_ip")); err != nil { if !fortiAPIPatch(o["source-ip"]) { return fmt.Errorf("Error reading source_ip: %v", err) } } + if err = d.Set("source_ip6", dataSourceFlattenSystemDnsDatabaseSourceIp6(o["source-ip6"], d, "source_ip6")); err != nil { + if !fortiAPIPatch(o["source-ip6"]) { + return fmt.Errorf("Error reading source_ip6: %v", err) + } + } + if err = d.Set("rr_max", dataSourceFlattenSystemDnsDatabaseRrMax(o["rr-max"], d, "rr_max")); err != nil { if !fortiAPIPatch(o["rr-max"]) { return fmt.Errorf("Error reading rr_max: %v", err) diff --git a/fortios/data_source_system_dnsserver.go b/fortios/data_source_system_dnsserver.go index 950348f62..38d751003 100644 --- a/fortios/data_source_system_dnsserver.go +++ b/fortios/data_source_system_dnsserver.go @@ -44,6 +44,14 @@ func dataSourceSystemDnsServer() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "doh3": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "doq": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -107,6 +115,14 @@ func dataSourceFlattenSystemDnsServerDoh(v interface{}, d *schema.ResourceData, return v } +func dataSourceFlattenSystemDnsServerDoh3(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemDnsServerDoq(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceRefreshObjectSystemDnsServer(d *schema.ResourceData, o map[string]interface{}) error { var err error @@ -134,6 +150,18 @@ func dataSourceRefreshObjectSystemDnsServer(d *schema.ResourceData, o map[string } } + if err = d.Set("doh3", dataSourceFlattenSystemDnsServerDoh3(o["doh3"], d, "doh3")); err != nil { + if !fortiAPIPatch(o["doh3"]) { + return fmt.Errorf("Error reading doh3: %v", err) + } + } + + if err = d.Set("doq", dataSourceFlattenSystemDnsServerDoq(o["doq"], d, "doq")); err != nil { + if !fortiAPIPatch(o["doq"]) { + return fmt.Errorf("Error reading doq: %v", err) + } + } + return nil } diff --git a/fortios/data_source_system_ftmpush.go b/fortios/data_source_system_ftmpush.go index f0d0a92c5..a820f0815 100644 --- a/fortios/data_source_system_ftmpush.go +++ b/fortios/data_source_system_ftmpush.go @@ -28,6 +28,10 @@ func dataSourceSystemFtmPush() *schema.Resource { ForceNew: true, }, + "proxy": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "server_port": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -86,6 +90,10 @@ func dataSourceSystemFtmPushRead(d *schema.ResourceData, m interface{}) error { return nil } +func dataSourceFlattenSystemFtmPushProxy(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemFtmPushServerPort(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -109,6 +117,12 @@ func dataSourceFlattenSystemFtmPushStatus(v interface{}, d *schema.ResourceData, func dataSourceRefreshObjectSystemFtmPush(d *schema.ResourceData, o map[string]interface{}) error { var err error + if err = d.Set("proxy", dataSourceFlattenSystemFtmPushProxy(o["proxy"], d, "proxy")); err != nil { + if !fortiAPIPatch(o["proxy"]) { + return fmt.Errorf("Error reading proxy: %v", err) + } + } + if err = d.Set("server_port", dataSourceFlattenSystemFtmPushServerPort(o["server-port"], d, "server_port")); err != nil { if !fortiAPIPatch(o["server-port"]) { return fmt.Errorf("Error reading server_port: %v", err) diff --git a/fortios/data_source_system_global.go b/fortios/data_source_system_global.go index c6de9aacf..e8e4943f1 100644 --- a/fortios/data_source_system_global.go +++ b/fortios/data_source_system_global.go @@ -224,6 +224,30 @@ func dataSourceSystemGlobal() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "quic_congestion_control_algo": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "quic_max_datagram_size": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, + "quic_udp_payload_size_shaping_per_cid": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "quic_ack_thresold": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, + "quic_pmtud": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "quic_tls_handshake_timeout": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, "anti_replay": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -272,6 +296,10 @@ func dataSourceSystemGlobal() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "gui_auto_upgrade_setup_warning": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "gui_workflow_management": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -792,6 +820,10 @@ func dataSourceSystemGlobal() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "sslvpn_web_mode": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "sslvpn_ems_sn_check": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1040,6 +1072,14 @@ func dataSourceSystemGlobal() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "fortitoken_cloud_push_status": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "fortitoken_cloud_sync_interval": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, "faz_disk_buffer_size": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -1334,6 +1374,30 @@ func dataSourceFlattenSystemGlobalTrafficPriorityLevel(v interface{}, d *schema. return v } +func dataSourceFlattenSystemGlobalQuicCongestionControlAlgo(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemGlobalQuicMaxDatagramSize(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemGlobalQuicUdpPayloadSizeShapingPerCid(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemGlobalQuicAckThresold(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemGlobalQuicPmtud(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemGlobalQuicTlsHandshakeTimeout(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemGlobalAntiReplay(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1382,6 +1446,10 @@ func dataSourceFlattenSystemGlobalGuiForticareRegistrationSetupWarning(v interfa return v } +func dataSourceFlattenSystemGlobalGuiAutoUpgradeSetupWarning(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemGlobalGuiWorkflowManagement(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1909,6 +1977,10 @@ func dataSourceFlattenSystemGlobalVpnEmsSnCheck(v interface{}, d *schema.Resourc return v } +func dataSourceFlattenSystemGlobalSslvpnWebMode(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemGlobalSslvpnEmsSnCheck(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -2157,6 +2229,14 @@ func dataSourceFlattenSystemGlobalFortitokenCloud(v interface{}, d *schema.Resou return v } +func dataSourceFlattenSystemGlobalFortitokenCloudPushStatus(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemGlobalFortitokenCloudSyncInterval(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemGlobalFazDiskBufferSize(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -2538,6 +2618,42 @@ func dataSourceRefreshObjectSystemGlobal(d *schema.ResourceData, o map[string]in } } + if err = d.Set("quic_congestion_control_algo", dataSourceFlattenSystemGlobalQuicCongestionControlAlgo(o["quic-congestion-control-algo"], d, "quic_congestion_control_algo")); err != nil { + if !fortiAPIPatch(o["quic-congestion-control-algo"]) { + return fmt.Errorf("Error reading quic_congestion_control_algo: %v", err) + } + } + + if err = d.Set("quic_max_datagram_size", dataSourceFlattenSystemGlobalQuicMaxDatagramSize(o["quic-max-datagram-size"], d, "quic_max_datagram_size")); err != nil { + if !fortiAPIPatch(o["quic-max-datagram-size"]) { + return fmt.Errorf("Error reading quic_max_datagram_size: %v", err) + } + } + + if err = d.Set("quic_udp_payload_size_shaping_per_cid", dataSourceFlattenSystemGlobalQuicUdpPayloadSizeShapingPerCid(o["quic-udp-payload-size-shaping-per-cid"], d, "quic_udp_payload_size_shaping_per_cid")); err != nil { + if !fortiAPIPatch(o["quic-udp-payload-size-shaping-per-cid"]) { + return fmt.Errorf("Error reading quic_udp_payload_size_shaping_per_cid: %v", err) + } + } + + if err = d.Set("quic_ack_thresold", dataSourceFlattenSystemGlobalQuicAckThresold(o["quic-ack-thresold"], d, "quic_ack_thresold")); err != nil { + if !fortiAPIPatch(o["quic-ack-thresold"]) { + return fmt.Errorf("Error reading quic_ack_thresold: %v", err) + } + } + + if err = d.Set("quic_pmtud", dataSourceFlattenSystemGlobalQuicPmtud(o["quic-pmtud"], d, "quic_pmtud")); err != nil { + if !fortiAPIPatch(o["quic-pmtud"]) { + return fmt.Errorf("Error reading quic_pmtud: %v", err) + } + } + + if err = d.Set("quic_tls_handshake_timeout", dataSourceFlattenSystemGlobalQuicTlsHandshakeTimeout(o["quic-tls-handshake-timeout"], d, "quic_tls_handshake_timeout")); err != nil { + if !fortiAPIPatch(o["quic-tls-handshake-timeout"]) { + return fmt.Errorf("Error reading quic_tls_handshake_timeout: %v", err) + } + } + if err = d.Set("anti_replay", dataSourceFlattenSystemGlobalAntiReplay(o["anti-replay"], d, "anti_replay")); err != nil { if !fortiAPIPatch(o["anti-replay"]) { return fmt.Errorf("Error reading anti_replay: %v", err) @@ -2610,6 +2726,12 @@ func dataSourceRefreshObjectSystemGlobal(d *schema.ResourceData, o map[string]in } } + if err = d.Set("gui_auto_upgrade_setup_warning", dataSourceFlattenSystemGlobalGuiAutoUpgradeSetupWarning(o["gui-auto-upgrade-setup-warning"], d, "gui_auto_upgrade_setup_warning")); err != nil { + if !fortiAPIPatch(o["gui-auto-upgrade-setup-warning"]) { + return fmt.Errorf("Error reading gui_auto_upgrade_setup_warning: %v", err) + } + } + if err = d.Set("gui_workflow_management", dataSourceFlattenSystemGlobalGuiWorkflowManagement(o["gui-workflow-management"], d, "gui_workflow_management")); err != nil { if !fortiAPIPatch(o["gui-workflow-management"]) { return fmt.Errorf("Error reading gui_workflow_management: %v", err) @@ -3390,6 +3512,12 @@ func dataSourceRefreshObjectSystemGlobal(d *schema.ResourceData, o map[string]in } } + if err = d.Set("sslvpn_web_mode", dataSourceFlattenSystemGlobalSslvpnWebMode(o["sslvpn-web-mode"], d, "sslvpn_web_mode")); err != nil { + if !fortiAPIPatch(o["sslvpn-web-mode"]) { + return fmt.Errorf("Error reading sslvpn_web_mode: %v", err) + } + } + if err = d.Set("sslvpn_ems_sn_check", dataSourceFlattenSystemGlobalSslvpnEmsSnCheck(o["sslvpn-ems-sn-check"], d, "sslvpn_ems_sn_check")); err != nil { if !fortiAPIPatch(o["sslvpn-ems-sn-check"]) { return fmt.Errorf("Error reading sslvpn_ems_sn_check: %v", err) @@ -3762,6 +3890,18 @@ func dataSourceRefreshObjectSystemGlobal(d *schema.ResourceData, o map[string]in } } + if err = d.Set("fortitoken_cloud_push_status", dataSourceFlattenSystemGlobalFortitokenCloudPushStatus(o["fortitoken-cloud-push-status"], d, "fortitoken_cloud_push_status")); err != nil { + if !fortiAPIPatch(o["fortitoken-cloud-push-status"]) { + return fmt.Errorf("Error reading fortitoken_cloud_push_status: %v", err) + } + } + + if err = d.Set("fortitoken_cloud_sync_interval", dataSourceFlattenSystemGlobalFortitokenCloudSyncInterval(o["fortitoken-cloud-sync-interval"], d, "fortitoken_cloud_sync_interval")); err != nil { + if !fortiAPIPatch(o["fortitoken-cloud-sync-interval"]) { + return fmt.Errorf("Error reading fortitoken_cloud_sync_interval: %v", err) + } + } + if err = d.Set("faz_disk_buffer_size", dataSourceFlattenSystemGlobalFazDiskBufferSize(o["faz-disk-buffer-size"], d, "faz_disk_buffer_size")); err != nil { if !fortiAPIPatch(o["faz-disk-buffer-size"]) { return fmt.Errorf("Error reading faz_disk_buffer_size: %v", err) diff --git a/fortios/data_source_system_ha.go b/fortios/data_source_system_ha.go index fe551523b..287b2204c 100644 --- a/fortios/data_source_system_ha.go +++ b/fortios/data_source_system_ha.go @@ -162,6 +162,10 @@ func dataSourceSystemHa() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "upgrade_mode": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "uninterruptible_upgrade": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -660,6 +664,10 @@ func dataSourceFlattenSystemHaLinkFailedSignal(v interface{}, d *schema.Resource return v } +func dataSourceFlattenSystemHaUpgradeMode(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemHaUninterruptibleUpgrade(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -1405,6 +1413,12 @@ func dataSourceRefreshObjectSystemHa(d *schema.ResourceData, o map[string]interf } } + if err = d.Set("upgrade_mode", dataSourceFlattenSystemHaUpgradeMode(o["upgrade-mode"], d, "upgrade_mode")); err != nil { + if !fortiAPIPatch(o["upgrade-mode"]) { + return fmt.Errorf("Error reading upgrade_mode: %v", err) + } + } + if err = d.Set("uninterruptible_upgrade", dataSourceFlattenSystemHaUninterruptibleUpgrade(o["uninterruptible-upgrade"], d, "uninterruptible_upgrade")); err != nil { if !fortiAPIPatch(o["uninterruptible-upgrade"]) { return fmt.Errorf("Error reading uninterruptible_upgrade: %v", err) diff --git a/fortios/data_source_system_interface.go b/fortios/data_source_system_interface.go index d35a6a85d..fd9edf620 100644 --- a/fortios/data_source_system_interface.go +++ b/fortios/data_source_system_interface.go @@ -112,6 +112,14 @@ func dataSourceSystemInterface() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "dhcp_relay_source_ip": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "dhcp_relay_circuit_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "dhcp_relay_link_selection": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1050,6 +1058,18 @@ func dataSourceSystemInterface() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "switch_controller_offload": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "switch_controller_offload_ip": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "switch_controller_offload_gw": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "swc_vlan": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -1356,6 +1376,14 @@ func dataSourceSystemInterface() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "dhcp6_relay_source_ip": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + "dhcp6_relay_interface_id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "dhcp6_client_options": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1648,6 +1676,14 @@ func dataSourceFlattenSystemInterfaceDhcpRelayIp(v interface{}, d *schema.Resour return v } +func dataSourceFlattenSystemInterfaceDhcpRelaySourceIp(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemInterfaceDhcpRelayCircuitId(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemInterfaceDhcpRelayLinkSelection(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -2919,6 +2955,18 @@ func dataSourceFlattenSystemInterfaceSwitchControllerIotScanning(v interface{}, return v } +func dataSourceFlattenSystemInterfaceSwitchControllerOffload(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemInterfaceSwitchControllerOffloadIp(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemInterfaceSwitchControllerOffloadGw(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemInterfaceSwcVlan(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -3238,6 +3286,16 @@ func dataSourceFlattenSystemInterfaceIpv6(v interface{}, d *schema.ResourceData, result["dhcp6_relay_ip"] = dataSourceFlattenSystemInterfaceIpv6Dhcp6RelayIp(i["dhcp6-relay-ip"], d, pre_append) } + pre_append = pre + ".0." + "dhcp6_relay_source_ip" + if _, ok := i["dhcp6-relay-source-ip"]; ok { + result["dhcp6_relay_source_ip"] = dataSourceFlattenSystemInterfaceIpv6Dhcp6RelaySourceIp(i["dhcp6-relay-source-ip"], d, pre_append) + } + + pre_append = pre + ".0." + "dhcp6_relay_interface_id" + if _, ok := i["dhcp6-relay-interface-id"]; ok { + result["dhcp6_relay_interface_id"] = dataSourceFlattenSystemInterfaceIpv6Dhcp6RelayInterfaceId(i["dhcp6-relay-interface-id"], d, pre_append) + } + pre_append = pre + ".0." + "dhcp6_client_options" if _, ok := i["dhcp6-client-options"]; ok { result["dhcp6_client_options"] = dataSourceFlattenSystemInterfaceIpv6Dhcp6ClientOptions(i["dhcp6-client-options"], d, pre_append) @@ -3686,6 +3744,14 @@ func dataSourceFlattenSystemInterfaceIpv6Dhcp6RelayIp(v interface{}, d *schema.R return v } +func dataSourceFlattenSystemInterfaceIpv6Dhcp6RelaySourceIp(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + +func dataSourceFlattenSystemInterfaceIpv6Dhcp6RelayInterfaceId(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemInterfaceIpv6Dhcp6ClientOptions(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -3995,6 +4061,18 @@ func dataSourceRefreshObjectSystemInterface(d *schema.ResourceData, o map[string } } + if err = d.Set("dhcp_relay_source_ip", dataSourceFlattenSystemInterfaceDhcpRelaySourceIp(o["dhcp-relay-source-ip"], d, "dhcp_relay_source_ip")); err != nil { + if !fortiAPIPatch(o["dhcp-relay-source-ip"]) { + return fmt.Errorf("Error reading dhcp_relay_source_ip: %v", err) + } + } + + if err = d.Set("dhcp_relay_circuit_id", dataSourceFlattenSystemInterfaceDhcpRelayCircuitId(o["dhcp-relay-circuit-id"], d, "dhcp_relay_circuit_id")); err != nil { + if !fortiAPIPatch(o["dhcp-relay-circuit-id"]) { + return fmt.Errorf("Error reading dhcp_relay_circuit_id: %v", err) + } + } + if err = d.Set("dhcp_relay_link_selection", dataSourceFlattenSystemInterfaceDhcpRelayLinkSelection(o["dhcp-relay-link-selection"], d, "dhcp_relay_link_selection")); err != nil { if !fortiAPIPatch(o["dhcp-relay-link-selection"]) { return fmt.Errorf("Error reading dhcp_relay_link_selection: %v", err) @@ -5153,6 +5231,24 @@ func dataSourceRefreshObjectSystemInterface(d *schema.ResourceData, o map[string } } + if err = d.Set("switch_controller_offload", dataSourceFlattenSystemInterfaceSwitchControllerOffload(o["switch-controller-offload"], d, "switch_controller_offload")); err != nil { + if !fortiAPIPatch(o["switch-controller-offload"]) { + return fmt.Errorf("Error reading switch_controller_offload: %v", err) + } + } + + if err = d.Set("switch_controller_offload_ip", dataSourceFlattenSystemInterfaceSwitchControllerOffloadIp(o["switch-controller-offload-ip"], d, "switch_controller_offload_ip")); err != nil { + if !fortiAPIPatch(o["switch-controller-offload-ip"]) { + return fmt.Errorf("Error reading switch_controller_offload_ip: %v", err) + } + } + + if err = d.Set("switch_controller_offload_gw", dataSourceFlattenSystemInterfaceSwitchControllerOffloadGw(o["switch-controller-offload-gw"], d, "switch_controller_offload_gw")); err != nil { + if !fortiAPIPatch(o["switch-controller-offload-gw"]) { + return fmt.Errorf("Error reading switch_controller_offload_gw: %v", err) + } + } + if err = d.Set("swc_vlan", dataSourceFlattenSystemInterfaceSwcVlan(o["swc-vlan"], d, "swc_vlan")); err != nil { if !fortiAPIPatch(o["swc-vlan"]) { return fmt.Errorf("Error reading swc_vlan: %v", err) diff --git a/fortios/data_source_system_sessionttl.go b/fortios/data_source_system_sessionttl.go index 7a11fbd02..8e1a88c04 100644 --- a/fortios/data_source_system_sessionttl.go +++ b/fortios/data_source_system_sessionttl.go @@ -57,6 +57,10 @@ func dataSourceSystemSessionTtl() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "refresh_direction": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, }, }, }, @@ -146,6 +150,11 @@ func dataSourceFlattenSystemSessionTtlPort(v interface{}, d *schema.ResourceData tmp["timeout"] = dataSourceFlattenSystemSessionTtlPortTimeout(i["timeout"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "refresh_direction" + if _, ok := i["refresh-direction"]; ok { + tmp["refresh_direction"] = dataSourceFlattenSystemSessionTtlPortRefreshDirection(i["refresh-direction"], d, pre_append) + } + result = append(result, tmp) con += 1 @@ -174,6 +183,10 @@ func dataSourceFlattenSystemSessionTtlPortTimeout(v interface{}, d *schema.Resou return v } +func dataSourceFlattenSystemSessionTtlPortRefreshDirection(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceRefreshObjectSystemSessionTtl(d *schema.ResourceData, o map[string]interface{}) error { var err error diff --git a/fortios/data_source_user_saml.go b/fortios/data_source_user_saml.go index 7bb66242a..01e2f474f 100644 --- a/fortios/data_source_user_saml.go +++ b/fortios/data_source_user_saml.go @@ -100,6 +100,10 @@ func dataSourceUserSaml() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "reauth": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, }, } } @@ -219,6 +223,10 @@ func dataSourceFlattenUserSamlGroupClaimType(v interface{}, d *schema.ResourceDa return v } +func dataSourceFlattenUserSamlReauth(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceRefreshObjectUserSaml(d *schema.ResourceData, o map[string]interface{}) error { var err error @@ -330,6 +338,12 @@ func dataSourceRefreshObjectUserSaml(d *schema.ResourceData, o map[string]interf } } + if err = d.Set("reauth", dataSourceFlattenUserSamlReauth(o["reauth"], d, "reauth")); err != nil { + if !fortiAPIPatch(o["reauth"]) { + return fmt.Errorf("Error reading reauth: %v", err) + } + } + return nil } diff --git a/fortios/provider.go b/fortios/provider.go index a2de357f0..6a179bef9 100644 --- a/fortios/provider.go +++ b/fortios/provider.go @@ -389,8 +389,8 @@ func Provider() *schema.Provider { "fortios_firewall_object_vipgroup": resourceFirewallObjectVipGroup(), "fortios_firewall_object_ippool": resourceFirewallObjectIPPool(), "fortios_firewall_security_policy": resourceFirewallSecurityPolicy1(), - "fortios_firewall_security_policyseq": resourceFirewallSecurityPolicySeq(), - "fortios_firewall_security_policysort": resourceFirewallSecurityPolicySort(), + "fortios_firewall_security_policyseq": resourceFirewallPolicyOldvSeq(), + "fortios_firewall_security_policysort": resourceFirewallPolicyOldvSort(), "fortios_system_setting_global": resourceSystemSettingGlobal(), "fortios_system_setting_dns": resourceSystemSettingDNS(), "fortios_system_setting_ntp": resourceSystemSettingNTP(), @@ -441,8 +441,11 @@ func Provider() *schema.Provider { "fortios_application_list": resourceApplicationList(), "fortios_application_name": resourceApplicationName(), "fortios_application_rulesettings": resourceApplicationRuleSettings(), + "fortios_casb_useractivity": resourceCasbUserActivity(), "fortios_authentication_rule": resourceAuthenticationRule(), + "fortios_casb_saasapplication": resourceCasbSaasApplication(), "fortios_authentication_scheme": resourceAuthenticationScheme(), + "fortios_casb_profile": resourceCasbProfile(), "fortios_authentication_setting": resourceAuthenticationSetting(), "fortios_automation_setting": resourceAutomationSetting(), "fortios_certificate_ca": resourceCertificateCa(), @@ -474,9 +477,9 @@ func Provider() *schema.Provider { "fortios_emailfilter_mheader": resourceEmailfilterMheader(), "fortios_emailfilter_options": resourceEmailfilterOptions(), "fortios_emailfilter_profile": resourceEmailfilterProfile(), - "fortios_endpointcontrol_fctemsoverride": resourceEndpointControlFctemsOverride(), "fortios_endpointcontrol_client": resourceEndpointControlClient(), "fortios_endpointcontrol_fctems": resourceEndpointControlFctems(), + "fortios_endpointcontrol_fctemsoverride": resourceEndpointControlFctemsOverride(), "fortios_endpointcontrol_forticlientems": resourceEndpointControlForticlientEms(), "fortios_endpointcontrol_forticlientregistrationsync": resourceEndpointControlForticlientRegistrationSync(), "fortios_endpointcontrol_profile": resourceEndpointControlProfile(), @@ -685,7 +688,9 @@ func Provider() *schema.Provider { "fortios_router_rip": resourceRouterRip(), "fortios_router_ripng": resourceRouterRipng(), "fortios_router_routemap": resourceRouterRouteMap(), + "fortios_rule_otvp": resourceRuleOtvp(), "fortios_router_setting": resourceRouterSetting(), + "fortios_rule_otdt": resourceRuleOtdt(), "fortios_router_static": resourceRouterStatic(), "fortios_router_static6": resourceRouterStatic6(), "fortios_sctpfilter_profile": resourceSctpFilterProfile(), @@ -732,14 +737,16 @@ func Provider() *schema.Provider { "fortios_switchcontroller_system": resourceSwitchControllerSystem(), "fortios_switchcontroller_trafficpolicy": resourceSwitchControllerTrafficPolicy(), "fortios_switchcontroller_trafficsniffer": resourceSwitchControllerTrafficSniffer(), - "fortios_switchcontrolleracl_ingress": resourceSwitchControllerAclIngress(), "fortios_switchcontroller_virtualportpool": resourceSwitchControllerVirtualPortPool(), - "fortios_switchcontrolleracl_group": resourceSwitchControllerAclGroup(), "fortios_switchcontroller_vlan": resourceSwitchControllerVlan(), "fortios_switchcontroller_vlanpolicy": resourceSwitchControllerVlanPolicy(), + "fortios_switchcontrolleracl_group": resourceSwitchControllerAclGroup(), + "fortios_switchcontrolleracl_ingress": resourceSwitchControllerAclIngress(), "fortios_switchcontrollerautoconfig_custom": resourceSwitchControllerAutoConfigCustom(), "fortios_switchcontrollerautoconfig_default": resourceSwitchControllerAutoConfigDefault(), + "fortios_switchcontrollerptp_profile": resourceSwitchControllerPtpProfile(), "fortios_switchcontrollerautoconfig_policy": resourceSwitchControllerAutoConfigPolicy(), + "fortios_switchcontrollerptp_interfacepolicy": resourceSwitchControllerPtpInterfacePolicy(), "fortios_switchcontrollerinitialconfig_template": resourceSwitchControllerInitialConfigTemplate(), "fortios_switchcontrollerinitialconfig_vlans": resourceSwitchControllerInitialConfigVlans(), "fortios_switchcontrollerptp_policy": resourceSwitchControllerPtpPolicy(), @@ -778,9 +785,9 @@ func Provider() *schema.Provider { "fortios_system_dnsdatabase": resourceSystemDnsDatabase(), "fortios_system_dnsserver": resourceSystemDnsServer(), "fortios_system_dns64": resourceSystemDns64(), - "fortios_system_evpn": resourceSystemEvpn(), "fortios_system_dscpbasedpriority": resourceSystemDscpBasedPriority(), "fortios_system_emailserver": resourceSystemEmailServer(), + "fortios_system_evpn": resourceSystemEvpn(), "fortios_system_externalresource": resourceSystemExternalResource(), "fortios_system_fabricvpn": resourceSystemFabricVpn(), "fortios_system_federatedupgrade": resourceSystemFederatedUpgrade(), @@ -823,9 +830,9 @@ func Provider() *schema.Provider { "fortios_system_npu": resourceSystemNpu(), "fortios_system_ntp": resourceSystemNtp(), "fortios_system_objecttagging": resourceSystemObjectTagging(), - "fortios_system_pcpserver": resourceSystemPcpServer(), "fortios_system_passwordpolicy": resourceSystemPasswordPolicy(), "fortios_system_passwordpolicyguestadmin": resourceSystemPasswordPolicyGuestAdmin(), + "fortios_system_pcpserver": resourceSystemPcpServer(), "fortios_system_physicalswitch": resourceSystemPhysicalSwitch(), "fortios_system_pppoeinterface": resourceSystemPppoeInterface(), "fortios_system_proberesponse": resourceSystemProbeResponse(), @@ -834,9 +841,9 @@ func Provider() *schema.Provider { "fortios_system_replacemsggroup": resourceSystemReplacemsgGroup(), "fortios_system_replacemsgimage": resourceSystemReplacemsgImage(), "fortios_system_resourcelimits": resourceSystemResourceLimits(), - "fortios_system_sdnproxy": resourceSystemSdnProxy(), "fortios_system_saml": resourceSystemSaml(), "fortios_system_sdnconnector": resourceSystemSdnConnector(), + "fortios_system_sdnproxy": resourceSystemSdnProxy(), "fortios_system_sdwan": resourceSystemSdwan(), "fortios_system_sessionhelper": resourceSystemSessionHelper(), "fortios_system_sessionttl": resourceSystemSessionTtl(), @@ -844,6 +851,7 @@ func Provider() *schema.Provider { "fortios_system_sflow": resourceSystemSflow(), "fortios_system_sittunnel": resourceSystemSitTunnel(), "fortios_system_smsserver": resourceSystemSmsServer(), + "fortios_system_speedtestsetting": resourceSystemSpeedTestSetting(), "fortios_system_speedtestschedule": resourceSystemSpeedTestSchedule(), "fortios_system_speedtestserver": resourceSystemSpeedTestServer(), "fortios_system_ssoadmin": resourceSystemSsoAdmin(), @@ -925,10 +933,11 @@ func Provider() *schema.Provider { "fortios_user_setting": resourceUserSetting(), "fortios_user_tacacs": resourceUserTacacs(), "fortios_videofilter_profile": resourceVideofilterProfile(), + "fortios_virtualpatch_profile": resourceVirtualPatchProfile(), "fortios_videofilter_youtubechannelfilter": resourceVideofilterYoutubeChannelFilter(), - "fortios_vpn_kmipserver": resourceVpnKmipServer(), "fortios_videofilter_youtubekey": resourceVideofilterYoutubeKey(), "fortios_voip_profile": resourceVoipProfile(), + "fortios_vpn_kmipserver": resourceVpnKmipServer(), "fortios_vpn_l2tp": resourceVpnL2Tp(), "fortios_vpn_ocvpn": resourceVpnOcvpn(), "fortios_vpn_pptp": resourceVpnPptp(), @@ -966,6 +975,7 @@ func Provider() *schema.Provider { "fortios_wanopt_remotestorage": resourceWanoptRemoteStorage(), "fortios_wanopt_settings": resourceWanoptSettings(), "fortios_wanopt_webcache": resourceWanoptWebcache(), + "fortios_webproxy_fastfallback": resourceWebProxyFastFallback(), "fortios_webproxy_debugurl": resourceWebProxyDebugUrl(), "fortios_webproxy_explicit": resourceWebProxyExplicit(), "fortios_webproxy_forwardserver": resourceWebProxyForwardServer(), @@ -1040,8 +1050,12 @@ func Provider() *schema.Provider { "fortios_routerospf6_ospf6interface": resourceRouterospf6Ospf6Interface(), "fortios_firewall_centralsnatmap_move": resourceFirewallCentralsnatmapMove(), "fortios_firewall_proxypolicy_move": resourceFirewallProxypolicyMove(), + "fortios_firewall_policy_move": resourceFirewallPolicyMove(), + "fortios_firewall_securitypolicy_move": resourceFirewallSecuritypolicyMove(), "fortios_firewall_centralsnatmap_sort": resourceFirewallCentralsnatmapSort(), "fortios_firewall_proxypolicy_sort": resourceFirewallProxypolicySort(), + "fortios_firewall_policy_sort": resourceFirewallPolicySort(), + "fortios_firewall_securitypolicy_sort": resourceFirewallSecuritypolicySort(), }, ConfigureFunc: providerConfigure, diff --git a/fortios/resource_authentication_rule.go b/fortios/resource_authentication_rule.go index b6527cc7e..bd369c8ee 100644 --- a/fortios/resource_authentication_rule.go +++ b/fortios/resource_authentication_rule.go @@ -144,6 +144,17 @@ func resourceAuthenticationRule() *schema.Resource { Optional: true, Computed: true, }, + "cors_stateful": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "cors_depth": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, "transaction_based": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -532,6 +543,14 @@ func flattenAuthenticationRuleWebAuthCookie(v interface{}, d *schema.ResourceDat return v } +func flattenAuthenticationRuleCorsStateful(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenAuthenticationRuleCorsDepth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenAuthenticationRuleTransactionBased(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -675,6 +694,18 @@ func refreshObjectAuthenticationRule(d *schema.ResourceData, o map[string]interf } } + if err = d.Set("cors_stateful", flattenAuthenticationRuleCorsStateful(o["cors-stateful"], d, "cors_stateful", sv)); err != nil { + if !fortiAPIPatch(o["cors-stateful"]) { + return fmt.Errorf("Error reading cors_stateful: %v", err) + } + } + + if err = d.Set("cors_depth", flattenAuthenticationRuleCorsDepth(o["cors-depth"], d, "cors_depth", sv)); err != nil { + if !fortiAPIPatch(o["cors-depth"]) { + return fmt.Errorf("Error reading cors_depth: %v", err) + } + } + if err = d.Set("transaction_based", flattenAuthenticationRuleTransactionBased(o["transaction-based"], d, "transaction_based", sv)); err != nil { if !fortiAPIPatch(o["transaction-based"]) { return fmt.Errorf("Error reading transaction_based: %v", err) @@ -885,6 +916,14 @@ func expandAuthenticationRuleWebAuthCookie(d *schema.ResourceData, v interface{} return v, nil } +func expandAuthenticationRuleCorsStateful(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandAuthenticationRuleCorsDepth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandAuthenticationRuleTransactionBased(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1008,6 +1047,24 @@ func getObjectAuthenticationRule(d *schema.ResourceData, sv string) (*map[string } } + if v, ok := d.GetOk("cors_stateful"); ok { + t, err := expandAuthenticationRuleCorsStateful(d, v, "cors_stateful", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cors-stateful"] = t + } + } + + if v, ok := d.GetOk("cors_depth"); ok { + t, err := expandAuthenticationRuleCorsDepth(d, v, "cors_depth", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cors-depth"] = t + } + } + if v, ok := d.GetOk("transaction_based"); ok { t, err := expandAuthenticationRuleTransactionBased(d, v, "transaction_based", sv) if err != nil { diff --git a/fortios/resource_casb_profile.go b/fortios/resource_casb_profile.go new file mode 100644 index 000000000..18abe975a --- /dev/null +++ b/fortios/resource_casb_profile.go @@ -0,0 +1,1168 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure CASB profile. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceCasbProfile() *schema.Resource { + return &schema.Resource{ + Create: resourceCasbProfileCreate, + Read: resourceCasbProfileRead, + Update: resourceCasbProfileUpdate, + Delete: resourceCasbProfileDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + ForceNew: true, + Optional: true, + Computed: true, + }, + "saas_application": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "safe_search": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "safe_search_control": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "tenant_control": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "tenant_control_tenants": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "domain_control": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "domain_control_domains": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "log": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "access_rule": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bypass": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, + "custom_control": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "option": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "user_input": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "value": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceCasbProfileCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectCasbProfile(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating CasbProfile resource while getting object: %v", err) + } + + o, err := c.CreateCasbProfile(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating CasbProfile resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("CasbProfile") + } + + return resourceCasbProfileRead(d, m) +} + +func resourceCasbProfileUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectCasbProfile(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating CasbProfile resource while getting object: %v", err) + } + + o, err := c.UpdateCasbProfile(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating CasbProfile resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("CasbProfile") + } + + return resourceCasbProfileRead(d, m) +} + +func resourceCasbProfileDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteCasbProfile(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting CasbProfile resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceCasbProfileRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadCasbProfile(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading CasbProfile resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectCasbProfile(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading CasbProfile resource from API: %v", err) + } + return nil +} + +func flattenCasbProfileName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplication(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationName(i["name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "safe_search" + if _, ok := i["safe-search"]; ok { + tmp["safe_search"] = flattenCasbProfileSaasApplicationSafeSearch(i["safe-search"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "safe_search_control" + if _, ok := i["safe-search-control"]; ok { + tmp["safe_search_control"] = flattenCasbProfileSaasApplicationSafeSearchControl(i["safe-search-control"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "tenant_control" + if _, ok := i["tenant-control"]; ok { + tmp["tenant_control"] = flattenCasbProfileSaasApplicationTenantControl(i["tenant-control"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "tenant_control_tenants" + if _, ok := i["tenant-control-tenants"]; ok { + tmp["tenant_control_tenants"] = flattenCasbProfileSaasApplicationTenantControlTenants(i["tenant-control-tenants"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_control" + if _, ok := i["domain-control"]; ok { + tmp["domain_control"] = flattenCasbProfileSaasApplicationDomainControl(i["domain-control"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_control_domains" + if _, ok := i["domain-control-domains"]; ok { + tmp["domain_control_domains"] = flattenCasbProfileSaasApplicationDomainControlDomains(i["domain-control-domains"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "log" + if _, ok := i["log"]; ok { + tmp["log"] = flattenCasbProfileSaasApplicationLog(i["log"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "access_rule" + if _, ok := i["access-rule"]; ok { + tmp["access_rule"] = flattenCasbProfileSaasApplicationAccessRule(i["access-rule"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "custom_control" + if _, ok := i["custom-control"]; ok { + tmp["custom_control"] = flattenCasbProfileSaasApplicationCustomControl(i["custom-control"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationSafeSearch(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationSafeSearchControl(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationSafeSearchControlName(i["name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationSafeSearchControlName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationTenantControl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationTenantControlTenants(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationTenantControlTenantsName(i["name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationTenantControlTenantsName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationDomainControl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationDomainControlDomains(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationDomainControlDomainsName(i["name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationDomainControlDomainsName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationLog(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationAccessRule(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationAccessRuleName(i["name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "action" + if _, ok := i["action"]; ok { + tmp["action"] = flattenCasbProfileSaasApplicationAccessRuleAction(i["action"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "bypass" + if _, ok := i["bypass"]; ok { + tmp["bypass"] = flattenCasbProfileSaasApplicationAccessRuleBypass(i["bypass"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationAccessRuleName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationAccessRuleAction(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationAccessRuleBypass(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationCustomControl(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationCustomControlName(i["name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "option" + if _, ok := i["option"]; ok { + tmp["option"] = flattenCasbProfileSaasApplicationCustomControlOption(i["option"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationCustomControlName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationCustomControlOption(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbProfileSaasApplicationCustomControlOptionName(i["name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "user_input" + if _, ok := i["user-input"]; ok { + tmp["user_input"] = flattenCasbProfileSaasApplicationCustomControlOptionUserInput(i["user-input"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbProfileSaasApplicationCustomControlOptionName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbProfileSaasApplicationCustomControlOptionUserInput(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "value" + if _, ok := i["value"]; ok { + tmp["value"] = flattenCasbProfileSaasApplicationCustomControlOptionUserInputValue(i["value"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "value", d) + return result +} + +func flattenCasbProfileSaasApplicationCustomControlOptionUserInputValue(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectCasbProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenCasbProfileName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("saas_application", flattenCasbProfileSaasApplication(o["saas-application"], d, "saas_application", sv)); err != nil { + if !fortiAPIPatch(o["saas-application"]) { + return fmt.Errorf("Error reading saas_application: %v", err) + } + } + } else { + if _, ok := d.GetOk("saas_application"); ok { + if err = d.Set("saas_application", flattenCasbProfileSaasApplication(o["saas-application"], d, "saas_application", sv)); err != nil { + if !fortiAPIPatch(o["saas-application"]) { + return fmt.Errorf("Error reading saas_application: %v", err) + } + } + } + } + + return nil +} + +func flattenCasbProfileFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandCasbProfileName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplication(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "safe_search" + if _, ok := d.GetOk(pre_append); ok { + tmp["safe-search"], _ = expandCasbProfileSaasApplicationSafeSearch(d, i["safe_search"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "safe_search_control" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["safe-search-control"], _ = expandCasbProfileSaasApplicationSafeSearchControl(d, i["safe_search_control"], pre_append, sv) + } else { + tmp["safe-search-control"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "tenant_control" + if _, ok := d.GetOk(pre_append); ok { + tmp["tenant-control"], _ = expandCasbProfileSaasApplicationTenantControl(d, i["tenant_control"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "tenant_control_tenants" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["tenant-control-tenants"], _ = expandCasbProfileSaasApplicationTenantControlTenants(d, i["tenant_control_tenants"], pre_append, sv) + } else { + tmp["tenant-control-tenants"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_control" + if _, ok := d.GetOk(pre_append); ok { + tmp["domain-control"], _ = expandCasbProfileSaasApplicationDomainControl(d, i["domain_control"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_control_domains" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["domain-control-domains"], _ = expandCasbProfileSaasApplicationDomainControlDomains(d, i["domain_control_domains"], pre_append, sv) + } else { + tmp["domain-control-domains"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "log" + if _, ok := d.GetOk(pre_append); ok { + tmp["log"], _ = expandCasbProfileSaasApplicationLog(d, i["log"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "access_rule" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["access-rule"], _ = expandCasbProfileSaasApplicationAccessRule(d, i["access_rule"], pre_append, sv) + } else { + tmp["access-rule"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "custom_control" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["custom-control"], _ = expandCasbProfileSaasApplicationCustomControl(d, i["custom_control"], pre_append, sv) + } else { + tmp["custom-control"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationSafeSearch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationSafeSearchControl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationSafeSearchControlName(d, i["name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationSafeSearchControlName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationTenantControl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationTenantControlTenants(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationTenantControlTenantsName(d, i["name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationTenantControlTenantsName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationDomainControl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationDomainControlDomains(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationDomainControlDomainsName(d, i["name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationDomainControlDomainsName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationLog(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationAccessRule(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationAccessRuleName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "action" + if _, ok := d.GetOk(pre_append); ok { + tmp["action"], _ = expandCasbProfileSaasApplicationAccessRuleAction(d, i["action"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "bypass" + if _, ok := d.GetOk(pre_append); ok { + tmp["bypass"], _ = expandCasbProfileSaasApplicationAccessRuleBypass(d, i["bypass"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationAccessRuleName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationAccessRuleAction(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationAccessRuleBypass(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationCustomControl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationCustomControlName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "option" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["option"], _ = expandCasbProfileSaasApplicationCustomControlOption(d, i["option"], pre_append, sv) + } else { + tmp["option"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationCustomControlName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationCustomControlOption(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbProfileSaasApplicationCustomControlOptionName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "user_input" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["user-input"], _ = expandCasbProfileSaasApplicationCustomControlOptionUserInput(d, i["user_input"], pre_append, sv) + } else { + tmp["user-input"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationCustomControlOptionName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbProfileSaasApplicationCustomControlOptionUserInput(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "value" + if _, ok := d.GetOk(pre_append); ok { + tmp["value"], _ = expandCasbProfileSaasApplicationCustomControlOptionUserInputValue(d, i["value"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbProfileSaasApplicationCustomControlOptionUserInputValue(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectCasbProfile(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandCasbProfileName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("saas_application"); ok || d.HasChange("saas_application") { + t, err := expandCasbProfileSaasApplication(d, v, "saas_application", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["saas-application"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_casb_saasapplication.go b/fortios/resource_casb_saasapplication.go new file mode 100644 index 000000000..a7e3a3fd2 --- /dev/null +++ b/fortios/resource_casb_saasapplication.go @@ -0,0 +1,452 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure CASB SaaS application. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceCasbSaasApplication() *schema.Resource { + return &schema.Resource{ + Create: resourceCasbSaasApplicationCreate, + Read: resourceCasbSaasApplicationRead, + Update: resourceCasbSaasApplicationUpdate, + Delete: resourceCasbSaasApplicationDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + ForceNew: true, + Optional: true, + Computed: true, + }, + "uuid": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 36), + Optional: true, + Computed: true, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "casb_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "description": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "domains": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "domain": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + }, + }, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceCasbSaasApplicationCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectCasbSaasApplication(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating CasbSaasApplication resource while getting object: %v", err) + } + + o, err := c.CreateCasbSaasApplication(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating CasbSaasApplication resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("CasbSaasApplication") + } + + return resourceCasbSaasApplicationRead(d, m) +} + +func resourceCasbSaasApplicationUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectCasbSaasApplication(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating CasbSaasApplication resource while getting object: %v", err) + } + + o, err := c.UpdateCasbSaasApplication(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating CasbSaasApplication resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("CasbSaasApplication") + } + + return resourceCasbSaasApplicationRead(d, m) +} + +func resourceCasbSaasApplicationDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteCasbSaasApplication(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting CasbSaasApplication resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceCasbSaasApplicationRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadCasbSaasApplication(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading CasbSaasApplication resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectCasbSaasApplication(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading CasbSaasApplication resource from API: %v", err) + } + return nil +} + +func flattenCasbSaasApplicationName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbSaasApplicationUuid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbSaasApplicationType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbSaasApplicationCasbName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbSaasApplicationDescription(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbSaasApplicationDomains(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain" + if _, ok := i["domain"]; ok { + tmp["domain"] = flattenCasbSaasApplicationDomainsDomain(i["domain"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "domain", d) + return result +} + +func flattenCasbSaasApplicationDomainsDomain(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectCasbSaasApplication(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenCasbSaasApplicationName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("uuid", flattenCasbSaasApplicationUuid(o["uuid"], d, "uuid", sv)); err != nil { + if !fortiAPIPatch(o["uuid"]) { + return fmt.Errorf("Error reading uuid: %v", err) + } + } + + if err = d.Set("type", flattenCasbSaasApplicationType(o["type"], d, "type", sv)); err != nil { + if !fortiAPIPatch(o["type"]) { + return fmt.Errorf("Error reading type: %v", err) + } + } + + if err = d.Set("casb_name", flattenCasbSaasApplicationCasbName(o["casb-name"], d, "casb_name", sv)); err != nil { + if !fortiAPIPatch(o["casb-name"]) { + return fmt.Errorf("Error reading casb_name: %v", err) + } + } + + if err = d.Set("description", flattenCasbSaasApplicationDescription(o["description"], d, "description", sv)); err != nil { + if !fortiAPIPatch(o["description"]) { + return fmt.Errorf("Error reading description: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("domains", flattenCasbSaasApplicationDomains(o["domains"], d, "domains", sv)); err != nil { + if !fortiAPIPatch(o["domains"]) { + return fmt.Errorf("Error reading domains: %v", err) + } + } + } else { + if _, ok := d.GetOk("domains"); ok { + if err = d.Set("domains", flattenCasbSaasApplicationDomains(o["domains"], d, "domains", sv)); err != nil { + if !fortiAPIPatch(o["domains"]) { + return fmt.Errorf("Error reading domains: %v", err) + } + } + } + } + + return nil +} + +func flattenCasbSaasApplicationFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandCasbSaasApplicationName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbSaasApplicationUuid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbSaasApplicationType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbSaasApplicationCasbName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbSaasApplicationDescription(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbSaasApplicationDomains(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain" + if _, ok := d.GetOk(pre_append); ok { + tmp["domain"], _ = expandCasbSaasApplicationDomainsDomain(d, i["domain"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbSaasApplicationDomainsDomain(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectCasbSaasApplication(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandCasbSaasApplicationName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("uuid"); ok { + t, err := expandCasbSaasApplicationUuid(d, v, "uuid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["uuid"] = t + } + } + + if v, ok := d.GetOk("type"); ok { + t, err := expandCasbSaasApplicationType(d, v, "type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["type"] = t + } + } + + if v, ok := d.GetOk("casb_name"); ok { + t, err := expandCasbSaasApplicationCasbName(d, v, "casb_name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-name"] = t + } + } + + if v, ok := d.GetOk("description"); ok { + t, err := expandCasbSaasApplicationDescription(d, v, "description", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["description"] = t + } + } + + if v, ok := d.GetOk("domains"); ok || d.HasChange("domains") { + t, err := expandCasbSaasApplicationDomains(d, v, "domains", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["domains"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_casb_useractivity.go b/fortios/resource_casb_useractivity.go new file mode 100644 index 000000000..18577de6b --- /dev/null +++ b/fortios/resource_casb_useractivity.go @@ -0,0 +1,1491 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure CASB user activity. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceCasbUserActivity() *schema.Resource { + return &schema.Resource{ + Create: resourceCasbUserActivityCreate, + Read: resourceCasbUserActivityRead, + Update: resourceCasbUserActivityUpdate, + Delete: resourceCasbUserActivityDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + ForceNew: true, + Optional: true, + Computed: true, + }, + "uuid": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 36), + Optional: true, + Computed: true, + }, + "description": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "casb_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "application": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "category": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "match_strategy": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "match": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "strategy": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "rules": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "domains": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "domain": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + }, + }, + }, + "methods": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "method": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "match_pattern": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "match_value": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 1023), + Optional: true, + Computed: true, + }, + "header_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "case_sensitive": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "negate": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + "control_options": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "operations": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "target": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "direction": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "header_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "search_pattern": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "search_key": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 1023), + Optional: true, + Computed: true, + }, + "case_sensitive": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "value_from_input": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "values": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "value": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceCasbUserActivityCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectCasbUserActivity(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating CasbUserActivity resource while getting object: %v", err) + } + + o, err := c.CreateCasbUserActivity(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating CasbUserActivity resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("CasbUserActivity") + } + + return resourceCasbUserActivityRead(d, m) +} + +func resourceCasbUserActivityUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectCasbUserActivity(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating CasbUserActivity resource while getting object: %v", err) + } + + o, err := c.UpdateCasbUserActivity(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating CasbUserActivity resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("CasbUserActivity") + } + + return resourceCasbUserActivityRead(d, m) +} + +func resourceCasbUserActivityDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteCasbUserActivity(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting CasbUserActivity resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceCasbUserActivityRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadCasbUserActivity(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading CasbUserActivity resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectCasbUserActivity(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading CasbUserActivity resource from API: %v", err) + } + return nil +} + +func flattenCasbUserActivityName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityUuid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityDescription(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityCasbName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityApplication(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityCategory(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchStrategyU(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatch(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := i["id"]; ok { + tmp["id"] = flattenCasbUserActivityMatchId(i["id"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "strategy" + if _, ok := i["strategy"]; ok { + tmp["strategy"] = flattenCasbUserActivityMatchStrategy(i["strategy"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "rules" + if _, ok := i["rules"]; ok { + tmp["rules"] = flattenCasbUserActivityMatchRules(i["rules"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenCasbUserActivityMatchId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchStrategy(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRules(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := i["id"]; ok { + tmp["id"] = flattenCasbUserActivityMatchRulesId(i["id"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "type" + if _, ok := i["type"]; ok { + tmp["type"] = flattenCasbUserActivityMatchRulesType(i["type"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domains" + if _, ok := i["domains"]; ok { + tmp["domains"] = flattenCasbUserActivityMatchRulesDomains(i["domains"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "methods" + if _, ok := i["methods"]; ok { + tmp["methods"] = flattenCasbUserActivityMatchRulesMethods(i["methods"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_pattern" + if _, ok := i["match-pattern"]; ok { + tmp["match_pattern"] = flattenCasbUserActivityMatchRulesMatchPattern(i["match-pattern"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_value" + if _, ok := i["match-value"]; ok { + tmp["match_value"] = flattenCasbUserActivityMatchRulesMatchValue(i["match-value"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "header_name" + if _, ok := i["header-name"]; ok { + tmp["header_name"] = flattenCasbUserActivityMatchRulesHeaderName(i["header-name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "case_sensitive" + if _, ok := i["case-sensitive"]; ok { + tmp["case_sensitive"] = flattenCasbUserActivityMatchRulesCaseSensitive(i["case-sensitive"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "negate" + if _, ok := i["negate"]; ok { + tmp["negate"] = flattenCasbUserActivityMatchRulesNegate(i["negate"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenCasbUserActivityMatchRulesId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesDomains(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain" + if _, ok := i["domain"]; ok { + tmp["domain"] = flattenCasbUserActivityMatchRulesDomainsDomain(i["domain"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "domain", d) + return result +} + +func flattenCasbUserActivityMatchRulesDomainsDomain(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesMethods(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "method" + if _, ok := i["method"]; ok { + tmp["method"] = flattenCasbUserActivityMatchRulesMethodsMethod(i["method"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "method", d) + return result +} + +func flattenCasbUserActivityMatchRulesMethodsMethod(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesMatchPattern(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesMatchValue(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesHeaderName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesCaseSensitive(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityMatchRulesNegate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptions(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbUserActivityControlOptionsName(i["name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "operations" + if _, ok := i["operations"]; ok { + tmp["operations"] = flattenCasbUserActivityControlOptionsOperations(i["operations"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbUserActivityControlOptionsName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperations(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenCasbUserActivityControlOptionsOperationsName(i["name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "target" + if _, ok := i["target"]; ok { + tmp["target"] = flattenCasbUserActivityControlOptionsOperationsTarget(i["target"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "action" + if _, ok := i["action"]; ok { + tmp["action"] = flattenCasbUserActivityControlOptionsOperationsAction(i["action"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "direction" + if _, ok := i["direction"]; ok { + tmp["direction"] = flattenCasbUserActivityControlOptionsOperationsDirection(i["direction"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "header_name" + if _, ok := i["header-name"]; ok { + tmp["header_name"] = flattenCasbUserActivityControlOptionsOperationsHeaderName(i["header-name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "search_pattern" + if _, ok := i["search-pattern"]; ok { + tmp["search_pattern"] = flattenCasbUserActivityControlOptionsOperationsSearchPattern(i["search-pattern"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "search_key" + if _, ok := i["search-key"]; ok { + tmp["search_key"] = flattenCasbUserActivityControlOptionsOperationsSearchKey(i["search-key"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "case_sensitive" + if _, ok := i["case-sensitive"]; ok { + tmp["case_sensitive"] = flattenCasbUserActivityControlOptionsOperationsCaseSensitive(i["case-sensitive"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "value_from_input" + if _, ok := i["value-from-input"]; ok { + tmp["value_from_input"] = flattenCasbUserActivityControlOptionsOperationsValueFromInput(i["value-from-input"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "values" + if _, ok := i["values"]; ok { + tmp["values"] = flattenCasbUserActivityControlOptionsOperationsValues(i["values"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenCasbUserActivityControlOptionsOperationsName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsTarget(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsAction(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsDirection(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsHeaderName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsSearchPattern(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsSearchKey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsCaseSensitive(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsValueFromInput(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCasbUserActivityControlOptionsOperationsValues(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "value" + if _, ok := i["value"]; ok { + tmp["value"] = flattenCasbUserActivityControlOptionsOperationsValuesValue(i["value"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "value", d) + return result +} + +func flattenCasbUserActivityControlOptionsOperationsValuesValue(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectCasbUserActivity(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenCasbUserActivityName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("uuid", flattenCasbUserActivityUuid(o["uuid"], d, "uuid", sv)); err != nil { + if !fortiAPIPatch(o["uuid"]) { + return fmt.Errorf("Error reading uuid: %v", err) + } + } + + if err = d.Set("description", flattenCasbUserActivityDescription(o["description"], d, "description", sv)); err != nil { + if !fortiAPIPatch(o["description"]) { + return fmt.Errorf("Error reading description: %v", err) + } + } + + if err = d.Set("type", flattenCasbUserActivityType(o["type"], d, "type", sv)); err != nil { + if !fortiAPIPatch(o["type"]) { + return fmt.Errorf("Error reading type: %v", err) + } + } + + if err = d.Set("casb_name", flattenCasbUserActivityCasbName(o["casb-name"], d, "casb_name", sv)); err != nil { + if !fortiAPIPatch(o["casb-name"]) { + return fmt.Errorf("Error reading casb_name: %v", err) + } + } + + if err = d.Set("application", flattenCasbUserActivityApplication(o["application"], d, "application", sv)); err != nil { + if !fortiAPIPatch(o["application"]) { + return fmt.Errorf("Error reading application: %v", err) + } + } + + if err = d.Set("category", flattenCasbUserActivityCategory(o["category"], d, "category", sv)); err != nil { + if !fortiAPIPatch(o["category"]) { + return fmt.Errorf("Error reading category: %v", err) + } + } + + if err = d.Set("match_strategy", flattenCasbUserActivityMatchStrategyU(o["match-strategy"], d, "match_strategy", sv)); err != nil { + if !fortiAPIPatch(o["match-strategy"]) { + return fmt.Errorf("Error reading match_strategy: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("match", flattenCasbUserActivityMatch(o["match"], d, "match", sv)); err != nil { + if !fortiAPIPatch(o["match"]) { + return fmt.Errorf("Error reading match: %v", err) + } + } + } else { + if _, ok := d.GetOk("match"); ok { + if err = d.Set("match", flattenCasbUserActivityMatch(o["match"], d, "match", sv)); err != nil { + if !fortiAPIPatch(o["match"]) { + return fmt.Errorf("Error reading match: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("control_options", flattenCasbUserActivityControlOptions(o["control-options"], d, "control_options", sv)); err != nil { + if !fortiAPIPatch(o["control-options"]) { + return fmt.Errorf("Error reading control_options: %v", err) + } + } + } else { + if _, ok := d.GetOk("control_options"); ok { + if err = d.Set("control_options", flattenCasbUserActivityControlOptions(o["control-options"], d, "control_options", sv)); err != nil { + if !fortiAPIPatch(o["control-options"]) { + return fmt.Errorf("Error reading control_options: %v", err) + } + } + } + } + + return nil +} + +func flattenCasbUserActivityFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandCasbUserActivityName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityUuid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityDescription(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityCasbName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityApplication(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityCategory(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchStrategyU(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["id"], _ = expandCasbUserActivityMatchId(d, i["id"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "strategy" + if _, ok := d.GetOk(pre_append); ok { + tmp["strategy"], _ = expandCasbUserActivityMatchStrategy(d, i["strategy"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "rules" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["rules"], _ = expandCasbUserActivityMatchRules(d, i["rules"], pre_append, sv) + } else { + tmp["rules"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityMatchId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchStrategy(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRules(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["id"], _ = expandCasbUserActivityMatchRulesId(d, i["id"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "type" + if _, ok := d.GetOk(pre_append); ok { + tmp["type"], _ = expandCasbUserActivityMatchRulesType(d, i["type"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domains" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["domains"], _ = expandCasbUserActivityMatchRulesDomains(d, i["domains"], pre_append, sv) + } else { + tmp["domains"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "methods" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["methods"], _ = expandCasbUserActivityMatchRulesMethods(d, i["methods"], pre_append, sv) + } else { + tmp["methods"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_pattern" + if _, ok := d.GetOk(pre_append); ok { + tmp["match-pattern"], _ = expandCasbUserActivityMatchRulesMatchPattern(d, i["match_pattern"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_value" + if _, ok := d.GetOk(pre_append); ok { + tmp["match-value"], _ = expandCasbUserActivityMatchRulesMatchValue(d, i["match_value"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "header_name" + if _, ok := d.GetOk(pre_append); ok { + tmp["header-name"], _ = expandCasbUserActivityMatchRulesHeaderName(d, i["header_name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "case_sensitive" + if _, ok := d.GetOk(pre_append); ok { + tmp["case-sensitive"], _ = expandCasbUserActivityMatchRulesCaseSensitive(d, i["case_sensitive"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "negate" + if _, ok := d.GetOk(pre_append); ok { + tmp["negate"], _ = expandCasbUserActivityMatchRulesNegate(d, i["negate"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityMatchRulesId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesDomains(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain" + if _, ok := d.GetOk(pre_append); ok { + tmp["domain"], _ = expandCasbUserActivityMatchRulesDomainsDomain(d, i["domain"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityMatchRulesDomainsDomain(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesMethods(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "method" + if _, ok := d.GetOk(pre_append); ok { + tmp["method"], _ = expandCasbUserActivityMatchRulesMethodsMethod(d, i["method"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityMatchRulesMethodsMethod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesMatchPattern(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesMatchValue(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesHeaderName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesCaseSensitive(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityMatchRulesNegate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptions(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbUserActivityControlOptionsName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "operations" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["operations"], _ = expandCasbUserActivityControlOptionsOperations(d, i["operations"], pre_append, sv) + } else { + tmp["operations"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityControlOptionsName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperations(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandCasbUserActivityControlOptionsOperationsName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "target" + if _, ok := d.GetOk(pre_append); ok { + tmp["target"], _ = expandCasbUserActivityControlOptionsOperationsTarget(d, i["target"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "action" + if _, ok := d.GetOk(pre_append); ok { + tmp["action"], _ = expandCasbUserActivityControlOptionsOperationsAction(d, i["action"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "direction" + if _, ok := d.GetOk(pre_append); ok { + tmp["direction"], _ = expandCasbUserActivityControlOptionsOperationsDirection(d, i["direction"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "header_name" + if _, ok := d.GetOk(pre_append); ok { + tmp["header-name"], _ = expandCasbUserActivityControlOptionsOperationsHeaderName(d, i["header_name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "search_pattern" + if _, ok := d.GetOk(pre_append); ok { + tmp["search-pattern"], _ = expandCasbUserActivityControlOptionsOperationsSearchPattern(d, i["search_pattern"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "search_key" + if _, ok := d.GetOk(pre_append); ok { + tmp["search-key"], _ = expandCasbUserActivityControlOptionsOperationsSearchKey(d, i["search_key"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "case_sensitive" + if _, ok := d.GetOk(pre_append); ok { + tmp["case-sensitive"], _ = expandCasbUserActivityControlOptionsOperationsCaseSensitive(d, i["case_sensitive"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "value_from_input" + if _, ok := d.GetOk(pre_append); ok { + tmp["value-from-input"], _ = expandCasbUserActivityControlOptionsOperationsValueFromInput(d, i["value_from_input"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "values" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["values"], _ = expandCasbUserActivityControlOptionsOperationsValues(d, i["values"], pre_append, sv) + } else { + tmp["values"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityControlOptionsOperationsName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsTarget(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsAction(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsDirection(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsHeaderName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsSearchPattern(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsSearchKey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsCaseSensitive(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsValueFromInput(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCasbUserActivityControlOptionsOperationsValues(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "value" + if _, ok := d.GetOk(pre_append); ok { + tmp["value"], _ = expandCasbUserActivityControlOptionsOperationsValuesValue(d, i["value"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandCasbUserActivityControlOptionsOperationsValuesValue(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectCasbUserActivity(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandCasbUserActivityName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("uuid"); ok { + t, err := expandCasbUserActivityUuid(d, v, "uuid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["uuid"] = t + } + } + + if v, ok := d.GetOk("description"); ok { + t, err := expandCasbUserActivityDescription(d, v, "description", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["description"] = t + } + } + + if v, ok := d.GetOk("type"); ok { + t, err := expandCasbUserActivityType(d, v, "type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["type"] = t + } + } + + if v, ok := d.GetOk("casb_name"); ok { + t, err := expandCasbUserActivityCasbName(d, v, "casb_name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-name"] = t + } + } + + if v, ok := d.GetOk("application"); ok { + t, err := expandCasbUserActivityApplication(d, v, "application", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["application"] = t + } + } + + if v, ok := d.GetOk("category"); ok { + t, err := expandCasbUserActivityCategory(d, v, "category", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["category"] = t + } + } + + if v, ok := d.GetOk("match_strategy"); ok { + t, err := expandCasbUserActivityMatchStrategyU(d, v, "match_strategy", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["match-strategy"] = t + } + } + + if v, ok := d.GetOk("match"); ok || d.HasChange("match") { + t, err := expandCasbUserActivityMatch(d, v, "match", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["match"] = t + } + } + + if v, ok := d.GetOk("control_options"); ok || d.HasChange("control_options") { + t, err := expandCasbUserActivityControlOptions(d, v, "control_options", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["control-options"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_certificate_ca.go b/fortios/resource_certificate_ca.go index 56bdee7c1..571fc5d51 100644 --- a/fortios/resource_certificate_ca.go +++ b/fortios/resource_certificate_ca.go @@ -71,6 +71,12 @@ func resourceCertificateCa() *schema.Resource { Optional: true, Computed: true, }, + "est_url": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, "auto_update_days": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -255,6 +261,10 @@ func flattenCertificateCaScepUrl(v interface{}, d *schema.ResourceData, pre stri return v } +func flattenCertificateCaEstUrl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenCertificateCaAutoUpdateDays(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -324,6 +334,12 @@ func refreshObjectCertificateCa(d *schema.ResourceData, o map[string]interface{} } } + if err = d.Set("est_url", flattenCertificateCaEstUrl(o["est-url"], d, "est_url", sv)); err != nil { + if !fortiAPIPatch(o["est-url"]) { + return fmt.Errorf("Error reading est_url: %v", err) + } + } + if err = d.Set("auto_update_days", flattenCertificateCaAutoUpdateDays(o["auto-update-days"], d, "auto_update_days", sv)); err != nil { if !fortiAPIPatch(o["auto-update-days"]) { return fmt.Errorf("Error reading auto_update_days: %v", err) @@ -397,6 +413,10 @@ func expandCertificateCaScepUrl(d *schema.ResourceData, v interface{}, pre strin return v, nil } +func expandCertificateCaEstUrl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandCertificateCaAutoUpdateDays(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -487,6 +507,15 @@ func getObjectCertificateCa(d *schema.ResourceData, sv string) (*map[string]inte } } + if v, ok := d.GetOk("est_url"); ok { + t, err := expandCertificateCaEstUrl(d, v, "est_url", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-url"] = t + } + } + if v, ok := d.GetOkExists("auto_update_days"); ok { t, err := expandCertificateCaAutoUpdateDays(d, v, "auto_update_days", sv) if err != nil { diff --git a/fortios/resource_certificate_local.go b/fortios/resource_certificate_local.go index b2b961e44..45dab9067 100644 --- a/fortios/resource_certificate_local.go +++ b/fortios/resource_certificate_local.go @@ -200,6 +200,54 @@ func resourceCertificateLocal() *schema.Resource { Optional: true, Computed: true, }, + "est_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "est_ca_id": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "est_http_username": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "est_http_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "est_client_cert": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "est_server_cert": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "est_srp_username": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "est_srp_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, }, } } @@ -445,6 +493,38 @@ func flattenCertificateLocalAcmeRenewWindow(v interface{}, d *schema.ResourceDat return v } +func flattenCertificateLocalEstServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstCaId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstHttpUsername(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstHttpPassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstClientCert(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstServerCert(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstSrpUsername(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenCertificateLocalEstSrpPassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectCertificateLocal(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -610,6 +690,54 @@ func refreshObjectCertificateLocal(d *schema.ResourceData, o map[string]interfac } } + if err = d.Set("est_server", flattenCertificateLocalEstServer(o["est-server"], d, "est_server", sv)); err != nil { + if !fortiAPIPatch(o["est-server"]) { + return fmt.Errorf("Error reading est_server: %v", err) + } + } + + if err = d.Set("est_ca_id", flattenCertificateLocalEstCaId(o["est-ca-id"], d, "est_ca_id", sv)); err != nil { + if !fortiAPIPatch(o["est-ca-id"]) { + return fmt.Errorf("Error reading est_ca_id: %v", err) + } + } + + if err = d.Set("est_http_username", flattenCertificateLocalEstHttpUsername(o["est-http-username"], d, "est_http_username", sv)); err != nil { + if !fortiAPIPatch(o["est-http-username"]) { + return fmt.Errorf("Error reading est_http_username: %v", err) + } + } + + if err = d.Set("est_http_password", flattenCertificateLocalEstHttpPassword(o["est-http-password"], d, "est_http_password", sv)); err != nil { + if !fortiAPIPatch(o["est-http-password"]) { + return fmt.Errorf("Error reading est_http_password: %v", err) + } + } + + if err = d.Set("est_client_cert", flattenCertificateLocalEstClientCert(o["est-client-cert"], d, "est_client_cert", sv)); err != nil { + if !fortiAPIPatch(o["est-client-cert"]) { + return fmt.Errorf("Error reading est_client_cert: %v", err) + } + } + + if err = d.Set("est_server_cert", flattenCertificateLocalEstServerCert(o["est-server-cert"], d, "est_server_cert", sv)); err != nil { + if !fortiAPIPatch(o["est-server-cert"]) { + return fmt.Errorf("Error reading est_server_cert: %v", err) + } + } + + if err = d.Set("est_srp_username", flattenCertificateLocalEstSrpUsername(o["est-srp-username"], d, "est_srp_username", sv)); err != nil { + if !fortiAPIPatch(o["est-srp-username"]) { + return fmt.Errorf("Error reading est_srp_username: %v", err) + } + } + + if err = d.Set("est_srp_password", flattenCertificateLocalEstSrpPassword(o["est-srp-password"], d, "est_srp_password", sv)); err != nil { + if !fortiAPIPatch(o["est-srp-password"]) { + return fmt.Errorf("Error reading est_srp_password: %v", err) + } + } + return nil } @@ -739,6 +867,38 @@ func expandCertificateLocalAcmeRenewWindow(d *schema.ResourceData, v interface{} return v, nil } +func expandCertificateLocalEstServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstCaId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstHttpUsername(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstHttpPassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstClientCert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstServerCert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstSrpUsername(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandCertificateLocalEstSrpPassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectCertificateLocal(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -1012,5 +1172,77 @@ func getObjectCertificateLocal(d *schema.ResourceData, sv string) (*map[string]i } } + if v, ok := d.GetOk("est_server"); ok { + t, err := expandCertificateLocalEstServer(d, v, "est_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-server"] = t + } + } + + if v, ok := d.GetOk("est_ca_id"); ok { + t, err := expandCertificateLocalEstCaId(d, v, "est_ca_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-ca-id"] = t + } + } + + if v, ok := d.GetOk("est_http_username"); ok { + t, err := expandCertificateLocalEstHttpUsername(d, v, "est_http_username", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-http-username"] = t + } + } + + if v, ok := d.GetOk("est_http_password"); ok { + t, err := expandCertificateLocalEstHttpPassword(d, v, "est_http_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-http-password"] = t + } + } + + if v, ok := d.GetOk("est_client_cert"); ok { + t, err := expandCertificateLocalEstClientCert(d, v, "est_client_cert", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-client-cert"] = t + } + } + + if v, ok := d.GetOk("est_server_cert"); ok { + t, err := expandCertificateLocalEstServerCert(d, v, "est_server_cert", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-server-cert"] = t + } + } + + if v, ok := d.GetOk("est_srp_username"); ok { + t, err := expandCertificateLocalEstSrpUsername(d, v, "est_srp_username", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-srp-username"] = t + } + } + + if v, ok := d.GetOk("est_srp_password"); ok { + t, err := expandCertificateLocalEstSrpPassword(d, v, "est_srp_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-srp-password"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_dnsfilter_profile.go b/fortios/resource_dnsfilter_profile.go index c92fadaca..5611262e7 100644 --- a/fortios/resource_dnsfilter_profile.go +++ b/fortios/resource_dnsfilter_profile.go @@ -219,6 +219,20 @@ func resourceDnsfilterProfile() *schema.Resource { }, }, }, + "transparent_dns_database": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -672,6 +686,48 @@ func flattenDnsfilterProfileDnsTranslationPrefix(v interface{}, d *schema.Resour return v } +func flattenDnsfilterProfileTransparentDnsDatabase(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenDnsfilterProfileTransparentDnsDatabaseName(i["name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenDnsfilterProfileTransparentDnsDatabaseName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectDnsfilterProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -811,6 +867,22 @@ func refreshObjectDnsfilterProfile(d *schema.ResourceData, o map[string]interfac } } + if b_get_all_tables { + if err = d.Set("transparent_dns_database", flattenDnsfilterProfileTransparentDnsDatabase(o["transparent-dns-database"], d, "transparent_dns_database", sv)); err != nil { + if !fortiAPIPatch(o["transparent-dns-database"]) { + return fmt.Errorf("Error reading transparent_dns_database: %v", err) + } + } + } else { + if _, ok := d.GetOk("transparent_dns_database"); ok { + if err = d.Set("transparent_dns_database", flattenDnsfilterProfileTransparentDnsDatabase(o["transparent-dns-database"], d, "transparent_dns_database", sv)); err != nil { + if !fortiAPIPatch(o["transparent-dns-database"]) { + return fmt.Errorf("Error reading transparent_dns_database: %v", err) + } + } + } + } + return nil } @@ -1106,6 +1178,37 @@ func expandDnsfilterProfileDnsTranslationPrefix(d *schema.ResourceData, v interf return v, nil } +func expandDnsfilterProfileTransparentDnsDatabase(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandDnsfilterProfileTransparentDnsDatabaseName(d, i["name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandDnsfilterProfileTransparentDnsDatabaseName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectDnsfilterProfile(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -1244,5 +1347,14 @@ func getObjectDnsfilterProfile(d *schema.ResourceData, sv string) (*map[string]i } } + if v, ok := d.GetOk("transparent_dns_database"); ok || d.HasChange("transparent_dns_database") { + t, err := expandDnsfilterProfileTransparentDnsDatabase(d, v, "transparent_dns_database", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["transparent-dns-database"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_firewall_accessproxy.go b/fortios/resource_firewall_accessproxy.go index b95da9411..73571b822 100644 --- a/fortios/resource_firewall_accessproxy.go +++ b/fortios/resource_firewall_accessproxy.go @@ -103,6 +103,11 @@ func resourceFirewallAccessProxy() *schema.Resource { Optional: true, Computed: true, }, + "svr_pool_server_max_concurrent_request": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "decrypted_traffic_mirror": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -146,6 +151,72 @@ func resourceFirewallAccessProxy() *schema.Resource { Optional: true, Computed: true, }, + "h2_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "h3_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_idle_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60000), + Optional: true, + Computed: true, + }, + "max_udp_payload_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1200, 1500), + Optional: true, + Computed: true, + }, + "active_connection_id_limit": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, + "ack_delay_exponent": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 20), + Optional: true, + Computed: true, + }, + "max_ack_delay": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 16383), + Optional: true, + Computed: true, + }, + "max_datagram_frame_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 1500), + Optional: true, + Computed: true, + }, + "active_migration": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "grease_quic_bit": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, "realservers": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -431,6 +502,72 @@ func resourceFirewallAccessProxy() *schema.Resource { Optional: true, Computed: true, }, + "h2_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "h3_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_idle_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60000), + Optional: true, + Computed: true, + }, + "max_udp_payload_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1200, 1500), + Optional: true, + Computed: true, + }, + "active_connection_id_limit": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, + "ack_delay_exponent": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 20), + Optional: true, + Computed: true, + }, + "max_ack_delay": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 16383), + Optional: true, + Computed: true, + }, + "max_datagram_frame_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 1500), + Optional: true, + Computed: true, + }, + "active_migration": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "grease_quic_bit": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, "realservers": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -866,6 +1003,10 @@ func flattenFirewallAccessProxySvrPoolServerMaxRequest(v interface{}, d *schema. return v } +func flattenFirewallAccessProxySvrPoolServerMaxConcurrentRequest(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallAccessProxyDecryptedTrafficMirror(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -924,6 +1065,21 @@ func flattenFirewallAccessProxyApiGateway(v interface{}, d *schema.ResourceData, tmp["url_map_type"] = flattenFirewallAccessProxyApiGatewayUrlMapType(i["url-map-type"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := i["h2-support"]; ok { + tmp["h2_support"] = flattenFirewallAccessProxyApiGatewayH2Support(i["h2-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := i["h3-support"]; ok { + tmp["h3_support"] = flattenFirewallAccessProxyApiGatewayH3Support(i["h3-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := i["quic"]; ok { + tmp["quic"] = flattenFirewallAccessProxyApiGatewayQuic(i["quic"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := i["realservers"]; ok { tmp["realservers"] = flattenFirewallAccessProxyApiGatewayRealservers(i["realservers"], d, pre_append, sv) @@ -1052,6 +1208,99 @@ func flattenFirewallAccessProxyApiGatewayUrlMapType(v interface{}, d *schema.Res return v } +func flattenFirewallAccessProxyApiGatewayH2Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayH3Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuic(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := i["max-idle-timeout"]; ok { + result["max_idle_timeout"] = flattenFirewallAccessProxyApiGatewayQuicMaxIdleTimeout(i["max-idle-timeout"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := i["max-udp-payload-size"]; ok { + result["max_udp_payload_size"] = flattenFirewallAccessProxyApiGatewayQuicMaxUdpPayloadSize(i["max-udp-payload-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := i["active-connection-id-limit"]; ok { + result["active_connection_id_limit"] = flattenFirewallAccessProxyApiGatewayQuicActiveConnectionIdLimit(i["active-connection-id-limit"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := i["ack-delay-exponent"]; ok { + result["ack_delay_exponent"] = flattenFirewallAccessProxyApiGatewayQuicAckDelayExponent(i["ack-delay-exponent"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := i["max-ack-delay"]; ok { + result["max_ack_delay"] = flattenFirewallAccessProxyApiGatewayQuicMaxAckDelay(i["max-ack-delay"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := i["max-datagram-frame-size"]; ok { + result["max_datagram_frame_size"] = flattenFirewallAccessProxyApiGatewayQuicMaxDatagramFrameSize(i["max-datagram-frame-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_migration" + if _, ok := i["active-migration"]; ok { + result["active_migration"] = flattenFirewallAccessProxyApiGatewayQuicActiveMigration(i["active-migration"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := i["grease-quic-bit"]; ok { + result["grease_quic_bit"] = flattenFirewallAccessProxyApiGatewayQuicGreaseQuicBit(i["grease-quic-bit"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenFirewallAccessProxyApiGatewayQuicMaxIdleTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicMaxUdpPayloadSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicActiveConnectionIdLimit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicAckDelayExponent(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicMaxAckDelay(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicMaxDatagramFrameSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicActiveMigration(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGatewayQuicGreaseQuicBit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallAccessProxyApiGatewayRealservers(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -1523,6 +1772,21 @@ func flattenFirewallAccessProxyApiGateway6(v interface{}, d *schema.ResourceData tmp["url_map_type"] = flattenFirewallAccessProxyApiGateway6UrlMapType(i["url-map-type"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := i["h2-support"]; ok { + tmp["h2_support"] = flattenFirewallAccessProxyApiGateway6H2Support(i["h2-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := i["h3-support"]; ok { + tmp["h3_support"] = flattenFirewallAccessProxyApiGateway6H3Support(i["h3-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := i["quic"]; ok { + tmp["quic"] = flattenFirewallAccessProxyApiGateway6Quic(i["quic"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := i["realservers"]; ok { tmp["realservers"] = flattenFirewallAccessProxyApiGateway6Realservers(i["realservers"], d, pre_append, sv) @@ -1651,6 +1915,99 @@ func flattenFirewallAccessProxyApiGateway6UrlMapType(v interface{}, d *schema.Re return v } +func flattenFirewallAccessProxyApiGateway6H2Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6H3Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6Quic(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := i["max-idle-timeout"]; ok { + result["max_idle_timeout"] = flattenFirewallAccessProxyApiGateway6QuicMaxIdleTimeout(i["max-idle-timeout"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := i["max-udp-payload-size"]; ok { + result["max_udp_payload_size"] = flattenFirewallAccessProxyApiGateway6QuicMaxUdpPayloadSize(i["max-udp-payload-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := i["active-connection-id-limit"]; ok { + result["active_connection_id_limit"] = flattenFirewallAccessProxyApiGateway6QuicActiveConnectionIdLimit(i["active-connection-id-limit"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := i["ack-delay-exponent"]; ok { + result["ack_delay_exponent"] = flattenFirewallAccessProxyApiGateway6QuicAckDelayExponent(i["ack-delay-exponent"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := i["max-ack-delay"]; ok { + result["max_ack_delay"] = flattenFirewallAccessProxyApiGateway6QuicMaxAckDelay(i["max-ack-delay"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := i["max-datagram-frame-size"]; ok { + result["max_datagram_frame_size"] = flattenFirewallAccessProxyApiGateway6QuicMaxDatagramFrameSize(i["max-datagram-frame-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_migration" + if _, ok := i["active-migration"]; ok { + result["active_migration"] = flattenFirewallAccessProxyApiGateway6QuicActiveMigration(i["active-migration"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := i["grease-quic-bit"]; ok { + result["grease_quic_bit"] = flattenFirewallAccessProxyApiGateway6QuicGreaseQuicBit(i["grease-quic-bit"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenFirewallAccessProxyApiGateway6QuicMaxIdleTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicMaxUdpPayloadSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicActiveConnectionIdLimit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicAckDelayExponent(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicMaxAckDelay(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicMaxDatagramFrameSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicActiveMigration(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxyApiGateway6QuicGreaseQuicBit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallAccessProxyApiGateway6Realservers(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -2155,6 +2512,12 @@ func refreshObjectFirewallAccessProxy(d *schema.ResourceData, o map[string]inter } } + if err = d.Set("svr_pool_server_max_concurrent_request", flattenFirewallAccessProxySvrPoolServerMaxConcurrentRequest(o["svr-pool-server-max-concurrent-request"], d, "svr_pool_server_max_concurrent_request", sv)); err != nil { + if !fortiAPIPatch(o["svr-pool-server-max-concurrent-request"]) { + return fmt.Errorf("Error reading svr_pool_server_max_concurrent_request: %v", err) + } + } + if err = d.Set("decrypted_traffic_mirror", flattenFirewallAccessProxyDecryptedTrafficMirror(o["decrypted-traffic-mirror"], d, "decrypted_traffic_mirror", sv)); err != nil { if !fortiAPIPatch(o["decrypted-traffic-mirror"]) { return fmt.Errorf("Error reading decrypted_traffic_mirror: %v", err) @@ -2254,6 +2617,10 @@ func expandFirewallAccessProxySvrPoolServerMaxRequest(d *schema.ResourceData, v return v, nil } +func expandFirewallAccessProxySvrPoolServerMaxConcurrentRequest(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallAccessProxyDecryptedTrafficMirror(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2302,6 +2669,23 @@ func expandFirewallAccessProxyApiGateway(d *schema.ResourceData, v interface{}, tmp["url-map-type"], _ = expandFirewallAccessProxyApiGatewayUrlMapType(d, i["url_map_type"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h2-support"], _ = expandFirewallAccessProxyApiGatewayH2Support(d, i["h2_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h3-support"], _ = expandFirewallAccessProxyApiGatewayH3Support(d, i["h3_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := d.GetOk(pre_append); ok { + tmp["quic"], _ = expandFirewallAccessProxyApiGatewayQuic(d, i["quic"], pre_append, sv) + } else { + tmp["quic"] = make([]string, 0) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { tmp["realservers"], _ = expandFirewallAccessProxyApiGatewayRealservers(d, i["realservers"], pre_append, sv) @@ -2435,6 +2819,92 @@ func expandFirewallAccessProxyApiGatewayUrlMapType(d *schema.ResourceData, v int return v, nil } +func expandFirewallAccessProxyApiGatewayH2Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayH3Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := d.GetOk(pre_append); ok { + result["max-idle-timeout"], _ = expandFirewallAccessProxyApiGatewayQuicMaxIdleTimeout(d, i["max_idle_timeout"], pre_append, sv) + } + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-udp-payload-size"], _ = expandFirewallAccessProxyApiGatewayQuicMaxUdpPayloadSize(d, i["max_udp_payload_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := d.GetOk(pre_append); ok { + result["active-connection-id-limit"], _ = expandFirewallAccessProxyApiGatewayQuicActiveConnectionIdLimit(d, i["active_connection_id_limit"], pre_append, sv) + } + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := d.GetOk(pre_append); ok { + result["ack-delay-exponent"], _ = expandFirewallAccessProxyApiGatewayQuicAckDelayExponent(d, i["ack_delay_exponent"], pre_append, sv) + } + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := d.GetOk(pre_append); ok { + result["max-ack-delay"], _ = expandFirewallAccessProxyApiGatewayQuicMaxAckDelay(d, i["max_ack_delay"], pre_append, sv) + } + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-datagram-frame-size"], _ = expandFirewallAccessProxyApiGatewayQuicMaxDatagramFrameSize(d, i["max_datagram_frame_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_migration" + if _, ok := d.GetOk(pre_append); ok { + result["active-migration"], _ = expandFirewallAccessProxyApiGatewayQuicActiveMigration(d, i["active_migration"], pre_append, sv) + } + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := d.GetOk(pre_append); ok { + result["grease-quic-bit"], _ = expandFirewallAccessProxyApiGatewayQuicGreaseQuicBit(d, i["grease_quic_bit"], pre_append, sv) + } + + return result, nil +} + +func expandFirewallAccessProxyApiGatewayQuicMaxIdleTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicMaxUdpPayloadSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicActiveConnectionIdLimit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicAckDelayExponent(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicMaxAckDelay(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicMaxDatagramFrameSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicActiveMigration(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGatewayQuicGreaseQuicBit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallAccessProxyApiGatewayRealservers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -2854,6 +3324,23 @@ func expandFirewallAccessProxyApiGateway6(d *schema.ResourceData, v interface{}, tmp["url-map-type"], _ = expandFirewallAccessProxyApiGateway6UrlMapType(d, i["url_map_type"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h2-support"], _ = expandFirewallAccessProxyApiGateway6H2Support(d, i["h2_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h3-support"], _ = expandFirewallAccessProxyApiGateway6H3Support(d, i["h3_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := d.GetOk(pre_append); ok { + tmp["quic"], _ = expandFirewallAccessProxyApiGateway6Quic(d, i["quic"], pre_append, sv) + } else { + tmp["quic"] = make([]string, 0) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { tmp["realservers"], _ = expandFirewallAccessProxyApiGateway6Realservers(d, i["realservers"], pre_append, sv) @@ -2987,6 +3474,92 @@ func expandFirewallAccessProxyApiGateway6UrlMapType(d *schema.ResourceData, v in return v, nil } +func expandFirewallAccessProxyApiGateway6H2Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6H3Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6Quic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := d.GetOk(pre_append); ok { + result["max-idle-timeout"], _ = expandFirewallAccessProxyApiGateway6QuicMaxIdleTimeout(d, i["max_idle_timeout"], pre_append, sv) + } + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-udp-payload-size"], _ = expandFirewallAccessProxyApiGateway6QuicMaxUdpPayloadSize(d, i["max_udp_payload_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := d.GetOk(pre_append); ok { + result["active-connection-id-limit"], _ = expandFirewallAccessProxyApiGateway6QuicActiveConnectionIdLimit(d, i["active_connection_id_limit"], pre_append, sv) + } + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := d.GetOk(pre_append); ok { + result["ack-delay-exponent"], _ = expandFirewallAccessProxyApiGateway6QuicAckDelayExponent(d, i["ack_delay_exponent"], pre_append, sv) + } + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := d.GetOk(pre_append); ok { + result["max-ack-delay"], _ = expandFirewallAccessProxyApiGateway6QuicMaxAckDelay(d, i["max_ack_delay"], pre_append, sv) + } + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-datagram-frame-size"], _ = expandFirewallAccessProxyApiGateway6QuicMaxDatagramFrameSize(d, i["max_datagram_frame_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_migration" + if _, ok := d.GetOk(pre_append); ok { + result["active-migration"], _ = expandFirewallAccessProxyApiGateway6QuicActiveMigration(d, i["active_migration"], pre_append, sv) + } + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := d.GetOk(pre_append); ok { + result["grease-quic-bit"], _ = expandFirewallAccessProxyApiGateway6QuicGreaseQuicBit(d, i["grease_quic_bit"], pre_append, sv) + } + + return result, nil +} + +func expandFirewallAccessProxyApiGateway6QuicMaxIdleTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicMaxUdpPayloadSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicActiveConnectionIdLimit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicAckDelayExponent(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicMaxAckDelay(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicMaxDatagramFrameSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicActiveMigration(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxyApiGateway6QuicGreaseQuicBit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallAccessProxyApiGateway6Realservers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -3482,6 +4055,15 @@ func getObjectFirewallAccessProxy(d *schema.ResourceData, sv string) (*map[strin } } + if v, ok := d.GetOkExists("svr_pool_server_max_concurrent_request"); ok { + t, err := expandFirewallAccessProxySvrPoolServerMaxConcurrentRequest(d, v, "svr_pool_server_max_concurrent_request", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["svr-pool-server-max-concurrent-request"] = t + } + } + if v, ok := d.GetOk("decrypted_traffic_mirror"); ok { t, err := expandFirewallAccessProxyDecryptedTrafficMirror(d, v, "decrypted_traffic_mirror", sv) if err != nil { diff --git a/fortios/resource_firewall_accessproxy6.go b/fortios/resource_firewall_accessproxy6.go index 8524c4d36..6367b48c1 100644 --- a/fortios/resource_firewall_accessproxy6.go +++ b/fortios/resource_firewall_accessproxy6.go @@ -103,6 +103,11 @@ func resourceFirewallAccessProxy6() *schema.Resource { Optional: true, Computed: true, }, + "svr_pool_server_max_concurrent_request": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "decrypted_traffic_mirror": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -146,6 +151,72 @@ func resourceFirewallAccessProxy6() *schema.Resource { Optional: true, Computed: true, }, + "h2_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "h3_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_idle_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60000), + Optional: true, + Computed: true, + }, + "max_udp_payload_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1200, 1500), + Optional: true, + Computed: true, + }, + "active_connection_id_limit": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, + "ack_delay_exponent": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 20), + Optional: true, + Computed: true, + }, + "max_ack_delay": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 16383), + Optional: true, + Computed: true, + }, + "max_datagram_frame_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 1500), + Optional: true, + Computed: true, + }, + "active_migration": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "grease_quic_bit": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, "realservers": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -431,6 +502,72 @@ func resourceFirewallAccessProxy6() *schema.Resource { Optional: true, Computed: true, }, + "h2_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "h3_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_idle_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60000), + Optional: true, + Computed: true, + }, + "max_udp_payload_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1200, 1500), + Optional: true, + Computed: true, + }, + "active_connection_id_limit": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, + "ack_delay_exponent": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 20), + Optional: true, + Computed: true, + }, + "max_ack_delay": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 16383), + Optional: true, + Computed: true, + }, + "max_datagram_frame_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 1500), + Optional: true, + Computed: true, + }, + "active_migration": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "grease_quic_bit": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, "realservers": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -866,6 +1003,10 @@ func flattenFirewallAccessProxy6SvrPoolServerMaxRequest(v interface{}, d *schema return v } +func flattenFirewallAccessProxy6SvrPoolServerMaxConcurrentRequest(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallAccessProxy6DecryptedTrafficMirror(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -924,6 +1065,21 @@ func flattenFirewallAccessProxy6ApiGateway(v interface{}, d *schema.ResourceData tmp["url_map_type"] = flattenFirewallAccessProxy6ApiGatewayUrlMapType(i["url-map-type"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := i["h2-support"]; ok { + tmp["h2_support"] = flattenFirewallAccessProxy6ApiGatewayH2Support(i["h2-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := i["h3-support"]; ok { + tmp["h3_support"] = flattenFirewallAccessProxy6ApiGatewayH3Support(i["h3-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := i["quic"]; ok { + tmp["quic"] = flattenFirewallAccessProxy6ApiGatewayQuic(i["quic"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := i["realservers"]; ok { tmp["realservers"] = flattenFirewallAccessProxy6ApiGatewayRealservers(i["realservers"], d, pre_append, sv) @@ -1052,6 +1208,99 @@ func flattenFirewallAccessProxy6ApiGatewayUrlMapType(v interface{}, d *schema.Re return v } +func flattenFirewallAccessProxy6ApiGatewayH2Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayH3Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuic(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := i["max-idle-timeout"]; ok { + result["max_idle_timeout"] = flattenFirewallAccessProxy6ApiGatewayQuicMaxIdleTimeout(i["max-idle-timeout"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := i["max-udp-payload-size"]; ok { + result["max_udp_payload_size"] = flattenFirewallAccessProxy6ApiGatewayQuicMaxUdpPayloadSize(i["max-udp-payload-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := i["active-connection-id-limit"]; ok { + result["active_connection_id_limit"] = flattenFirewallAccessProxy6ApiGatewayQuicActiveConnectionIdLimit(i["active-connection-id-limit"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := i["ack-delay-exponent"]; ok { + result["ack_delay_exponent"] = flattenFirewallAccessProxy6ApiGatewayQuicAckDelayExponent(i["ack-delay-exponent"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := i["max-ack-delay"]; ok { + result["max_ack_delay"] = flattenFirewallAccessProxy6ApiGatewayQuicMaxAckDelay(i["max-ack-delay"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := i["max-datagram-frame-size"]; ok { + result["max_datagram_frame_size"] = flattenFirewallAccessProxy6ApiGatewayQuicMaxDatagramFrameSize(i["max-datagram-frame-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_migration" + if _, ok := i["active-migration"]; ok { + result["active_migration"] = flattenFirewallAccessProxy6ApiGatewayQuicActiveMigration(i["active-migration"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := i["grease-quic-bit"]; ok { + result["grease_quic_bit"] = flattenFirewallAccessProxy6ApiGatewayQuicGreaseQuicBit(i["grease-quic-bit"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenFirewallAccessProxy6ApiGatewayQuicMaxIdleTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicMaxUdpPayloadSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicActiveConnectionIdLimit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicAckDelayExponent(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicMaxAckDelay(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicMaxDatagramFrameSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicActiveMigration(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGatewayQuicGreaseQuicBit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallAccessProxy6ApiGatewayRealservers(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -1523,6 +1772,21 @@ func flattenFirewallAccessProxy6ApiGateway6(v interface{}, d *schema.ResourceDat tmp["url_map_type"] = flattenFirewallAccessProxy6ApiGateway6UrlMapType(i["url-map-type"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := i["h2-support"]; ok { + tmp["h2_support"] = flattenFirewallAccessProxy6ApiGateway6H2Support(i["h2-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := i["h3-support"]; ok { + tmp["h3_support"] = flattenFirewallAccessProxy6ApiGateway6H3Support(i["h3-support"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := i["quic"]; ok { + tmp["quic"] = flattenFirewallAccessProxy6ApiGateway6Quic(i["quic"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := i["realservers"]; ok { tmp["realservers"] = flattenFirewallAccessProxy6ApiGateway6Realservers(i["realservers"], d, pre_append, sv) @@ -1651,6 +1915,99 @@ func flattenFirewallAccessProxy6ApiGateway6UrlMapType(v interface{}, d *schema.R return v } +func flattenFirewallAccessProxy6ApiGateway6H2Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6H3Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6Quic(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := i["max-idle-timeout"]; ok { + result["max_idle_timeout"] = flattenFirewallAccessProxy6ApiGateway6QuicMaxIdleTimeout(i["max-idle-timeout"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := i["max-udp-payload-size"]; ok { + result["max_udp_payload_size"] = flattenFirewallAccessProxy6ApiGateway6QuicMaxUdpPayloadSize(i["max-udp-payload-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := i["active-connection-id-limit"]; ok { + result["active_connection_id_limit"] = flattenFirewallAccessProxy6ApiGateway6QuicActiveConnectionIdLimit(i["active-connection-id-limit"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := i["ack-delay-exponent"]; ok { + result["ack_delay_exponent"] = flattenFirewallAccessProxy6ApiGateway6QuicAckDelayExponent(i["ack-delay-exponent"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := i["max-ack-delay"]; ok { + result["max_ack_delay"] = flattenFirewallAccessProxy6ApiGateway6QuicMaxAckDelay(i["max-ack-delay"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := i["max-datagram-frame-size"]; ok { + result["max_datagram_frame_size"] = flattenFirewallAccessProxy6ApiGateway6QuicMaxDatagramFrameSize(i["max-datagram-frame-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_migration" + if _, ok := i["active-migration"]; ok { + result["active_migration"] = flattenFirewallAccessProxy6ApiGateway6QuicActiveMigration(i["active-migration"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := i["grease-quic-bit"]; ok { + result["grease_quic_bit"] = flattenFirewallAccessProxy6ApiGateway6QuicGreaseQuicBit(i["grease-quic-bit"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenFirewallAccessProxy6ApiGateway6QuicMaxIdleTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicMaxUdpPayloadSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicActiveConnectionIdLimit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicAckDelayExponent(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicMaxAckDelay(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicMaxDatagramFrameSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicActiveMigration(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallAccessProxy6ApiGateway6QuicGreaseQuicBit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallAccessProxy6ApiGateway6Realservers(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -2155,6 +2512,12 @@ func refreshObjectFirewallAccessProxy6(d *schema.ResourceData, o map[string]inte } } + if err = d.Set("svr_pool_server_max_concurrent_request", flattenFirewallAccessProxy6SvrPoolServerMaxConcurrentRequest(o["svr-pool-server-max-concurrent-request"], d, "svr_pool_server_max_concurrent_request", sv)); err != nil { + if !fortiAPIPatch(o["svr-pool-server-max-concurrent-request"]) { + return fmt.Errorf("Error reading svr_pool_server_max_concurrent_request: %v", err) + } + } + if err = d.Set("decrypted_traffic_mirror", flattenFirewallAccessProxy6DecryptedTrafficMirror(o["decrypted-traffic-mirror"], d, "decrypted_traffic_mirror", sv)); err != nil { if !fortiAPIPatch(o["decrypted-traffic-mirror"]) { return fmt.Errorf("Error reading decrypted_traffic_mirror: %v", err) @@ -2254,6 +2617,10 @@ func expandFirewallAccessProxy6SvrPoolServerMaxRequest(d *schema.ResourceData, v return v, nil } +func expandFirewallAccessProxy6SvrPoolServerMaxConcurrentRequest(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallAccessProxy6DecryptedTrafficMirror(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2302,6 +2669,23 @@ func expandFirewallAccessProxy6ApiGateway(d *schema.ResourceData, v interface{}, tmp["url-map-type"], _ = expandFirewallAccessProxy6ApiGatewayUrlMapType(d, i["url_map_type"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h2-support"], _ = expandFirewallAccessProxy6ApiGatewayH2Support(d, i["h2_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h3-support"], _ = expandFirewallAccessProxy6ApiGatewayH3Support(d, i["h3_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := d.GetOk(pre_append); ok { + tmp["quic"], _ = expandFirewallAccessProxy6ApiGatewayQuic(d, i["quic"], pre_append, sv) + } else { + tmp["quic"] = make([]string, 0) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { tmp["realservers"], _ = expandFirewallAccessProxy6ApiGatewayRealservers(d, i["realservers"], pre_append, sv) @@ -2435,6 +2819,92 @@ func expandFirewallAccessProxy6ApiGatewayUrlMapType(d *schema.ResourceData, v in return v, nil } +func expandFirewallAccessProxy6ApiGatewayH2Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayH3Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := d.GetOk(pre_append); ok { + result["max-idle-timeout"], _ = expandFirewallAccessProxy6ApiGatewayQuicMaxIdleTimeout(d, i["max_idle_timeout"], pre_append, sv) + } + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-udp-payload-size"], _ = expandFirewallAccessProxy6ApiGatewayQuicMaxUdpPayloadSize(d, i["max_udp_payload_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := d.GetOk(pre_append); ok { + result["active-connection-id-limit"], _ = expandFirewallAccessProxy6ApiGatewayQuicActiveConnectionIdLimit(d, i["active_connection_id_limit"], pre_append, sv) + } + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := d.GetOk(pre_append); ok { + result["ack-delay-exponent"], _ = expandFirewallAccessProxy6ApiGatewayQuicAckDelayExponent(d, i["ack_delay_exponent"], pre_append, sv) + } + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := d.GetOk(pre_append); ok { + result["max-ack-delay"], _ = expandFirewallAccessProxy6ApiGatewayQuicMaxAckDelay(d, i["max_ack_delay"], pre_append, sv) + } + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-datagram-frame-size"], _ = expandFirewallAccessProxy6ApiGatewayQuicMaxDatagramFrameSize(d, i["max_datagram_frame_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_migration" + if _, ok := d.GetOk(pre_append); ok { + result["active-migration"], _ = expandFirewallAccessProxy6ApiGatewayQuicActiveMigration(d, i["active_migration"], pre_append, sv) + } + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := d.GetOk(pre_append); ok { + result["grease-quic-bit"], _ = expandFirewallAccessProxy6ApiGatewayQuicGreaseQuicBit(d, i["grease_quic_bit"], pre_append, sv) + } + + return result, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicMaxIdleTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicMaxUdpPayloadSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicActiveConnectionIdLimit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicAckDelayExponent(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicMaxAckDelay(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicMaxDatagramFrameSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicActiveMigration(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGatewayQuicGreaseQuicBit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallAccessProxy6ApiGatewayRealservers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -2854,6 +3324,23 @@ func expandFirewallAccessProxy6ApiGateway6(d *schema.ResourceData, v interface{} tmp["url-map-type"], _ = expandFirewallAccessProxy6ApiGateway6UrlMapType(d, i["url_map_type"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "h2_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h2-support"], _ = expandFirewallAccessProxy6ApiGateway6H2Support(d, i["h2_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "h3_support" + if _, ok := d.GetOk(pre_append); ok { + tmp["h3-support"], _ = expandFirewallAccessProxy6ApiGateway6H3Support(d, i["h3_support"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "quic" + if _, ok := d.GetOk(pre_append); ok { + tmp["quic"], _ = expandFirewallAccessProxy6ApiGateway6Quic(d, i["quic"], pre_append, sv) + } else { + tmp["quic"] = make([]string, 0) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "realservers" if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { tmp["realservers"], _ = expandFirewallAccessProxy6ApiGateway6Realservers(d, i["realservers"], pre_append, sv) @@ -2987,6 +3474,92 @@ func expandFirewallAccessProxy6ApiGateway6UrlMapType(d *schema.ResourceData, v i return v, nil } +func expandFirewallAccessProxy6ApiGateway6H2Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6H3Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6Quic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := d.GetOk(pre_append); ok { + result["max-idle-timeout"], _ = expandFirewallAccessProxy6ApiGateway6QuicMaxIdleTimeout(d, i["max_idle_timeout"], pre_append, sv) + } + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-udp-payload-size"], _ = expandFirewallAccessProxy6ApiGateway6QuicMaxUdpPayloadSize(d, i["max_udp_payload_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := d.GetOk(pre_append); ok { + result["active-connection-id-limit"], _ = expandFirewallAccessProxy6ApiGateway6QuicActiveConnectionIdLimit(d, i["active_connection_id_limit"], pre_append, sv) + } + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := d.GetOk(pre_append); ok { + result["ack-delay-exponent"], _ = expandFirewallAccessProxy6ApiGateway6QuicAckDelayExponent(d, i["ack_delay_exponent"], pre_append, sv) + } + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := d.GetOk(pre_append); ok { + result["max-ack-delay"], _ = expandFirewallAccessProxy6ApiGateway6QuicMaxAckDelay(d, i["max_ack_delay"], pre_append, sv) + } + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-datagram-frame-size"], _ = expandFirewallAccessProxy6ApiGateway6QuicMaxDatagramFrameSize(d, i["max_datagram_frame_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_migration" + if _, ok := d.GetOk(pre_append); ok { + result["active-migration"], _ = expandFirewallAccessProxy6ApiGateway6QuicActiveMigration(d, i["active_migration"], pre_append, sv) + } + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := d.GetOk(pre_append); ok { + result["grease-quic-bit"], _ = expandFirewallAccessProxy6ApiGateway6QuicGreaseQuicBit(d, i["grease_quic_bit"], pre_append, sv) + } + + return result, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicMaxIdleTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicMaxUdpPayloadSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicActiveConnectionIdLimit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicAckDelayExponent(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicMaxAckDelay(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicMaxDatagramFrameSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicActiveMigration(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallAccessProxy6ApiGateway6QuicGreaseQuicBit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallAccessProxy6ApiGateway6Realservers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -3482,6 +4055,15 @@ func getObjectFirewallAccessProxy6(d *schema.ResourceData, sv string) (*map[stri } } + if v, ok := d.GetOkExists("svr_pool_server_max_concurrent_request"); ok { + t, err := expandFirewallAccessProxy6SvrPoolServerMaxConcurrentRequest(d, v, "svr_pool_server_max_concurrent_request", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["svr-pool-server-max-concurrent-request"] = t + } + } + if v, ok := d.GetOk("decrypted_traffic_mirror"); ok { t, err := expandFirewallAccessProxy6DecryptedTrafficMirror(d, v, "decrypted_traffic_mirror", sv) if err != nil { diff --git a/fortios/resource_firewall_centralsnatmap_sort.go b/fortios/resource_firewall_centralsnatmap_sort.go index 8b6211ee4..0e63ff6ad 100644 --- a/fortios/resource_firewall_centralsnatmap_sort.go +++ b/fortios/resource_firewall_centralsnatmap_sort.go @@ -2,6 +2,7 @@ package fortios import ( "fmt" + "log" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -22,25 +23,86 @@ func resourceFirewallCentralsnatmapSort() *schema.Resource { "sortby": &schema.Schema{ Type: schema.TypeString, Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"policyid", "name"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"policyid\", \"name\"], got: \"%v\"", key, v)) + } + return + }, }, "sortdirection": &schema.Schema{ Type: schema.TypeString, Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"ascending", "descending", "manual"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"ascending\", \"descending\", \"manual\"], got: \"%v\"", key, v)) + } + return + }, + }, + "manual_order": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, }, "status": &schema.Schema{ Type: schema.TypeString, Optional: true, - Default: "", + Computed: true, }, "force_recreate": &schema.Schema{ Type: schema.TypeString, Optional: true, - ForceNew: true, + Computed: true, }, "comment": &schema.Schema{ Type: schema.TypeString, Optional: true, }, + "state_policy_list": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policyid": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, }, } } @@ -64,16 +126,21 @@ func resourceFirewallCentralsnatmapSortCreateUpdate(d *schema.ResourceData, m in sortby := d.Get("sortby").(string) sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } - if sortby != "policyid" { + if sortby != "policyid" && sortby != "name" { return fmt.Errorf("Unsupported sort type: " + sortby) } - if sortdirection != "ascending" && sortdirection != "descending" { + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { return fmt.Errorf("Unsupported sort direction: " + sortdirection) } - err := c.CreateUpdateFirewallCentralsnatmapSort(sortby, sortdirection, vdomparam) + err := c.CreateUpdateFirewallCentralsnatmapSort(sortby, sortdirection, vdomparam, manual_order) if err != nil { return fmt.Errorf("Error sorting FirewallCentralsnatmap: %s", err) } @@ -104,16 +171,21 @@ func resourceFirewallCentralsnatmapSortRead(d *schema.ResourceData, m interface{ sortby := d.Get("sortby").(string) sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } - if sortby != "policyid" { + if sortby != "policyid" && sortby != "name" { return fmt.Errorf("Unsupported sort type: " + sortby) } - if sortdirection != "ascending" && sortdirection != "descending" { + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { return fmt.Errorf("Unsupported sort direction: " + sortdirection) } - sorted, err := c.ReadFirewallCentralsnatmapSort(sortby, sortdirection, vdomparam) + sorted, o, err := c.ReadFirewallCentralsnatmapSort(sortby, sortdirection, vdomparam, manual_order) if err != nil { return fmt.Errorf("Error reading FirewallCentralsnatmap sort status: %s %s", err, mkey) } @@ -124,5 +196,15 @@ func resourceFirewallCentralsnatmapSortRead(d *schema.ResourceData, m interface{ d.Set("status", "") } + d.Set("force_recreate", "False") + + if o != nil { + if err := d.Set("state_policy_list", o); err != nil { + log.Printf("[WARN] Error reading Firewall Security Policy List for (%s): %s", d.Id(), err) + } + } else { + d.Set("state_policy_list", nil) + } + return nil } diff --git a/fortios/resource_firewall_interfacepolicy.go b/fortios/resource_firewall_interfacepolicy.go index 591619297..fb794948e 100644 --- a/fortios/resource_firewall_interfacepolicy.go +++ b/fortios/resource_firewall_interfacepolicy.go @@ -157,6 +157,17 @@ func resourceFirewallInterfacePolicy() *schema.Resource { Optional: true, Computed: true, }, + "casb_profile_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "emailfilter_profile_status": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -533,6 +544,14 @@ func flattenFirewallInterfacePolicyWebfilterProfile(v interface{}, d *schema.Res return v } +func flattenFirewallInterfacePolicyCasbProfileStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallInterfacePolicyCasbProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallInterfacePolicyEmailfilterProfileStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -720,6 +739,18 @@ func refreshObjectFirewallInterfacePolicy(d *schema.ResourceData, o map[string]i } } + if err = d.Set("casb_profile_status", flattenFirewallInterfacePolicyCasbProfileStatus(o["casb-profile-status"], d, "casb_profile_status", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile-status"]) { + return fmt.Errorf("Error reading casb_profile_status: %v", err) + } + } + + if err = d.Set("casb_profile", flattenFirewallInterfacePolicyCasbProfile(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("emailfilter_profile_status", flattenFirewallInterfacePolicyEmailfilterProfileStatus(o["emailfilter-profile-status"], d, "emailfilter_profile_status", sv)); err != nil { if !fortiAPIPatch(o["emailfilter-profile-status"]) { return fmt.Errorf("Error reading emailfilter_profile_status: %v", err) @@ -942,6 +973,14 @@ func expandFirewallInterfacePolicyWebfilterProfile(d *schema.ResourceData, v int return v, nil } +func expandFirewallInterfacePolicyCasbProfileStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallInterfacePolicyCasbProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallInterfacePolicyEmailfilterProfileStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1147,6 +1186,24 @@ func getObjectFirewallInterfacePolicy(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("casb_profile_status"); ok { + t, err := expandFirewallInterfacePolicyCasbProfileStatus(d, v, "casb_profile_status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile-status"] = t + } + } + + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallInterfacePolicyCasbProfile(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } + if v, ok := d.GetOk("emailfilter_profile_status"); ok { t, err := expandFirewallInterfacePolicyEmailfilterProfileStatus(d, v, "emailfilter_profile_status", sv) if err != nil { diff --git a/fortios/resource_firewall_interfacepolicy6.go b/fortios/resource_firewall_interfacepolicy6.go index 39ebc95ed..a1a14a624 100644 --- a/fortios/resource_firewall_interfacepolicy6.go +++ b/fortios/resource_firewall_interfacepolicy6.go @@ -157,6 +157,17 @@ func resourceFirewallInterfacePolicy6() *schema.Resource { Optional: true, Computed: true, }, + "casb_profile_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "emailfilter_profile_status": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -533,6 +544,14 @@ func flattenFirewallInterfacePolicy6WebfilterProfile(v interface{}, d *schema.Re return v } +func flattenFirewallInterfacePolicy6CasbProfileStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallInterfacePolicy6CasbProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallInterfacePolicy6EmailfilterProfileStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -720,6 +739,18 @@ func refreshObjectFirewallInterfacePolicy6(d *schema.ResourceData, o map[string] } } + if err = d.Set("casb_profile_status", flattenFirewallInterfacePolicy6CasbProfileStatus(o["casb-profile-status"], d, "casb_profile_status", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile-status"]) { + return fmt.Errorf("Error reading casb_profile_status: %v", err) + } + } + + if err = d.Set("casb_profile", flattenFirewallInterfacePolicy6CasbProfile(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("emailfilter_profile_status", flattenFirewallInterfacePolicy6EmailfilterProfileStatus(o["emailfilter-profile-status"], d, "emailfilter_profile_status", sv)); err != nil { if !fortiAPIPatch(o["emailfilter-profile-status"]) { return fmt.Errorf("Error reading emailfilter_profile_status: %v", err) @@ -942,6 +973,14 @@ func expandFirewallInterfacePolicy6WebfilterProfile(d *schema.ResourceData, v in return v, nil } +func expandFirewallInterfacePolicy6CasbProfileStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallInterfacePolicy6CasbProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallInterfacePolicy6EmailfilterProfileStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1147,6 +1186,24 @@ func getObjectFirewallInterfacePolicy6(d *schema.ResourceData, sv string) (*map[ } } + if v, ok := d.GetOk("casb_profile_status"); ok { + t, err := expandFirewallInterfacePolicy6CasbProfileStatus(d, v, "casb_profile_status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile-status"] = t + } + } + + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallInterfacePolicy6CasbProfile(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } + if v, ok := d.GetOk("emailfilter_profile_status"); ok { t, err := expandFirewallInterfacePolicy6EmailfilterProfileStatus(d, v, "emailfilter_profile_status", sv) if err != nil { diff --git a/fortios/resource_firewall_policy.go b/fortios/resource_firewall_policy.go index 2edc4c576..65f5f099f 100644 --- a/fortios/resource_firewall_policy.go +++ b/fortios/resource_firewall_policy.go @@ -764,6 +764,11 @@ func resourceFirewallPolicy() *schema.Resource { ValidateFunc: validation.StringLenBetween(0, 35), Optional: true, }, + "virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + }, "icap_profile": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -789,6 +794,11 @@ func resourceFirewallPolicy() *schema.Resource { ValidateFunc: validation.StringLenBetween(0, 35), Optional: true, }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + }, "profile_protocol_options": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -3110,6 +3120,10 @@ func flattenFirewallPolicySctpFilterProfile(v interface{}, d *schema.ResourceDat return v } +func flattenFirewallPolicyVirtualPatchProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallPolicyIcapProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3130,6 +3144,10 @@ func flattenFirewallPolicySshFilterProfile(v interface{}, d *schema.ResourceData return v } +func flattenFirewallPolicyCasbProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallPolicyProfileProtocolOptions(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4958,6 +4976,12 @@ func refreshObjectFirewallPolicy(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("virtual_patch_profile", flattenFirewallPolicyVirtualPatchProfile(o["virtual-patch-profile"], d, "virtual_patch_profile", sv)); err != nil { + if !fortiAPIPatch(o["virtual-patch-profile"]) { + return fmt.Errorf("Error reading virtual_patch_profile: %v", err) + } + } + if err = d.Set("icap_profile", flattenFirewallPolicyIcapProfile(o["icap-profile"], d, "icap_profile", sv)); err != nil { if !fortiAPIPatch(o["icap-profile"]) { return fmt.Errorf("Error reading icap_profile: %v", err) @@ -4988,6 +5012,12 @@ func refreshObjectFirewallPolicy(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("casb_profile", flattenFirewallPolicyCasbProfile(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("profile_protocol_options", flattenFirewallPolicyProfileProtocolOptions(o["profile-protocol-options"], d, "profile_protocol_options", sv)); err != nil { if !fortiAPIPatch(o["profile-protocol-options"]) { return fmt.Errorf("Error reading profile_protocol_options: %v", err) @@ -6964,6 +6994,10 @@ func expandFirewallPolicySctpFilterProfile(d *schema.ResourceData, v interface{} return v, nil } +func expandFirewallPolicyVirtualPatchProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallPolicyIcapProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -6984,6 +7018,10 @@ func expandFirewallPolicySshFilterProfile(d *schema.ResourceData, v interface{}, return v, nil } +func expandFirewallPolicyCasbProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallPolicyProfileProtocolOptions(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8621,6 +8659,17 @@ func getObjectFirewallPolicy(d *schema.ResourceData, sv string) (*map[string]int obj["sctp-filter-profile"] = nil } + if v, ok := d.GetOk("virtual_patch_profile"); ok { + t, err := expandFirewallPolicyVirtualPatchProfile(d, v, "virtual_patch_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["virtual-patch-profile"] = t + } + } else if d.HasChange("virtual_patch_profile") { + obj["virtual-patch-profile"] = nil + } + if v, ok := d.GetOk("icap_profile"); ok { t, err := expandFirewallPolicyIcapProfile(d, v, "icap_profile", sv) if err != nil { @@ -8676,6 +8725,17 @@ func getObjectFirewallPolicy(d *schema.ResourceData, sv string) (*map[string]int obj["ssh-filter-profile"] = nil } + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallPolicyCasbProfile(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } else if d.HasChange("casb_profile") { + obj["casb-profile"] = nil + } + if v, ok := d.GetOk("profile_protocol_options"); ok { t, err := expandFirewallPolicyProfileProtocolOptions(d, v, "profile_protocol_options", sv) if err != nil { diff --git a/fortios/resource_firewall_policy_move.go b/fortios/resource_firewall_policy_move.go new file mode 100644 index 000000000..2e092b130 --- /dev/null +++ b/fortios/resource_firewall_policy_move.go @@ -0,0 +1,170 @@ +package fortios + +import ( + "fmt" + "strconv" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceFirewallPolicyMove() *schema.Resource { + return &schema.Resource{ + Create: resourceFirewallPolicyMoveCreateUpdate, + Read: resourceFirewallPolicyMoveRead, + Update: resourceFirewallPolicyMoveCreateUpdate, + Delete: schema.Noop, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "policyid_src": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "policyid_dst": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "move": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "state_policy_srcdst_pos": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + }, + "comment": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + }, + } +} + +func resourceFirewallPolicyMoveCreateUpdate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + srcIdPatch := d.Get("policyid_src").(int) + dstIdPatch := d.Get("policyid_dst").(int) + mv := d.Get("move").(string) + + srcId := strconv.Itoa(srcIdPatch) + dstId := strconv.Itoa(dstIdPatch) + + if mv != "before" && mv != "after" { + return fmt.Errorf(" param should be only 'after' or 'before'") + } + + err := c.CreateUpdateFirewallPolicyMove(srcId, dstId, mv, vdomparam) + if err != nil { + return fmt.Errorf("Error Altering FirewallPolicy Moveuence: %s", err) + } + + d.SetId(srcId) + + return resourceFirewallPolicyMoveRead(d, m) +} + +func resourceFirewallPolicyMoveRead(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + sid := d.Get("policyid_src").(int) + did := d.Get("policyid_dst").(int) + action := d.Get("move").(string) + + o, err := c.GetFirewallPolicyList(vdomparam) + if err != nil { + return fmt.Errorf("Error reading FirewallPolicy List: %s", err) + } + + if o != nil { + i := 1 + now_sid := -1 + now_did := -1 + + for _, z := range o { + idn := z.Policyid + if idn == strconv.Itoa(d.Get("policyid_src").(int)) { + now_sid = i + } + + if idn == strconv.Itoa(d.Get("policyid_dst").(int)) { + now_did = i + } + + i += 1 + } + + state_policy_srcdst_pos := "" + + if now_sid == -1 || now_did == -1 { + if now_sid == -1 && now_did == -1 { + state_policy_srcdst_pos = "FirewallPolicy with policyid_src(" + strconv.Itoa(sid) + ") and policyid_dst(" + strconv.Itoa(did) + ") were deleted" + } else if now_sid == -1 { + state_policy_srcdst_pos = "FirewallPolicy with policyid_src(" + strconv.Itoa(sid) + ") was deleted" + } else if now_did == -1 { + state_policy_srcdst_pos = "FirewallPolicy with policyid_dst(" + strconv.Itoa(did) + ") was deleted" + } + } else { + bconsistent := true + if action == "before" { + if now_sid != now_did-1 { + bconsistent = false + } + } + + if action == "after" { + if now_sid != now_did+1 { + bconsistent = false + } + } + + if bconsistent == false { + relative_pos := now_sid - now_did + + if relative_pos > 0 { + state_policy_srcdst_pos = "FirewallPolicy with policyid_src(" + strconv.Itoa(sid) + ") is " + strconv.Itoa(relative_pos) + " behind FirewallPolicy with policyid_dst(" + strconv.Itoa(did) + ")" + } else { + state_policy_srcdst_pos = "FirewallPolicy with policyid_src(" + strconv.Itoa(sid) + ") is " + strconv.Itoa(-relative_pos) + " ahead of FirewallPolicy with policyid_dst(" + strconv.Itoa(did) + ")" + } + } + } + + d.Set("state_policy_srcdst_pos", state_policy_srcdst_pos) + + } + + return nil +} diff --git a/fortios/resource_firewall_policy_sort.go b/fortios/resource_firewall_policy_sort.go new file mode 100644 index 000000000..af487bfea --- /dev/null +++ b/fortios/resource_firewall_policy_sort.go @@ -0,0 +1,210 @@ +package fortios + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceFirewallPolicySort() *schema.Resource { + return &schema.Resource{ + Create: resourceFirewallPolicySortCreateUpdate, + Read: resourceFirewallPolicySortRead, + Update: resourceFirewallPolicySortCreateUpdate, + Delete: schema.Noop, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "sortby": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"policyid", "name"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"policyid\", \"name\"], got: \"%v\"", key, v)) + } + return + }, + }, + "sortdirection": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"ascending", "descending", "manual"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"ascending\", \"descending\", \"manual\"], got: \"%v\"", key, v)) + } + return + }, + }, + "manual_order": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "force_recreate": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "comment": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "state_policy_list": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policyid": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + } +} + +func resourceFirewallPolicySortCreateUpdate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + sortby := d.Get("sortby").(string) + sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } + + if sortby != "policyid" && sortby != "name" { + return fmt.Errorf("Unsupported sort type: " + sortby) + } + + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { + return fmt.Errorf("Unsupported sort direction: " + sortdirection) + } + + err := c.CreateUpdateFirewallPolicySort(sortby, sortdirection, vdomparam, manual_order) + if err != nil { + return fmt.Errorf("Error sorting FirewallPolicy: %s", err) + } + + d.SetId(sortby + sortdirection) + + return resourceFirewallPolicySortRead(d, m) +} + +func resourceFirewallPolicySortRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + sortby := d.Get("sortby").(string) + sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } + + if sortby != "policyid" && sortby != "name" { + return fmt.Errorf("Unsupported sort type: " + sortby) + } + + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { + return fmt.Errorf("Unsupported sort direction: " + sortdirection) + } + + sorted, o, err := c.ReadFirewallPolicySort(sortby, sortdirection, vdomparam, manual_order) + if err != nil { + return fmt.Errorf("Error reading FirewallPolicy sort status: %s %s", err, mkey) + } + + if sorted == false { + d.Set("status", "unsorted") + } else { + d.Set("status", "") + } + + d.Set("force_recreate", "False") + + if o != nil { + if err := d.Set("state_policy_list", o); err != nil { + log.Printf("[WARN] Error reading Firewall Security Policy List for (%s): %s", d.Id(), err) + } + } else { + d.Set("state_policy_list", nil) + } + + return nil +} diff --git a/fortios/resource_firewall_profilegroup.go b/fortios/resource_firewall_profilegroup.go index 74005dbec..047b66554 100644 --- a/fortios/resource_firewall_profilegroup.go +++ b/fortios/resource_firewall_profilegroup.go @@ -118,6 +118,12 @@ func resourceFirewallProfileGroup() *schema.Resource { Optional: true, Computed: true, }, + "virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "icap_profile": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -148,6 +154,12 @@ func resourceFirewallProfileGroup() *schema.Resource { Optional: true, Computed: true, }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "profile_protocol_options": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -341,6 +353,10 @@ func flattenFirewallProfileGroupSctpFilterProfile(v interface{}, d *schema.Resou return v } +func flattenFirewallProfileGroupVirtualPatchProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallProfileGroupIcapProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -361,6 +377,10 @@ func flattenFirewallProfileGroupSshFilterProfile(v interface{}, d *schema.Resour return v } +func flattenFirewallProfileGroupCasbProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallProfileGroupProfileProtocolOptions(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -456,6 +476,12 @@ func refreshObjectFirewallProfileGroup(d *schema.ResourceData, o map[string]inte } } + if err = d.Set("virtual_patch_profile", flattenFirewallProfileGroupVirtualPatchProfile(o["virtual-patch-profile"], d, "virtual_patch_profile", sv)); err != nil { + if !fortiAPIPatch(o["virtual-patch-profile"]) { + return fmt.Errorf("Error reading virtual_patch_profile: %v", err) + } + } + if err = d.Set("icap_profile", flattenFirewallProfileGroupIcapProfile(o["icap-profile"], d, "icap_profile", sv)); err != nil { if !fortiAPIPatch(o["icap-profile"]) { return fmt.Errorf("Error reading icap_profile: %v", err) @@ -486,6 +512,12 @@ func refreshObjectFirewallProfileGroup(d *schema.ResourceData, o map[string]inte } } + if err = d.Set("casb_profile", flattenFirewallProfileGroupCasbProfile(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("profile_protocol_options", flattenFirewallProfileGroupProfileProtocolOptions(o["profile-protocol-options"], d, "profile_protocol_options", sv)); err != nil { if !fortiAPIPatch(o["profile-protocol-options"]) { return fmt.Errorf("Error reading profile_protocol_options: %v", err) @@ -563,6 +595,10 @@ func expandFirewallProfileGroupSctpFilterProfile(d *schema.ResourceData, v inter return v, nil } +func expandFirewallProfileGroupVirtualPatchProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallProfileGroupIcapProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -583,6 +619,10 @@ func expandFirewallProfileGroupSshFilterProfile(d *schema.ResourceData, v interf return v, nil } +func expandFirewallProfileGroupCasbProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallProfileGroupProfileProtocolOptions(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -720,6 +760,15 @@ func getObjectFirewallProfileGroup(d *schema.ResourceData, sv string) (*map[stri } } + if v, ok := d.GetOk("virtual_patch_profile"); ok { + t, err := expandFirewallProfileGroupVirtualPatchProfile(d, v, "virtual_patch_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["virtual-patch-profile"] = t + } + } + if v, ok := d.GetOk("icap_profile"); ok { t, err := expandFirewallProfileGroupIcapProfile(d, v, "icap_profile", sv) if err != nil { @@ -765,6 +814,15 @@ func getObjectFirewallProfileGroup(d *schema.ResourceData, sv string) (*map[stri } } + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallProfileGroupCasbProfile(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } + if v, ok := d.GetOk("profile_protocol_options"); ok { t, err := expandFirewallProfileGroupProfileProtocolOptions(d, v, "profile_protocol_options", sv) if err != nil { diff --git a/fortios/resource_firewall_proxypolicy.go b/fortios/resource_firewall_proxypolicy.go index 224de1a9d..09d61b2f7 100644 --- a/fortios/resource_firewall_proxypolicy.go +++ b/fortios/resource_firewall_proxypolicy.go @@ -564,6 +564,12 @@ func resourceFirewallProxyPolicy() *schema.Resource { Optional: true, Computed: true, }, + "virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "icap_profile": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -594,6 +600,12 @@ func resourceFirewallProxyPolicy() *schema.Resource { Optional: true, Computed: true, }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "profile_protocol_options": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -655,6 +667,11 @@ func resourceFirewallProxyPolicy() *schema.Resource { Optional: true, Computed: true, }, + "detect_https_in_http_request": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1878,6 +1895,10 @@ func flattenFirewallProxyPolicySctpFilterProfile(v interface{}, d *schema.Resour return v } +func flattenFirewallProxyPolicyVirtualPatchProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallProxyPolicyIcapProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1898,6 +1919,10 @@ func flattenFirewallProxyPolicySshFilterProfile(v interface{}, d *schema.Resourc return v } +func flattenFirewallProxyPolicyCasbProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallProxyPolicyProfileProtocolOptions(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1942,6 +1967,10 @@ func flattenFirewallProxyPolicyDecryptedTrafficMirror(v interface{}, d *schema.R return v } +func flattenFirewallProxyPolicyDetectHttpsInHttpRequest(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -2549,6 +2578,12 @@ func refreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[string]inter } } + if err = d.Set("virtual_patch_profile", flattenFirewallProxyPolicyVirtualPatchProfile(o["virtual-patch-profile"], d, "virtual_patch_profile", sv)); err != nil { + if !fortiAPIPatch(o["virtual-patch-profile"]) { + return fmt.Errorf("Error reading virtual_patch_profile: %v", err) + } + } + if err = d.Set("icap_profile", flattenFirewallProxyPolicyIcapProfile(o["icap-profile"], d, "icap_profile", sv)); err != nil { if !fortiAPIPatch(o["icap-profile"]) { return fmt.Errorf("Error reading icap_profile: %v", err) @@ -2579,6 +2614,12 @@ func refreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[string]inter } } + if err = d.Set("casb_profile", flattenFirewallProxyPolicyCasbProfile(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("profile_protocol_options", flattenFirewallProxyPolicyProfileProtocolOptions(o["profile-protocol-options"], d, "profile_protocol_options", sv)); err != nil { if !fortiAPIPatch(o["profile-protocol-options"]) { return fmt.Errorf("Error reading profile_protocol_options: %v", err) @@ -2645,6 +2686,12 @@ func refreshObjectFirewallProxyPolicy(d *schema.ResourceData, o map[string]inter } } + if err = d.Set("detect_https_in_http_request", flattenFirewallProxyPolicyDetectHttpsInHttpRequest(o["detect-https-in-http-request"], d, "detect_https_in_http_request", sv)); err != nil { + if !fortiAPIPatch(o["detect-https-in-http-request"]) { + return fmt.Errorf("Error reading detect_https_in_http_request: %v", err) + } + } + return nil } @@ -3500,6 +3547,10 @@ func expandFirewallProxyPolicySctpFilterProfile(d *schema.ResourceData, v interf return v, nil } +func expandFirewallProxyPolicyVirtualPatchProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallProxyPolicyIcapProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3520,6 +3571,10 @@ func expandFirewallProxyPolicySshFilterProfile(d *schema.ResourceData, v interfa return v, nil } +func expandFirewallProxyPolicyCasbProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallProxyPolicyProfileProtocolOptions(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3564,6 +3619,10 @@ func expandFirewallProxyPolicyDecryptedTrafficMirror(d *schema.ResourceData, v i return v, nil } +func expandFirewallProxyPolicyDetectHttpsInHttpRequest(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectFirewallProxyPolicy(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -4134,6 +4193,15 @@ func getObjectFirewallProxyPolicy(d *schema.ResourceData, sv string) (*map[strin } } + if v, ok := d.GetOk("virtual_patch_profile"); ok { + t, err := expandFirewallProxyPolicyVirtualPatchProfile(d, v, "virtual_patch_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["virtual-patch-profile"] = t + } + } + if v, ok := d.GetOk("icap_profile"); ok { t, err := expandFirewallProxyPolicyIcapProfile(d, v, "icap_profile", sv) if err != nil { @@ -4179,6 +4247,15 @@ func getObjectFirewallProxyPolicy(d *schema.ResourceData, sv string) (*map[strin } } + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallProxyPolicyCasbProfile(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } + if v, ok := d.GetOk("profile_protocol_options"); ok { t, err := expandFirewallProxyPolicyProfileProtocolOptions(d, v, "profile_protocol_options", sv) if err != nil { @@ -4278,5 +4355,14 @@ func getObjectFirewallProxyPolicy(d *schema.ResourceData, sv string) (*map[strin } } + if v, ok := d.GetOk("detect_https_in_http_request"); ok { + t, err := expandFirewallProxyPolicyDetectHttpsInHttpRequest(d, v, "detect_https_in_http_request", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["detect-https-in-http-request"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_firewall_proxypolicy_sort.go b/fortios/resource_firewall_proxypolicy_sort.go index 9cdc156bb..9aa023b6f 100644 --- a/fortios/resource_firewall_proxypolicy_sort.go +++ b/fortios/resource_firewall_proxypolicy_sort.go @@ -2,6 +2,7 @@ package fortios import ( "fmt" + "log" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) @@ -22,25 +23,86 @@ func resourceFirewallProxypolicySort() *schema.Resource { "sortby": &schema.Schema{ Type: schema.TypeString, Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"policyid", "name"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"policyid\", \"name\"], got: \"%v\"", key, v)) + } + return + }, }, "sortdirection": &schema.Schema{ Type: schema.TypeString, Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"ascending", "descending", "manual"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"ascending\", \"descending\", \"manual\"], got: \"%v\"", key, v)) + } + return + }, + }, + "manual_order": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, }, "status": &schema.Schema{ Type: schema.TypeString, Optional: true, - Default: "", + Computed: true, }, "force_recreate": &schema.Schema{ Type: schema.TypeString, Optional: true, - ForceNew: true, + Computed: true, }, "comment": &schema.Schema{ Type: schema.TypeString, Optional: true, }, + "state_policy_list": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policyid": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, }, } } @@ -64,16 +126,21 @@ func resourceFirewallProxypolicySortCreateUpdate(d *schema.ResourceData, m inter sortby := d.Get("sortby").(string) sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } - if sortby != "policyid" { + if sortby != "policyid" && sortby != "name" { return fmt.Errorf("Unsupported sort type: " + sortby) } - if sortdirection != "ascending" && sortdirection != "descending" { + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { return fmt.Errorf("Unsupported sort direction: " + sortdirection) } - err := c.CreateUpdateFirewallProxypolicySort(sortby, sortdirection, vdomparam) + err := c.CreateUpdateFirewallProxypolicySort(sortby, sortdirection, vdomparam, manual_order) if err != nil { return fmt.Errorf("Error sorting FirewallProxypolicy: %s", err) } @@ -104,16 +171,21 @@ func resourceFirewallProxypolicySortRead(d *schema.ResourceData, m interface{}) sortby := d.Get("sortby").(string) sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } - if sortby != "policyid" { + if sortby != "policyid" && sortby != "name" { return fmt.Errorf("Unsupported sort type: " + sortby) } - if sortdirection != "ascending" && sortdirection != "descending" { + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { return fmt.Errorf("Unsupported sort direction: " + sortdirection) } - sorted, err := c.ReadFirewallProxypolicySort(sortby, sortdirection, vdomparam) + sorted, o, err := c.ReadFirewallProxypolicySort(sortby, sortdirection, vdomparam, manual_order) if err != nil { return fmt.Errorf("Error reading FirewallProxypolicy sort status: %s %s", err, mkey) } @@ -124,5 +196,15 @@ func resourceFirewallProxypolicySortRead(d *schema.ResourceData, m interface{}) d.Set("status", "") } + d.Set("force_recreate", "False") + + if o != nil { + if err := d.Set("state_policy_list", o); err != nil { + log.Printf("[WARN] Error reading Firewall Security Policy List for (%s): %s", d.Id(), err) + } + } else { + d.Set("state_policy_list", nil) + } + return nil } diff --git a/fortios/resource_firewall_security_policy.go b/fortios/resource_firewall_security_policy.go index 1b8bb0258..1b5c90de2 100644 --- a/fortios/resource_firewall_security_policy.go +++ b/fortios/resource_firewall_security_policy.go @@ -11,10 +11,11 @@ import ( func resourceFirewallSecurityPolicy1() *schema.Resource { return &schema.Resource{ - Create: resourceFirewallSecurityPolicyCreate1, - Read: resourceFirewallSecurityPolicyRead1, - Update: resourceFirewallSecurityPolicyUpdate1, - Delete: resourceFirewallSecurityPolicyDelete1, + Create: resourceFirewallSecurityPolicyCreate1, + Read: resourceFirewallSecurityPolicyRead1, + Update: resourceFirewallSecurityPolicyUpdate1, + Delete: resourceFirewallSecurityPolicyDelete1, + DeprecationMessage: "This resource will be deprecated after 3 releases from v1.18.0, use fortios_firewall_policy resource instead.", Importer: &schema.ResourceImporter{ State: schema.ImportStatePassthrough, diff --git a/fortios/resource_firewall_security_policyseq.go b/fortios/resource_firewall_security_policyseq.go index 56af0d9a7..2a4690ca6 100644 --- a/fortios/resource_firewall_security_policyseq.go +++ b/fortios/resource_firewall_security_policyseq.go @@ -8,12 +8,13 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -func resourceFirewallSecurityPolicySeq() *schema.Resource { +func resourceFirewallPolicyOldvSeq() *schema.Resource { return &schema.Resource{ - Create: resourceFirewallSecurityPolicySeqCreateUpdate, - Read: resourceFirewallSecurityPolicySeqRead, - Update: resourceFirewallSecurityPolicySeqCreateUpdate, - Delete: resourceFirewallSecurityPolicySeqDel, + Create: resourceFirewallPolicyOldvSeqCreateUpdate, + Read: resourceFirewallPolicyOldvSeqRead, + Update: resourceFirewallPolicyOldvSeqCreateUpdate, + Delete: resourceFirewallPolicyOldvSeqDel, + DeprecationMessage: "This resource will be deprecated after 3 releases from v1.18.0, use fortios_firewall_policy_move resource instead.", Schema: map[string]*schema.Schema{ "vdomparam": &schema.Schema{ @@ -74,7 +75,7 @@ func resourceFirewallSecurityPolicySeq() *schema.Resource { } } -func resourceFirewallSecurityPolicySeqCreateUpdate(d *schema.ResourceData, m interface{}) error { +func resourceFirewallPolicyOldvSeqCreateUpdate(d *schema.ResourceData, m interface{}) error { c := m.(*FortiClient).Client if c == nil { @@ -102,28 +103,28 @@ func resourceFirewallSecurityPolicySeqCreateUpdate(d *schema.ResourceData, m int return fmt.Errorf(" param should be only 'after' or 'before'") } - err := c.CreateUpdateFirewallSecurityPolicySeq(srcId, dstId, alterPos, vdomparam) + err := c.CreateUpdateFirewallPolicyOldvSeq(srcId, dstId, alterPos, vdomparam) if err != nil { - return fmt.Errorf("Error Altering Firewall Security Policy Sequence: %s", err) + return fmt.Errorf("Error Altering Firewall Policy Sequence: %s", err) } d.SetId(srcId) - return resourceFirewallSecurityPolicySeqRead(d, m) + return resourceFirewallPolicyOldvSeqRead(d, m) } // Not suitable operation -func resourceFirewallSecurityPolicySeqDel(d *schema.ResourceData, m interface{}) error { +func resourceFirewallPolicyOldvSeqDel(d *schema.ResourceData, m interface{}) error { c := m.(*FortiClient).Client if c == nil { return fmt.Errorf("FortiOS connection did not initialize successfully!") } - return c.DelFirewallSecurityPolicySeq() + return c.DelFirewallPolicyOldvSeq() } -func resourceFirewallSecurityPolicySeqRead(d *schema.ResourceData, m interface{}) error { +func resourceFirewallPolicyOldvSeqRead(d *schema.ResourceData, m interface{}) error { enable_state_checking := d.Get("enable_state_checking").(bool) if enable_state_checking == false { @@ -151,9 +152,9 @@ func resourceFirewallSecurityPolicySeqRead(d *schema.ResourceData, m interface{} did := d.Get("policy_dst_id").(int) action := d.Get("alter_position").(string) - o, err := c.GetSecurityPolicyList(vdomparam) + o, err := c.GetPolicyList(vdomparam) if err != nil { - return fmt.Errorf("Error reading Firewall Security Policy List: %s", err) + return fmt.Errorf("Error reading Firewall Policy List: %s", err) } if o != nil { @@ -185,7 +186,7 @@ func resourceFirewallSecurityPolicySeqRead(d *schema.ResourceData, m interface{} } if err := d.Set("state_policy_list", items); err != nil { - log.Printf("[WARN] Error reading Firewall Security Policy List for (%s): %s", d.Id(), err) + log.Printf("[WARN] Error reading Firewall Policy List for (%s): %s", d.Id(), err) } state_policy_srcdst_pos := "" diff --git a/fortios/resource_firewall_security_policysort.go b/fortios/resource_firewall_security_policysort.go index 188d8e4b3..689436c7a 100644 --- a/fortios/resource_firewall_security_policysort.go +++ b/fortios/resource_firewall_security_policysort.go @@ -8,12 +8,13 @@ import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) -func resourceFirewallSecurityPolicySort() *schema.Resource { +func resourceFirewallPolicyOldvSort() *schema.Resource { return &schema.Resource{ - Create: resourceFirewallSecurityPolicySortCreateUpdate, - Read: resourceFirewallSecurityPolicySortRead, - Update: resourceFirewallSecurityPolicySortCreateUpdate, - Delete: schema.Noop, + Create: resourceFirewallPolicyOldvSortCreateUpdate, + Read: resourceFirewallPolicyOldvSortRead, + Update: resourceFirewallPolicyOldvSortCreateUpdate, + Delete: schema.Noop, + DeprecationMessage: "This resource will be deprecated after 3 releases from v1.18.0, use fortios_firewall_policy_sort resource instead.", Schema: map[string]*schema.Schema{ "vdomparam": &schema.Schema{ @@ -32,7 +33,7 @@ func resourceFirewallSecurityPolicySort() *schema.Resource { "status": &schema.Schema{ Type: schema.TypeString, Optional: true, - Default: "", + Computed: true, }, "state_policy_list": &schema.Schema{ Type: schema.TypeList, @@ -60,7 +61,7 @@ func resourceFirewallSecurityPolicySort() *schema.Resource { "force_recreate": &schema.Schema{ Type: schema.TypeString, Optional: true, - ForceNew: true, + Computed: true, }, "comment": &schema.Schema{ Type: schema.TypeString, @@ -70,7 +71,7 @@ func resourceFirewallSecurityPolicySort() *schema.Resource { } } -func resourceFirewallSecurityPolicySortCreateUpdate(d *schema.ResourceData, m interface{}) error { +func resourceFirewallPolicyOldvSortCreateUpdate(d *schema.ResourceData, m interface{}) error { c := m.(*FortiClient).Client if c == nil { @@ -98,17 +99,17 @@ func resourceFirewallSecurityPolicySortCreateUpdate(d *schema.ResourceData, m in return fmt.Errorf("Unsupported sort direction: " + sortdirection) } - err := c.CreateUpdateFirewallSecurityPolicySort(sortby, sortdirection, vdomparam) + err := c.CreateUpdateFirewallPolicyOldvSort(sortby, sortdirection, vdomparam) if err != nil { - return fmt.Errorf("Error Sort Firewall Security Policies: %s", err) + return fmt.Errorf("Error Sort Firewall Policies: %s", err) } d.SetId(sortby + sortdirection) - return resourceFirewallSecurityPolicySortRead(d, m) + return resourceFirewallPolicyOldvSortRead(d, m) } -func resourceFirewallSecurityPolicySortRead(d *schema.ResourceData, m interface{}) error { +func resourceFirewallPolicyOldvSortRead(d *schema.ResourceData, m interface{}) error { mkey := d.Id() c := m.(*FortiClient).Client @@ -138,9 +139,9 @@ func resourceFirewallSecurityPolicySortRead(d *schema.ResourceData, m interface{ return fmt.Errorf("Unsupported sort direction: " + sortdirection) } - sorted, err := c.ReadFirewallSecurityPolicySort(sortby, sortdirection, vdomparam) + sorted, err := c.ReadFirewallPolicyOldvSort(sortby, sortdirection, vdomparam) if err != nil { - return fmt.Errorf("Error reading Firewall Security Policy Sort Status: %s %s", err, mkey) + return fmt.Errorf("Error reading Firewall Policy Sort Status: %s %s", err, mkey) } if sorted == false { @@ -149,9 +150,11 @@ func resourceFirewallSecurityPolicySortRead(d *schema.ResourceData, m interface{ d.Set("status", "") } - o, err := c.GetSecurityPolicyList(vdomparam) + d.Set("force_recreate", "False") + + o, err := c.GetPolicyList(vdomparam) if err != nil { - return fmt.Errorf("Error reading Firewall Security Policy List: %s", err) + return fmt.Errorf("Error reading Firewall Policy List: %s", err) } if o != nil { @@ -170,7 +173,7 @@ func resourceFirewallSecurityPolicySortRead(d *schema.ResourceData, m interface{ } if err := d.Set("state_policy_list", items); err != nil { - log.Printf("[WARN] Error reading Firewall Security Policy List for (%s): %s", d.Id(), err) + log.Printf("[WARN] Error reading Firewall Policy List for (%s): %s", d.Id(), err) } } else { d.Set("state_policy_list", nil) diff --git a/fortios/resource_firewall_securitypolicy.go b/fortios/resource_firewall_securitypolicy.go index ff47e72d3..ebb91f499 100644 --- a/fortios/resource_firewall_securitypolicy.go +++ b/fortios/resource_firewall_securitypolicy.go @@ -644,6 +644,12 @@ func resourceFirewallSecurityPolicy() *schema.Resource { Optional: true, Computed: true, }, + "virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "icap_profile": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -668,6 +674,12 @@ func resourceFirewallSecurityPolicy() *schema.Resource { Optional: true, Computed: true, }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "application": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -2209,6 +2221,10 @@ func flattenFirewallSecurityPolicySctpFilterProfileSp(v interface{}, d *schema.R return v } +func flattenFirewallSecurityPolicyVirtualPatchProfileSp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSecurityPolicyIcapProfileSp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2225,6 +2241,10 @@ func flattenFirewallSecurityPolicySshFilterProfileSp(v interface{}, d *schema.Re return v } +func flattenFirewallSecurityPolicyCasbProfileSp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSecurityPolicyApplicationSp(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -3222,6 +3242,12 @@ func refreshObjectFirewallSecurityPolicy(d *schema.ResourceData, o map[string]in } } + if err = d.Set("virtual_patch_profile", flattenFirewallSecurityPolicyVirtualPatchProfileSp(o["virtual-patch-profile"], d, "virtual_patch_profile", sv)); err != nil { + if !fortiAPIPatch(o["virtual-patch-profile"]) { + return fmt.Errorf("Error reading virtual_patch_profile: %v", err) + } + } + if err = d.Set("icap_profile", flattenFirewallSecurityPolicyIcapProfileSp(o["icap-profile"], d, "icap_profile", sv)); err != nil { if !fortiAPIPatch(o["icap-profile"]) { return fmt.Errorf("Error reading icap_profile: %v", err) @@ -3246,6 +3272,12 @@ func refreshObjectFirewallSecurityPolicy(d *schema.ResourceData, o map[string]in } } + if err = d.Set("casb_profile", flattenFirewallSecurityPolicyCasbProfileSp(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if b_get_all_tables { if err = d.Set("application", flattenFirewallSecurityPolicyApplicationSp(o["application"], d, "application", sv)); err != nil { if !fortiAPIPatch(o["application"]) { @@ -4386,6 +4418,10 @@ func expandFirewallSecurityPolicySctpFilterProfileSp(d *schema.ResourceData, v i return v, nil } +func expandFirewallSecurityPolicyVirtualPatchProfileSp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSecurityPolicyIcapProfileSp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4402,6 +4438,10 @@ func expandFirewallSecurityPolicySshFilterProfileSp(d *schema.ResourceData, v in return v, nil } +func expandFirewallSecurityPolicyCasbProfileSp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSecurityPolicyApplicationSp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -5256,6 +5296,15 @@ func getObjectFirewallSecurityPolicy(d *schema.ResourceData, sv string) (*map[st } } + if v, ok := d.GetOk("virtual_patch_profile"); ok { + t, err := expandFirewallSecurityPolicyVirtualPatchProfileSp(d, v, "virtual_patch_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["virtual-patch-profile"] = t + } + } + if v, ok := d.GetOk("icap_profile"); ok { t, err := expandFirewallSecurityPolicyIcapProfileSp(d, v, "icap_profile", sv) if err != nil { @@ -5292,6 +5341,15 @@ func getObjectFirewallSecurityPolicy(d *schema.ResourceData, sv string) (*map[st } } + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallSecurityPolicyCasbProfileSp(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } + if v, ok := d.GetOk("application"); ok || d.HasChange("application") { t, err := expandFirewallSecurityPolicyApplicationSp(d, v, "application", sv) if err != nil { diff --git a/fortios/resource_firewall_securitypolicy_move.go b/fortios/resource_firewall_securitypolicy_move.go new file mode 100644 index 000000000..ffbee84f4 --- /dev/null +++ b/fortios/resource_firewall_securitypolicy_move.go @@ -0,0 +1,170 @@ +package fortios + +import ( + "fmt" + "strconv" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceFirewallSecuritypolicyMove() *schema.Resource { + return &schema.Resource{ + Create: resourceFirewallSecuritypolicyMoveCreateUpdate, + Read: resourceFirewallSecuritypolicyMoveRead, + Update: resourceFirewallSecuritypolicyMoveCreateUpdate, + Delete: schema.Noop, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "policyid_src": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "policyid_dst": &schema.Schema{ + Type: schema.TypeInt, + Required: true, + }, + "move": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + "state_policy_srcdst_pos": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "", + }, + "comment": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + }, + } +} + +func resourceFirewallSecuritypolicyMoveCreateUpdate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + srcIdPatch := d.Get("policyid_src").(int) + dstIdPatch := d.Get("policyid_dst").(int) + mv := d.Get("move").(string) + + srcId := strconv.Itoa(srcIdPatch) + dstId := strconv.Itoa(dstIdPatch) + + if mv != "before" && mv != "after" { + return fmt.Errorf(" param should be only 'after' or 'before'") + } + + err := c.CreateUpdateFirewallSecuritypolicyMove(srcId, dstId, mv, vdomparam) + if err != nil { + return fmt.Errorf("Error Altering FirewallSecuritypolicy Moveuence: %s", err) + } + + d.SetId(srcId) + + return resourceFirewallSecuritypolicyMoveRead(d, m) +} + +func resourceFirewallSecuritypolicyMoveRead(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + sid := d.Get("policyid_src").(int) + did := d.Get("policyid_dst").(int) + action := d.Get("move").(string) + + o, err := c.GetFirewallSecuritypolicyList(vdomparam) + if err != nil { + return fmt.Errorf("Error reading FirewallSecuritypolicy List: %s", err) + } + + if o != nil { + i := 1 + now_sid := -1 + now_did := -1 + + for _, z := range o { + idn := z.Policyid + if idn == strconv.Itoa(d.Get("policyid_src").(int)) { + now_sid = i + } + + if idn == strconv.Itoa(d.Get("policyid_dst").(int)) { + now_did = i + } + + i += 1 + } + + state_policy_srcdst_pos := "" + + if now_sid == -1 || now_did == -1 { + if now_sid == -1 && now_did == -1 { + state_policy_srcdst_pos = "FirewallSecuritypolicy with policyid_src(" + strconv.Itoa(sid) + ") and policyid_dst(" + strconv.Itoa(did) + ") were deleted" + } else if now_sid == -1 { + state_policy_srcdst_pos = "FirewallSecuritypolicy with policyid_src(" + strconv.Itoa(sid) + ") was deleted" + } else if now_did == -1 { + state_policy_srcdst_pos = "FirewallSecuritypolicy with policyid_dst(" + strconv.Itoa(did) + ") was deleted" + } + } else { + bconsistent := true + if action == "before" { + if now_sid != now_did-1 { + bconsistent = false + } + } + + if action == "after" { + if now_sid != now_did+1 { + bconsistent = false + } + } + + if bconsistent == false { + relative_pos := now_sid - now_did + + if relative_pos > 0 { + state_policy_srcdst_pos = "FirewallSecuritypolicy with policyid_src(" + strconv.Itoa(sid) + ") is " + strconv.Itoa(relative_pos) + " behind FirewallSecuritypolicy with policyid_dst(" + strconv.Itoa(did) + ")" + } else { + state_policy_srcdst_pos = "FirewallSecuritypolicy with policyid_src(" + strconv.Itoa(sid) + ") is " + strconv.Itoa(-relative_pos) + " ahead of FirewallSecuritypolicy with policyid_dst(" + strconv.Itoa(did) + ")" + } + } + } + + d.Set("state_policy_srcdst_pos", state_policy_srcdst_pos) + + } + + return nil +} diff --git a/fortios/resource_firewall_securitypolicy_sort.go b/fortios/resource_firewall_securitypolicy_sort.go new file mode 100644 index 000000000..a913c88de --- /dev/null +++ b/fortios/resource_firewall_securitypolicy_sort.go @@ -0,0 +1,210 @@ +package fortios + +import ( + "fmt" + "log" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" +) + +func resourceFirewallSecuritypolicySort() *schema.Resource { + return &schema.Resource{ + Create: resourceFirewallSecuritypolicySortCreateUpdate, + Read: resourceFirewallSecuritypolicySortRead, + Update: resourceFirewallSecuritypolicySortCreateUpdate, + Delete: schema.Noop, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "sortby": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"policyid", "name"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"policyid\", \"name\"], got: \"%v\"", key, v)) + } + return + }, + }, + "sortdirection": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) { + v := val.(string) + availableOptions := []string{"ascending", "descending", "manual"} + var validValue bool + for _, ele := range availableOptions { + if ele == v { + validValue = true + break + } + } + if !validValue { + errs = append(errs, fmt.Errorf("%q must be one of the option of [\"ascending\", \"descending\", \"manual\"], got: \"%v\"", key, v)) + } + return + }, + }, + "manual_order": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "force_recreate": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "comment": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + }, + "state_policy_list": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "policyid": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + } +} + +func resourceFirewallSecuritypolicySortCreateUpdate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + sortby := d.Get("sortby").(string) + sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } + + if sortby != "policyid" && sortby != "name" { + return fmt.Errorf("Unsupported sort type: " + sortby) + } + + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { + return fmt.Errorf("Unsupported sort direction: " + sortdirection) + } + + err := c.CreateUpdateFirewallSecuritypolicySort(sortby, sortdirection, vdomparam, manual_order) + if err != nil { + return fmt.Errorf("Error sorting FirewallSecuritypolicy: %s", err) + } + + d.SetId(sortby + sortdirection) + + return resourceFirewallSecuritypolicySortRead(d, m) +} + +func resourceFirewallSecuritypolicySortRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + + if c == nil { + return fmt.Errorf("FortiOS connection did not initialize successfully!") + } + + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + sortby := d.Get("sortby").(string) + sortdirection := d.Get("sortdirection").(string) + manual_order_d := d.Get("manual_order").([]interface{}) + manual_order := make([]string, len(manual_order_d)) + for cIndex, cValue := range manual_order_d { + manual_order[cIndex] = fmt.Sprint(cValue) + } + + if sortby != "policyid" && sortby != "name" { + return fmt.Errorf("Unsupported sort type: " + sortby) + } + + if sortdirection != "ascending" && sortdirection != "descending" && sortdirection != "manual" { + return fmt.Errorf("Unsupported sort direction: " + sortdirection) + } + + sorted, o, err := c.ReadFirewallSecuritypolicySort(sortby, sortdirection, vdomparam, manual_order) + if err != nil { + return fmt.Errorf("Error reading FirewallSecuritypolicy sort status: %s %s", err, mkey) + } + + if sorted == false { + d.Set("status", "unsorted") + } else { + d.Set("status", "") + } + + d.Set("force_recreate", "False") + + if o != nil { + if err := d.Set("state_policy_list", o); err != nil { + log.Printf("[WARN] Error reading Firewall Security Policy List for (%s): %s", d.Id(), err) + } + } else { + d.Set("state_policy_list", nil) + } + + return nil +} diff --git a/fortios/resource_firewall_sniffer.go b/fortios/resource_firewall_sniffer.go index 1550c6bb1..a80b01ff3 100644 --- a/fortios/resource_firewall_sniffer.go +++ b/fortios/resource_firewall_sniffer.go @@ -128,6 +128,17 @@ func resourceFirewallSniffer() *schema.Resource { Optional: true, Computed: true, }, + "casb_profile_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "casb_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "webfilter_profile_status": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -486,6 +497,14 @@ func flattenFirewallSnifferAvProfile(v interface{}, d *schema.ResourceData, pre return v } +func flattenFirewallSnifferCasbProfileStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallSnifferCasbProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSnifferWebfilterProfileStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -817,6 +836,18 @@ func refreshObjectFirewallSniffer(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("casb_profile_status", flattenFirewallSnifferCasbProfileStatus(o["casb-profile-status"], d, "casb_profile_status", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile-status"]) { + return fmt.Errorf("Error reading casb_profile_status: %v", err) + } + } + + if err = d.Set("casb_profile", flattenFirewallSnifferCasbProfile(o["casb-profile"], d, "casb_profile", sv)); err != nil { + if !fortiAPIPatch(o["casb-profile"]) { + return fmt.Errorf("Error reading casb_profile: %v", err) + } + } + if err = d.Set("webfilter_profile_status", flattenFirewallSnifferWebfilterProfileStatus(o["webfilter-profile-status"], d, "webfilter_profile_status", sv)); err != nil { if !fortiAPIPatch(o["webfilter-profile-status"]) { return fmt.Errorf("Error reading webfilter_profile_status: %v", err) @@ -1022,6 +1053,14 @@ func expandFirewallSnifferAvProfile(d *schema.ResourceData, v interface{}, pre s return v, nil } +func expandFirewallSnifferCasbProfileStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallSnifferCasbProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSnifferWebfilterProfileStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1376,6 +1415,24 @@ func getObjectFirewallSniffer(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("casb_profile_status"); ok { + t, err := expandFirewallSnifferCasbProfileStatus(d, v, "casb_profile_status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile-status"] = t + } + } + + if v, ok := d.GetOk("casb_profile"); ok { + t, err := expandFirewallSnifferCasbProfile(d, v, "casb_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["casb-profile"] = t + } + } + if v, ok := d.GetOk("webfilter_profile_status"); ok { t, err := expandFirewallSnifferWebfilterProfileStatus(d, v, "webfilter_profile_status", sv) if err != nil { diff --git a/fortios/resource_firewall_sslsshprofile.go b/fortios/resource_firewall_sslsshprofile.go index 1274bc3ae..d7c3887e5 100644 --- a/fortios/resource_firewall_sslsshprofile.go +++ b/fortios/resource_firewall_sslsshprofile.go @@ -152,6 +152,11 @@ func resourceFirewallSslSshProfile() *schema.Resource { Optional: true, Computed: true, }, + "quic": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "proxy_after_tcp_handshake": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -657,6 +662,11 @@ func resourceFirewallSslSshProfile() *schema.Resource { Optional: true, Computed: true, }, + "quic": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "proxy_after_tcp_handshake": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1264,6 +1274,11 @@ func flattenFirewallSslSshProfileHttps(v interface{}, d *schema.ResourceData, pr result["status"] = flattenFirewallSslSshProfileHttpsStatus(i["status"], d, pre_append, sv) } + pre_append = pre + ".0." + "quic" + if _, ok := i["quic"]; ok { + result["quic"] = flattenFirewallSslSshProfileHttpsQuic(i["quic"], d, pre_append, sv) + } + pre_append = pre + ".0." + "proxy_after_tcp_handshake" if _, ok := i["proxy-after-tcp-handshake"]; ok { result["proxy_after_tcp_handshake"] = flattenFirewallSslSshProfileHttpsProxyAfterTcpHandshake(i["proxy-after-tcp-handshake"], d, pre_append, sv) @@ -1356,6 +1371,10 @@ func flattenFirewallSslSshProfileHttpsStatus(v interface{}, d *schema.ResourceDa return v } +func flattenFirewallSslSshProfileHttpsQuic(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSslSshProfileHttpsProxyAfterTcpHandshake(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2147,6 +2166,11 @@ func flattenFirewallSslSshProfileDot(v interface{}, d *schema.ResourceData, pre result["status"] = flattenFirewallSslSshProfileDotStatus(i["status"], d, pre_append, sv) } + pre_append = pre + ".0." + "quic" + if _, ok := i["quic"]; ok { + result["quic"] = flattenFirewallSslSshProfileDotQuic(i["quic"], d, pre_append, sv) + } + pre_append = pre + ".0." + "proxy_after_tcp_handshake" if _, ok := i["proxy-after-tcp-handshake"]; ok { result["proxy_after_tcp_handshake"] = flattenFirewallSslSshProfileDotProxyAfterTcpHandshake(i["proxy-after-tcp-handshake"], d, pre_append, sv) @@ -2210,6 +2234,10 @@ func flattenFirewallSslSshProfileDotStatus(v interface{}, d *schema.ResourceData return v } +func flattenFirewallSslSshProfileDotQuic(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSslSshProfileDotProxyAfterTcpHandshake(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3100,6 +3128,10 @@ func expandFirewallSslSshProfileHttps(d *schema.ResourceData, v interface{}, pre if _, ok := d.GetOk(pre_append); ok { result["status"], _ = expandFirewallSslSshProfileHttpsStatus(d, i["status"], pre_append, sv) } + pre_append = pre + ".0." + "quic" + if _, ok := d.GetOk(pre_append); ok { + result["quic"], _ = expandFirewallSslSshProfileHttpsQuic(d, i["quic"], pre_append, sv) + } pre_append = pre + ".0." + "proxy_after_tcp_handshake" if _, ok := d.GetOk(pre_append); ok { result["proxy-after-tcp-handshake"], _ = expandFirewallSslSshProfileHttpsProxyAfterTcpHandshake(d, i["proxy_after_tcp_handshake"], pre_append, sv) @@ -3176,6 +3208,10 @@ func expandFirewallSslSshProfileHttpsStatus(d *schema.ResourceData, v interface{ return v, nil } +func expandFirewallSslSshProfileHttpsQuic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSslSshProfileHttpsProxyAfterTcpHandshake(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3900,6 +3936,10 @@ func expandFirewallSslSshProfileDot(d *schema.ResourceData, v interface{}, pre s if _, ok := d.GetOk(pre_append); ok { result["status"], _ = expandFirewallSslSshProfileDotStatus(d, i["status"], pre_append, sv) } + pre_append = pre + ".0." + "quic" + if _, ok := d.GetOk(pre_append); ok { + result["quic"], _ = expandFirewallSslSshProfileDotQuic(d, i["quic"], pre_append, sv) + } pre_append = pre + ".0." + "proxy_after_tcp_handshake" if _, ok := d.GetOk(pre_append); ok { result["proxy-after-tcp-handshake"], _ = expandFirewallSslSshProfileDotProxyAfterTcpHandshake(d, i["proxy_after_tcp_handshake"], pre_append, sv) @@ -3952,6 +3992,10 @@ func expandFirewallSslSshProfileDotStatus(d *schema.ResourceData, v interface{}, return v, nil } +func expandFirewallSslSshProfileDotQuic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSslSshProfileDotProxyAfterTcpHandshake(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_firewall_vip.go b/fortios/resource_firewall_vip.go index af46da49c..8bbe38a74 100644 --- a/fortios/resource_firewall_vip.go +++ b/fortios/resource_firewall_vip.go @@ -120,6 +120,72 @@ func resourceFirewallVip() *schema.Resource { }, }, }, + "h2_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "h3_support": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_idle_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60000), + Optional: true, + Computed: true, + }, + "max_udp_payload_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1200, 1500), + Optional: true, + Computed: true, + }, + "active_connection_id_limit": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, + "ack_delay_exponent": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 20), + Optional: true, + Computed: true, + }, + "max_ack_delay": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 16383), + Optional: true, + Computed: true, + }, + "max_datagram_frame_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 1500), + Optional: true, + Computed: true, + }, + "active_migration": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "grease_quic_bit": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, "nat44": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -373,6 +439,11 @@ func resourceFirewallVip() *schema.Resource { Optional: true, Computed: true, }, + "http_multiplex_max_concurrent_request": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "http_supported_max_version": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -954,6 +1025,99 @@ func flattenFirewallVipExtaddrName(v interface{}, d *schema.ResourceData, pre st return v } +func flattenFirewallVipH2Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipH3Support(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuic(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := i["max-idle-timeout"]; ok { + result["max_idle_timeout"] = flattenFirewallVipQuicMaxIdleTimeout(i["max-idle-timeout"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := i["max-udp-payload-size"]; ok { + result["max_udp_payload_size"] = flattenFirewallVipQuicMaxUdpPayloadSize(i["max-udp-payload-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := i["active-connection-id-limit"]; ok { + result["active_connection_id_limit"] = flattenFirewallVipQuicActiveConnectionIdLimit(i["active-connection-id-limit"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := i["ack-delay-exponent"]; ok { + result["ack_delay_exponent"] = flattenFirewallVipQuicAckDelayExponent(i["ack-delay-exponent"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := i["max-ack-delay"]; ok { + result["max_ack_delay"] = flattenFirewallVipQuicMaxAckDelay(i["max-ack-delay"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := i["max-datagram-frame-size"]; ok { + result["max_datagram_frame_size"] = flattenFirewallVipQuicMaxDatagramFrameSize(i["max-datagram-frame-size"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "active_migration" + if _, ok := i["active-migration"]; ok { + result["active_migration"] = flattenFirewallVipQuicActiveMigration(i["active-migration"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := i["grease-quic-bit"]; ok { + result["grease_quic_bit"] = flattenFirewallVipQuicGreaseQuicBit(i["grease-quic-bit"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenFirewallVipQuicMaxIdleTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicMaxUdpPayloadSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicActiveConnectionIdLimit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicAckDelayExponent(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicMaxAckDelay(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicMaxDatagramFrameSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicActiveMigration(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallVipQuicGreaseQuicBit(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallVipNat44(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1332,6 +1496,10 @@ func flattenFirewallVipHttpMultiplexMaxRequest(v interface{}, d *schema.Resource return v } +func flattenFirewallVipHttpMultiplexMaxConcurrentRequest(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallVipHttpSupportedMaxVersion(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1771,6 +1939,34 @@ func refreshObjectFirewallVip(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("h2_support", flattenFirewallVipH2Support(o["h2-support"], d, "h2_support", sv)); err != nil { + if !fortiAPIPatch(o["h2-support"]) { + return fmt.Errorf("Error reading h2_support: %v", err) + } + } + + if err = d.Set("h3_support", flattenFirewallVipH3Support(o["h3-support"], d, "h3_support", sv)); err != nil { + if !fortiAPIPatch(o["h3-support"]) { + return fmt.Errorf("Error reading h3_support: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("quic", flattenFirewallVipQuic(o["quic"], d, "quic", sv)); err != nil { + if !fortiAPIPatch(o["quic"]) { + return fmt.Errorf("Error reading quic: %v", err) + } + } + } else { + if _, ok := d.GetOk("quic"); ok { + if err = d.Set("quic", flattenFirewallVipQuic(o["quic"], d, "quic", sv)); err != nil { + if !fortiAPIPatch(o["quic"]) { + return fmt.Errorf("Error reading quic: %v", err) + } + } + } + } + if err = d.Set("nat44", flattenFirewallVipNat44(o["nat44"], d, "nat44", sv)); err != nil { if !fortiAPIPatch(o["nat44"]) { return fmt.Errorf("Error reading nat44: %v", err) @@ -1981,6 +2177,12 @@ func refreshObjectFirewallVip(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("http_multiplex_max_concurrent_request", flattenFirewallVipHttpMultiplexMaxConcurrentRequest(o["http-multiplex-max-concurrent-request"], d, "http_multiplex_max_concurrent_request", sv)); err != nil { + if !fortiAPIPatch(o["http-multiplex-max-concurrent-request"]) { + return fmt.Errorf("Error reading http_multiplex_max_concurrent_request: %v", err) + } + } + if err = d.Set("http_supported_max_version", flattenFirewallVipHttpSupportedMaxVersion(o["http-supported-max-version"], d, "http_supported_max_version", sv)); err != nil { if !fortiAPIPatch(o["http-supported-max-version"]) { return fmt.Errorf("Error reading http_supported_max_version: %v", err) @@ -2421,6 +2623,92 @@ func expandFirewallVipExtaddrName(d *schema.ResourceData, v interface{}, pre str return v, nil } +func expandFirewallVipH2Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipH3Support(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuic(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "max_idle_timeout" + if _, ok := d.GetOk(pre_append); ok { + result["max-idle-timeout"], _ = expandFirewallVipQuicMaxIdleTimeout(d, i["max_idle_timeout"], pre_append, sv) + } + pre_append = pre + ".0." + "max_udp_payload_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-udp-payload-size"], _ = expandFirewallVipQuicMaxUdpPayloadSize(d, i["max_udp_payload_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_connection_id_limit" + if _, ok := d.GetOk(pre_append); ok { + result["active-connection-id-limit"], _ = expandFirewallVipQuicActiveConnectionIdLimit(d, i["active_connection_id_limit"], pre_append, sv) + } + pre_append = pre + ".0." + "ack_delay_exponent" + if _, ok := d.GetOk(pre_append); ok { + result["ack-delay-exponent"], _ = expandFirewallVipQuicAckDelayExponent(d, i["ack_delay_exponent"], pre_append, sv) + } + pre_append = pre + ".0." + "max_ack_delay" + if _, ok := d.GetOk(pre_append); ok { + result["max-ack-delay"], _ = expandFirewallVipQuicMaxAckDelay(d, i["max_ack_delay"], pre_append, sv) + } + pre_append = pre + ".0." + "max_datagram_frame_size" + if _, ok := d.GetOk(pre_append); ok { + result["max-datagram-frame-size"], _ = expandFirewallVipQuicMaxDatagramFrameSize(d, i["max_datagram_frame_size"], pre_append, sv) + } + pre_append = pre + ".0." + "active_migration" + if _, ok := d.GetOk(pre_append); ok { + result["active-migration"], _ = expandFirewallVipQuicActiveMigration(d, i["active_migration"], pre_append, sv) + } + pre_append = pre + ".0." + "grease_quic_bit" + if _, ok := d.GetOk(pre_append); ok { + result["grease-quic-bit"], _ = expandFirewallVipQuicGreaseQuicBit(d, i["grease_quic_bit"], pre_append, sv) + } + + return result, nil +} + +func expandFirewallVipQuicMaxIdleTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicMaxUdpPayloadSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicActiveConnectionIdLimit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicAckDelayExponent(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicMaxAckDelay(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicMaxDatagramFrameSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicActiveMigration(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallVipQuicGreaseQuicBit(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallVipNat44(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2766,6 +3054,10 @@ func expandFirewallVipHttpMultiplexMaxRequest(d *schema.ResourceData, v interfac return v, nil } +func expandFirewallVipHttpMultiplexMaxConcurrentRequest(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallVipHttpSupportedMaxVersion(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3169,6 +3461,33 @@ func getObjectFirewallVip(d *schema.ResourceData, sv string) (*map[string]interf } } + if v, ok := d.GetOk("h2_support"); ok { + t, err := expandFirewallVipH2Support(d, v, "h2_support", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["h2-support"] = t + } + } + + if v, ok := d.GetOk("h3_support"); ok { + t, err := expandFirewallVipH3Support(d, v, "h3_support", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["h3-support"] = t + } + } + + if v, ok := d.GetOk("quic"); ok { + t, err := expandFirewallVipQuic(d, v, "quic", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic"] = t + } + } + if v, ok := d.GetOk("nat44"); ok { t, err := expandFirewallVipNat44(d, v, "nat44", sv) if err != nil { @@ -3439,6 +3758,15 @@ func getObjectFirewallVip(d *schema.ResourceData, sv string) (*map[string]interf } } + if v, ok := d.GetOkExists("http_multiplex_max_concurrent_request"); ok { + t, err := expandFirewallVipHttpMultiplexMaxConcurrentRequest(d, v, "http_multiplex_max_concurrent_request", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["http-multiplex-max-concurrent-request"] = t + } + } + if v, ok := d.GetOk("http_supported_max_version"); ok { t, err := expandFirewallVipHttpSupportedMaxVersion(d, v, "http_supported_max_version", sv) if err != nil { diff --git a/fortios/resource_firewall_vip46.go b/fortios/resource_firewall_vip46.go index b85daeff6..26ee2b213 100644 --- a/fortios/resource_firewall_vip46.go +++ b/fortios/resource_firewall_vip46.go @@ -564,7 +564,7 @@ func flattenFirewallVip46Realservers(v interface{}, d *schema.ResourceData, pre vx := "" bstring := false new_version_map := map[string][]string{ - "=": []string{"6.4.10", "6.4.11", "6.4.12", "7.0.0"}, + "=": []string{"6.4.10", "6.4.11", "6.4.12", "6.4.13", "6.4.14", "7.0.0"}, } if i2ss2arrFortiAPIUpgrade(sv, new_version_map) == true { l := v.([]interface{}) @@ -1040,7 +1040,7 @@ func expandFirewallVip46Realservers(d *schema.ResourceData, v interface{}, pre s t, _ := expandFirewallVip46RealserversMonitor(d, i["monitor"], pre_append, sv) if t != nil { new_version_map := map[string][]string{ - "=": []string{"6.4.10", "6.4.11", "6.4.12", "7.0.0"}, + "=": []string{"6.4.10", "6.4.11", "6.4.12", "6.4.13", "6.4.14", "7.0.0"}, } if i2ss2arrFortiAPIUpgrade(sv, new_version_map) == true { bstring = true diff --git a/fortios/resource_firewall_vip64.go b/fortios/resource_firewall_vip64.go index 56edfdcbc..fa9e18ec4 100644 --- a/fortios/resource_firewall_vip64.go +++ b/fortios/resource_firewall_vip64.go @@ -508,7 +508,7 @@ func flattenFirewallVip64Realservers(v interface{}, d *schema.ResourceData, pre vx := "" bstring := false new_version_map := map[string][]string{ - "=": []string{"6.4.10", "6.4.11", "6.4.12", "7.0.0"}, + "=": []string{"6.4.10", "6.4.11", "6.4.12", "6.4.13", "6.4.14", "7.0.0"}, } if i2ss2arrFortiAPIUpgrade(sv, new_version_map) == true { l := v.([]interface{}) @@ -937,7 +937,7 @@ func expandFirewallVip64Realservers(d *schema.ResourceData, v interface{}, pre s t, _ := expandFirewallVip64RealserversMonitor(d, i["monitor"], pre_append, sv) if t != nil { new_version_map := map[string][]string{ - "=": []string{"6.4.10", "6.4.11", "6.4.12", "7.0.0"}, + "=": []string{"6.4.10", "6.4.11", "6.4.12", "6.4.13", "6.4.14", "7.0.0"}, } if i2ss2arrFortiAPIUpgrade(sv, new_version_map) == true { bstring = true diff --git a/fortios/resource_logfortianalyzer2_overridesetting.go b/fortios/resource_logfortianalyzer2_overridesetting.go index 5f778f1fa..bbab4a4d2 100644 --- a/fortios/resource_logfortianalyzer2_overridesetting.go +++ b/fortios/resource_logfortianalyzer2_overridesetting.go @@ -61,6 +61,17 @@ func resourceLogFortianalyzer2OverrideSetting() *schema.Resource { Optional: true, Computed: true, }, + "alt_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + "fallback_to_primary": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "certificate_verification": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -328,6 +339,14 @@ func flattenLogFortianalyzer2OverrideSettingServer(v interface{}, d *schema.Reso return v } +func flattenLogFortianalyzer2OverrideSettingAltServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenLogFortianalyzer2OverrideSettingFallbackToPrimary(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenLogFortianalyzer2OverrideSettingCertificateVerification(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -501,6 +520,18 @@ func refreshObjectLogFortianalyzer2OverrideSetting(d *schema.ResourceData, o map } } + if err = d.Set("alt_server", flattenLogFortianalyzer2OverrideSettingAltServer(o["alt-server"], d, "alt_server", sv)); err != nil { + if !fortiAPIPatch(o["alt-server"]) { + return fmt.Errorf("Error reading alt_server: %v", err) + } + } + + if err = d.Set("fallback_to_primary", flattenLogFortianalyzer2OverrideSettingFallbackToPrimary(o["fallback-to-primary"], d, "fallback_to_primary", sv)); err != nil { + if !fortiAPIPatch(o["fallback-to-primary"]) { + return fmt.Errorf("Error reading fallback_to_primary: %v", err) + } + } + if err = d.Set("certificate_verification", flattenLogFortianalyzer2OverrideSettingCertificateVerification(o["certificate-verification"], d, "certificate_verification", sv)); err != nil { if !fortiAPIPatch(o["certificate-verification"]) { return fmt.Errorf("Error reading certificate_verification: %v", err) @@ -684,6 +715,14 @@ func expandLogFortianalyzer2OverrideSettingServer(d *schema.ResourceData, v inte return v, nil } +func expandLogFortianalyzer2OverrideSettingAltServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandLogFortianalyzer2OverrideSettingFallbackToPrimary(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandLogFortianalyzer2OverrideSettingCertificateVerification(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -875,6 +914,32 @@ func getObjectLogFortianalyzer2OverrideSetting(d *schema.ResourceData, setArgNil } } + if v, ok := d.GetOk("alt_server"); ok { + if setArgNil { + obj["alt-server"] = nil + } else { + t, err := expandLogFortianalyzer2OverrideSettingAltServer(d, v, "alt_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["alt-server"] = t + } + } + } + + if v, ok := d.GetOk("fallback_to_primary"); ok { + if setArgNil { + obj["fallback-to-primary"] = nil + } else { + t, err := expandLogFortianalyzer2OverrideSettingFallbackToPrimary(d, v, "fallback_to_primary", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fallback-to-primary"] = t + } + } + } + if v, ok := d.GetOk("certificate_verification"); ok { if setArgNil { obj["certificate-verification"] = nil diff --git a/fortios/resource_logfortianalyzer2_setting.go b/fortios/resource_logfortianalyzer2_setting.go index 756262f3f..251ef7d5f 100644 --- a/fortios/resource_logfortianalyzer2_setting.go +++ b/fortios/resource_logfortianalyzer2_setting.go @@ -51,6 +51,17 @@ func resourceLogFortianalyzer2Setting() *schema.Resource { Optional: true, Computed: true, }, + "alt_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + "fallback_to_primary": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "certificate_verification": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -310,6 +321,14 @@ func flattenLogFortianalyzer2SettingServer(v interface{}, d *schema.ResourceData return v } +func flattenLogFortianalyzer2SettingAltServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenLogFortianalyzer2SettingFallbackToPrimary(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenLogFortianalyzer2SettingCertificateVerification(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -471,6 +490,18 @@ func refreshObjectLogFortianalyzer2Setting(d *schema.ResourceData, o map[string] } } + if err = d.Set("alt_server", flattenLogFortianalyzer2SettingAltServer(o["alt-server"], d, "alt_server", sv)); err != nil { + if !fortiAPIPatch(o["alt-server"]) { + return fmt.Errorf("Error reading alt_server: %v", err) + } + } + + if err = d.Set("fallback_to_primary", flattenLogFortianalyzer2SettingFallbackToPrimary(o["fallback-to-primary"], d, "fallback_to_primary", sv)); err != nil { + if !fortiAPIPatch(o["fallback-to-primary"]) { + return fmt.Errorf("Error reading fallback_to_primary: %v", err) + } + } + if err = d.Set("certificate_verification", flattenLogFortianalyzer2SettingCertificateVerification(o["certificate-verification"], d, "certificate_verification", sv)); err != nil { if !fortiAPIPatch(o["certificate-verification"]) { return fmt.Errorf("Error reading certificate_verification: %v", err) @@ -646,6 +677,14 @@ func expandLogFortianalyzer2SettingServer(d *schema.ResourceData, v interface{}, return v, nil } +func expandLogFortianalyzer2SettingAltServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandLogFortianalyzer2SettingFallbackToPrimary(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandLogFortianalyzer2SettingCertificateVerification(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -811,6 +850,32 @@ func getObjectLogFortianalyzer2Setting(d *schema.ResourceData, setArgNil bool, s } } + if v, ok := d.GetOk("alt_server"); ok { + if setArgNil { + obj["alt-server"] = nil + } else { + t, err := expandLogFortianalyzer2SettingAltServer(d, v, "alt_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["alt-server"] = t + } + } + } + + if v, ok := d.GetOk("fallback_to_primary"); ok { + if setArgNil { + obj["fallback-to-primary"] = nil + } else { + t, err := expandLogFortianalyzer2SettingFallbackToPrimary(d, v, "fallback_to_primary", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fallback-to-primary"] = t + } + } + } + if v, ok := d.GetOk("certificate_verification"); ok { if setArgNil { obj["certificate-verification"] = nil diff --git a/fortios/resource_logfortianalyzer3_overridesetting.go b/fortios/resource_logfortianalyzer3_overridesetting.go index 566f10311..9937a31e1 100644 --- a/fortios/resource_logfortianalyzer3_overridesetting.go +++ b/fortios/resource_logfortianalyzer3_overridesetting.go @@ -61,6 +61,17 @@ func resourceLogFortianalyzer3OverrideSetting() *schema.Resource { Optional: true, Computed: true, }, + "alt_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + "fallback_to_primary": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "certificate_verification": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -328,6 +339,14 @@ func flattenLogFortianalyzer3OverrideSettingServer(v interface{}, d *schema.Reso return v } +func flattenLogFortianalyzer3OverrideSettingAltServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenLogFortianalyzer3OverrideSettingFallbackToPrimary(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenLogFortianalyzer3OverrideSettingCertificateVerification(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -501,6 +520,18 @@ func refreshObjectLogFortianalyzer3OverrideSetting(d *schema.ResourceData, o map } } + if err = d.Set("alt_server", flattenLogFortianalyzer3OverrideSettingAltServer(o["alt-server"], d, "alt_server", sv)); err != nil { + if !fortiAPIPatch(o["alt-server"]) { + return fmt.Errorf("Error reading alt_server: %v", err) + } + } + + if err = d.Set("fallback_to_primary", flattenLogFortianalyzer3OverrideSettingFallbackToPrimary(o["fallback-to-primary"], d, "fallback_to_primary", sv)); err != nil { + if !fortiAPIPatch(o["fallback-to-primary"]) { + return fmt.Errorf("Error reading fallback_to_primary: %v", err) + } + } + if err = d.Set("certificate_verification", flattenLogFortianalyzer3OverrideSettingCertificateVerification(o["certificate-verification"], d, "certificate_verification", sv)); err != nil { if !fortiAPIPatch(o["certificate-verification"]) { return fmt.Errorf("Error reading certificate_verification: %v", err) @@ -684,6 +715,14 @@ func expandLogFortianalyzer3OverrideSettingServer(d *schema.ResourceData, v inte return v, nil } +func expandLogFortianalyzer3OverrideSettingAltServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandLogFortianalyzer3OverrideSettingFallbackToPrimary(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandLogFortianalyzer3OverrideSettingCertificateVerification(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -875,6 +914,32 @@ func getObjectLogFortianalyzer3OverrideSetting(d *schema.ResourceData, setArgNil } } + if v, ok := d.GetOk("alt_server"); ok { + if setArgNil { + obj["alt-server"] = nil + } else { + t, err := expandLogFortianalyzer3OverrideSettingAltServer(d, v, "alt_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["alt-server"] = t + } + } + } + + if v, ok := d.GetOk("fallback_to_primary"); ok { + if setArgNil { + obj["fallback-to-primary"] = nil + } else { + t, err := expandLogFortianalyzer3OverrideSettingFallbackToPrimary(d, v, "fallback_to_primary", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fallback-to-primary"] = t + } + } + } + if v, ok := d.GetOk("certificate_verification"); ok { if setArgNil { obj["certificate-verification"] = nil diff --git a/fortios/resource_logfortianalyzer3_setting.go b/fortios/resource_logfortianalyzer3_setting.go index db41d1630..4eff5ae5b 100644 --- a/fortios/resource_logfortianalyzer3_setting.go +++ b/fortios/resource_logfortianalyzer3_setting.go @@ -51,6 +51,17 @@ func resourceLogFortianalyzer3Setting() *schema.Resource { Optional: true, Computed: true, }, + "alt_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + "fallback_to_primary": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "certificate_verification": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -310,6 +321,14 @@ func flattenLogFortianalyzer3SettingServer(v interface{}, d *schema.ResourceData return v } +func flattenLogFortianalyzer3SettingAltServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenLogFortianalyzer3SettingFallbackToPrimary(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenLogFortianalyzer3SettingCertificateVerification(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -471,6 +490,18 @@ func refreshObjectLogFortianalyzer3Setting(d *schema.ResourceData, o map[string] } } + if err = d.Set("alt_server", flattenLogFortianalyzer3SettingAltServer(o["alt-server"], d, "alt_server", sv)); err != nil { + if !fortiAPIPatch(o["alt-server"]) { + return fmt.Errorf("Error reading alt_server: %v", err) + } + } + + if err = d.Set("fallback_to_primary", flattenLogFortianalyzer3SettingFallbackToPrimary(o["fallback-to-primary"], d, "fallback_to_primary", sv)); err != nil { + if !fortiAPIPatch(o["fallback-to-primary"]) { + return fmt.Errorf("Error reading fallback_to_primary: %v", err) + } + } + if err = d.Set("certificate_verification", flattenLogFortianalyzer3SettingCertificateVerification(o["certificate-verification"], d, "certificate_verification", sv)); err != nil { if !fortiAPIPatch(o["certificate-verification"]) { return fmt.Errorf("Error reading certificate_verification: %v", err) @@ -646,6 +677,14 @@ func expandLogFortianalyzer3SettingServer(d *schema.ResourceData, v interface{}, return v, nil } +func expandLogFortianalyzer3SettingAltServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandLogFortianalyzer3SettingFallbackToPrimary(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandLogFortianalyzer3SettingCertificateVerification(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -811,6 +850,32 @@ func getObjectLogFortianalyzer3Setting(d *schema.ResourceData, setArgNil bool, s } } + if v, ok := d.GetOk("alt_server"); ok { + if setArgNil { + obj["alt-server"] = nil + } else { + t, err := expandLogFortianalyzer3SettingAltServer(d, v, "alt_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["alt-server"] = t + } + } + } + + if v, ok := d.GetOk("fallback_to_primary"); ok { + if setArgNil { + obj["fallback-to-primary"] = nil + } else { + t, err := expandLogFortianalyzer3SettingFallbackToPrimary(d, v, "fallback_to_primary", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fallback-to-primary"] = t + } + } + } + if v, ok := d.GetOk("certificate_verification"); ok { if setArgNil { obj["certificate-verification"] = nil diff --git a/fortios/resource_logfortianalyzer_overridesetting.go b/fortios/resource_logfortianalyzer_overridesetting.go index 186018145..98e07ac02 100644 --- a/fortios/resource_logfortianalyzer_overridesetting.go +++ b/fortios/resource_logfortianalyzer_overridesetting.go @@ -61,6 +61,17 @@ func resourceLogFortianalyzerOverrideSetting() *schema.Resource { Optional: true, Computed: true, }, + "alt_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + "fallback_to_primary": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "certificate_verification": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -328,6 +339,14 @@ func flattenLogFortianalyzerOverrideSettingServer(v interface{}, d *schema.Resou return v } +func flattenLogFortianalyzerOverrideSettingAltServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenLogFortianalyzerOverrideSettingFallbackToPrimary(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenLogFortianalyzerOverrideSettingCertificateVerification(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -501,6 +520,18 @@ func refreshObjectLogFortianalyzerOverrideSetting(d *schema.ResourceData, o map[ } } + if err = d.Set("alt_server", flattenLogFortianalyzerOverrideSettingAltServer(o["alt-server"], d, "alt_server", sv)); err != nil { + if !fortiAPIPatch(o["alt-server"]) { + return fmt.Errorf("Error reading alt_server: %v", err) + } + } + + if err = d.Set("fallback_to_primary", flattenLogFortianalyzerOverrideSettingFallbackToPrimary(o["fallback-to-primary"], d, "fallback_to_primary", sv)); err != nil { + if !fortiAPIPatch(o["fallback-to-primary"]) { + return fmt.Errorf("Error reading fallback_to_primary: %v", err) + } + } + if err = d.Set("certificate_verification", flattenLogFortianalyzerOverrideSettingCertificateVerification(o["certificate-verification"], d, "certificate_verification", sv)); err != nil { if !fortiAPIPatch(o["certificate-verification"]) { return fmt.Errorf("Error reading certificate_verification: %v", err) @@ -684,6 +715,14 @@ func expandLogFortianalyzerOverrideSettingServer(d *schema.ResourceData, v inter return v, nil } +func expandLogFortianalyzerOverrideSettingAltServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandLogFortianalyzerOverrideSettingFallbackToPrimary(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandLogFortianalyzerOverrideSettingCertificateVerification(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -875,6 +914,32 @@ func getObjectLogFortianalyzerOverrideSetting(d *schema.ResourceData, setArgNil } } + if v, ok := d.GetOk("alt_server"); ok { + if setArgNil { + obj["alt-server"] = nil + } else { + t, err := expandLogFortianalyzerOverrideSettingAltServer(d, v, "alt_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["alt-server"] = t + } + } + } + + if v, ok := d.GetOk("fallback_to_primary"); ok { + if setArgNil { + obj["fallback-to-primary"] = nil + } else { + t, err := expandLogFortianalyzerOverrideSettingFallbackToPrimary(d, v, "fallback_to_primary", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fallback-to-primary"] = t + } + } + } + if v, ok := d.GetOk("certificate_verification"); ok { if setArgNil { obj["certificate-verification"] = nil diff --git a/fortios/resource_logfortianalyzer_setting.go b/fortios/resource_logfortianalyzer_setting.go index 87c39d95f..8d956d899 100644 --- a/fortios/resource_logfortianalyzer_setting.go +++ b/fortios/resource_logfortianalyzer_setting.go @@ -51,6 +51,17 @@ func resourceLogFortianalyzerSetting() *schema.Resource { Optional: true, Computed: true, }, + "alt_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, + "fallback_to_primary": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "certificate_verification": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -310,6 +321,14 @@ func flattenLogFortianalyzerSettingServer(v interface{}, d *schema.ResourceData, return v } +func flattenLogFortianalyzerSettingAltServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenLogFortianalyzerSettingFallbackToPrimary(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenLogFortianalyzerSettingCertificateVerification(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -471,6 +490,18 @@ func refreshObjectLogFortianalyzerSetting(d *schema.ResourceData, o map[string]i } } + if err = d.Set("alt_server", flattenLogFortianalyzerSettingAltServer(o["alt-server"], d, "alt_server", sv)); err != nil { + if !fortiAPIPatch(o["alt-server"]) { + return fmt.Errorf("Error reading alt_server: %v", err) + } + } + + if err = d.Set("fallback_to_primary", flattenLogFortianalyzerSettingFallbackToPrimary(o["fallback-to-primary"], d, "fallback_to_primary", sv)); err != nil { + if !fortiAPIPatch(o["fallback-to-primary"]) { + return fmt.Errorf("Error reading fallback_to_primary: %v", err) + } + } + if err = d.Set("certificate_verification", flattenLogFortianalyzerSettingCertificateVerification(o["certificate-verification"], d, "certificate_verification", sv)); err != nil { if !fortiAPIPatch(o["certificate-verification"]) { return fmt.Errorf("Error reading certificate_verification: %v", err) @@ -646,6 +677,14 @@ func expandLogFortianalyzerSettingServer(d *schema.ResourceData, v interface{}, return v, nil } +func expandLogFortianalyzerSettingAltServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandLogFortianalyzerSettingFallbackToPrimary(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandLogFortianalyzerSettingCertificateVerification(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -811,6 +850,32 @@ func getObjectLogFortianalyzerSetting(d *schema.ResourceData, setArgNil bool, sv } } + if v, ok := d.GetOk("alt_server"); ok { + if setArgNil { + obj["alt-server"] = nil + } else { + t, err := expandLogFortianalyzerSettingAltServer(d, v, "alt_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["alt-server"] = t + } + } + } + + if v, ok := d.GetOk("fallback_to_primary"); ok { + if setArgNil { + obj["fallback-to-primary"] = nil + } else { + t, err := expandLogFortianalyzerSettingFallbackToPrimary(d, v, "fallback_to_primary", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fallback-to-primary"] = t + } + } + } + if v, ok := d.GetOk("certificate_verification"); ok { if setArgNil { obj["certificate-verification"] = nil diff --git a/fortios/resource_router_bgp.go b/fortios/resource_router_bgp.go index 9dd4f5cb1..eea858ddd 100644 --- a/fortios/resource_router_bgp.go +++ b/fortios/resource_router_bgp.go @@ -756,6 +756,12 @@ func resourceRouterBgp() *schema.Resource { Optional: true, Computed: true, }, + "filter_list_in_vpnv4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "filter_list_out": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -768,6 +774,12 @@ func resourceRouterBgp() *schema.Resource { Optional: true, Computed: true, }, + "filter_list_out_vpnv4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "interface": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 15), @@ -1505,6 +1517,12 @@ func resourceRouterBgp() *schema.Resource { Optional: true, Computed: true, }, + "filter_list_in_vpnv4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "filter_list_out": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -1517,6 +1535,12 @@ func resourceRouterBgp() *schema.Resource { Optional: true, Computed: true, }, + "filter_list_out_vpnv4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "interface": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 15), @@ -3116,6 +3140,11 @@ func flattenRouterBgpNeighbor(v interface{}, d *schema.ResourceData, pre string, tmp["filter_list_in6"] = flattenRouterBgpNeighborFilterListIn6(i["filter-list-in6"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_in_vpnv4" + if _, ok := i["filter-list-in-vpnv4"]; ok { + tmp["filter_list_in_vpnv4"] = flattenRouterBgpNeighborFilterListInVpnv4(i["filter-list-in-vpnv4"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out" if _, ok := i["filter-list-out"]; ok { tmp["filter_list_out"] = flattenRouterBgpNeighborFilterListOut(i["filter-list-out"], d, pre_append, sv) @@ -3126,6 +3155,11 @@ func flattenRouterBgpNeighbor(v interface{}, d *schema.ResourceData, pre string, tmp["filter_list_out6"] = flattenRouterBgpNeighborFilterListOut6(i["filter-list-out6"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out_vpnv4" + if _, ok := i["filter-list-out-vpnv4"]; ok { + tmp["filter_list_out_vpnv4"] = flattenRouterBgpNeighborFilterListOutVpnv4(i["filter-list-out-vpnv4"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface" if _, ok := i["interface"]; ok { tmp["interface"] = flattenRouterBgpNeighborInterface(i["interface"], d, pre_append, sv) @@ -3741,6 +3775,10 @@ func flattenRouterBgpNeighborFilterListIn6(v interface{}, d *schema.ResourceData return v } +func flattenRouterBgpNeighborFilterListInVpnv4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterBgpNeighborFilterListOut(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3749,6 +3787,10 @@ func flattenRouterBgpNeighborFilterListOut6(v interface{}, d *schema.ResourceDat return v } +func flattenRouterBgpNeighborFilterListOutVpnv4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterBgpNeighborInterface(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4518,6 +4560,11 @@ func flattenRouterBgpNeighborGroup(v interface{}, d *schema.ResourceData, pre st tmp["filter_list_in6"] = flattenRouterBgpNeighborGroupFilterListIn6(i["filter-list-in6"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_in_vpnv4" + if _, ok := i["filter-list-in-vpnv4"]; ok { + tmp["filter_list_in_vpnv4"] = flattenRouterBgpNeighborGroupFilterListInVpnv4(i["filter-list-in-vpnv4"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out" if _, ok := i["filter-list-out"]; ok { tmp["filter_list_out"] = flattenRouterBgpNeighborGroupFilterListOut(i["filter-list-out"], d, pre_append, sv) @@ -4528,6 +4575,11 @@ func flattenRouterBgpNeighborGroup(v interface{}, d *schema.ResourceData, pre st tmp["filter_list_out6"] = flattenRouterBgpNeighborGroupFilterListOut6(i["filter-list-out6"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out_vpnv4" + if _, ok := i["filter-list-out-vpnv4"]; ok { + tmp["filter_list_out_vpnv4"] = flattenRouterBgpNeighborGroupFilterListOutVpnv4(i["filter-list-out-vpnv4"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface" if _, ok := i["interface"]; ok { tmp["interface"] = flattenRouterBgpNeighborGroupInterface(i["interface"], d, pre_append, sv) @@ -5133,6 +5185,10 @@ func flattenRouterBgpNeighborGroupFilterListIn6(v interface{}, d *schema.Resourc return v } +func flattenRouterBgpNeighborGroupFilterListInVpnv4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterBgpNeighborGroupFilterListOut(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -5141,6 +5197,10 @@ func flattenRouterBgpNeighborGroupFilterListOut6(v interface{}, d *schema.Resour return v } +func flattenRouterBgpNeighborGroupFilterListOutVpnv4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterBgpNeighborGroupInterface(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -7714,6 +7774,11 @@ func expandRouterBgpNeighbor(d *schema.ResourceData, v interface{}, pre string, tmp["filter-list-in6"], _ = expandRouterBgpNeighborFilterListIn6(d, i["filter_list_in6"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_in_vpnv4" + if _, ok := d.GetOk(pre_append); ok { + tmp["filter-list-in-vpnv4"], _ = expandRouterBgpNeighborFilterListInVpnv4(d, i["filter_list_in_vpnv4"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out" if _, ok := d.GetOk(pre_append); ok { tmp["filter-list-out"], _ = expandRouterBgpNeighborFilterListOut(d, i["filter_list_out"], pre_append, sv) @@ -7724,6 +7789,11 @@ func expandRouterBgpNeighbor(d *schema.ResourceData, v interface{}, pre string, tmp["filter-list-out6"], _ = expandRouterBgpNeighborFilterListOut6(d, i["filter_list_out6"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out_vpnv4" + if _, ok := d.GetOk(pre_append); ok { + tmp["filter-list-out-vpnv4"], _ = expandRouterBgpNeighborFilterListOutVpnv4(d, i["filter_list_out_vpnv4"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface" if _, ok := d.GetOk(pre_append); ok { tmp["interface"], _ = expandRouterBgpNeighborInterface(d, i["interface"], pre_append, sv) @@ -8332,6 +8402,10 @@ func expandRouterBgpNeighborFilterListIn6(d *schema.ResourceData, v interface{}, return v, nil } +func expandRouterBgpNeighborFilterListInVpnv4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterBgpNeighborFilterListOut(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8340,6 +8414,10 @@ func expandRouterBgpNeighborFilterListOut6(d *schema.ResourceData, v interface{} return v, nil } +func expandRouterBgpNeighborFilterListOutVpnv4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterBgpNeighborInterface(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -9077,6 +9155,11 @@ func expandRouterBgpNeighborGroup(d *schema.ResourceData, v interface{}, pre str tmp["filter-list-in6"], _ = expandRouterBgpNeighborGroupFilterListIn6(d, i["filter_list_in6"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_in_vpnv4" + if _, ok := d.GetOk(pre_append); ok { + tmp["filter-list-in-vpnv4"], _ = expandRouterBgpNeighborGroupFilterListInVpnv4(d, i["filter_list_in_vpnv4"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out" if _, ok := d.GetOk(pre_append); ok { tmp["filter-list-out"], _ = expandRouterBgpNeighborGroupFilterListOut(d, i["filter_list_out"], pre_append, sv) @@ -9087,6 +9170,11 @@ func expandRouterBgpNeighborGroup(d *schema.ResourceData, v interface{}, pre str tmp["filter-list-out6"], _ = expandRouterBgpNeighborGroupFilterListOut6(d, i["filter_list_out6"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "filter_list_out_vpnv4" + if _, ok := d.GetOk(pre_append); ok { + tmp["filter-list-out-vpnv4"], _ = expandRouterBgpNeighborGroupFilterListOutVpnv4(d, i["filter_list_out_vpnv4"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface" if _, ok := d.GetOk(pre_append); ok { tmp["interface"], _ = expandRouterBgpNeighborGroupInterface(d, i["interface"], pre_append, sv) @@ -9681,6 +9769,10 @@ func expandRouterBgpNeighborGroupFilterListIn6(d *schema.ResourceData, v interfa return v, nil } +func expandRouterBgpNeighborGroupFilterListInVpnv4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterBgpNeighborGroupFilterListOut(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -9689,6 +9781,10 @@ func expandRouterBgpNeighborGroupFilterListOut6(d *schema.ResourceData, v interf return v, nil } +func expandRouterBgpNeighborGroupFilterListOutVpnv4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterBgpNeighborGroupInterface(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_router_policy6.go b/fortios/resource_router_policy6.go index 15e39c377..996f5e890 100644 --- a/fortios/resource_router_policy6.go +++ b/fortios/resource_router_policy6.go @@ -122,6 +122,18 @@ func resourceRouterPolicy6() *schema.Resource { Optional: true, Computed: true, }, + "start_source_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 65535), + Optional: true, + Computed: true, + }, + "end_source_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 65535), + Optional: true, + Computed: true, + }, "gateway": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -443,6 +455,14 @@ func flattenRouterPolicy6EndPort(v interface{}, d *schema.ResourceData, pre stri return v } +func flattenRouterPolicy6StartSourcePort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRouterPolicy6EndSourcePort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterPolicy6Gateway(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -757,6 +777,18 @@ func refreshObjectRouterPolicy6(d *schema.ResourceData, o map[string]interface{} } } + if err = d.Set("start_source_port", flattenRouterPolicy6StartSourcePort(o["start-source-port"], d, "start_source_port", sv)); err != nil { + if !fortiAPIPatch(o["start-source-port"]) { + return fmt.Errorf("Error reading start_source_port: %v", err) + } + } + + if err = d.Set("end_source_port", flattenRouterPolicy6EndSourcePort(o["end-source-port"], d, "end_source_port", sv)); err != nil { + if !fortiAPIPatch(o["end-source-port"]) { + return fmt.Errorf("Error reading end_source_port: %v", err) + } + } + if err = d.Set("gateway", flattenRouterPolicy6Gateway(o["gateway"], d, "gateway", sv)); err != nil { if !fortiAPIPatch(o["gateway"]) { return fmt.Errorf("Error reading gateway: %v", err) @@ -940,6 +972,14 @@ func expandRouterPolicy6EndPort(d *schema.ResourceData, v interface{}, pre strin return v, nil } +func expandRouterPolicy6StartSourcePort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRouterPolicy6EndSourcePort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterPolicy6Gateway(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1200,6 +1240,24 @@ func getObjectRouterPolicy6(d *schema.ResourceData, sv string) (*map[string]inte } } + if v, ok := d.GetOk("start_source_port"); ok { + t, err := expandRouterPolicy6StartSourcePort(d, v, "start_source_port", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["start-source-port"] = t + } + } + + if v, ok := d.GetOk("end_source_port"); ok { + t, err := expandRouterPolicy6EndSourcePort(d, v, "end_source_port", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["end-source-port"] = t + } + } + if v, ok := d.GetOk("gateway"); ok { t, err := expandRouterPolicy6Gateway(d, v, "gateway", sv) if err != nil { diff --git a/fortios/resource_router_routemap.go b/fortios/resource_router_routemap.go index 0d5ac8113..6d7984ad1 100644 --- a/fortios/resource_router_routemap.go +++ b/fortios/resource_router_routemap.go @@ -273,6 +273,11 @@ func resourceRouterRouteMap() *schema.Resource { Optional: true, Computed: true, }, + "set_vpnv4_nexthop": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "set_ip6_nexthop": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -681,6 +686,11 @@ func flattenRouterRouteMapRule(v interface{}, d *schema.ResourceData, pre string tmp["set_ip_prefsrc"] = flattenRouterRouteMapRuleSetIpPrefsrc(i["set-ip-prefsrc"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "set_vpnv4_nexthop" + if _, ok := i["set-vpnv4-nexthop"]; ok { + tmp["set_vpnv4_nexthop"] = flattenRouterRouteMapRuleSetVpnv4Nexthop(i["set-vpnv4-nexthop"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "set_ip6_nexthop" if _, ok := i["set-ip6-nexthop"]; ok { tmp["set_ip6_nexthop"] = flattenRouterRouteMapRuleSetIp6Nexthop(i["set-ip6-nexthop"], d, pre_append, sv) @@ -1043,6 +1053,10 @@ func flattenRouterRouteMapRuleSetIpPrefsrc(v interface{}, d *schema.ResourceData return v } +func flattenRouterRouteMapRuleSetVpnv4Nexthop(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterRouteMapRuleSetIp6Nexthop(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1341,6 +1355,11 @@ func expandRouterRouteMapRule(d *schema.ResourceData, v interface{}, pre string, tmp["set-ip-prefsrc"], _ = expandRouterRouteMapRuleSetIpPrefsrc(d, i["set_ip_prefsrc"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "set_vpnv4_nexthop" + if _, ok := d.GetOk(pre_append); ok { + tmp["set-vpnv4-nexthop"], _ = expandRouterRouteMapRuleSetVpnv4Nexthop(d, i["set_vpnv4_nexthop"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "set_ip6_nexthop" if _, ok := d.GetOk(pre_append); ok { tmp["set-ip6-nexthop"], _ = expandRouterRouteMapRuleSetIp6Nexthop(d, i["set_ip6_nexthop"], pre_append, sv) @@ -1658,6 +1677,10 @@ func expandRouterRouteMapRuleSetIpPrefsrc(d *schema.ResourceData, v interface{}, return v, nil } +func expandRouterRouteMapRuleSetVpnv4Nexthop(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterRouteMapRuleSetIp6Nexthop(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_routerbgp_neighbor.go b/fortios/resource_routerbgp_neighbor.go index cc56f2afd..248006c59 100644 --- a/fortios/resource_routerbgp_neighbor.go +++ b/fortios/resource_routerbgp_neighbor.go @@ -408,6 +408,12 @@ func resourceRouterbgpNeighbor() *schema.Resource { Optional: true, Computed: true, }, + "filter_list_in_vpnv4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "filter_list_out": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -420,6 +426,12 @@ func resourceRouterbgpNeighbor() *schema.Resource { Optional: true, Computed: true, }, + "filter_list_out_vpnv4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "interface": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 15), @@ -1194,6 +1206,10 @@ func flattenRouterbgpNeighborFilterListIn6(v interface{}, d *schema.ResourceData return v } +func flattenRouterbgpNeighborFilterListInVpnv4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterbgpNeighborFilterListOut(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1202,6 +1218,10 @@ func flattenRouterbgpNeighborFilterListOut6(v interface{}, d *schema.ResourceDat return v } +func flattenRouterbgpNeighborFilterListOutVpnv4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterbgpNeighborInterface(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2027,6 +2047,12 @@ func refreshObjectRouterbgpNeighbor(d *schema.ResourceData, o map[string]interfa } } + if err = d.Set("filter_list_in_vpnv4", flattenRouterbgpNeighborFilterListInVpnv4(o["filter-list-in-vpnv4"], d, "filter_list_in_vpnv4", sv)); err != nil { + if !fortiAPIPatch(o["filter-list-in-vpnv4"]) { + return fmt.Errorf("Error reading filter_list_in_vpnv4: %v", err) + } + } + if err = d.Set("filter_list_out", flattenRouterbgpNeighborFilterListOut(o["filter-list-out"], d, "filter_list_out", sv)); err != nil { if !fortiAPIPatch(o["filter-list-out"]) { return fmt.Errorf("Error reading filter_list_out: %v", err) @@ -2039,6 +2065,12 @@ func refreshObjectRouterbgpNeighbor(d *schema.ResourceData, o map[string]interfa } } + if err = d.Set("filter_list_out_vpnv4", flattenRouterbgpNeighborFilterListOutVpnv4(o["filter-list-out-vpnv4"], d, "filter_list_out_vpnv4", sv)); err != nil { + if !fortiAPIPatch(o["filter-list-out-vpnv4"]) { + return fmt.Errorf("Error reading filter_list_out_vpnv4: %v", err) + } + } + if err = d.Set("interface", flattenRouterbgpNeighborInterface(o["interface"], d, "interface", sv)); err != nil { if !fortiAPIPatch(o["interface"]) { return fmt.Errorf("Error reading interface: %v", err) @@ -2712,6 +2744,10 @@ func expandRouterbgpNeighborFilterListIn6(d *schema.ResourceData, v interface{}, return v, nil } +func expandRouterbgpNeighborFilterListInVpnv4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterbgpNeighborFilterListOut(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2720,6 +2756,10 @@ func expandRouterbgpNeighborFilterListOut6(d *schema.ResourceData, v interface{} return v, nil } +func expandRouterbgpNeighborFilterListOutVpnv4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterbgpNeighborInterface(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3730,6 +3770,15 @@ func getObjectRouterbgpNeighbor(d *schema.ResourceData, sv string) (*map[string] } } + if v, ok := d.GetOk("filter_list_in_vpnv4"); ok { + t, err := expandRouterbgpNeighborFilterListInVpnv4(d, v, "filter_list_in_vpnv4", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["filter-list-in-vpnv4"] = t + } + } + if v, ok := d.GetOk("filter_list_out"); ok { t, err := expandRouterbgpNeighborFilterListOut(d, v, "filter_list_out", sv) if err != nil { @@ -3748,6 +3797,15 @@ func getObjectRouterbgpNeighbor(d *schema.ResourceData, sv string) (*map[string] } } + if v, ok := d.GetOk("filter_list_out_vpnv4"); ok { + t, err := expandRouterbgpNeighborFilterListOutVpnv4(d, v, "filter_list_out_vpnv4", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["filter-list-out-vpnv4"] = t + } + } + if v, ok := d.GetOk("interface"); ok { t, err := expandRouterbgpNeighborInterface(d, v, "interface", sv) if err != nil { diff --git a/fortios/resource_rule_otdt.go b/fortios/resource_rule_otdt.go new file mode 100644 index 000000000..0856af216 --- /dev/null +++ b/fortios/resource_rule_otdt.go @@ -0,0 +1,749 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Show OT detection signatures. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceRuleOtdt() *schema.Resource { + return &schema.Resource{ + Create: resourceRuleOtdtCreate, + Read: resourceRuleOtdtRead, + Update: resourceRuleOtdtUpdate, + Delete: resourceRuleOtdtDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + ForceNew: true, + Optional: true, + Computed: true, + }, + "fosid": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "category": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "popularity": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 255), + Optional: true, + Computed: true, + }, + "risk": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 255), + Optional: true, + Computed: true, + }, + "weight": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 255), + Optional: true, + Computed: true, + }, + "protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "technology": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "behavior": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "vendor": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "parameters": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 31), + Optional: true, + Computed: true, + }, + }, + }, + }, + "metadata": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "metaid": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "valueid": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + }, + }, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceRuleOtdtCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectRuleOtdt(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating RuleOtdt resource while getting object: %v", err) + } + + o, err := c.CreateRuleOtdt(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating RuleOtdt resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("RuleOtdt") + } + + return resourceRuleOtdtRead(d, m) +} + +func resourceRuleOtdtUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectRuleOtdt(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating RuleOtdt resource while getting object: %v", err) + } + + o, err := c.UpdateRuleOtdt(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating RuleOtdt resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("RuleOtdt") + } + + return resourceRuleOtdtRead(d, m) +} + +func resourceRuleOtdtDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteRuleOtdt(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting RuleOtdt resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceRuleOtdtRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadRuleOtdt(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading RuleOtdt resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectRuleOtdt(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading RuleOtdt resource from API: %v", err) + } + return nil +} + +func flattenRuleOtdtName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtCategory(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtPopularity(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtRisk(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtWeight(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtProtocol(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtTechnology(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtBehavior(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtVendor(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtParameters(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := i["name"]; ok { + tmp["name"] = flattenRuleOtdtParametersName(i["name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenRuleOtdtParametersName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtMetadata(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := i["id"]; ok { + tmp["id"] = flattenRuleOtdtMetadataId(i["id"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "metaid" + if _, ok := i["metaid"]; ok { + tmp["metaid"] = flattenRuleOtdtMetadataMetaid(i["metaid"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "valueid" + if _, ok := i["valueid"]; ok { + tmp["valueid"] = flattenRuleOtdtMetadataValueid(i["valueid"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenRuleOtdtMetadataId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtMetadataMetaid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtdtMetadataValueid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectRuleOtdt(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenRuleOtdtName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("fosid", flattenRuleOtdtId(o["id"], d, "fosid", sv)); err != nil { + if !fortiAPIPatch(o["id"]) { + return fmt.Errorf("Error reading fosid: %v", err) + } + } + + if err = d.Set("category", flattenRuleOtdtCategory(o["category"], d, "category", sv)); err != nil { + if !fortiAPIPatch(o["category"]) { + return fmt.Errorf("Error reading category: %v", err) + } + } + + if err = d.Set("popularity", flattenRuleOtdtPopularity(o["popularity"], d, "popularity", sv)); err != nil { + if !fortiAPIPatch(o["popularity"]) { + return fmt.Errorf("Error reading popularity: %v", err) + } + } + + if err = d.Set("risk", flattenRuleOtdtRisk(o["risk"], d, "risk", sv)); err != nil { + if !fortiAPIPatch(o["risk"]) { + return fmt.Errorf("Error reading risk: %v", err) + } + } + + if err = d.Set("weight", flattenRuleOtdtWeight(o["weight"], d, "weight", sv)); err != nil { + if !fortiAPIPatch(o["weight"]) { + return fmt.Errorf("Error reading weight: %v", err) + } + } + + if err = d.Set("protocol", flattenRuleOtdtProtocol(o["protocol"], d, "protocol", sv)); err != nil { + if !fortiAPIPatch(o["protocol"]) { + return fmt.Errorf("Error reading protocol: %v", err) + } + } + + if err = d.Set("technology", flattenRuleOtdtTechnology(o["technology"], d, "technology", sv)); err != nil { + if !fortiAPIPatch(o["technology"]) { + return fmt.Errorf("Error reading technology: %v", err) + } + } + + if err = d.Set("behavior", flattenRuleOtdtBehavior(o["behavior"], d, "behavior", sv)); err != nil { + if !fortiAPIPatch(o["behavior"]) { + return fmt.Errorf("Error reading behavior: %v", err) + } + } + + if err = d.Set("vendor", flattenRuleOtdtVendor(o["vendor"], d, "vendor", sv)); err != nil { + if !fortiAPIPatch(o["vendor"]) { + return fmt.Errorf("Error reading vendor: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("parameters", flattenRuleOtdtParameters(o["parameters"], d, "parameters", sv)); err != nil { + if !fortiAPIPatch(o["parameters"]) { + return fmt.Errorf("Error reading parameters: %v", err) + } + } + } else { + if _, ok := d.GetOk("parameters"); ok { + if err = d.Set("parameters", flattenRuleOtdtParameters(o["parameters"], d, "parameters", sv)); err != nil { + if !fortiAPIPatch(o["parameters"]) { + return fmt.Errorf("Error reading parameters: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("metadata", flattenRuleOtdtMetadata(o["metadata"], d, "metadata", sv)); err != nil { + if !fortiAPIPatch(o["metadata"]) { + return fmt.Errorf("Error reading metadata: %v", err) + } + } + } else { + if _, ok := d.GetOk("metadata"); ok { + if err = d.Set("metadata", flattenRuleOtdtMetadata(o["metadata"], d, "metadata", sv)); err != nil { + if !fortiAPIPatch(o["metadata"]) { + return fmt.Errorf("Error reading metadata: %v", err) + } + } + } + } + + return nil +} + +func flattenRuleOtdtFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandRuleOtdtName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtCategory(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtPopularity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtRisk(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtWeight(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtProtocol(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtTechnology(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtBehavior(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtVendor(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtParameters(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandRuleOtdtParametersName(d, i["name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandRuleOtdtParametersName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtMetadata(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["id"], _ = expandRuleOtdtMetadataId(d, i["id"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "metaid" + if _, ok := d.GetOk(pre_append); ok { + tmp["metaid"], _ = expandRuleOtdtMetadataMetaid(d, i["metaid"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "valueid" + if _, ok := d.GetOk(pre_append); ok { + tmp["valueid"], _ = expandRuleOtdtMetadataValueid(d, i["valueid"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandRuleOtdtMetadataId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtMetadataMetaid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtdtMetadataValueid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectRuleOtdt(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandRuleOtdtName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOkExists("fosid"); ok { + t, err := expandRuleOtdtId(d, v, "fosid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["id"] = t + } + } + + if v, ok := d.GetOkExists("category"); ok { + t, err := expandRuleOtdtCategory(d, v, "category", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["category"] = t + } + } + + if v, ok := d.GetOkExists("popularity"); ok { + t, err := expandRuleOtdtPopularity(d, v, "popularity", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["popularity"] = t + } + } + + if v, ok := d.GetOkExists("risk"); ok { + t, err := expandRuleOtdtRisk(d, v, "risk", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["risk"] = t + } + } + + if v, ok := d.GetOkExists("weight"); ok { + t, err := expandRuleOtdtWeight(d, v, "weight", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["weight"] = t + } + } + + if v, ok := d.GetOk("protocol"); ok { + t, err := expandRuleOtdtProtocol(d, v, "protocol", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["protocol"] = t + } + } + + if v, ok := d.GetOk("technology"); ok { + t, err := expandRuleOtdtTechnology(d, v, "technology", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["technology"] = t + } + } + + if v, ok := d.GetOk("behavior"); ok { + t, err := expandRuleOtdtBehavior(d, v, "behavior", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["behavior"] = t + } + } + + if v, ok := d.GetOk("vendor"); ok { + t, err := expandRuleOtdtVendor(d, v, "vendor", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["vendor"] = t + } + } + + if v, ok := d.GetOk("parameters"); ok || d.HasChange("parameters") { + t, err := expandRuleOtdtParameters(d, v, "parameters", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["parameters"] = t + } + } + + if v, ok := d.GetOk("metadata"); ok || d.HasChange("metadata") { + t, err := expandRuleOtdtMetadata(d, v, "metadata", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["metadata"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_rule_otvp.go b/fortios/resource_rule_otvp.go new file mode 100644 index 000000000..f1a324fb8 --- /dev/null +++ b/fortios/resource_rule_otvp.go @@ -0,0 +1,719 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Show OT patch signatures. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceRuleOtvp() *schema.Resource { + return &schema.Resource{ + Create: resourceRuleOtvpCreate, + Read: resourceRuleOtvpRead, + Update: resourceRuleOtvpUpdate, + Delete: resourceRuleOtvpDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + ForceNew: true, + Optional: true, + Computed: true, + }, + "log": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "log_packet": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "group": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "severity": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "location": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "os": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "application": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "service": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "rule_id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "rev": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "date": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "metadata": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "metaid": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "valueid": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + }, + }, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceRuleOtvpCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectRuleOtvp(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating RuleOtvp resource while getting object: %v", err) + } + + o, err := c.CreateRuleOtvp(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating RuleOtvp resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("RuleOtvp") + } + + return resourceRuleOtvpRead(d, m) +} + +func resourceRuleOtvpUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectRuleOtvp(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating RuleOtvp resource while getting object: %v", err) + } + + o, err := c.UpdateRuleOtvp(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating RuleOtvp resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("RuleOtvp") + } + + return resourceRuleOtvpRead(d, m) +} + +func resourceRuleOtvpDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteRuleOtvp(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting RuleOtvp resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceRuleOtvpRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadRuleOtvp(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading RuleOtvp resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectRuleOtvp(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading RuleOtvp resource from API: %v", err) + } + return nil +} + +func flattenRuleOtvpName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpLog(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpLogPacket(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpAction(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpGroup(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpSeverity(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpLocation(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpOs(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpApplication(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpService(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpRuleId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpRev(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpDate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpMetadata(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := i["id"]; ok { + tmp["id"] = flattenRuleOtvpMetadataId(i["id"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "metaid" + if _, ok := i["metaid"]; ok { + tmp["metaid"] = flattenRuleOtvpMetadataMetaid(i["metaid"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "valueid" + if _, ok := i["valueid"]; ok { + tmp["valueid"] = flattenRuleOtvpMetadataValueid(i["valueid"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenRuleOtvpMetadataId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpMetadataMetaid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenRuleOtvpMetadataValueid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectRuleOtvp(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenRuleOtvpName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("log", flattenRuleOtvpLog(o["log"], d, "log", sv)); err != nil { + if !fortiAPIPatch(o["log"]) { + return fmt.Errorf("Error reading log: %v", err) + } + } + + if err = d.Set("log_packet", flattenRuleOtvpLogPacket(o["log-packet"], d, "log_packet", sv)); err != nil { + if !fortiAPIPatch(o["log-packet"]) { + return fmt.Errorf("Error reading log_packet: %v", err) + } + } + + if err = d.Set("action", flattenRuleOtvpAction(o["action"], d, "action", sv)); err != nil { + if !fortiAPIPatch(o["action"]) { + return fmt.Errorf("Error reading action: %v", err) + } + } + + if err = d.Set("group", flattenRuleOtvpGroup(o["group"], d, "group", sv)); err != nil { + if !fortiAPIPatch(o["group"]) { + return fmt.Errorf("Error reading group: %v", err) + } + } + + if err = d.Set("severity", flattenRuleOtvpSeverity(o["severity"], d, "severity", sv)); err != nil { + if !fortiAPIPatch(o["severity"]) { + return fmt.Errorf("Error reading severity: %v", err) + } + } + + if err = d.Set("location", flattenRuleOtvpLocation(o["location"], d, "location", sv)); err != nil { + if !fortiAPIPatch(o["location"]) { + return fmt.Errorf("Error reading location: %v", err) + } + } + + if err = d.Set("os", flattenRuleOtvpOs(o["os"], d, "os", sv)); err != nil { + if !fortiAPIPatch(o["os"]) { + return fmt.Errorf("Error reading os: %v", err) + } + } + + if err = d.Set("application", flattenRuleOtvpApplication(o["application"], d, "application", sv)); err != nil { + if !fortiAPIPatch(o["application"]) { + return fmt.Errorf("Error reading application: %v", err) + } + } + + if err = d.Set("service", flattenRuleOtvpService(o["service"], d, "service", sv)); err != nil { + if !fortiAPIPatch(o["service"]) { + return fmt.Errorf("Error reading service: %v", err) + } + } + + if err = d.Set("rule_id", flattenRuleOtvpRuleId(o["rule-id"], d, "rule_id", sv)); err != nil { + if !fortiAPIPatch(o["rule-id"]) { + return fmt.Errorf("Error reading rule_id: %v", err) + } + } + + if err = d.Set("rev", flattenRuleOtvpRev(o["rev"], d, "rev", sv)); err != nil { + if !fortiAPIPatch(o["rev"]) { + return fmt.Errorf("Error reading rev: %v", err) + } + } + + if err = d.Set("date", flattenRuleOtvpDate(o["date"], d, "date", sv)); err != nil { + if !fortiAPIPatch(o["date"]) { + return fmt.Errorf("Error reading date: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("metadata", flattenRuleOtvpMetadata(o["metadata"], d, "metadata", sv)); err != nil { + if !fortiAPIPatch(o["metadata"]) { + return fmt.Errorf("Error reading metadata: %v", err) + } + } + } else { + if _, ok := d.GetOk("metadata"); ok { + if err = d.Set("metadata", flattenRuleOtvpMetadata(o["metadata"], d, "metadata", sv)); err != nil { + if !fortiAPIPatch(o["metadata"]) { + return fmt.Errorf("Error reading metadata: %v", err) + } + } + } + } + + return nil +} + +func flattenRuleOtvpFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandRuleOtvpName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpLog(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpLogPacket(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpAction(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpGroup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpSeverity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpLocation(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpOs(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpApplication(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpService(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpRuleId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpRev(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpDate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpMetadata(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["id"], _ = expandRuleOtvpMetadataId(d, i["id"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "metaid" + if _, ok := d.GetOk(pre_append); ok { + tmp["metaid"], _ = expandRuleOtvpMetadataMetaid(d, i["metaid"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "valueid" + if _, ok := d.GetOk(pre_append); ok { + tmp["valueid"], _ = expandRuleOtvpMetadataValueid(d, i["valueid"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandRuleOtvpMetadataId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpMetadataMetaid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandRuleOtvpMetadataValueid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectRuleOtvp(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandRuleOtvpName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("log"); ok { + t, err := expandRuleOtvpLog(d, v, "log", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["log"] = t + } + } + + if v, ok := d.GetOk("log_packet"); ok { + t, err := expandRuleOtvpLogPacket(d, v, "log_packet", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["log-packet"] = t + } + } + + if v, ok := d.GetOk("action"); ok { + t, err := expandRuleOtvpAction(d, v, "action", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["action"] = t + } + } + + if v, ok := d.GetOk("group"); ok { + t, err := expandRuleOtvpGroup(d, v, "group", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["group"] = t + } + } + + if v, ok := d.GetOk("severity"); ok { + t, err := expandRuleOtvpSeverity(d, v, "severity", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["severity"] = t + } + } + + if v, ok := d.GetOk("location"); ok { + t, err := expandRuleOtvpLocation(d, v, "location", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["location"] = t + } + } + + if v, ok := d.GetOk("os"); ok { + t, err := expandRuleOtvpOs(d, v, "os", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["os"] = t + } + } + + if v, ok := d.GetOk("application"); ok { + t, err := expandRuleOtvpApplication(d, v, "application", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["application"] = t + } + } + + if v, ok := d.GetOk("service"); ok { + t, err := expandRuleOtvpService(d, v, "service", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["service"] = t + } + } + + if v, ok := d.GetOkExists("rule_id"); ok { + t, err := expandRuleOtvpRuleId(d, v, "rule_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rule-id"] = t + } + } + + if v, ok := d.GetOkExists("rev"); ok { + t, err := expandRuleOtvpRev(d, v, "rev", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rev"] = t + } + } + + if v, ok := d.GetOkExists("date"); ok { + t, err := expandRuleOtvpDate(d, v, "date", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["date"] = t + } + } + + if v, ok := d.GetOk("metadata"); ok || d.HasChange("metadata") { + t, err := expandRuleOtvpMetadata(d, v, "metadata", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["metadata"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_switchcontroller_fortilinksettings.go b/fortios/resource_switchcontroller_fortilinksettings.go index 1bcba578c..98e62b6e1 100644 --- a/fortios/resource_switchcontroller_fortilinksettings.go +++ b/fortios/resource_switchcontroller_fortilinksettings.go @@ -59,6 +59,11 @@ func resourceSwitchControllerFortilinkSettings() *schema.Resource { Optional: true, Computed: true, }, + "access_vlan_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "nac_ports": &schema.Schema{ Type: schema.TypeList, Computed: true, @@ -263,6 +268,10 @@ func flattenSwitchControllerFortilinkSettingsLinkDownFlush(v interface{}, d *sch return v } +func flattenSwitchControllerFortilinkSettingsAccessVlanMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerFortilinkSettingsNacPorts(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -410,6 +419,12 @@ func refreshObjectSwitchControllerFortilinkSettings(d *schema.ResourceData, o ma } } + if err = d.Set("access_vlan_mode", flattenSwitchControllerFortilinkSettingsAccessVlanMode(o["access-vlan-mode"], d, "access_vlan_mode", sv)); err != nil { + if !fortiAPIPatch(o["access-vlan-mode"]) { + return fmt.Errorf("Error reading access_vlan_mode: %v", err) + } + } + if b_get_all_tables { if err = d.Set("nac_ports", flattenSwitchControllerFortilinkSettingsNacPorts(o["nac-ports"], d, "nac_ports", sv)); err != nil { if !fortiAPIPatch(o["nac-ports"]) { @@ -451,6 +466,10 @@ func expandSwitchControllerFortilinkSettingsLinkDownFlush(d *schema.ResourceData return v, nil } +func expandSwitchControllerFortilinkSettingsAccessVlanMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerFortilinkSettingsNacPorts(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { @@ -589,6 +608,15 @@ func getObjectSwitchControllerFortilinkSettings(d *schema.ResourceData, sv strin } } + if v, ok := d.GetOk("access_vlan_mode"); ok { + t, err := expandSwitchControllerFortilinkSettingsAccessVlanMode(d, v, "access_vlan_mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["access-vlan-mode"] = t + } + } + if v, ok := d.GetOk("nac_ports"); ok { t, err := expandSwitchControllerFortilinkSettingsNacPorts(d, v, "nac_ports", sv) if err != nil { diff --git a/fortios/resource_switchcontroller_global.go b/fortios/resource_switchcontroller_global.go index 8b847a944..f927d519b 100644 --- a/fortios/resource_switchcontroller_global.go +++ b/fortios/resource_switchcontroller_global.go @@ -61,6 +61,11 @@ func resourceSwitchControllerGlobal() *schema.Resource { Optional: true, Computed: true, }, + "vlan_identity": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "disable_discovery": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -317,6 +322,10 @@ func flattenSwitchControllerGlobalVlanOptimization(v interface{}, d *schema.Reso return v } +func flattenSwitchControllerGlobalVlanIdentity(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerGlobalDisableDiscovery(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -521,6 +530,12 @@ func refreshObjectSwitchControllerGlobal(d *schema.ResourceData, o map[string]in } } + if err = d.Set("vlan_identity", flattenSwitchControllerGlobalVlanIdentity(o["vlan-identity"], d, "vlan_identity", sv)); err != nil { + if !fortiAPIPatch(o["vlan-identity"]) { + return fmt.Errorf("Error reading vlan_identity: %v", err) + } + } + if b_get_all_tables { if err = d.Set("disable_discovery", flattenSwitchControllerGlobalDisableDiscovery(o["disable-discovery"], d, "disable_discovery", sv)); err != nil { if !fortiAPIPatch(o["disable-discovery"]) { @@ -690,6 +705,10 @@ func expandSwitchControllerGlobalVlanOptimization(d *schema.ResourceData, v inte return v, nil } +func expandSwitchControllerGlobalVlanIdentity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerGlobalDisableDiscovery(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -901,6 +920,19 @@ func getObjectSwitchControllerGlobal(d *schema.ResourceData, setArgNil bool, sv } } + if v, ok := d.GetOk("vlan_identity"); ok { + if setArgNil { + obj["vlan-identity"] = nil + } else { + t, err := expandSwitchControllerGlobalVlanIdentity(d, v, "vlan_identity", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["vlan-identity"] = t + } + } + } + if v, ok := d.GetOk("disable_discovery"); ok || d.HasChange("disable_discovery") { if setArgNil { obj["disable-discovery"] = make([]struct{}, 0) diff --git a/fortios/resource_switchcontroller_lldpprofile.go b/fortios/resource_switchcontroller_lldpprofile.go index d95ce62c4..5dd08e257 100644 --- a/fortios/resource_switchcontroller_lldpprofile.go +++ b/fortios/resource_switchcontroller_lldpprofile.go @@ -85,6 +85,40 @@ func resourceSwitchControllerLldpProfile() *schema.Resource { Optional: true, Computed: true, }, + "auto_isl_auth": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "auto_isl_auth_user": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "auto_isl_auth_identity": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "auto_isl_auth_reauth": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(10, 3600), + Optional: true, + Computed: true, + }, + "auto_isl_auth_encrypt": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "auto_isl_auth_macsec_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, "med_network_policy": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -359,6 +393,30 @@ func flattenSwitchControllerLldpProfileAutoMclagIcl(v interface{}, d *schema.Res return v } +func flattenSwitchControllerLldpProfileAutoIslAuth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerLldpProfileAutoIslAuthUser(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerLldpProfileAutoIslAuthIdentity(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerLldpProfileAutoIslAuthReauth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerLldpProfileAutoIslAuthEncrypt(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerLldpProfileAutoIslAuthMacsecProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerLldpProfileMedNetworkPolicy(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -647,6 +705,42 @@ func refreshObjectSwitchControllerLldpProfile(d *schema.ResourceData, o map[stri } } + if err = d.Set("auto_isl_auth", flattenSwitchControllerLldpProfileAutoIslAuth(o["auto-isl-auth"], d, "auto_isl_auth", sv)); err != nil { + if !fortiAPIPatch(o["auto-isl-auth"]) { + return fmt.Errorf("Error reading auto_isl_auth: %v", err) + } + } + + if err = d.Set("auto_isl_auth_user", flattenSwitchControllerLldpProfileAutoIslAuthUser(o["auto-isl-auth-user"], d, "auto_isl_auth_user", sv)); err != nil { + if !fortiAPIPatch(o["auto-isl-auth-user"]) { + return fmt.Errorf("Error reading auto_isl_auth_user: %v", err) + } + } + + if err = d.Set("auto_isl_auth_identity", flattenSwitchControllerLldpProfileAutoIslAuthIdentity(o["auto-isl-auth-identity"], d, "auto_isl_auth_identity", sv)); err != nil { + if !fortiAPIPatch(o["auto-isl-auth-identity"]) { + return fmt.Errorf("Error reading auto_isl_auth_identity: %v", err) + } + } + + if err = d.Set("auto_isl_auth_reauth", flattenSwitchControllerLldpProfileAutoIslAuthReauth(o["auto-isl-auth-reauth"], d, "auto_isl_auth_reauth", sv)); err != nil { + if !fortiAPIPatch(o["auto-isl-auth-reauth"]) { + return fmt.Errorf("Error reading auto_isl_auth_reauth: %v", err) + } + } + + if err = d.Set("auto_isl_auth_encrypt", flattenSwitchControllerLldpProfileAutoIslAuthEncrypt(o["auto-isl-auth-encrypt"], d, "auto_isl_auth_encrypt", sv)); err != nil { + if !fortiAPIPatch(o["auto-isl-auth-encrypt"]) { + return fmt.Errorf("Error reading auto_isl_auth_encrypt: %v", err) + } + } + + if err = d.Set("auto_isl_auth_macsec_profile", flattenSwitchControllerLldpProfileAutoIslAuthMacsecProfile(o["auto-isl-auth-macsec-profile"], d, "auto_isl_auth_macsec_profile", sv)); err != nil { + if !fortiAPIPatch(o["auto-isl-auth-macsec-profile"]) { + return fmt.Errorf("Error reading auto_isl_auth_macsec_profile: %v", err) + } + } + if b_get_all_tables { if err = d.Set("med_network_policy", flattenSwitchControllerLldpProfileMedNetworkPolicy(o["med-network-policy"], d, "med_network_policy", sv)); err != nil { if !fortiAPIPatch(o["med-network-policy"]) { @@ -740,6 +834,30 @@ func expandSwitchControllerLldpProfileAutoMclagIcl(d *schema.ResourceData, v int return v, nil } +func expandSwitchControllerLldpProfileAutoIslAuth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerLldpProfileAutoIslAuthUser(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerLldpProfileAutoIslAuthIdentity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerLldpProfileAutoIslAuthReauth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerLldpProfileAutoIslAuthEncrypt(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerLldpProfileAutoIslAuthMacsecProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerLldpProfileMedNetworkPolicy(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -1016,6 +1134,60 @@ func getObjectSwitchControllerLldpProfile(d *schema.ResourceData, sv string) (*m } } + if v, ok := d.GetOk("auto_isl_auth"); ok { + t, err := expandSwitchControllerLldpProfileAutoIslAuth(d, v, "auto_isl_auth", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auto-isl-auth"] = t + } + } + + if v, ok := d.GetOk("auto_isl_auth_user"); ok { + t, err := expandSwitchControllerLldpProfileAutoIslAuthUser(d, v, "auto_isl_auth_user", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auto-isl-auth-user"] = t + } + } + + if v, ok := d.GetOk("auto_isl_auth_identity"); ok { + t, err := expandSwitchControllerLldpProfileAutoIslAuthIdentity(d, v, "auto_isl_auth_identity", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auto-isl-auth-identity"] = t + } + } + + if v, ok := d.GetOk("auto_isl_auth_reauth"); ok { + t, err := expandSwitchControllerLldpProfileAutoIslAuthReauth(d, v, "auto_isl_auth_reauth", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auto-isl-auth-reauth"] = t + } + } + + if v, ok := d.GetOk("auto_isl_auth_encrypt"); ok { + t, err := expandSwitchControllerLldpProfileAutoIslAuthEncrypt(d, v, "auto_isl_auth_encrypt", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auto-isl-auth-encrypt"] = t + } + } + + if v, ok := d.GetOk("auto_isl_auth_macsec_profile"); ok { + t, err := expandSwitchControllerLldpProfileAutoIslAuthMacsecProfile(d, v, "auto_isl_auth_macsec_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auto-isl-auth-macsec-profile"] = t + } + } + if v, ok := d.GetOk("med_network_policy"); ok || d.HasChange("med_network_policy") { t, err := expandSwitchControllerLldpProfileMedNetworkPolicy(d, v, "med_network_policy", sv) if err != nil { diff --git a/fortios/resource_switchcontroller_managedswitch.go b/fortios/resource_switchcontroller_managedswitch.go index b1e27ff65..e6929117a 100644 --- a/fortios/resource_switchcontroller_managedswitch.go +++ b/fortios/resource_switchcontroller_managedswitch.go @@ -177,6 +177,46 @@ func resourceSwitchControllerManagedSwitch() *schema.Resource { Optional: true, Computed: true, }, + "ptp_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ptp_profile": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "route_offload": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "route_offload_mclag": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "route_offload_router": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "vlan_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + Optional: true, + Computed: true, + }, + "router_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, "type": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -270,6 +310,11 @@ func resourceSwitchControllerManagedSwitch() *schema.Resource { Optional: true, Computed: true, }, + "ptp_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "ptp_policy": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 63), @@ -361,6 +406,24 @@ func resourceSwitchControllerManagedSwitch() *schema.Resource { Optional: true, Computed: true, }, + "authenticated_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 1), + Optional: true, + Computed: true, + }, + "restricted_auth_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 1), + Optional: true, + Computed: true, + }, + "encrypted_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 1), + Optional: true, + Computed: true, + }, "fiber_port": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(0, 1), @@ -1861,6 +1924,73 @@ func flattenSwitchControllerManagedSwitchDynamicallyDiscovered(v interface{}, d return v } +func flattenSwitchControllerManagedSwitchPtpStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchPtpProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchRouteOffload(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchRouteOffloadMclag(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchRouteOffloadRouter(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "vlan_name" + if _, ok := i["vlan-name"]; ok { + tmp["vlan_name"] = flattenSwitchControllerManagedSwitchRouteOffloadRouterVlanName(i["vlan-name"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "router_ip" + if _, ok := i["router-ip"]; ok { + tmp["router_ip"] = flattenSwitchControllerManagedSwitchRouteOffloadRouterRouterIp(i["router-ip"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "vlan_name", d) + return result +} + +func flattenSwitchControllerManagedSwitchRouteOffloadRouterVlanName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchRouteOffloadRouterRouterIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerManagedSwitchType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1957,6 +2087,11 @@ func flattenSwitchControllerManagedSwitchPorts(v interface{}, d *schema.Resource tmp["ip_source_guard"] = flattenSwitchControllerManagedSwitchPortsIpSourceGuard(i["ip-source-guard"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "ptp_status" + if _, ok := i["ptp-status"]; ok { + tmp["ptp_status"] = flattenSwitchControllerManagedSwitchPortsPtpStatus(i["ptp-status"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "ptp_policy" if _, ok := i["ptp-policy"]; ok { tmp["ptp_policy"] = flattenSwitchControllerManagedSwitchPortsPtpPolicy(i["ptp-policy"], d, pre_append, sv) @@ -2037,6 +2172,21 @@ func flattenSwitchControllerManagedSwitchPorts(v interface{}, d *schema.Resource tmp["mclag_icl_port"] = flattenSwitchControllerManagedSwitchPortsMclagIclPort(i["mclag-icl-port"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "authenticated_port" + if _, ok := i["authenticated-port"]; ok { + tmp["authenticated_port"] = flattenSwitchControllerManagedSwitchPortsAuthenticatedPort(i["authenticated-port"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "restricted_auth_port" + if _, ok := i["restricted-auth-port"]; ok { + tmp["restricted_auth_port"] = flattenSwitchControllerManagedSwitchPortsRestrictedAuthPort(i["restricted-auth-port"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "encrypted_port" + if _, ok := i["encrypted-port"]; ok { + tmp["encrypted_port"] = flattenSwitchControllerManagedSwitchPortsEncryptedPort(i["encrypted-port"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "fiber_port" if _, ok := i["fiber-port"]; ok { tmp["fiber_port"] = flattenSwitchControllerManagedSwitchPortsFiberPort(i["fiber-port"], d, pre_append, sv) @@ -2468,6 +2618,10 @@ func flattenSwitchControllerManagedSwitchPortsIpSourceGuard(v interface{}, d *sc return v } +func flattenSwitchControllerManagedSwitchPortsPtpStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerManagedSwitchPortsPtpPolicy(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2532,6 +2686,18 @@ func flattenSwitchControllerManagedSwitchPortsMclagIclPort(v interface{}, d *sch return v } +func flattenSwitchControllerManagedSwitchPortsAuthenticatedPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchPortsRestrictedAuthPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerManagedSwitchPortsEncryptedPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerManagedSwitchPortsFiberPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4836,6 +5002,46 @@ func refreshObjectSwitchControllerManagedSwitch(d *schema.ResourceData, o map[st } } + if err = d.Set("ptp_status", flattenSwitchControllerManagedSwitchPtpStatus(o["ptp-status"], d, "ptp_status", sv)); err != nil { + if !fortiAPIPatch(o["ptp-status"]) { + return fmt.Errorf("Error reading ptp_status: %v", err) + } + } + + if err = d.Set("ptp_profile", flattenSwitchControllerManagedSwitchPtpProfile(o["ptp-profile"], d, "ptp_profile", sv)); err != nil { + if !fortiAPIPatch(o["ptp-profile"]) { + return fmt.Errorf("Error reading ptp_profile: %v", err) + } + } + + if err = d.Set("route_offload", flattenSwitchControllerManagedSwitchRouteOffload(o["route-offload"], d, "route_offload", sv)); err != nil { + if !fortiAPIPatch(o["route-offload"]) { + return fmt.Errorf("Error reading route_offload: %v", err) + } + } + + if err = d.Set("route_offload_mclag", flattenSwitchControllerManagedSwitchRouteOffloadMclag(o["route-offload-mclag"], d, "route_offload_mclag", sv)); err != nil { + if !fortiAPIPatch(o["route-offload-mclag"]) { + return fmt.Errorf("Error reading route_offload_mclag: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("route_offload_router", flattenSwitchControllerManagedSwitchRouteOffloadRouter(o["route-offload-router"], d, "route_offload_router", sv)); err != nil { + if !fortiAPIPatch(o["route-offload-router"]) { + return fmt.Errorf("Error reading route_offload_router: %v", err) + } + } + } else { + if _, ok := d.GetOk("route_offload_router"); ok { + if err = d.Set("route_offload_router", flattenSwitchControllerManagedSwitchRouteOffloadRouter(o["route-offload-router"], d, "route_offload_router", sv)); err != nil { + if !fortiAPIPatch(o["route-offload-router"]) { + return fmt.Errorf("Error reading route_offload_router: %v", err) + } + } + } + } + if err = d.Set("type", flattenSwitchControllerManagedSwitchType(o["type"], d, "type", sv)); err != nil { if !fortiAPIPatch(o["type"]) { return fmt.Errorf("Error reading type: %v", err) @@ -5317,6 +5523,62 @@ func expandSwitchControllerManagedSwitchDynamicallyDiscovered(d *schema.Resource return v, nil } +func expandSwitchControllerManagedSwitchPtpStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchPtpProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchRouteOffload(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchRouteOffloadMclag(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchRouteOffloadRouter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "vlan_name" + if _, ok := d.GetOk(pre_append); ok { + tmp["vlan-name"], _ = expandSwitchControllerManagedSwitchRouteOffloadRouterVlanName(d, i["vlan_name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "router_ip" + if _, ok := d.GetOk(pre_append); ok { + tmp["router-ip"], _ = expandSwitchControllerManagedSwitchRouteOffloadRouterRouterIp(d, i["router_ip"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandSwitchControllerManagedSwitchRouteOffloadRouterVlanName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchRouteOffloadRouterRouterIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerManagedSwitchType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5403,6 +5665,11 @@ func expandSwitchControllerManagedSwitchPorts(d *schema.ResourceData, v interfac tmp["ip-source-guard"], _ = expandSwitchControllerManagedSwitchPortsIpSourceGuard(d, i["ip_source_guard"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "ptp_status" + if _, ok := d.GetOk(pre_append); ok { + tmp["ptp-status"], _ = expandSwitchControllerManagedSwitchPortsPtpStatus(d, i["ptp_status"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "ptp_policy" if _, ok := d.GetOk(pre_append); ok { tmp["ptp-policy"], _ = expandSwitchControllerManagedSwitchPortsPtpPolicy(d, i["ptp_policy"], pre_append, sv) @@ -5483,6 +5750,21 @@ func expandSwitchControllerManagedSwitchPorts(d *schema.ResourceData, v interfac tmp["mclag-icl-port"], _ = expandSwitchControllerManagedSwitchPortsMclagIclPort(d, i["mclag_icl_port"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "authenticated_port" + if _, ok := d.GetOk(pre_append); ok { + tmp["authenticated-port"], _ = expandSwitchControllerManagedSwitchPortsAuthenticatedPort(d, i["authenticated_port"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "restricted_auth_port" + if _, ok := d.GetOk(pre_append); ok { + tmp["restricted-auth-port"], _ = expandSwitchControllerManagedSwitchPortsRestrictedAuthPort(d, i["restricted_auth_port"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "encrypted_port" + if _, ok := d.GetOk(pre_append); ok { + tmp["encrypted-port"], _ = expandSwitchControllerManagedSwitchPortsEncryptedPort(d, i["encrypted_port"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "fiber_port" if _, ok := d.GetOk(pre_append); ok { tmp["fiber-port"], _ = expandSwitchControllerManagedSwitchPortsFiberPort(d, i["fiber_port"], pre_append, sv) @@ -5929,6 +6211,10 @@ func expandSwitchControllerManagedSwitchPortsIpSourceGuard(d *schema.ResourceDat return v, nil } +func expandSwitchControllerManagedSwitchPortsPtpStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerManagedSwitchPortsPtpPolicy(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5993,6 +6279,18 @@ func expandSwitchControllerManagedSwitchPortsMclagIclPort(d *schema.ResourceData return v, nil } +func expandSwitchControllerManagedSwitchPortsAuthenticatedPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchPortsRestrictedAuthPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerManagedSwitchPortsEncryptedPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerManagedSwitchPortsFiberPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8090,6 +8388,51 @@ func getObjectSwitchControllerManagedSwitch(d *schema.ResourceData, sv string) ( } } + if v, ok := d.GetOk("ptp_status"); ok { + t, err := expandSwitchControllerManagedSwitchPtpStatus(d, v, "ptp_status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ptp-status"] = t + } + } + + if v, ok := d.GetOk("ptp_profile"); ok { + t, err := expandSwitchControllerManagedSwitchPtpProfile(d, v, "ptp_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ptp-profile"] = t + } + } + + if v, ok := d.GetOk("route_offload"); ok { + t, err := expandSwitchControllerManagedSwitchRouteOffload(d, v, "route_offload", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["route-offload"] = t + } + } + + if v, ok := d.GetOk("route_offload_mclag"); ok { + t, err := expandSwitchControllerManagedSwitchRouteOffloadMclag(d, v, "route_offload_mclag", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["route-offload-mclag"] = t + } + } + + if v, ok := d.GetOk("route_offload_router"); ok || d.HasChange("route_offload_router") { + t, err := expandSwitchControllerManagedSwitchRouteOffloadRouter(d, v, "route_offload_router", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["route-offload-router"] = t + } + } + if v, ok := d.GetOk("type"); ok { t, err := expandSwitchControllerManagedSwitchType(d, v, "type", sv) if err != nil { diff --git a/fortios/resource_switchcontrollerptp_interfacepolicy.go b/fortios/resource_switchcontrollerptp_interfacepolicy.go new file mode 100644 index 000000000..9816f1048 --- /dev/null +++ b/fortios/resource_switchcontrollerptp_interfacepolicy.go @@ -0,0 +1,296 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: PTP interface-policy configuration. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceSwitchControllerPtpInterfacePolicy() *schema.Resource { + return &schema.Resource{ + Create: resourceSwitchControllerPtpInterfacePolicyCreate, + Read: resourceSwitchControllerPtpInterfacePolicyRead, + Update: resourceSwitchControllerPtpInterfacePolicyUpdate, + Delete: resourceSwitchControllerPtpInterfacePolicyDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + ForceNew: true, + Optional: true, + Computed: true, + }, + "description": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "vlan": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + Optional: true, + Computed: true, + }, + "vlan_pri": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 7), + Optional: true, + Computed: true, + }, + }, + } +} + +func resourceSwitchControllerPtpInterfacePolicyCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSwitchControllerPtpInterfacePolicy(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating SwitchControllerPtpInterfacePolicy resource while getting object: %v", err) + } + + o, err := c.CreateSwitchControllerPtpInterfacePolicy(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating SwitchControllerPtpInterfacePolicy resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("SwitchControllerPtpInterfacePolicy") + } + + return resourceSwitchControllerPtpInterfacePolicyRead(d, m) +} + +func resourceSwitchControllerPtpInterfacePolicyUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSwitchControllerPtpInterfacePolicy(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating SwitchControllerPtpInterfacePolicy resource while getting object: %v", err) + } + + o, err := c.UpdateSwitchControllerPtpInterfacePolicy(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating SwitchControllerPtpInterfacePolicy resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("SwitchControllerPtpInterfacePolicy") + } + + return resourceSwitchControllerPtpInterfacePolicyRead(d, m) +} + +func resourceSwitchControllerPtpInterfacePolicyDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteSwitchControllerPtpInterfacePolicy(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting SwitchControllerPtpInterfacePolicy resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceSwitchControllerPtpInterfacePolicyRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadSwitchControllerPtpInterfacePolicy(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading SwitchControllerPtpInterfacePolicy resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectSwitchControllerPtpInterfacePolicy(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading SwitchControllerPtpInterfacePolicy resource from API: %v", err) + } + return nil +} + +func flattenSwitchControllerPtpInterfacePolicyName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpInterfacePolicyDescription(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpInterfacePolicyVlan(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpInterfacePolicyVlanPri(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectSwitchControllerPtpInterfacePolicy(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + + if err = d.Set("name", flattenSwitchControllerPtpInterfacePolicyName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("description", flattenSwitchControllerPtpInterfacePolicyDescription(o["description"], d, "description", sv)); err != nil { + if !fortiAPIPatch(o["description"]) { + return fmt.Errorf("Error reading description: %v", err) + } + } + + if err = d.Set("vlan", flattenSwitchControllerPtpInterfacePolicyVlan(o["vlan"], d, "vlan", sv)); err != nil { + if !fortiAPIPatch(o["vlan"]) { + return fmt.Errorf("Error reading vlan: %v", err) + } + } + + if err = d.Set("vlan_pri", flattenSwitchControllerPtpInterfacePolicyVlanPri(o["vlan-pri"], d, "vlan_pri", sv)); err != nil { + if !fortiAPIPatch(o["vlan-pri"]) { + return fmt.Errorf("Error reading vlan_pri: %v", err) + } + } + + return nil +} + +func flattenSwitchControllerPtpInterfacePolicyFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandSwitchControllerPtpInterfacePolicyName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpInterfacePolicyDescription(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpInterfacePolicyVlan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpInterfacePolicyVlanPri(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectSwitchControllerPtpInterfacePolicy(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandSwitchControllerPtpInterfacePolicyName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("description"); ok { + t, err := expandSwitchControllerPtpInterfacePolicyDescription(d, v, "description", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["description"] = t + } + } + + if v, ok := d.GetOk("vlan"); ok { + t, err := expandSwitchControllerPtpInterfacePolicyVlan(d, v, "vlan", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["vlan"] = t + } + } + + if v, ok := d.GetOkExists("vlan_pri"); ok { + t, err := expandSwitchControllerPtpInterfacePolicyVlanPri(d, v, "vlan_pri", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["vlan-pri"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_switchcontrollerptp_profile.go b/fortios/resource_switchcontrollerptp_profile.go new file mode 100644 index 000000000..1aadc9270 --- /dev/null +++ b/fortios/resource_switchcontrollerptp_profile.go @@ -0,0 +1,379 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Global PTP profile. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceSwitchControllerPtpProfile() *schema.Resource { + return &schema.Resource{ + Create: resourceSwitchControllerPtpProfileCreate, + Read: resourceSwitchControllerPtpProfileRead, + Update: resourceSwitchControllerPtpProfileUpdate, + Delete: resourceSwitchControllerPtpProfileDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + ForceNew: true, + Optional: true, + Computed: true, + }, + "description": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ptp_profile": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "transport": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "domain": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 255), + Optional: true, + Computed: true, + }, + "pdelay_req_interval": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + } +} + +func resourceSwitchControllerPtpProfileCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSwitchControllerPtpProfile(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating SwitchControllerPtpProfile resource while getting object: %v", err) + } + + o, err := c.CreateSwitchControllerPtpProfile(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating SwitchControllerPtpProfile resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("SwitchControllerPtpProfile") + } + + return resourceSwitchControllerPtpProfileRead(d, m) +} + +func resourceSwitchControllerPtpProfileUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSwitchControllerPtpProfile(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating SwitchControllerPtpProfile resource while getting object: %v", err) + } + + o, err := c.UpdateSwitchControllerPtpProfile(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating SwitchControllerPtpProfile resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("SwitchControllerPtpProfile") + } + + return resourceSwitchControllerPtpProfileRead(d, m) +} + +func resourceSwitchControllerPtpProfileDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteSwitchControllerPtpProfile(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting SwitchControllerPtpProfile resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceSwitchControllerPtpProfileRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadSwitchControllerPtpProfile(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading SwitchControllerPtpProfile resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectSwitchControllerPtpProfile(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading SwitchControllerPtpProfile resource from API: %v", err) + } + return nil +} + +func flattenSwitchControllerPtpProfileName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpProfileDescription(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpProfileMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpProfilePtpProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpProfileTransport(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpProfileDomain(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerPtpProfilePdelayReqInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectSwitchControllerPtpProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + + if err = d.Set("name", flattenSwitchControllerPtpProfileName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("description", flattenSwitchControllerPtpProfileDescription(o["description"], d, "description", sv)); err != nil { + if !fortiAPIPatch(o["description"]) { + return fmt.Errorf("Error reading description: %v", err) + } + } + + if err = d.Set("mode", flattenSwitchControllerPtpProfileMode(o["mode"], d, "mode", sv)); err != nil { + if !fortiAPIPatch(o["mode"]) { + return fmt.Errorf("Error reading mode: %v", err) + } + } + + if err = d.Set("ptp_profile", flattenSwitchControllerPtpProfilePtpProfile(o["ptp-profile"], d, "ptp_profile", sv)); err != nil { + if !fortiAPIPatch(o["ptp-profile"]) { + return fmt.Errorf("Error reading ptp_profile: %v", err) + } + } + + if err = d.Set("transport", flattenSwitchControllerPtpProfileTransport(o["transport"], d, "transport", sv)); err != nil { + if !fortiAPIPatch(o["transport"]) { + return fmt.Errorf("Error reading transport: %v", err) + } + } + + if err = d.Set("domain", flattenSwitchControllerPtpProfileDomain(o["domain"], d, "domain", sv)); err != nil { + if !fortiAPIPatch(o["domain"]) { + return fmt.Errorf("Error reading domain: %v", err) + } + } + + if err = d.Set("pdelay_req_interval", flattenSwitchControllerPtpProfilePdelayReqInterval(o["pdelay-req-interval"], d, "pdelay_req_interval", sv)); err != nil { + if !fortiAPIPatch(o["pdelay-req-interval"]) { + return fmt.Errorf("Error reading pdelay_req_interval: %v", err) + } + } + + return nil +} + +func flattenSwitchControllerPtpProfileFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandSwitchControllerPtpProfileName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpProfileDescription(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpProfileMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpProfilePtpProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpProfileTransport(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpProfileDomain(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerPtpProfilePdelayReqInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectSwitchControllerPtpProfile(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandSwitchControllerPtpProfileName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("description"); ok { + t, err := expandSwitchControllerPtpProfileDescription(d, v, "description", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["description"] = t + } + } + + if v, ok := d.GetOk("mode"); ok { + t, err := expandSwitchControllerPtpProfileMode(d, v, "mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mode"] = t + } + } + + if v, ok := d.GetOk("ptp_profile"); ok { + t, err := expandSwitchControllerPtpProfilePtpProfile(d, v, "ptp_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ptp-profile"] = t + } + } + + if v, ok := d.GetOk("transport"); ok { + t, err := expandSwitchControllerPtpProfileTransport(d, v, "transport", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["transport"] = t + } + } + + if v, ok := d.GetOkExists("domain"); ok { + t, err := expandSwitchControllerPtpProfileDomain(d, v, "domain", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["domain"] = t + } + } + + if v, ok := d.GetOk("pdelay_req_interval"); ok { + t, err := expandSwitchControllerPtpProfilePdelayReqInterval(d, v, "pdelay_req_interval", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["pdelay-req-interval"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_system_accprofile.go b/fortios/resource_system_accprofile.go index 03dbcc081..379d3fc34 100644 --- a/fortios/resource_system_accprofile.go +++ b/fortios/resource_system_accprofile.go @@ -308,6 +308,16 @@ func resourceSystemAccprofile() *schema.Resource { Optional: true, Computed: true, }, + "virtual_patch": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "casb": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, }, }, @@ -803,6 +813,16 @@ func flattenSystemAccprofileUtmgrpPermission(v interface{}, d *schema.ResourceDa result["videofilter"] = flattenSystemAccprofileUtmgrpPermissionVideofilter(i["videofilter"], d, pre_append, sv) } + pre_append = pre + ".0." + "virtual_patch" + if _, ok := i["virtual-patch"]; ok { + result["virtual_patch"] = flattenSystemAccprofileUtmgrpPermissionVirtualPatch(i["virtual-patch"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "casb" + if _, ok := i["casb"]; ok { + result["casb"] = flattenSystemAccprofileUtmgrpPermissionCasb(i["casb"], d, pre_append, sv) + } + lastresult := []map[string]interface{}{result} return lastresult } @@ -867,6 +887,14 @@ func flattenSystemAccprofileUtmgrpPermissionVideofilter(v interface{}, d *schema return v } +func flattenSystemAccprofileUtmgrpPermissionVirtualPatch(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemAccprofileUtmgrpPermissionCasb(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemAccprofileAdmintimeoutOverride(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1409,6 +1437,14 @@ func expandSystemAccprofileUtmgrpPermission(d *schema.ResourceData, v interface{ if _, ok := d.GetOk(pre_append); ok { result["videofilter"], _ = expandSystemAccprofileUtmgrpPermissionVideofilter(d, i["videofilter"], pre_append, sv) } + pre_append = pre + ".0." + "virtual_patch" + if _, ok := d.GetOk(pre_append); ok { + result["virtual-patch"], _ = expandSystemAccprofileUtmgrpPermissionVirtualPatch(d, i["virtual_patch"], pre_append, sv) + } + pre_append = pre + ".0." + "casb" + if _, ok := d.GetOk(pre_append); ok { + result["casb"], _ = expandSystemAccprofileUtmgrpPermissionCasb(d, i["casb"], pre_append, sv) + } return result, nil } @@ -1473,6 +1509,14 @@ func expandSystemAccprofileUtmgrpPermissionVideofilter(d *schema.ResourceData, v return v, nil } +func expandSystemAccprofileUtmgrpPermissionVirtualPatch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemAccprofileUtmgrpPermissionCasb(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemAccprofileAdmintimeoutOverride(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_system_affinityinterrupt.go b/fortios/resource_system_affinityinterrupt.go index d79fb7924..9310abf56 100644 --- a/fortios/resource_system_affinityinterrupt.go +++ b/fortios/resource_system_affinityinterrupt.go @@ -50,6 +50,12 @@ func resourceSystemAffinityInterrupt() *schema.Resource { ValidateFunc: validation.StringLenBetween(0, 127), Required: true, }, + "default_affinity_cpumask": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 127), + Optional: true, + Computed: true, + }, }, } } @@ -187,6 +193,10 @@ func flattenSystemAffinityInterruptAffinityCpumask(v interface{}, d *schema.Reso return v } +func flattenSystemAffinityInterruptDefaultAffinityCpumask(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectSystemAffinityInterrupt(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -208,6 +218,12 @@ func refreshObjectSystemAffinityInterrupt(d *schema.ResourceData, o map[string]i } } + if err = d.Set("default_affinity_cpumask", flattenSystemAffinityInterruptDefaultAffinityCpumask(o["default-affinity-cpumask"], d, "default_affinity_cpumask", sv)); err != nil { + if !fortiAPIPatch(o["default-affinity-cpumask"]) { + return fmt.Errorf("Error reading default_affinity_cpumask: %v", err) + } + } + return nil } @@ -229,6 +245,10 @@ func expandSystemAffinityInterruptAffinityCpumask(d *schema.ResourceData, v inte return v, nil } +func expandSystemAffinityInterruptDefaultAffinityCpumask(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectSystemAffinityInterrupt(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -259,5 +279,14 @@ func getObjectSystemAffinityInterrupt(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("default_affinity_cpumask"); ok { + t, err := expandSystemAffinityInterruptDefaultAffinityCpumask(d, v, "default_affinity_cpumask", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["default-affinity-cpumask"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_system_dnsdatabase.go b/fortios/resource_system_dnsdatabase.go index 14ad50710..e6bb52199 100644 --- a/fortios/resource_system_dnsdatabase.go +++ b/fortios/resource_system_dnsdatabase.go @@ -99,11 +99,21 @@ func resourceSystemDnsDatabase() *schema.Resource { Optional: true, Computed: true, }, + "forwarder6": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "source_ip": &schema.Schema{ Type: schema.TypeString, Optional: true, Computed: true, }, + "source_ip6": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "rr_max": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: intBetweenWithZero(10, 65536), @@ -353,10 +363,18 @@ func flattenSystemDnsDatabaseForwarder(v interface{}, d *schema.ResourceData, pr return v } +func flattenSystemDnsDatabaseForwarder6(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemDnsDatabaseSourceIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } +func flattenSystemDnsDatabaseSourceIp6(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemDnsDatabaseRrMax(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -562,12 +580,24 @@ func refreshObjectSystemDnsDatabase(d *schema.ResourceData, o map[string]interfa } } + if err = d.Set("forwarder6", flattenSystemDnsDatabaseForwarder6(o["forwarder6"], d, "forwarder6", sv)); err != nil { + if !fortiAPIPatch(o["forwarder6"]) { + return fmt.Errorf("Error reading forwarder6: %v", err) + } + } + if err = d.Set("source_ip", flattenSystemDnsDatabaseSourceIp(o["source-ip"], d, "source_ip", sv)); err != nil { if !fortiAPIPatch(o["source-ip"]) { return fmt.Errorf("Error reading source_ip: %v", err) } } + if err = d.Set("source_ip6", flattenSystemDnsDatabaseSourceIp6(o["source-ip6"], d, "source_ip6", sv)); err != nil { + if !fortiAPIPatch(o["source-ip6"]) { + return fmt.Errorf("Error reading source_ip6: %v", err) + } + } + if err = d.Set("rr_max", flattenSystemDnsDatabaseRrMax(o["rr-max"], d, "rr_max", sv)); err != nil { if !fortiAPIPatch(o["rr-max"]) { return fmt.Errorf("Error reading rr_max: %v", err) @@ -651,10 +681,18 @@ func expandSystemDnsDatabaseForwarder(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemDnsDatabaseForwarder6(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemDnsDatabaseSourceIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } +func expandSystemDnsDatabaseSourceIp6(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemDnsDatabaseRrMax(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -882,6 +920,15 @@ func getObjectSystemDnsDatabase(d *schema.ResourceData, sv string) (*map[string] } } + if v, ok := d.GetOk("forwarder6"); ok { + t, err := expandSystemDnsDatabaseForwarder6(d, v, "forwarder6", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["forwarder6"] = t + } + } + if v, ok := d.GetOk("source_ip"); ok { t, err := expandSystemDnsDatabaseSourceIp(d, v, "source_ip", sv) if err != nil { @@ -891,6 +938,15 @@ func getObjectSystemDnsDatabase(d *schema.ResourceData, sv string) (*map[string] } } + if v, ok := d.GetOk("source_ip6"); ok { + t, err := expandSystemDnsDatabaseSourceIp6(d, v, "source_ip6", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["source-ip6"] = t + } + } + if v, ok := d.GetOkExists("rr_max"); ok { t, err := expandSystemDnsDatabaseRrMax(d, v, "rr_max", sv) if err != nil { diff --git a/fortios/resource_system_dnsserver.go b/fortios/resource_system_dnsserver.go index 721763b08..3dcfea910 100644 --- a/fortios/resource_system_dnsserver.go +++ b/fortios/resource_system_dnsserver.go @@ -58,6 +58,16 @@ func resourceSystemDnsServer() *schema.Resource { Optional: true, Computed: true, }, + "doh3": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "doq": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } @@ -199,6 +209,14 @@ func flattenSystemDnsServerDoh(v interface{}, d *schema.ResourceData, pre string return v } +func flattenSystemDnsServerDoh3(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemDnsServerDoq(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectSystemDnsServer(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -226,6 +244,18 @@ func refreshObjectSystemDnsServer(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("doh3", flattenSystemDnsServerDoh3(o["doh3"], d, "doh3", sv)); err != nil { + if !fortiAPIPatch(o["doh3"]) { + return fmt.Errorf("Error reading doh3: %v", err) + } + } + + if err = d.Set("doq", flattenSystemDnsServerDoq(o["doq"], d, "doq", sv)); err != nil { + if !fortiAPIPatch(o["doq"]) { + return fmt.Errorf("Error reading doq: %v", err) + } + } + return nil } @@ -251,6 +281,14 @@ func expandSystemDnsServerDoh(d *schema.ResourceData, v interface{}, pre string, return v, nil } +func expandSystemDnsServerDoh3(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemDnsServerDoq(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectSystemDnsServer(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -290,5 +328,23 @@ func getObjectSystemDnsServer(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("doh3"); ok { + t, err := expandSystemDnsServerDoh3(d, v, "doh3", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["doh3"] = t + } + } + + if v, ok := d.GetOk("doq"); ok { + t, err := expandSystemDnsServerDoq(d, v, "doq", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["doq"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_system_ftmpush.go b/fortios/resource_system_ftmpush.go index 408b23775..2ab04cded 100644 --- a/fortios/resource_system_ftmpush.go +++ b/fortios/resource_system_ftmpush.go @@ -35,6 +35,11 @@ func resourceSystemFtmPush() *schema.Resource { Optional: true, ForceNew: true, }, + "proxy": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "server_port": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(1, 65535), @@ -161,6 +166,10 @@ func resourceSystemFtmPushRead(d *schema.ResourceData, m interface{}) error { return nil } +func flattenSystemFtmPushProxy(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemFtmPushServerPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -184,6 +193,12 @@ func flattenSystemFtmPushStatus(v interface{}, d *schema.ResourceData, pre strin func refreshObjectSystemFtmPush(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error + if err = d.Set("proxy", flattenSystemFtmPushProxy(o["proxy"], d, "proxy", sv)); err != nil { + if !fortiAPIPatch(o["proxy"]) { + return fmt.Errorf("Error reading proxy: %v", err) + } + } + if err = d.Set("server_port", flattenSystemFtmPushServerPort(o["server-port"], d, "server_port", sv)); err != nil { if !fortiAPIPatch(o["server-port"]) { return fmt.Errorf("Error reading server_port: %v", err) @@ -223,6 +238,10 @@ func flattenSystemFtmPushFortiTestDebug(d *schema.ResourceData, fosdebugsn int, log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) } +func expandSystemFtmPushProxy(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemFtmPushServerPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -246,6 +265,19 @@ func expandSystemFtmPushStatus(d *schema.ResourceData, v interface{}, pre string func getObjectSystemFtmPush(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) + if v, ok := d.GetOk("proxy"); ok { + if setArgNil { + obj["proxy"] = nil + } else { + t, err := expandSystemFtmPushProxy(d, v, "proxy", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["proxy"] = t + } + } + } + if v, ok := d.GetOk("server_port"); ok { if setArgNil { obj["server-port"] = nil diff --git a/fortios/resource_system_global.go b/fortios/resource_system_global.go index a5a21ce2a..6c9053516 100644 --- a/fortios/resource_system_global.go +++ b/fortios/resource_system_global.go @@ -291,6 +291,39 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "quic_congestion_control_algo": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic_max_datagram_size": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1200, 1500), + Optional: true, + Computed: true, + }, + "quic_udp_payload_size_shaping_per_cid": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic_ack_thresold": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(2, 5), + Optional: true, + Computed: true, + }, + "quic_pmtud": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "quic_tls_handshake_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60), + Optional: true, + Computed: true, + }, "anti_replay": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -354,6 +387,11 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "gui_auto_upgrade_setup_warning": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "gui_workflow_management": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -959,7 +997,7 @@ func resourceSystemGlobal() *schema.Resource { }, "url_filter_count": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(1, 4), + ValidateFunc: validation.IntBetween(1, 10), Optional: true, Computed: true, }, @@ -1047,6 +1085,11 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "sslvpn_web_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "sslvpn_ems_sn_check": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1388,6 +1431,17 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "fortitoken_cloud_push_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "fortitoken_cloud_sync_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 336), + Optional: true, + Computed: true, + }, "faz_disk_buffer_size": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(0, 214748364), @@ -1769,6 +1823,30 @@ func flattenSystemGlobalTrafficPriorityLevel(v interface{}, d *schema.ResourceDa return v } +func flattenSystemGlobalQuicCongestionControlAlgo(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemGlobalQuicMaxDatagramSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemGlobalQuicUdpPayloadSizeShapingPerCid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemGlobalQuicAckThresold(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemGlobalQuicPmtud(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemGlobalQuicTlsHandshakeTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemGlobalAntiReplay(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1817,6 +1895,10 @@ func flattenSystemGlobalGuiForticareRegistrationSetupWarning(v interface{}, d *s return v } +func flattenSystemGlobalGuiAutoUpgradeSetupWarning(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemGlobalGuiWorkflowManagement(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2344,6 +2426,10 @@ func flattenSystemGlobalVpnEmsSnCheck(v interface{}, d *schema.ResourceData, pre return v } +func flattenSystemGlobalSslvpnWebMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemGlobalSslvpnEmsSnCheck(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2592,6 +2678,14 @@ func flattenSystemGlobalFortitokenCloud(v interface{}, d *schema.ResourceData, p return v } +func flattenSystemGlobalFortitokenCloudPushStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemGlobalFortitokenCloudSyncInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemGlobalFazDiskBufferSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2985,6 +3079,42 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("quic_congestion_control_algo", flattenSystemGlobalQuicCongestionControlAlgo(o["quic-congestion-control-algo"], d, "quic_congestion_control_algo", sv)); err != nil { + if !fortiAPIPatch(o["quic-congestion-control-algo"]) { + return fmt.Errorf("Error reading quic_congestion_control_algo: %v", err) + } + } + + if err = d.Set("quic_max_datagram_size", flattenSystemGlobalQuicMaxDatagramSize(o["quic-max-datagram-size"], d, "quic_max_datagram_size", sv)); err != nil { + if !fortiAPIPatch(o["quic-max-datagram-size"]) { + return fmt.Errorf("Error reading quic_max_datagram_size: %v", err) + } + } + + if err = d.Set("quic_udp_payload_size_shaping_per_cid", flattenSystemGlobalQuicUdpPayloadSizeShapingPerCid(o["quic-udp-payload-size-shaping-per-cid"], d, "quic_udp_payload_size_shaping_per_cid", sv)); err != nil { + if !fortiAPIPatch(o["quic-udp-payload-size-shaping-per-cid"]) { + return fmt.Errorf("Error reading quic_udp_payload_size_shaping_per_cid: %v", err) + } + } + + if err = d.Set("quic_ack_thresold", flattenSystemGlobalQuicAckThresold(o["quic-ack-thresold"], d, "quic_ack_thresold", sv)); err != nil { + if !fortiAPIPatch(o["quic-ack-thresold"]) { + return fmt.Errorf("Error reading quic_ack_thresold: %v", err) + } + } + + if err = d.Set("quic_pmtud", flattenSystemGlobalQuicPmtud(o["quic-pmtud"], d, "quic_pmtud", sv)); err != nil { + if !fortiAPIPatch(o["quic-pmtud"]) { + return fmt.Errorf("Error reading quic_pmtud: %v", err) + } + } + + if err = d.Set("quic_tls_handshake_timeout", flattenSystemGlobalQuicTlsHandshakeTimeout(o["quic-tls-handshake-timeout"], d, "quic_tls_handshake_timeout", sv)); err != nil { + if !fortiAPIPatch(o["quic-tls-handshake-timeout"]) { + return fmt.Errorf("Error reading quic_tls_handshake_timeout: %v", err) + } + } + if err = d.Set("anti_replay", flattenSystemGlobalAntiReplay(o["anti-replay"], d, "anti_replay", sv)); err != nil { if !fortiAPIPatch(o["anti-replay"]) { return fmt.Errorf("Error reading anti_replay: %v", err) @@ -3057,6 +3187,12 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("gui_auto_upgrade_setup_warning", flattenSystemGlobalGuiAutoUpgradeSetupWarning(o["gui-auto-upgrade-setup-warning"], d, "gui_auto_upgrade_setup_warning", sv)); err != nil { + if !fortiAPIPatch(o["gui-auto-upgrade-setup-warning"]) { + return fmt.Errorf("Error reading gui_auto_upgrade_setup_warning: %v", err) + } + } + if err = d.Set("gui_workflow_management", flattenSystemGlobalGuiWorkflowManagement(o["gui-workflow-management"], d, "gui_workflow_management", sv)); err != nil { if !fortiAPIPatch(o["gui-workflow-management"]) { return fmt.Errorf("Error reading gui_workflow_management: %v", err) @@ -3837,6 +3973,12 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("sslvpn_web_mode", flattenSystemGlobalSslvpnWebMode(o["sslvpn-web-mode"], d, "sslvpn_web_mode", sv)); err != nil { + if !fortiAPIPatch(o["sslvpn-web-mode"]) { + return fmt.Errorf("Error reading sslvpn_web_mode: %v", err) + } + } + if err = d.Set("sslvpn_ems_sn_check", flattenSystemGlobalSslvpnEmsSnCheck(o["sslvpn-ems-sn-check"], d, "sslvpn_ems_sn_check", sv)); err != nil { if !fortiAPIPatch(o["sslvpn-ems-sn-check"]) { return fmt.Errorf("Error reading sslvpn_ems_sn_check: %v", err) @@ -4209,6 +4351,18 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("fortitoken_cloud_push_status", flattenSystemGlobalFortitokenCloudPushStatus(o["fortitoken-cloud-push-status"], d, "fortitoken_cloud_push_status", sv)); err != nil { + if !fortiAPIPatch(o["fortitoken-cloud-push-status"]) { + return fmt.Errorf("Error reading fortitoken_cloud_push_status: %v", err) + } + } + + if err = d.Set("fortitoken_cloud_sync_interval", flattenSystemGlobalFortitokenCloudSyncInterval(o["fortitoken-cloud-sync-interval"], d, "fortitoken_cloud_sync_interval", sv)); err != nil { + if !fortiAPIPatch(o["fortitoken-cloud-sync-interval"]) { + return fmt.Errorf("Error reading fortitoken_cloud_sync_interval: %v", err) + } + } + if err = d.Set("faz_disk_buffer_size", flattenSystemGlobalFazDiskBufferSize(o["faz-disk-buffer-size"], d, "faz_disk_buffer_size", sv)); err != nil { if !fortiAPIPatch(o["faz-disk-buffer-size"]) { return fmt.Errorf("Error reading faz_disk_buffer_size: %v", err) @@ -4502,6 +4656,30 @@ func expandSystemGlobalTrafficPriorityLevel(d *schema.ResourceData, v interface{ return v, nil } +func expandSystemGlobalQuicCongestionControlAlgo(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemGlobalQuicMaxDatagramSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemGlobalQuicUdpPayloadSizeShapingPerCid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemGlobalQuicAckThresold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemGlobalQuicPmtud(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemGlobalQuicTlsHandshakeTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalAntiReplay(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4550,6 +4728,10 @@ func expandSystemGlobalGuiForticareRegistrationSetupWarning(d *schema.ResourceDa return v, nil } +func expandSystemGlobalGuiAutoUpgradeSetupWarning(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalGuiWorkflowManagement(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5070,6 +5252,10 @@ func expandSystemGlobalVpnEmsSnCheck(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemGlobalSslvpnWebMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalSslvpnEmsSnCheck(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5318,6 +5504,14 @@ func expandSystemGlobalFortitokenCloud(d *schema.ResourceData, v interface{}, pr return v, nil } +func expandSystemGlobalFortitokenCloudPushStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemGlobalFortitokenCloudSyncInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalFazDiskBufferSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -6037,6 +6231,84 @@ func getObjectSystemGlobal(d *schema.ResourceData, setArgNil bool, sv string) (* } } + if v, ok := d.GetOk("quic_congestion_control_algo"); ok { + if setArgNil { + obj["quic-congestion-control-algo"] = nil + } else { + t, err := expandSystemGlobalQuicCongestionControlAlgo(d, v, "quic_congestion_control_algo", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic-congestion-control-algo"] = t + } + } + } + + if v, ok := d.GetOk("quic_max_datagram_size"); ok { + if setArgNil { + obj["quic-max-datagram-size"] = nil + } else { + t, err := expandSystemGlobalQuicMaxDatagramSize(d, v, "quic_max_datagram_size", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic-max-datagram-size"] = t + } + } + } + + if v, ok := d.GetOk("quic_udp_payload_size_shaping_per_cid"); ok { + if setArgNil { + obj["quic-udp-payload-size-shaping-per-cid"] = nil + } else { + t, err := expandSystemGlobalQuicUdpPayloadSizeShapingPerCid(d, v, "quic_udp_payload_size_shaping_per_cid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic-udp-payload-size-shaping-per-cid"] = t + } + } + } + + if v, ok := d.GetOk("quic_ack_thresold"); ok { + if setArgNil { + obj["quic-ack-thresold"] = nil + } else { + t, err := expandSystemGlobalQuicAckThresold(d, v, "quic_ack_thresold", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic-ack-thresold"] = t + } + } + } + + if v, ok := d.GetOk("quic_pmtud"); ok { + if setArgNil { + obj["quic-pmtud"] = nil + } else { + t, err := expandSystemGlobalQuicPmtud(d, v, "quic_pmtud", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic-pmtud"] = t + } + } + } + + if v, ok := d.GetOk("quic_tls_handshake_timeout"); ok { + if setArgNil { + obj["quic-tls-handshake-timeout"] = nil + } else { + t, err := expandSystemGlobalQuicTlsHandshakeTimeout(d, v, "quic_tls_handshake_timeout", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["quic-tls-handshake-timeout"] = t + } + } + } + if v, ok := d.GetOk("anti_replay"); ok { if setArgNil { obj["anti-replay"] = nil @@ -6193,6 +6465,19 @@ func getObjectSystemGlobal(d *schema.ResourceData, setArgNil bool, sv string) (* } } + if v, ok := d.GetOk("gui_auto_upgrade_setup_warning"); ok { + if setArgNil { + obj["gui-auto-upgrade-setup-warning"] = nil + } else { + t, err := expandSystemGlobalGuiAutoUpgradeSetupWarning(d, v, "gui_auto_upgrade_setup_warning", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["gui-auto-upgrade-setup-warning"] = t + } + } + } + if v, ok := d.GetOk("gui_workflow_management"); ok { if setArgNil { obj["gui-workflow-management"] = nil @@ -7883,6 +8168,19 @@ func getObjectSystemGlobal(d *schema.ResourceData, setArgNil bool, sv string) (* } } + if v, ok := d.GetOk("sslvpn_web_mode"); ok { + if setArgNil { + obj["sslvpn-web-mode"] = nil + } else { + t, err := expandSystemGlobalSslvpnWebMode(d, v, "sslvpn_web_mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["sslvpn-web-mode"] = t + } + } + } + if v, ok := d.GetOk("sslvpn_ems_sn_check"); ok { if setArgNil { obj["sslvpn-ems-sn-check"] = nil @@ -8689,6 +8987,32 @@ func getObjectSystemGlobal(d *schema.ResourceData, setArgNil bool, sv string) (* } } + if v, ok := d.GetOk("fortitoken_cloud_push_status"); ok { + if setArgNil { + obj["fortitoken-cloud-push-status"] = nil + } else { + t, err := expandSystemGlobalFortitokenCloudPushStatus(d, v, "fortitoken_cloud_push_status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fortitoken-cloud-push-status"] = t + } + } + } + + if v, ok := d.GetOkExists("fortitoken_cloud_sync_interval"); ok { + if setArgNil { + obj["fortitoken-cloud-sync-interval"] = nil + } else { + t, err := expandSystemGlobalFortitokenCloudSyncInterval(d, v, "fortitoken_cloud_sync_interval", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fortitoken-cloud-sync-interval"] = t + } + } + } + if v, ok := d.GetOkExists("faz_disk_buffer_size"); ok { if setArgNil { obj["faz-disk-buffer-size"] = nil diff --git a/fortios/resource_system_ha.go b/fortios/resource_system_ha.go index b10dd49ad..29887c9ae 100644 --- a/fortios/resource_system_ha.go +++ b/fortios/resource_system_ha.go @@ -214,6 +214,11 @@ func resourceSystemHa() *schema.Resource { Optional: true, Computed: true, }, + "upgrade_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "uninterruptible_upgrade": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -879,6 +884,10 @@ func flattenSystemHaLinkFailedSignal(v interface{}, d *schema.ResourceData, pre return v } +func flattenSystemHaUpgradeMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemHaUninterruptibleUpgrade(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1654,6 +1663,12 @@ func refreshObjectSystemHa(d *schema.ResourceData, o map[string]interface{}, sv } } + if err = d.Set("upgrade_mode", flattenSystemHaUpgradeMode(o["upgrade-mode"], d, "upgrade_mode", sv)); err != nil { + if !fortiAPIPatch(o["upgrade-mode"]) { + return fmt.Errorf("Error reading upgrade_mode: %v", err) + } + } + if err = d.Set("uninterruptible_upgrade", flattenSystemHaUninterruptibleUpgrade(o["uninterruptible-upgrade"], d, "uninterruptible_upgrade", sv)); err != nil { if !fortiAPIPatch(o["uninterruptible-upgrade"]) { return fmt.Errorf("Error reading uninterruptible_upgrade: %v", err) @@ -2129,6 +2144,10 @@ func expandSystemHaLinkFailedSignal(d *schema.ResourceData, v interface{}, pre s return v, nil } +func expandSystemHaUpgradeMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemHaUninterruptibleUpgrade(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3123,6 +3142,19 @@ func getObjectSystemHa(d *schema.ResourceData, setArgNil bool, sv string) (*map[ } } + if v, ok := d.GetOk("upgrade_mode"); ok { + if setArgNil { + obj["upgrade-mode"] = nil + } else { + t, err := expandSystemHaUpgradeMode(d, v, "upgrade_mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["upgrade-mode"] = t + } + } + } + if v, ok := d.GetOk("uninterruptible_upgrade"); ok { if setArgNil { obj["uninterruptible-upgrade"] = nil diff --git a/fortios/resource_system_interface.go b/fortios/resource_system_interface.go index 75840a9d7..9109c00b5 100644 --- a/fortios/resource_system_interface.go +++ b/fortios/resource_system_interface.go @@ -149,6 +149,17 @@ func resourceSystemInterface() *schema.Resource { Optional: true, Computed: true, }, + "dhcp_relay_source_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "dhcp_relay_circuit_id": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 64), + Optional: true, + Computed: true, + }, "dhcp_relay_link_selection": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1370,6 +1381,21 @@ func resourceSystemInterface() *schema.Resource { Optional: true, Computed: true, }, + "switch_controller_offload": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "switch_controller_offload_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "switch_controller_offload_gw": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "swc_vlan": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -1761,6 +1787,17 @@ func resourceSystemInterface() *schema.Resource { Optional: true, Computed: true, }, + "dhcp6_relay_source_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "dhcp6_relay_interface_id": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 64), + Optional: true, + Computed: true, + }, "dhcp6_client_options": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -2189,6 +2226,14 @@ func flattenSystemInterfaceDhcpRelayIp(v interface{}, d *schema.ResourceData, pr return v } +func flattenSystemInterfaceDhcpRelaySourceIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemInterfaceDhcpRelayCircuitId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemInterfaceDhcpRelayLinkSelection(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3508,6 +3553,18 @@ func flattenSystemInterfaceSwitchControllerIotScanning(v interface{}, d *schema. return v } +func flattenSystemInterfaceSwitchControllerOffload(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemInterfaceSwitchControllerOffloadIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemInterfaceSwitchControllerOffloadGw(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemInterfaceSwcVlan(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3839,6 +3896,16 @@ func flattenSystemInterfaceIpv6(v interface{}, d *schema.ResourceData, pre strin result["dhcp6_relay_ip"] = flattenSystemInterfaceIpv6Dhcp6RelayIp(i["dhcp6-relay-ip"], d, pre_append, sv) } + pre_append = pre + ".0." + "dhcp6_relay_source_ip" + if _, ok := i["dhcp6-relay-source-ip"]; ok { + result["dhcp6_relay_source_ip"] = flattenSystemInterfaceIpv6Dhcp6RelaySourceIp(i["dhcp6-relay-source-ip"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "dhcp6_relay_interface_id" + if _, ok := i["dhcp6-relay-interface-id"]; ok { + result["dhcp6_relay_interface_id"] = flattenSystemInterfaceIpv6Dhcp6RelayInterfaceId(i["dhcp6-relay-interface-id"], d, pre_append, sv) + } + pre_append = pre + ".0." + "dhcp6_client_options" if _, ok := i["dhcp6-client-options"]; ok { result["dhcp6_client_options"] = flattenSystemInterfaceIpv6Dhcp6ClientOptions(i["dhcp6-client-options"], d, pre_append, sv) @@ -4311,6 +4378,14 @@ func flattenSystemInterfaceIpv6Dhcp6RelayIp(v interface{}, d *schema.ResourceDat return v } +func flattenSystemInterfaceIpv6Dhcp6RelaySourceIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemInterfaceIpv6Dhcp6RelayInterfaceId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemInterfaceIpv6Dhcp6ClientOptions(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4648,6 +4723,18 @@ func refreshObjectSystemInterface(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("dhcp_relay_source_ip", flattenSystemInterfaceDhcpRelaySourceIp(o["dhcp-relay-source-ip"], d, "dhcp_relay_source_ip", sv)); err != nil { + if !fortiAPIPatch(o["dhcp-relay-source-ip"]) { + return fmt.Errorf("Error reading dhcp_relay_source_ip: %v", err) + } + } + + if err = d.Set("dhcp_relay_circuit_id", flattenSystemInterfaceDhcpRelayCircuitId(o["dhcp-relay-circuit-id"], d, "dhcp_relay_circuit_id", sv)); err != nil { + if !fortiAPIPatch(o["dhcp-relay-circuit-id"]) { + return fmt.Errorf("Error reading dhcp_relay_circuit_id: %v", err) + } + } + if err = d.Set("dhcp_relay_link_selection", flattenSystemInterfaceDhcpRelayLinkSelection(o["dhcp-relay-link-selection"], d, "dhcp_relay_link_selection", sv)); err != nil { if !fortiAPIPatch(o["dhcp-relay-link-selection"]) { return fmt.Errorf("Error reading dhcp_relay_link_selection: %v", err) @@ -5876,6 +5963,24 @@ func refreshObjectSystemInterface(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("switch_controller_offload", flattenSystemInterfaceSwitchControllerOffload(o["switch-controller-offload"], d, "switch_controller_offload", sv)); err != nil { + if !fortiAPIPatch(o["switch-controller-offload"]) { + return fmt.Errorf("Error reading switch_controller_offload: %v", err) + } + } + + if err = d.Set("switch_controller_offload_ip", flattenSystemInterfaceSwitchControllerOffloadIp(o["switch-controller-offload-ip"], d, "switch_controller_offload_ip", sv)); err != nil { + if !fortiAPIPatch(o["switch-controller-offload-ip"]) { + return fmt.Errorf("Error reading switch_controller_offload_ip: %v", err) + } + } + + if err = d.Set("switch_controller_offload_gw", flattenSystemInterfaceSwitchControllerOffloadGw(o["switch-controller-offload-gw"], d, "switch_controller_offload_gw", sv)); err != nil { + if !fortiAPIPatch(o["switch-controller-offload-gw"]) { + return fmt.Errorf("Error reading switch_controller_offload_gw: %v", err) + } + } + if err = d.Set("swc_vlan", flattenSystemInterfaceSwcVlan(o["swc-vlan"], d, "swc_vlan", sv)); err != nil { if !fortiAPIPatch(o["swc-vlan"]) { return fmt.Errorf("Error reading swc_vlan: %v", err) @@ -6100,6 +6205,14 @@ func expandSystemInterfaceDhcpRelayIp(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemInterfaceDhcpRelaySourceIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemInterfaceDhcpRelayCircuitId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemInterfaceDhcpRelayLinkSelection(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -7305,6 +7418,18 @@ func expandSystemInterfaceSwitchControllerIotScanning(d *schema.ResourceData, v return v, nil } +func expandSystemInterfaceSwitchControllerOffload(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemInterfaceSwitchControllerOffloadIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemInterfaceSwitchControllerOffloadGw(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemInterfaceSwcVlan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -7587,6 +7712,14 @@ func expandSystemInterfaceIpv6(d *schema.ResourceData, v interface{}, pre string if _, ok := d.GetOk(pre_append); ok { result["dhcp6-relay-ip"], _ = expandSystemInterfaceIpv6Dhcp6RelayIp(d, i["dhcp6_relay_ip"], pre_append, sv) } + pre_append = pre + ".0." + "dhcp6_relay_source_ip" + if _, ok := d.GetOk(pre_append); ok { + result["dhcp6-relay-source-ip"], _ = expandSystemInterfaceIpv6Dhcp6RelaySourceIp(d, i["dhcp6_relay_source_ip"], pre_append, sv) + } + pre_append = pre + ".0." + "dhcp6_relay_interface_id" + if _, ok := d.GetOk(pre_append); ok { + result["dhcp6-relay-interface-id"], _ = expandSystemInterfaceIpv6Dhcp6RelayInterfaceId(d, i["dhcp6_relay_interface_id"], pre_append, sv) + } pre_append = pre + ".0." + "dhcp6_client_options" if _, ok := d.GetOk(pre_append); ok { result["dhcp6-client-options"], _ = expandSystemInterfaceIpv6Dhcp6ClientOptions(d, i["dhcp6_client_options"], pre_append, sv) @@ -8010,6 +8143,14 @@ func expandSystemInterfaceIpv6Dhcp6RelayIp(d *schema.ResourceData, v interface{} return v, nil } +func expandSystemInterfaceIpv6Dhcp6RelaySourceIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemInterfaceIpv6Dhcp6RelayInterfaceId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemInterfaceIpv6Dhcp6ClientOptions(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8354,6 +8495,24 @@ func getObjectSystemInterface(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("dhcp_relay_source_ip"); ok { + t, err := expandSystemInterfaceDhcpRelaySourceIp(d, v, "dhcp_relay_source_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["dhcp-relay-source-ip"] = t + } + } + + if v, ok := d.GetOk("dhcp_relay_circuit_id"); ok { + t, err := expandSystemInterfaceDhcpRelayCircuitId(d, v, "dhcp_relay_circuit_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["dhcp-relay-circuit-id"] = t + } + } + if v, ok := d.GetOk("dhcp_relay_link_selection"); ok { t, err := expandSystemInterfaceDhcpRelayLinkSelection(d, v, "dhcp_relay_link_selection", sv) if err != nil { @@ -10109,6 +10268,33 @@ func getObjectSystemInterface(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("switch_controller_offload"); ok { + t, err := expandSystemInterfaceSwitchControllerOffload(d, v, "switch_controller_offload", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["switch-controller-offload"] = t + } + } + + if v, ok := d.GetOk("switch_controller_offload_ip"); ok { + t, err := expandSystemInterfaceSwitchControllerOffloadIp(d, v, "switch_controller_offload_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["switch-controller-offload-ip"] = t + } + } + + if v, ok := d.GetOk("switch_controller_offload_gw"); ok { + t, err := expandSystemInterfaceSwitchControllerOffloadGw(d, v, "switch_controller_offload_gw", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["switch-controller-offload-gw"] = t + } + } + if v, ok := d.GetOkExists("swc_vlan"); ok { t, err := expandSystemInterfaceSwcVlan(d, v, "swc_vlan", sv) if err != nil { diff --git a/fortios/resource_system_sdwan.go b/fortios/resource_system_sdwan.go index 2ebb22052..4f6b8fb15 100644 --- a/fortios/resource_system_sdwan.go +++ b/fortios/resource_system_sdwan.go @@ -115,6 +115,12 @@ func resourceSystemSdwan() *schema.Resource { Optional: true, Computed: true, }, + "minimum_sla_meet_members": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 255), + Optional: true, + Computed: true, + }, }, }, }, @@ -573,6 +579,11 @@ func resourceSystemSdwan() *schema.Resource { Optional: true, Computed: true, }, + "service_id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "mode": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -619,6 +630,11 @@ func resourceSystemSdwan() *schema.Resource { Optional: true, Computed: true, }, + "load_balance": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "shortcut_stickiness": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -662,6 +678,11 @@ func resourceSystemSdwan() *schema.Resource { Optional: true, Computed: true, }, + "zone_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "minimum_sla_meet_members": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(0, 255), @@ -717,6 +738,18 @@ func resourceSystemSdwan() *schema.Resource { Optional: true, Computed: true, }, + "start_src_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 65535), + Optional: true, + Computed: true, + }, + "end_src_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 65535), + Optional: true, + Computed: true, + }, "route_tag": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -972,6 +1005,11 @@ func resourceSystemSdwan() *schema.Resource { Optional: true, Computed: true, }, + "sla_stickiness": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dscp_forward": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1446,6 +1484,11 @@ func flattenSystemSdwanZone(v interface{}, d *schema.ResourceData, pre string, s tmp["service_sla_tie_break"] = flattenSystemSdwanZoneServiceSlaTieBreak(i["service-sla-tie-break"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "minimum_sla_meet_members" + if _, ok := i["minimum-sla-meet-members"]; ok { + tmp["minimum_sla_meet_members"] = flattenSystemSdwanZoneMinimumSlaMeetMembers(i["minimum-sla-meet-members"], d, pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -1463,6 +1506,10 @@ func flattenSystemSdwanZoneServiceSlaTieBreak(v interface{}, d *schema.ResourceD return v } +func flattenSystemSdwanZoneMinimumSlaMeetMembers(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSdwanMembers(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -2287,6 +2334,11 @@ func flattenSystemSdwanNeighbor(v interface{}, d *schema.ResourceData, pre strin } } + pre_append = pre + "." + strconv.Itoa(con) + "." + "service_id" + if _, ok := i["service-id"]; ok { + tmp["service_id"] = flattenSystemSdwanNeighborServiceId(i["service-id"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "mode" if _, ok := i["mode"]; ok { tmp["mode"] = flattenSystemSdwanNeighborMode(i["mode"], d, pre_append, sv) @@ -2370,6 +2422,10 @@ func flattenSystemSdwanNeighborMember(v interface{}, d *schema.ResourceData, pre return v } +func flattenSystemSdwanNeighborServiceId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSdwanNeighborMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2425,6 +2481,11 @@ func flattenSystemSdwanService(v interface{}, d *schema.ResourceData, pre string tmp["addr_mode"] = flattenSystemSdwanServiceAddrMode(i["addr-mode"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "load_balance" + if _, ok := i["load-balance"]; ok { + tmp["load_balance"] = flattenSystemSdwanServiceLoadBalance(i["load-balance"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "shortcut_stickiness" if _, ok := i["shortcut-stickiness"]; ok { tmp["shortcut_stickiness"] = flattenSystemSdwanServiceShortcutStickiness(i["shortcut-stickiness"], d, pre_append, sv) @@ -2450,6 +2511,11 @@ func flattenSystemSdwanService(v interface{}, d *schema.ResourceData, pre string tmp["mode"] = flattenSystemSdwanServiceMode(i["mode"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "zone_mode" + if _, ok := i["zone-mode"]; ok { + tmp["zone_mode"] = flattenSystemSdwanServiceZoneMode(i["zone-mode"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "minimum_sla_meet_members" if _, ok := i["minimum-sla-meet-members"]; ok { tmp["minimum_sla_meet_members"] = flattenSystemSdwanServiceMinimumSlaMeetMembers(i["minimum-sla-meet-members"], d, pre_append, sv) @@ -2500,6 +2566,16 @@ func flattenSystemSdwanService(v interface{}, d *schema.ResourceData, pre string tmp["end_port"] = flattenSystemSdwanServiceEndPort(i["end-port"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "start_src_port" + if _, ok := i["start-src-port"]; ok { + tmp["start_src_port"] = flattenSystemSdwanServiceStartSrcPort(i["start-src-port"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "end_src_port" + if _, ok := i["end-src-port"]; ok { + tmp["end_src_port"] = flattenSystemSdwanServiceEndSrcPort(i["end-src-port"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "route_tag" if _, ok := i["route-tag"]; ok { tmp["route_tag"] = flattenSystemSdwanServiceRouteTag(i["route-tag"], d, pre_append, sv) @@ -2625,6 +2701,11 @@ func flattenSystemSdwanService(v interface{}, d *schema.ResourceData, pre string tmp["hold_down_time"] = flattenSystemSdwanServiceHoldDownTime(i["hold-down-time"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "sla_stickiness" + if _, ok := i["sla-stickiness"]; ok { + tmp["sla_stickiness"] = flattenSystemSdwanServiceSlaStickiness(i["sla-stickiness"], d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "dscp_forward" if _, ok := i["dscp-forward"]; ok { tmp["dscp_forward"] = flattenSystemSdwanServiceDscpForward(i["dscp-forward"], d, pre_append, sv) @@ -2726,6 +2807,10 @@ func flattenSystemSdwanServiceAddrMode(v interface{}, d *schema.ResourceData, pr return v } +func flattenSystemSdwanServiceLoadBalance(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSdwanServiceShortcutStickiness(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2822,6 +2907,10 @@ func flattenSystemSdwanServiceMode(v interface{}, d *schema.ResourceData, pre st return v } +func flattenSystemSdwanServiceZoneMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSdwanServiceMinimumSlaMeetMembers(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2862,6 +2951,14 @@ func flattenSystemSdwanServiceEndPort(v interface{}, d *schema.ResourceData, pre return v } +func flattenSystemSdwanServiceStartSrcPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSdwanServiceEndSrcPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSdwanServiceRouteTag(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3494,6 +3591,10 @@ func flattenSystemSdwanServiceHoldDownTime(v interface{}, d *schema.ResourceData return v } +func flattenSystemSdwanServiceSlaStickiness(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSdwanServiceDscpForward(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4401,6 +4502,11 @@ func expandSystemSdwanZone(d *schema.ResourceData, v interface{}, pre string, sv tmp["service-sla-tie-break"], _ = expandSystemSdwanZoneServiceSlaTieBreak(d, i["service_sla_tie_break"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "minimum_sla_meet_members" + if _, ok := d.GetOk(pre_append); ok { + tmp["minimum-sla-meet-members"], _ = expandSystemSdwanZoneMinimumSlaMeetMembers(d, i["minimum_sla_meet_members"], pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -4417,6 +4523,10 @@ func expandSystemSdwanZoneServiceSlaTieBreak(d *schema.ResourceData, v interface return v, nil } +func expandSystemSdwanZoneMinimumSlaMeetMembers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSdwanMembers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -5185,6 +5295,11 @@ func expandSystemSdwanNeighbor(d *schema.ResourceData, v interface{}, pre string tmp["member"], _ = expandSystemSdwanNeighborMember(d, i["member"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "service_id" + if _, ok := d.GetOk(pre_append); ok { + tmp["service-id"], _ = expandSystemSdwanNeighborServiceId(d, i["service_id"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "mode" if _, ok := d.GetOk(pre_append); ok { tmp["mode"], _ = expandSystemSdwanNeighborMode(d, i["mode"], pre_append, sv) @@ -5256,6 +5371,10 @@ func expandSystemSdwanNeighborMember(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemSdwanNeighborServiceId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSdwanNeighborMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5301,6 +5420,11 @@ func expandSystemSdwanService(d *schema.ResourceData, v interface{}, pre string, tmp["addr-mode"], _ = expandSystemSdwanServiceAddrMode(d, i["addr_mode"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "load_balance" + if _, ok := d.GetOk(pre_append); ok { + tmp["load-balance"], _ = expandSystemSdwanServiceLoadBalance(d, i["load_balance"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "shortcut_stickiness" if _, ok := d.GetOk(pre_append); ok { tmp["shortcut-stickiness"], _ = expandSystemSdwanServiceShortcutStickiness(d, i["shortcut_stickiness"], pre_append, sv) @@ -5330,6 +5454,11 @@ func expandSystemSdwanService(d *schema.ResourceData, v interface{}, pre string, tmp["mode"], _ = expandSystemSdwanServiceMode(d, i["mode"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "zone_mode" + if _, ok := d.GetOk(pre_append); ok { + tmp["zone-mode"], _ = expandSystemSdwanServiceZoneMode(d, i["zone_mode"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "minimum_sla_meet_members" if _, ok := d.GetOk(pre_append); ok { tmp["minimum-sla-meet-members"], _ = expandSystemSdwanServiceMinimumSlaMeetMembers(d, i["minimum_sla_meet_members"], pre_append, sv) @@ -5380,6 +5509,16 @@ func expandSystemSdwanService(d *schema.ResourceData, v interface{}, pre string, tmp["end-port"], _ = expandSystemSdwanServiceEndPort(d, i["end_port"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "start_src_port" + if _, ok := d.GetOk(pre_append); ok { + tmp["start-src-port"], _ = expandSystemSdwanServiceStartSrcPort(d, i["start_src_port"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "end_src_port" + if _, ok := d.GetOk(pre_append); ok { + tmp["end-src-port"], _ = expandSystemSdwanServiceEndSrcPort(d, i["end_src_port"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "route_tag" if _, ok := d.GetOk(pre_append); ok { tmp["route-tag"], _ = expandSystemSdwanServiceRouteTag(d, i["route_tag"], pre_append, sv) @@ -5533,6 +5672,11 @@ func expandSystemSdwanService(d *schema.ResourceData, v interface{}, pre string, tmp["hold-down-time"], _ = expandSystemSdwanServiceHoldDownTime(d, i["hold_down_time"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "sla_stickiness" + if _, ok := d.GetOk(pre_append); ok { + tmp["sla-stickiness"], _ = expandSystemSdwanServiceSlaStickiness(d, i["sla_stickiness"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "dscp_forward" if _, ok := d.GetOk(pre_append); ok { tmp["dscp-forward"], _ = expandSystemSdwanServiceDscpForward(d, i["dscp_forward"], pre_append, sv) @@ -5639,6 +5783,10 @@ func expandSystemSdwanServiceAddrMode(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemSdwanServiceLoadBalance(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSdwanServiceShortcutStickiness(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5713,6 +5861,10 @@ func expandSystemSdwanServiceMode(d *schema.ResourceData, v interface{}, pre str return v, nil } +func expandSystemSdwanServiceZoneMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSdwanServiceMinimumSlaMeetMembers(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5753,6 +5905,14 @@ func expandSystemSdwanServiceEndPort(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandSystemSdwanServiceStartSrcPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSdwanServiceEndSrcPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSdwanServiceRouteTag(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -6231,6 +6391,10 @@ func expandSystemSdwanServiceHoldDownTime(d *schema.ResourceData, v interface{}, return v, nil } +func expandSystemSdwanServiceSlaStickiness(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSdwanServiceDscpForward(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_system_sessionttl.go b/fortios/resource_system_sessionttl.go index e89be2e18..2abde7063 100644 --- a/fortios/resource_system_sessionttl.go +++ b/fortios/resource_system_sessionttl.go @@ -74,6 +74,11 @@ func resourceSystemSessionTtl() *schema.Resource { Optional: true, Computed: true, }, + "refresh_direction": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, }, }, @@ -238,6 +243,11 @@ func flattenSystemSessionTtlPort(v interface{}, d *schema.ResourceData, pre stri tmp["timeout"] = flattenSystemSessionTtlPortTimeout(i["timeout"], d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "refresh_direction" + if _, ok := i["refresh-direction"]; ok { + tmp["refresh_direction"] = flattenSystemSessionTtlPortRefreshDirection(i["refresh-direction"], d, pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -267,6 +277,10 @@ func flattenSystemSessionTtlPortTimeout(v interface{}, d *schema.ResourceData, p return v } +func flattenSystemSessionTtlPortRefreshDirection(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectSystemSessionTtl(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -350,6 +364,11 @@ func expandSystemSessionTtlPort(d *schema.ResourceData, v interface{}, pre strin tmp["timeout"], _ = expandSystemSessionTtlPortTimeout(d, i["timeout"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "refresh_direction" + if _, ok := d.GetOk(pre_append); ok { + tmp["refresh-direction"], _ = expandSystemSessionTtlPortRefreshDirection(d, i["refresh_direction"], pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -378,6 +397,10 @@ func expandSystemSessionTtlPortTimeout(d *schema.ResourceData, v interface{}, pr return v, nil } +func expandSystemSessionTtlPortRefreshDirection(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectSystemSessionTtl(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) diff --git a/fortios/resource_system_settings.go b/fortios/resource_system_settings.go index 42b7769f1..7d8a1cfa7 100644 --- a/fortios/resource_system_settings.go +++ b/fortios/resource_system_settings.go @@ -593,6 +593,11 @@ func resourceSystemSettings() *schema.Resource { Optional: true, Computed: true, }, + "gui_sslvpn": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "gui_wireless_controller": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -658,6 +663,16 @@ func resourceSystemSettings() *schema.Resource { Optional: true, Computed: true, }, + "gui_virtual_patch_profile": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "gui_casb": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "gui_fortiextender_controller": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1385,6 +1400,10 @@ func flattenSystemSettingsGuiVpn(v interface{}, d *schema.ResourceData, pre stri return v } +func flattenSystemSettingsGuiSslvpn(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSettingsGuiWirelessController(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1437,6 +1456,14 @@ func flattenSystemSettingsGuiDlpProfile(v interface{}, d *schema.ResourceData, p return v } +func flattenSystemSettingsGuiVirtualPatchProfile(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSettingsGuiCasb(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSettingsGuiFortiextenderController(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2218,6 +2245,12 @@ func refreshObjectSystemSettings(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("gui_sslvpn", flattenSystemSettingsGuiSslvpn(o["gui-sslvpn"], d, "gui_sslvpn", sv)); err != nil { + if !fortiAPIPatch(o["gui-sslvpn"]) { + return fmt.Errorf("Error reading gui_sslvpn: %v", err) + } + } + if err = d.Set("gui_wireless_controller", flattenSystemSettingsGuiWirelessController(o["gui-wireless-controller"], d, "gui_wireless_controller", sv)); err != nil { if !fortiAPIPatch(o["gui-wireless-controller"]) { return fmt.Errorf("Error reading gui_wireless_controller: %v", err) @@ -2296,6 +2329,18 @@ func refreshObjectSystemSettings(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("gui_virtual_patch_profile", flattenSystemSettingsGuiVirtualPatchProfile(o["gui-virtual-patch-profile"], d, "gui_virtual_patch_profile", sv)); err != nil { + if !fortiAPIPatch(o["gui-virtual-patch-profile"]) { + return fmt.Errorf("Error reading gui_virtual_patch_profile: %v", err) + } + } + + if err = d.Set("gui_casb", flattenSystemSettingsGuiCasb(o["gui-casb"], d, "gui_casb", sv)); err != nil { + if !fortiAPIPatch(o["gui-casb"]) { + return fmt.Errorf("Error reading gui_casb: %v", err) + } + } + if err = d.Set("gui_fortiextender_controller", flattenSystemSettingsGuiFortiextenderController(o["gui-fortiextender-controller"], d, "gui_fortiextender_controller", sv)); err != nil { if !fortiAPIPatch(o["gui-fortiextender-controller"]) { return fmt.Errorf("Error reading gui_fortiextender_controller: %v", err) @@ -2940,6 +2985,10 @@ func expandSystemSettingsGuiVpn(d *schema.ResourceData, v interface{}, pre strin return v, nil } +func expandSystemSettingsGuiSslvpn(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSettingsGuiWirelessController(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2992,6 +3041,14 @@ func expandSystemSettingsGuiDlpProfile(d *schema.ResourceData, v interface{}, pr return v, nil } +func expandSystemSettingsGuiVirtualPatchProfile(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSettingsGuiCasb(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSettingsGuiFortiextenderController(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4506,6 +4563,19 @@ func getObjectSystemSettings(d *schema.ResourceData, setArgNil bool, sv string) } } + if v, ok := d.GetOk("gui_sslvpn"); ok { + if setArgNil { + obj["gui-sslvpn"] = nil + } else { + t, err := expandSystemSettingsGuiSslvpn(d, v, "gui_sslvpn", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["gui-sslvpn"] = t + } + } + } + if v, ok := d.GetOk("gui_wireless_controller"); ok { if setArgNil { obj["gui-wireless-controller"] = nil @@ -4675,6 +4745,32 @@ func getObjectSystemSettings(d *schema.ResourceData, setArgNil bool, sv string) } } + if v, ok := d.GetOk("gui_virtual_patch_profile"); ok { + if setArgNil { + obj["gui-virtual-patch-profile"] = nil + } else { + t, err := expandSystemSettingsGuiVirtualPatchProfile(d, v, "gui_virtual_patch_profile", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["gui-virtual-patch-profile"] = t + } + } + } + + if v, ok := d.GetOk("gui_casb"); ok { + if setArgNil { + obj["gui-casb"] = nil + } else { + t, err := expandSystemSettingsGuiCasb(d, v, "gui_casb", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["gui-casb"] = t + } + } + } + if v, ok := d.GetOk("gui_fortiextender_controller"); ok { if setArgNil { obj["gui-fortiextender-controller"] = nil diff --git a/fortios/resource_system_speedtestschedule.go b/fortios/resource_system_speedtestschedule.go index 28618cf4d..fdb2d7fc4 100644 --- a/fortios/resource_system_speedtestschedule.go +++ b/fortios/resource_system_speedtestschedule.go @@ -58,6 +58,11 @@ func resourceSystemSpeedTestSchedule() *schema.Resource { Optional: true, Computed: true, }, + "mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "schedules": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -262,6 +267,10 @@ func flattenSystemSpeedTestScheduleServerName(v interface{}, d *schema.ResourceD return v } +func flattenSystemSpeedTestScheduleMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemSpeedTestScheduleSchedules(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -365,6 +374,12 @@ func refreshObjectSystemSpeedTestSchedule(d *schema.ResourceData, o map[string]i } } + if err = d.Set("mode", flattenSystemSpeedTestScheduleMode(o["mode"], d, "mode", sv)); err != nil { + if !fortiAPIPatch(o["mode"]) { + return fmt.Errorf("Error reading mode: %v", err) + } + } + if b_get_all_tables { if err = d.Set("schedules", flattenSystemSpeedTestScheduleSchedules(o["schedules"], d, "schedules", sv)); err != nil { if !fortiAPIPatch(o["schedules"]) { @@ -448,6 +463,10 @@ func expandSystemSpeedTestScheduleServerName(d *schema.ResourceData, v interface return v, nil } +func expandSystemSpeedTestScheduleMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemSpeedTestScheduleSchedules(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -546,6 +565,15 @@ func getObjectSystemSpeedTestSchedule(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("mode"); ok { + t, err := expandSystemSpeedTestScheduleMode(d, v, "mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mode"] = t + } + } + if v, ok := d.GetOk("schedules"); ok || d.HasChange("schedules") { t, err := expandSystemSpeedTestScheduleSchedules(d, v, "schedules", sv) if err != nil { diff --git a/fortios/resource_system_speedtestsetting.go b/fortios/resource_system_speedtestsetting.go new file mode 100644 index 000000000..be12870a7 --- /dev/null +++ b/fortios/resource_system_speedtestsetting.go @@ -0,0 +1,218 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure speed test setting. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceSystemSpeedTestSetting() *schema.Resource { + return &schema.Resource{ + Create: resourceSystemSpeedTestSettingUpdate, + Read: resourceSystemSpeedTestSettingRead, + Update: resourceSystemSpeedTestSettingUpdate, + Delete: resourceSystemSpeedTestSettingDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "latency_threshold": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 2000), + Optional: true, + Computed: true, + }, + "multiple_tcp_stream": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 64), + Optional: true, + Computed: true, + }, + }, + } +} + +func resourceSystemSpeedTestSettingUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSystemSpeedTestSetting(d, false, c.Fv) + if err != nil { + return fmt.Errorf("Error updating SystemSpeedTestSetting resource while getting object: %v", err) + } + + o, err := c.UpdateSystemSpeedTestSetting(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating SystemSpeedTestSetting resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("SystemSpeedTestSetting") + } + + return resourceSystemSpeedTestSettingRead(d, m) +} + +func resourceSystemSpeedTestSettingDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSystemSpeedTestSetting(d, true, c.Fv) + + if err != nil { + return fmt.Errorf("Error updating SystemSpeedTestSetting resource while getting object: %v", err) + } + + _, err = c.UpdateSystemSpeedTestSetting(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error clearing SystemSpeedTestSetting resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceSystemSpeedTestSettingRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadSystemSpeedTestSetting(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading SystemSpeedTestSetting resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectSystemSpeedTestSetting(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading SystemSpeedTestSetting resource from API: %v", err) + } + return nil +} + +func flattenSystemSpeedTestSettingLatencyThreshold(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSpeedTestSettingMultipleTcpStream(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectSystemSpeedTestSetting(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + + if err = d.Set("latency_threshold", flattenSystemSpeedTestSettingLatencyThreshold(o["latency-threshold"], d, "latency_threshold", sv)); err != nil { + if !fortiAPIPatch(o["latency-threshold"]) { + return fmt.Errorf("Error reading latency_threshold: %v", err) + } + } + + if err = d.Set("multiple_tcp_stream", flattenSystemSpeedTestSettingMultipleTcpStream(o["multiple-tcp-stream"], d, "multiple_tcp_stream", sv)); err != nil { + if !fortiAPIPatch(o["multiple-tcp-stream"]) { + return fmt.Errorf("Error reading multiple_tcp_stream: %v", err) + } + } + + return nil +} + +func flattenSystemSpeedTestSettingFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandSystemSpeedTestSettingLatencyThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSpeedTestSettingMultipleTcpStream(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectSystemSpeedTestSetting(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOkExists("latency_threshold"); ok { + if setArgNil { + obj["latency-threshold"] = nil + } else { + t, err := expandSystemSpeedTestSettingLatencyThreshold(d, v, "latency_threshold", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["latency-threshold"] = t + } + } + } + + if v, ok := d.GetOk("multiple_tcp_stream"); ok { + if setArgNil { + obj["multiple-tcp-stream"] = nil + } else { + t, err := expandSystemSpeedTestSettingMultipleTcpStream(d, v, "multiple_tcp_stream", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["multiple-tcp-stream"] = t + } + } + } + + return &obj, nil +} diff --git a/fortios/resource_user_ldap.go b/fortios/resource_user_ldap.go index 8772c82a4..a711dbc72 100644 --- a/fortios/resource_user_ldap.go +++ b/fortios/resource_user_ldap.go @@ -190,6 +190,11 @@ func resourceUserLdap() *schema.Resource { Optional: true, Computed: true, }, + "account_key_cert_field": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "account_key_upn_san": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -487,6 +492,10 @@ func flattenUserLdapAccountKeyProcessing(v interface{}, d *schema.ResourceData, return v } +func flattenUserLdapAccountKeyCertField(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserLdapAccountKeyUpnSan(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -696,6 +705,12 @@ func refreshObjectUserLdap(d *schema.ResourceData, o map[string]interface{}, sv } } + if err = d.Set("account_key_cert_field", flattenUserLdapAccountKeyCertField(o["account-key-cert-field"], d, "account_key_cert_field", sv)); err != nil { + if !fortiAPIPatch(o["account-key-cert-field"]) { + return fmt.Errorf("Error reading account_key_cert_field: %v", err) + } + } + if err = d.Set("account_key_upn_san", flattenUserLdapAccountKeyUpnSan(o["account-key-upn-san"], d, "account_key_upn_san", sv)); err != nil { if !fortiAPIPatch(o["account-key-upn-san"]) { return fmt.Errorf("Error reading account_key_upn_san: %v", err) @@ -883,6 +898,10 @@ func expandUserLdapAccountKeyProcessing(d *schema.ResourceData, v interface{}, p return v, nil } +func expandUserLdapAccountKeyCertField(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserLdapAccountKeyUpnSan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1182,6 +1201,15 @@ func getObjectUserLdap(d *schema.ResourceData, sv string) (*map[string]interface } } + if v, ok := d.GetOk("account_key_cert_field"); ok { + t, err := expandUserLdapAccountKeyCertField(d, v, "account_key_cert_field", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["account-key-cert-field"] = t + } + } + if v, ok := d.GetOk("account_key_upn_san"); ok { t, err := expandUserLdapAccountKeyUpnSan(d, v, "account_key_upn_san", sv) if err != nil { diff --git a/fortios/resource_user_passwordpolicy.go b/fortios/resource_user_passwordpolicy.go index 2439eaff4..c5c930db5 100644 --- a/fortios/resource_user_passwordpolicy.go +++ b/fortios/resource_user_passwordpolicy.go @@ -59,6 +59,52 @@ func resourceUserPasswordPolicy() *schema.Resource { Optional: true, Computed: true, }, + "minimum_length": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(8, 128), + Optional: true, + Computed: true, + }, + "min_lower_case_letter": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 128), + Optional: true, + Computed: true, + }, + "min_upper_case_letter": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 128), + Optional: true, + Computed: true, + }, + "min_non_alphanumeric": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 128), + Optional: true, + Computed: true, + }, + "min_number": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 128), + Optional: true, + Computed: true, + }, + "min_change_characters": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 128), + Optional: true, + Computed: true, + }, + "expire_status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "reuse_password": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } @@ -200,6 +246,38 @@ func flattenUserPasswordPolicyExpiredPasswordRenewal(v interface{}, d *schema.Re return v } +func flattenUserPasswordPolicyMinimumLength(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyMinLowerCaseLetter(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyMinUpperCaseLetter(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyMinNonAlphanumeric(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyMinNumber(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyMinChangeCharacters(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyExpireStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPasswordPolicyReusePassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectUserPasswordPolicy(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -227,6 +305,54 @@ func refreshObjectUserPasswordPolicy(d *schema.ResourceData, o map[string]interf } } + if err = d.Set("minimum_length", flattenUserPasswordPolicyMinimumLength(o["minimum-length"], d, "minimum_length", sv)); err != nil { + if !fortiAPIPatch(o["minimum-length"]) { + return fmt.Errorf("Error reading minimum_length: %v", err) + } + } + + if err = d.Set("min_lower_case_letter", flattenUserPasswordPolicyMinLowerCaseLetter(o["min-lower-case-letter"], d, "min_lower_case_letter", sv)); err != nil { + if !fortiAPIPatch(o["min-lower-case-letter"]) { + return fmt.Errorf("Error reading min_lower_case_letter: %v", err) + } + } + + if err = d.Set("min_upper_case_letter", flattenUserPasswordPolicyMinUpperCaseLetter(o["min-upper-case-letter"], d, "min_upper_case_letter", sv)); err != nil { + if !fortiAPIPatch(o["min-upper-case-letter"]) { + return fmt.Errorf("Error reading min_upper_case_letter: %v", err) + } + } + + if err = d.Set("min_non_alphanumeric", flattenUserPasswordPolicyMinNonAlphanumeric(o["min-non-alphanumeric"], d, "min_non_alphanumeric", sv)); err != nil { + if !fortiAPIPatch(o["min-non-alphanumeric"]) { + return fmt.Errorf("Error reading min_non_alphanumeric: %v", err) + } + } + + if err = d.Set("min_number", flattenUserPasswordPolicyMinNumber(o["min-number"], d, "min_number", sv)); err != nil { + if !fortiAPIPatch(o["min-number"]) { + return fmt.Errorf("Error reading min_number: %v", err) + } + } + + if err = d.Set("min_change_characters", flattenUserPasswordPolicyMinChangeCharacters(o["min-change-characters"], d, "min_change_characters", sv)); err != nil { + if !fortiAPIPatch(o["min-change-characters"]) { + return fmt.Errorf("Error reading min_change_characters: %v", err) + } + } + + if err = d.Set("expire_status", flattenUserPasswordPolicyExpireStatus(o["expire-status"], d, "expire_status", sv)); err != nil { + if !fortiAPIPatch(o["expire-status"]) { + return fmt.Errorf("Error reading expire_status: %v", err) + } + } + + if err = d.Set("reuse_password", flattenUserPasswordPolicyReusePassword(o["reuse-password"], d, "reuse_password", sv)); err != nil { + if !fortiAPIPatch(o["reuse-password"]) { + return fmt.Errorf("Error reading reuse_password: %v", err) + } + } + return nil } @@ -252,6 +378,38 @@ func expandUserPasswordPolicyExpiredPasswordRenewal(d *schema.ResourceData, v in return v, nil } +func expandUserPasswordPolicyMinimumLength(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyMinLowerCaseLetter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyMinUpperCaseLetter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyMinNonAlphanumeric(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyMinNumber(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyMinChangeCharacters(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyExpireStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPasswordPolicyReusePassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectUserPasswordPolicy(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -291,5 +449,77 @@ func getObjectUserPasswordPolicy(d *schema.ResourceData, sv string) (*map[string } } + if v, ok := d.GetOk("minimum_length"); ok { + t, err := expandUserPasswordPolicyMinimumLength(d, v, "minimum_length", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["minimum-length"] = t + } + } + + if v, ok := d.GetOkExists("min_lower_case_letter"); ok { + t, err := expandUserPasswordPolicyMinLowerCaseLetter(d, v, "min_lower_case_letter", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["min-lower-case-letter"] = t + } + } + + if v, ok := d.GetOkExists("min_upper_case_letter"); ok { + t, err := expandUserPasswordPolicyMinUpperCaseLetter(d, v, "min_upper_case_letter", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["min-upper-case-letter"] = t + } + } + + if v, ok := d.GetOkExists("min_non_alphanumeric"); ok { + t, err := expandUserPasswordPolicyMinNonAlphanumeric(d, v, "min_non_alphanumeric", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["min-non-alphanumeric"] = t + } + } + + if v, ok := d.GetOkExists("min_number"); ok { + t, err := expandUserPasswordPolicyMinNumber(d, v, "min_number", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["min-number"] = t + } + } + + if v, ok := d.GetOkExists("min_change_characters"); ok { + t, err := expandUserPasswordPolicyMinChangeCharacters(d, v, "min_change_characters", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["min-change-characters"] = t + } + } + + if v, ok := d.GetOk("expire_status"); ok { + t, err := expandUserPasswordPolicyExpireStatus(d, v, "expire_status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["expire-status"] = t + } + } + + if v, ok := d.GetOk("reuse_password"); ok { + t, err := expandUserPasswordPolicyReusePassword(d, v, "reuse_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["reuse-password"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_user_peer.go b/fortios/resource_user_peer.go index 3b89e8e61..28e7225c2 100644 --- a/fortios/resource_user_peer.go +++ b/fortios/resource_user_peer.go @@ -70,6 +70,28 @@ func resourceUserPeer() *schema.Resource { Optional: true, Computed: true, }, + "mfa_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "mfa_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, + "mfa_username": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, + "mfa_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 128), + Optional: true, + }, "ldap_server": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -259,6 +281,22 @@ func flattenUserPeerCnType(v interface{}, d *schema.ResourceData, pre string, sv return v } +func flattenUserPeerMfaMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPeerMfaServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPeerMfaUsername(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserPeerMfaPassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserPeerLdapServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -326,6 +364,30 @@ func refreshObjectUserPeer(d *schema.ResourceData, o map[string]interface{}, sv } } + if err = d.Set("mfa_mode", flattenUserPeerMfaMode(o["mfa-mode"], d, "mfa_mode", sv)); err != nil { + if !fortiAPIPatch(o["mfa-mode"]) { + return fmt.Errorf("Error reading mfa_mode: %v", err) + } + } + + if err = d.Set("mfa_server", flattenUserPeerMfaServer(o["mfa-server"], d, "mfa_server", sv)); err != nil { + if !fortiAPIPatch(o["mfa-server"]) { + return fmt.Errorf("Error reading mfa_server: %v", err) + } + } + + if err = d.Set("mfa_username", flattenUserPeerMfaUsername(o["mfa-username"], d, "mfa_username", sv)); err != nil { + if !fortiAPIPatch(o["mfa-username"]) { + return fmt.Errorf("Error reading mfa_username: %v", err) + } + } + + if err = d.Set("mfa_password", flattenUserPeerMfaPassword(o["mfa-password"], d, "mfa_password", sv)); err != nil { + if !fortiAPIPatch(o["mfa-password"]) { + return fmt.Errorf("Error reading mfa_password: %v", err) + } + } + if err = d.Set("ldap_server", flattenUserPeerLdapServer(o["ldap-server"], d, "ldap_server", sv)); err != nil { if !fortiAPIPatch(o["ldap-server"]) { return fmt.Errorf("Error reading ldap_server: %v", err) @@ -389,6 +451,22 @@ func expandUserPeerCnType(d *schema.ResourceData, v interface{}, pre string, sv return v, nil } +func expandUserPeerMfaMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPeerMfaServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPeerMfaUsername(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserPeerMfaPassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserPeerLdapServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -474,6 +552,42 @@ func getObjectUserPeer(d *schema.ResourceData, sv string) (*map[string]interface } } + if v, ok := d.GetOk("mfa_mode"); ok { + t, err := expandUserPeerMfaMode(d, v, "mfa_mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mfa-mode"] = t + } + } + + if v, ok := d.GetOk("mfa_server"); ok { + t, err := expandUserPeerMfaServer(d, v, "mfa_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mfa-server"] = t + } + } + + if v, ok := d.GetOk("mfa_username"); ok { + t, err := expandUserPeerMfaUsername(d, v, "mfa_username", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mfa-username"] = t + } + } + + if v, ok := d.GetOk("mfa_password"); ok { + t, err := expandUserPeerMfaPassword(d, v, "mfa_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mfa-password"] = t + } + } + if v, ok := d.GetOk("ldap_server"); ok { t, err := expandUserPeerLdapServer(d, v, "ldap_server", sv) if err != nil { diff --git a/fortios/resource_user_radius.go b/fortios/resource_user_radius.go index 9561da96b..426ab9066 100644 --- a/fortios/resource_user_radius.go +++ b/fortios/resource_user_radius.go @@ -110,6 +110,11 @@ func resourceUserRadius() *schema.Resource { Optional: true, Computed: true, }, + "call_station_id_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "nas_id": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 255), @@ -252,6 +257,16 @@ func resourceUserRadius() *schema.Resource { Optional: true, Computed: true, }, + "account_key_processing": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "account_key_cert_field": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "rsso": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -576,6 +591,10 @@ func flattenUserRadiusNasIdType(v interface{}, d *schema.ResourceData, pre strin return v } +func flattenUserRadiusCallStationIdType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserRadiusNasId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -714,6 +733,14 @@ func flattenUserRadiusServerIdentityCheck(v interface{}, d *schema.ResourceData, return v } +func flattenUserRadiusAccountKeyProcessing(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserRadiusAccountKeyCertField(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserRadiusRsso(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -956,6 +983,12 @@ func refreshObjectUserRadius(d *schema.ResourceData, o map[string]interface{}, s } } + if err = d.Set("call_station_id_type", flattenUserRadiusCallStationIdType(o["call-station-id-type"], d, "call_station_id_type", sv)); err != nil { + if !fortiAPIPatch(o["call-station-id-type"]) { + return fmt.Errorf("Error reading call_station_id_type: %v", err) + } + } + if err = d.Set("nas_id", flattenUserRadiusNasId(o["nas-id"], d, "nas_id", sv)); err != nil { if !fortiAPIPatch(o["nas-id"]) { return fmt.Errorf("Error reading nas_id: %v", err) @@ -1116,6 +1149,18 @@ func refreshObjectUserRadius(d *schema.ResourceData, o map[string]interface{}, s } } + if err = d.Set("account_key_processing", flattenUserRadiusAccountKeyProcessing(o["account-key-processing"], d, "account_key_processing", sv)); err != nil { + if !fortiAPIPatch(o["account-key-processing"]) { + return fmt.Errorf("Error reading account_key_processing: %v", err) + } + } + + if err = d.Set("account_key_cert_field", flattenUserRadiusAccountKeyCertField(o["account-key-cert-field"], d, "account_key_cert_field", sv)); err != nil { + if !fortiAPIPatch(o["account-key-cert-field"]) { + return fmt.Errorf("Error reading account_key_cert_field: %v", err) + } + } + if err = d.Set("rsso", flattenUserRadiusRsso(o["rsso"], d, "rsso", sv)); err != nil { if !fortiAPIPatch(o["rsso"]) { return fmt.Errorf("Error reading rsso: %v", err) @@ -1277,6 +1322,10 @@ func expandUserRadiusNasIdType(d *schema.ResourceData, v interface{}, pre string return v, nil } +func expandUserRadiusCallStationIdType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserRadiusNasId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1404,6 +1453,14 @@ func expandUserRadiusServerIdentityCheck(d *schema.ResourceData, v interface{}, return v, nil } +func expandUserRadiusAccountKeyProcessing(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserRadiusAccountKeyCertField(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserRadiusRsso(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1682,6 +1739,15 @@ func getObjectUserRadius(d *schema.ResourceData, sv string) (*map[string]interfa } } + if v, ok := d.GetOk("call_station_id_type"); ok { + t, err := expandUserRadiusCallStationIdType(d, v, "call_station_id_type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["call-station-id-type"] = t + } + } + if v, ok := d.GetOk("nas_id"); ok { t, err := expandUserRadiusNasId(d, v, "nas_id", sv) if err != nil { @@ -1907,6 +1973,24 @@ func getObjectUserRadius(d *schema.ResourceData, sv string) (*map[string]interfa } } + if v, ok := d.GetOk("account_key_processing"); ok { + t, err := expandUserRadiusAccountKeyProcessing(d, v, "account_key_processing", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["account-key-processing"] = t + } + } + + if v, ok := d.GetOk("account_key_cert_field"); ok { + t, err := expandUserRadiusAccountKeyCertField(d, v, "account_key_cert_field", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["account-key-cert-field"] = t + } + } + if v, ok := d.GetOk("rsso"); ok { t, err := expandUserRadiusRsso(d, v, "rsso", sv) if err != nil { diff --git a/fortios/resource_user_saml.go b/fortios/resource_user_saml.go index 97963f1d5..0ed064f8b 100644 --- a/fortios/resource_user_saml.go +++ b/fortios/resource_user_saml.go @@ -133,6 +133,11 @@ func resourceUserSaml() *schema.Resource { Optional: true, Computed: true, }, + "reauth": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } @@ -330,6 +335,10 @@ func flattenUserSamlGroupClaimType(v interface{}, d *schema.ResourceData, pre st return v } +func flattenUserSamlReauth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectUserSaml(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -441,6 +450,12 @@ func refreshObjectUserSaml(d *schema.ResourceData, o map[string]interface{}, sv } } + if err = d.Set("reauth", flattenUserSamlReauth(o["reauth"], d, "reauth", sv)); err != nil { + if !fortiAPIPatch(o["reauth"]) { + return fmt.Errorf("Error reading reauth: %v", err) + } + } + return nil } @@ -522,6 +537,10 @@ func expandUserSamlGroupClaimType(d *schema.ResourceData, v interface{}, pre str return v, nil } +func expandUserSamlReauth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectUserSaml(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -687,5 +706,14 @@ func getObjectUserSaml(d *schema.ResourceData, sv string) (*map[string]interface } } + if v, ok := d.GetOk("reauth"); ok { + t, err := expandUserSamlReauth(d, v, "reauth", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["reauth"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_user_setting.go b/fortios/resource_user_setting.go index 417595878..ebfda1a00 100644 --- a/fortios/resource_user_setting.go +++ b/fortios/resource_user_setting.go @@ -166,6 +166,12 @@ func resourceUserSetting() *schema.Resource { Optional: true, Computed: true, }, + "default_user_password_policy": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -414,6 +420,10 @@ func flattenUserSettingAuthSslSigalgs(v interface{}, d *schema.ResourceData, pre return v } +func flattenUserSettingDefaultUserPasswordPolicy(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectUserSetting(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -559,6 +569,12 @@ func refreshObjectUserSetting(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("default_user_password_policy", flattenUserSettingDefaultUserPasswordPolicy(o["default-user-password-policy"], d, "default_user_password_policy", sv)); err != nil { + if !fortiAPIPatch(o["default-user-password-policy"]) { + return fmt.Errorf("Error reading default_user_password_policy: %v", err) + } + } + return nil } @@ -697,6 +713,10 @@ func expandUserSettingAuthSslSigalgs(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandUserSettingDefaultUserPasswordPolicy(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectUserSetting(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -973,5 +993,18 @@ func getObjectUserSetting(d *schema.ResourceData, setArgNil bool, sv string) (*m } } + if v, ok := d.GetOk("default_user_password_policy"); ok { + if setArgNil { + obj["default-user-password-policy"] = nil + } else { + t, err := expandUserSettingDefaultUserPasswordPolicy(d, v, "default_user_password_policy", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["default-user-password-policy"] = t + } + } + } + return &obj, nil } diff --git a/fortios/resource_virtualpatch_profile.go b/fortios/resource_virtualpatch_profile.go new file mode 100644 index 000000000..73b2fec97 --- /dev/null +++ b/fortios/resource_virtualpatch_profile.go @@ -0,0 +1,667 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure virtual-patch profile. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceVirtualPatchProfile() *schema.Resource { + return &schema.Resource{ + Create: resourceVirtualPatchProfileCreate, + Read: resourceVirtualPatchProfileRead, + Update: resourceVirtualPatchProfileUpdate, + Delete: resourceVirtualPatchProfileDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + ForceNew: true, + Optional: true, + Computed: true, + }, + "comment": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + }, + "severity": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "log": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "exemption": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "rule": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + }, + }, + }, + "device": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "mac": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceVirtualPatchProfileCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectVirtualPatchProfile(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating VirtualPatchProfile resource while getting object: %v", err) + } + + o, err := c.CreateVirtualPatchProfile(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating VirtualPatchProfile resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("VirtualPatchProfile") + } + + return resourceVirtualPatchProfileRead(d, m) +} + +func resourceVirtualPatchProfileUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectVirtualPatchProfile(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating VirtualPatchProfile resource while getting object: %v", err) + } + + o, err := c.UpdateVirtualPatchProfile(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating VirtualPatchProfile resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("VirtualPatchProfile") + } + + return resourceVirtualPatchProfileRead(d, m) +} + +func resourceVirtualPatchProfileDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteVirtualPatchProfile(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting VirtualPatchProfile resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceVirtualPatchProfileRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadVirtualPatchProfile(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading VirtualPatchProfile resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectVirtualPatchProfile(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading VirtualPatchProfile resource from API: %v", err) + } + return nil +} + +func flattenVirtualPatchProfileName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileComment(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileSeverity(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileAction(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileLog(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileExemption(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := i["id"]; ok { + tmp["id"] = flattenVirtualPatchProfileExemptionId(i["id"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "status" + if _, ok := i["status"]; ok { + tmp["status"] = flattenVirtualPatchProfileExemptionStatus(i["status"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "rule" + if _, ok := i["rule"]; ok { + tmp["rule"] = flattenVirtualPatchProfileExemptionRule(i["rule"], d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "device" + if _, ok := i["device"]; ok { + tmp["device"] = flattenVirtualPatchProfileExemptionDevice(i["device"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenVirtualPatchProfileExemptionId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileExemptionStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileExemptionRule(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := i["id"]; ok { + tmp["id"] = flattenVirtualPatchProfileExemptionRuleId(i["id"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenVirtualPatchProfileExemptionRuleId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVirtualPatchProfileExemptionDevice(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "mac" + if _, ok := i["mac"]; ok { + tmp["mac"] = flattenVirtualPatchProfileExemptionDeviceMac(i["mac"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "mac", d) + return result +} + +func flattenVirtualPatchProfileExemptionDeviceMac(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectVirtualPatchProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenVirtualPatchProfileName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("comment", flattenVirtualPatchProfileComment(o["comment"], d, "comment", sv)); err != nil { + if !fortiAPIPatch(o["comment"]) { + return fmt.Errorf("Error reading comment: %v", err) + } + } + + if err = d.Set("severity", flattenVirtualPatchProfileSeverity(o["severity"], d, "severity", sv)); err != nil { + if !fortiAPIPatch(o["severity"]) { + return fmt.Errorf("Error reading severity: %v", err) + } + } + + if err = d.Set("action", flattenVirtualPatchProfileAction(o["action"], d, "action", sv)); err != nil { + if !fortiAPIPatch(o["action"]) { + return fmt.Errorf("Error reading action: %v", err) + } + } + + if err = d.Set("log", flattenVirtualPatchProfileLog(o["log"], d, "log", sv)); err != nil { + if !fortiAPIPatch(o["log"]) { + return fmt.Errorf("Error reading log: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("exemption", flattenVirtualPatchProfileExemption(o["exemption"], d, "exemption", sv)); err != nil { + if !fortiAPIPatch(o["exemption"]) { + return fmt.Errorf("Error reading exemption: %v", err) + } + } + } else { + if _, ok := d.GetOk("exemption"); ok { + if err = d.Set("exemption", flattenVirtualPatchProfileExemption(o["exemption"], d, "exemption", sv)); err != nil { + if !fortiAPIPatch(o["exemption"]) { + return fmt.Errorf("Error reading exemption: %v", err) + } + } + } + } + + return nil +} + +func flattenVirtualPatchProfileFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandVirtualPatchProfileName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileComment(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileSeverity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileAction(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileLog(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileExemption(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["id"], _ = expandVirtualPatchProfileExemptionId(d, i["id"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "status" + if _, ok := d.GetOk(pre_append); ok { + tmp["status"], _ = expandVirtualPatchProfileExemptionStatus(d, i["status"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "rule" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["rule"], _ = expandVirtualPatchProfileExemptionRule(d, i["rule"], pre_append, sv) + } else { + tmp["rule"] = make([]string, 0) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "device" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["device"], _ = expandVirtualPatchProfileExemptionDevice(d, i["device"], pre_append, sv) + } else { + tmp["device"] = make([]string, 0) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandVirtualPatchProfileExemptionId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileExemptionStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileExemptionRule(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["id"], _ = expandVirtualPatchProfileExemptionRuleId(d, i["id"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandVirtualPatchProfileExemptionRuleId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVirtualPatchProfileExemptionDevice(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "mac" + if _, ok := d.GetOk(pre_append); ok { + tmp["mac"], _ = expandVirtualPatchProfileExemptionDeviceMac(d, i["mac"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandVirtualPatchProfileExemptionDeviceMac(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectVirtualPatchProfile(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandVirtualPatchProfileName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("comment"); ok { + t, err := expandVirtualPatchProfileComment(d, v, "comment", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["comment"] = t + } + } + + if v, ok := d.GetOk("severity"); ok { + t, err := expandVirtualPatchProfileSeverity(d, v, "severity", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["severity"] = t + } + } + + if v, ok := d.GetOk("action"); ok { + t, err := expandVirtualPatchProfileAction(d, v, "action", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["action"] = t + } + } + + if v, ok := d.GetOk("log"); ok { + t, err := expandVirtualPatchProfileLog(d, v, "log", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["log"] = t + } + } + + if v, ok := d.GetOk("exemption"); ok || d.HasChange("exemption") { + t, err := expandVirtualPatchProfileExemption(d, v, "exemption", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["exemption"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_vpncertificate_ca.go b/fortios/resource_vpncertificate_ca.go index e89be8194..267eb6fea 100644 --- a/fortios/resource_vpncertificate_ca.go +++ b/fortios/resource_vpncertificate_ca.go @@ -71,6 +71,12 @@ func resourceVpnCertificateCa() *schema.Resource { Optional: true, Computed: true, }, + "est_url": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, "auto_update_days": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -255,6 +261,10 @@ func flattenVpnCertificateCaScepUrl(v interface{}, d *schema.ResourceData, pre s return v } +func flattenVpnCertificateCaEstUrl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnCertificateCaAutoUpdateDays(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -324,6 +334,12 @@ func refreshObjectVpnCertificateCa(d *schema.ResourceData, o map[string]interfac } } + if err = d.Set("est_url", flattenVpnCertificateCaEstUrl(o["est-url"], d, "est_url", sv)); err != nil { + if !fortiAPIPatch(o["est-url"]) { + return fmt.Errorf("Error reading est_url: %v", err) + } + } + if err = d.Set("auto_update_days", flattenVpnCertificateCaAutoUpdateDays(o["auto-update-days"], d, "auto_update_days", sv)); err != nil { if !fortiAPIPatch(o["auto-update-days"]) { return fmt.Errorf("Error reading auto_update_days: %v", err) @@ -397,6 +413,10 @@ func expandVpnCertificateCaScepUrl(d *schema.ResourceData, v interface{}, pre st return v, nil } +func expandVpnCertificateCaEstUrl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnCertificateCaAutoUpdateDays(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -487,6 +507,15 @@ func getObjectVpnCertificateCa(d *schema.ResourceData, sv string) (*map[string]i } } + if v, ok := d.GetOk("est_url"); ok { + t, err := expandVpnCertificateCaEstUrl(d, v, "est_url", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-url"] = t + } + } + if v, ok := d.GetOkExists("auto_update_days"); ok { t, err := expandVpnCertificateCaAutoUpdateDays(d, v, "auto_update_days", sv) if err != nil { diff --git a/fortios/resource_vpncertificate_local.go b/fortios/resource_vpncertificate_local.go index e5dc68083..fdff9c347 100644 --- a/fortios/resource_vpncertificate_local.go +++ b/fortios/resource_vpncertificate_local.go @@ -202,6 +202,54 @@ func resourceVpnCertificateLocal() *schema.Resource { Optional: true, Computed: true, }, + "est_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "est_ca_id": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "est_http_username": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "est_http_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "est_client_cert": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "est_server_cert": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "est_srp_username": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "est_srp_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, }, } } @@ -447,6 +495,38 @@ func flattenVpnCertificateLocalAcmeRenewWindow(v interface{}, d *schema.Resource return v } +func flattenVpnCertificateLocalEstServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstCaId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstHttpUsername(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstHttpPassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstClientCert(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstServerCert(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstSrpUsername(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnCertificateLocalEstSrpPassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectVpnCertificateLocal(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -606,6 +686,54 @@ func refreshObjectVpnCertificateLocal(d *schema.ResourceData, o map[string]inter } } + if err = d.Set("est_server", flattenVpnCertificateLocalEstServer(o["est-server"], d, "est_server", sv)); err != nil { + if !fortiAPIPatch(o["est-server"]) { + return fmt.Errorf("Error reading est_server: %v", err) + } + } + + if err = d.Set("est_ca_id", flattenVpnCertificateLocalEstCaId(o["est-ca-id"], d, "est_ca_id", sv)); err != nil { + if !fortiAPIPatch(o["est-ca-id"]) { + return fmt.Errorf("Error reading est_ca_id: %v", err) + } + } + + if err = d.Set("est_http_username", flattenVpnCertificateLocalEstHttpUsername(o["est-http-username"], d, "est_http_username", sv)); err != nil { + if !fortiAPIPatch(o["est-http-username"]) { + return fmt.Errorf("Error reading est_http_username: %v", err) + } + } + + if err = d.Set("est_http_password", flattenVpnCertificateLocalEstHttpPassword(o["est-http-password"], d, "est_http_password", sv)); err != nil { + if !fortiAPIPatch(o["est-http-password"]) { + return fmt.Errorf("Error reading est_http_password: %v", err) + } + } + + if err = d.Set("est_client_cert", flattenVpnCertificateLocalEstClientCert(o["est-client-cert"], d, "est_client_cert", sv)); err != nil { + if !fortiAPIPatch(o["est-client-cert"]) { + return fmt.Errorf("Error reading est_client_cert: %v", err) + } + } + + if err = d.Set("est_server_cert", flattenVpnCertificateLocalEstServerCert(o["est-server-cert"], d, "est_server_cert", sv)); err != nil { + if !fortiAPIPatch(o["est-server-cert"]) { + return fmt.Errorf("Error reading est_server_cert: %v", err) + } + } + + if err = d.Set("est_srp_username", flattenVpnCertificateLocalEstSrpUsername(o["est-srp-username"], d, "est_srp_username", sv)); err != nil { + if !fortiAPIPatch(o["est-srp-username"]) { + return fmt.Errorf("Error reading est_srp_username: %v", err) + } + } + + if err = d.Set("est_srp_password", flattenVpnCertificateLocalEstSrpPassword(o["est-srp-password"], d, "est_srp_password", sv)); err != nil { + if !fortiAPIPatch(o["est-srp-password"]) { + return fmt.Errorf("Error reading est_srp_password: %v", err) + } + } + return nil } @@ -735,6 +863,38 @@ func expandVpnCertificateLocalAcmeRenewWindow(d *schema.ResourceData, v interfac return v, nil } +func expandVpnCertificateLocalEstServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstCaId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstHttpUsername(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstHttpPassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstClientCert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstServerCert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstSrpUsername(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnCertificateLocalEstSrpPassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectVpnCertificateLocal(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -1008,5 +1168,77 @@ func getObjectVpnCertificateLocal(d *schema.ResourceData, sv string) (*map[strin } } + if v, ok := d.GetOk("est_server"); ok { + t, err := expandVpnCertificateLocalEstServer(d, v, "est_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-server"] = t + } + } + + if v, ok := d.GetOk("est_ca_id"); ok { + t, err := expandVpnCertificateLocalEstCaId(d, v, "est_ca_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-ca-id"] = t + } + } + + if v, ok := d.GetOk("est_http_username"); ok { + t, err := expandVpnCertificateLocalEstHttpUsername(d, v, "est_http_username", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-http-username"] = t + } + } + + if v, ok := d.GetOk("est_http_password"); ok { + t, err := expandVpnCertificateLocalEstHttpPassword(d, v, "est_http_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-http-password"] = t + } + } + + if v, ok := d.GetOk("est_client_cert"); ok { + t, err := expandVpnCertificateLocalEstClientCert(d, v, "est_client_cert", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-client-cert"] = t + } + } + + if v, ok := d.GetOk("est_server_cert"); ok { + t, err := expandVpnCertificateLocalEstServerCert(d, v, "est_server_cert", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-server-cert"] = t + } + } + + if v, ok := d.GetOk("est_srp_username"); ok { + t, err := expandVpnCertificateLocalEstSrpUsername(d, v, "est_srp_username", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-srp-username"] = t + } + } + + if v, ok := d.GetOk("est_srp_password"); ok { + t, err := expandVpnCertificateLocalEstSrpPassword(d, v, "est_srp_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["est-srp-password"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_vpnipsec_phase1.go b/fortios/resource_vpnipsec_phase1.go index 27ece9e72..3bd781826 100644 --- a/fortios/resource_vpnipsec_phase1.go +++ b/fortios/resource_vpnipsec_phase1.go @@ -201,6 +201,20 @@ func resourceVpnIpsecPhase1() *schema.Resource { Optional: true, Computed: true, }, + "internal_domain_list": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "domain_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, "ipv4_wins_server1": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1033,6 +1047,48 @@ func flattenVpnIpsecPhase1Ipv4DnsServer3(v interface{}, d *schema.ResourceData, return v } +func flattenVpnIpsecPhase1InternalDomainList(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_name" + if _, ok := i["domain-name"]; ok { + tmp["domain_name"] = flattenVpnIpsecPhase1InternalDomainListDomainName(i["domain-name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "domain_name", d) + return result +} + +func flattenVpnIpsecPhase1InternalDomainListDomainName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnIpsecPhase1Ipv4WinsServer1(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1754,6 +1810,22 @@ func refreshObjectVpnIpsecPhase1(d *schema.ResourceData, o map[string]interface{ } } + if b_get_all_tables { + if err = d.Set("internal_domain_list", flattenVpnIpsecPhase1InternalDomainList(o["internal-domain-list"], d, "internal_domain_list", sv)); err != nil { + if !fortiAPIPatch(o["internal-domain-list"]) { + return fmt.Errorf("Error reading internal_domain_list: %v", err) + } + } + } else { + if _, ok := d.GetOk("internal_domain_list"); ok { + if err = d.Set("internal_domain_list", flattenVpnIpsecPhase1InternalDomainList(o["internal-domain-list"], d, "internal_domain_list", sv)); err != nil { + if !fortiAPIPatch(o["internal-domain-list"]) { + return fmt.Errorf("Error reading internal_domain_list: %v", err) + } + } + } + } + if err = d.Set("ipv4_wins_server1", flattenVpnIpsecPhase1Ipv4WinsServer1(o["ipv4-wins-server1"], d, "ipv4_wins_server1", sv)); err != nil { if !fortiAPIPatch(o["ipv4-wins-server1"]) { return fmt.Errorf("Error reading ipv4_wins_server1: %v", err) @@ -2472,6 +2544,37 @@ func expandVpnIpsecPhase1Ipv4DnsServer3(d *schema.ResourceData, v interface{}, p return v, nil } +func expandVpnIpsecPhase1InternalDomainList(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_name" + if _, ok := d.GetOk(pre_append); ok { + tmp["domain-name"], _ = expandVpnIpsecPhase1InternalDomainListDomainName(d, i["domain_name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandVpnIpsecPhase1InternalDomainListDomainName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnIpsecPhase1Ipv4WinsServer1(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3234,6 +3337,15 @@ func getObjectVpnIpsecPhase1(d *schema.ResourceData, sv string) (*map[string]int } } + if v, ok := d.GetOk("internal_domain_list"); ok || d.HasChange("internal_domain_list") { + t, err := expandVpnIpsecPhase1InternalDomainList(d, v, "internal_domain_list", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internal-domain-list"] = t + } + } + if v, ok := d.GetOk("ipv4_wins_server1"); ok { t, err := expandVpnIpsecPhase1Ipv4WinsServer1(d, v, "ipv4_wins_server1", sv) if err != nil { diff --git a/fortios/resource_vpnipsec_phase1interface.go b/fortios/resource_vpnipsec_phase1interface.go index 5aef767bc..e7c9a6432 100644 --- a/fortios/resource_vpnipsec_phase1interface.go +++ b/fortios/resource_vpnipsec_phase1interface.go @@ -167,6 +167,11 @@ func resourceVpnIpsecPhase1Interface() *schema.Resource { Optional: true, Computed: true, }, + "monitor_min": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "monitor_hold_down_type": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -299,6 +304,20 @@ func resourceVpnIpsecPhase1Interface() *schema.Resource { Optional: true, Computed: true, }, + "internal_domain_list": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "domain_name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, "ipv4_wins_server1": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -943,6 +962,11 @@ func resourceVpnIpsecPhase1Interface() *schema.Resource { Optional: true, Computed: true, }, + "ems_sn_check": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1208,6 +1232,10 @@ func flattenVpnIpsecPhase1InterfaceMonitor(v interface{}, d *schema.ResourceData return v } +func flattenVpnIpsecPhase1InterfaceMonitorMin(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnIpsecPhase1InterfaceMonitorHoldDownType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1312,6 +1340,48 @@ func flattenVpnIpsecPhase1InterfaceIpv4DnsServer3(v interface{}, d *schema.Resou return v } +func flattenVpnIpsecPhase1InterfaceInternalDomainList(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_name" + if _, ok := i["domain-name"]; ok { + tmp["domain_name"] = flattenVpnIpsecPhase1InterfaceInternalDomainListDomainName(i["domain-name"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "domain_name", d) + return result +} + +func flattenVpnIpsecPhase1InterfaceInternalDomainListDomainName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnIpsecPhase1InterfaceIpv4WinsServer1(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1914,6 +1984,10 @@ func flattenVpnIpsecPhase1InterfaceExchangeFgtDeviceId(v interface{}, d *schema. return v } +func flattenVpnIpsecPhase1InterfaceEmsSnCheck(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectVpnIpsecPhase1Interface(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -2065,9 +2139,48 @@ func refreshObjectVpnIpsecPhase1Interface(d *schema.ResourceData, o map[string]i } } - if err = d.Set("monitor", flattenVpnIpsecPhase1InterfaceMonitor(o["monitor"], d, "monitor", sv)); err != nil { - if !fortiAPIPatch(o["monitor"]) { - return fmt.Errorf("Error reading monitor: %v", err) + { + v := flattenVpnIpsecPhase1InterfaceMonitor(o["monitor"], d, "monitor", sv) + vx := "" + bstring := false + new_version_map := map[string][]string{ + ">=": []string{"7.4.1"}, + } + if i2ss2arrFortiAPIUpgrade(sv, new_version_map) == true { + l := v.([]interface{}) + if len(l) > 0 { + for k, r := range l { + i := r.(map[string]interface{}) + if _, ok := i["name"]; ok { + if xv, ok := i["name"].(string); ok { + vx += xv + if k < len(l)-1 { + vx += ", " + } + } + } + } + } + bstring = true + } + if bstring == true { + if err = d.Set("monitor", vx); err != nil { + if !fortiAPIPatch(o["monitor"]) { + return fmt.Errorf("Error reading monitor: %v", err) + } + } + } else { + if err = d.Set("monitor", v); err != nil { + if !fortiAPIPatch(o["monitor"]) { + return fmt.Errorf("Error reading monitor: %v", err) + } + } + } + } + + if err = d.Set("monitor_min", flattenVpnIpsecPhase1InterfaceMonitorMin(o["monitor-min"], d, "monitor_min", sv)); err != nil { + if !fortiAPIPatch(o["monitor-min"]) { + return fmt.Errorf("Error reading monitor_min: %v", err) } } @@ -2227,6 +2340,22 @@ func refreshObjectVpnIpsecPhase1Interface(d *schema.ResourceData, o map[string]i } } + if b_get_all_tables { + if err = d.Set("internal_domain_list", flattenVpnIpsecPhase1InterfaceInternalDomainList(o["internal-domain-list"], d, "internal_domain_list", sv)); err != nil { + if !fortiAPIPatch(o["internal-domain-list"]) { + return fmt.Errorf("Error reading internal_domain_list: %v", err) + } + } + } else { + if _, ok := d.GetOk("internal_domain_list"); ok { + if err = d.Set("internal_domain_list", flattenVpnIpsecPhase1InterfaceInternalDomainList(o["internal-domain-list"], d, "internal_domain_list", sv)); err != nil { + if !fortiAPIPatch(o["internal-domain-list"]) { + return fmt.Errorf("Error reading internal_domain_list: %v", err) + } + } + } + } + if err = d.Set("ipv4_wins_server1", flattenVpnIpsecPhase1InterfaceIpv4WinsServer1(o["ipv4-wins-server1"], d, "ipv4_wins_server1", sv)); err != nil { if !fortiAPIPatch(o["ipv4-wins-server1"]) { return fmt.Errorf("Error reading ipv4_wins_server1: %v", err) @@ -2909,6 +3038,12 @@ func refreshObjectVpnIpsecPhase1Interface(d *schema.ResourceData, o map[string]i } } + if err = d.Set("ems_sn_check", flattenVpnIpsecPhase1InterfaceEmsSnCheck(o["ems-sn-check"], d, "ems_sn_check", sv)); err != nil { + if !fortiAPIPatch(o["ems-sn-check"]) { + return fmt.Errorf("Error reading ems_sn_check: %v", err) + } + } + return nil } @@ -3037,6 +3172,10 @@ func expandVpnIpsecPhase1InterfaceMonitor(d *schema.ResourceData, v interface{}, return v, nil } +func expandVpnIpsecPhase1InterfaceMonitorMin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnIpsecPhase1InterfaceMonitorHoldDownType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3141,6 +3280,37 @@ func expandVpnIpsecPhase1InterfaceIpv4DnsServer3(d *schema.ResourceData, v inter return v, nil } +func expandVpnIpsecPhase1InterfaceInternalDomainList(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "domain_name" + if _, ok := d.GetOk(pre_append); ok { + tmp["domain-name"], _ = expandVpnIpsecPhase1InterfaceInternalDomainListDomainName(d, i["domain_name"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandVpnIpsecPhase1InterfaceInternalDomainListDomainName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnIpsecPhase1InterfaceIpv4WinsServer1(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3710,6 +3880,10 @@ func expandVpnIpsecPhase1InterfaceExchangeFgtDeviceId(d *schema.ResourceData, v return v, nil } +func expandVpnIpsecPhase1InterfaceEmsSnCheck(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectVpnIpsecPhase1Interface(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -3916,7 +4090,34 @@ func getObjectVpnIpsecPhase1Interface(d *schema.ResourceData, sv string) (*map[s if err != nil { return &obj, err } else if t != nil { - obj["monitor"] = t + new_version_map := map[string][]string{ + ">=": []string{"7.4.1"}, + } + if i2ss2arrFortiAPIUpgrade(sv, new_version_map) == true { + vx := fmt.Sprintf("%v", t) + vxx := strings.Split(vx, ", ") + + tmps := make([]map[string]interface{}, 0, len(vxx)) + + for _, xv := range vxx { + xtmp := make(map[string]interface{}) + xtmp["name"] = xv + + tmps = append(tmps, xtmp) + } + obj["monitor"] = tmps + } else { + obj["monitor"] = t + } + } + } + + if v, ok := d.GetOkExists("monitor_min"); ok { + t, err := expandVpnIpsecPhase1InterfaceMonitorMin(d, v, "monitor_min", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["monitor-min"] = t } } @@ -4154,6 +4355,15 @@ func getObjectVpnIpsecPhase1Interface(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("internal_domain_list"); ok || d.HasChange("internal_domain_list") { + t, err := expandVpnIpsecPhase1InterfaceInternalDomainList(d, v, "internal_domain_list", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internal-domain-list"] = t + } + } + if v, ok := d.GetOk("ipv4_wins_server1"); ok { t, err := expandVpnIpsecPhase1InterfaceIpv4WinsServer1(d, v, "ipv4_wins_server1", sv) if err != nil { @@ -5171,5 +5381,14 @@ func getObjectVpnIpsecPhase1Interface(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("ems_sn_check"); ok { + t, err := expandVpnIpsecPhase1InterfaceEmsSnCheck(d, v, "ems_sn_check", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ems-sn-check"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_vpnsslweb_portal.go b/fortios/resource_vpnsslweb_portal.go index 4beb05c47..82510dc2e 100644 --- a/fortios/resource_vpnsslweb_portal.go +++ b/fortios/resource_vpnsslweb_portal.go @@ -258,6 +258,11 @@ func resourceVpnSslWebPortal() *schema.Resource { Optional: true, Computed: true, }, + "default_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "user_group_bookmark": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -477,6 +482,11 @@ func resourceVpnSslWebPortal() *schema.Resource { Optional: true, Computed: true, }, + "focus_bookmark": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "display_status": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1241,6 +1251,10 @@ func flattenVpnSslWebPortalAllowUserAccess(v interface{}, d *schema.ResourceData return v } +func flattenVpnSslWebPortalDefaultProtocol(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnSslWebPortalUserGroupBookmark(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1676,6 +1690,10 @@ func flattenVpnSslWebPortalDisplayHistory(v interface{}, d *schema.ResourceData, return v } +func flattenVpnSslWebPortalFocusBookmark(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnSslWebPortalDisplayStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2486,6 +2504,12 @@ func refreshObjectVpnSslWebPortal(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("default_protocol", flattenVpnSslWebPortalDefaultProtocol(o["default-protocol"], d, "default_protocol", sv)); err != nil { + if !fortiAPIPatch(o["default-protocol"]) { + return fmt.Errorf("Error reading default_protocol: %v", err) + } + } + if err = d.Set("user_group_bookmark", flattenVpnSslWebPortalUserGroupBookmark(o["user-group-bookmark"], d, "user_group_bookmark", sv)); err != nil { if !fortiAPIPatch(o["user-group-bookmark"]) { return fmt.Errorf("Error reading user_group_bookmark: %v", err) @@ -2520,6 +2544,12 @@ func refreshObjectVpnSslWebPortal(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("focus_bookmark", flattenVpnSslWebPortalFocusBookmark(o["focus-bookmark"], d, "focus_bookmark", sv)); err != nil { + if !fortiAPIPatch(o["focus-bookmark"]) { + return fmt.Errorf("Error reading focus_bookmark: %v", err) + } + } + if err = d.Set("display_status", flattenVpnSslWebPortalDisplayStatus(o["display-status"], d, "display_status", sv)); err != nil { if !fortiAPIPatch(o["display-status"]) { return fmt.Errorf("Error reading display_status: %v", err) @@ -3045,6 +3075,10 @@ func expandVpnSslWebPortalAllowUserAccess(d *schema.ResourceData, v interface{}, return v, nil } +func expandVpnSslWebPortalDefaultProtocol(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnSslWebPortalUserGroupBookmark(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3443,6 +3477,10 @@ func expandVpnSslWebPortalDisplayHistory(d *schema.ResourceData, v interface{}, return v, nil } +func expandVpnSslWebPortalFocusBookmark(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnSslWebPortalDisplayStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4250,6 +4288,15 @@ func getObjectVpnSslWebPortal(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("default_protocol"); ok { + t, err := expandVpnSslWebPortalDefaultProtocol(d, v, "default_protocol", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["default-protocol"] = t + } + } + if v, ok := d.GetOk("user_group_bookmark"); ok { t, err := expandVpnSslWebPortalUserGroupBookmark(d, v, "user_group_bookmark", sv) if err != nil { @@ -4286,6 +4333,15 @@ func getObjectVpnSslWebPortal(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("focus_bookmark"); ok { + t, err := expandVpnSslWebPortalFocusBookmark(d, v, "focus_bookmark", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["focus-bookmark"] = t + } + } + if v, ok := d.GetOk("display_status"); ok { t, err := expandVpnSslWebPortalDisplayStatus(d, v, "display_status", sv) if err != nil { diff --git a/fortios/resource_webproxy_fastfallback.go b/fortios/resource_webproxy_fastfallback.go new file mode 100644 index 000000000..1539a5928 --- /dev/null +++ b/fortios/resource_webproxy_fastfallback.go @@ -0,0 +1,322 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Proxy destination connection fast-fallback. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceWebProxyFastFallback() *schema.Resource { + return &schema.Resource{ + Create: resourceWebProxyFastFallbackCreate, + Read: resourceWebProxyFastFallbackRead, + Update: resourceWebProxyFastFallbackUpdate, + Delete: resourceWebProxyFastFallbackDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + ForceNew: true, + Optional: true, + Computed: true, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "connection_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "connection_timeout": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(200, 1800000), + Optional: true, + Computed: true, + }, + }, + } +} + +func resourceWebProxyFastFallbackCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectWebProxyFastFallback(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating WebProxyFastFallback resource while getting object: %v", err) + } + + o, err := c.CreateWebProxyFastFallback(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating WebProxyFastFallback resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("WebProxyFastFallback") + } + + return resourceWebProxyFastFallbackRead(d, m) +} + +func resourceWebProxyFastFallbackUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectWebProxyFastFallback(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating WebProxyFastFallback resource while getting object: %v", err) + } + + o, err := c.UpdateWebProxyFastFallback(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating WebProxyFastFallback resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("WebProxyFastFallback") + } + + return resourceWebProxyFastFallbackRead(d, m) +} + +func resourceWebProxyFastFallbackDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteWebProxyFastFallback(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting WebProxyFastFallback resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceWebProxyFastFallbackRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + o, err := c.ReadWebProxyFastFallback(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading WebProxyFastFallback resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectWebProxyFastFallback(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading WebProxyFastFallback resource from API: %v", err) + } + return nil +} + +func flattenWebProxyFastFallbackName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWebProxyFastFallbackStatus(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWebProxyFastFallbackConnectionMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWebProxyFastFallbackProtocol(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWebProxyFastFallbackConnectionTimeout(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectWebProxyFastFallback(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + + if err = d.Set("name", flattenWebProxyFastFallbackName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("status", flattenWebProxyFastFallbackStatus(o["status"], d, "status", sv)); err != nil { + if !fortiAPIPatch(o["status"]) { + return fmt.Errorf("Error reading status: %v", err) + } + } + + if err = d.Set("connection_mode", flattenWebProxyFastFallbackConnectionMode(o["connection-mode"], d, "connection_mode", sv)); err != nil { + if !fortiAPIPatch(o["connection-mode"]) { + return fmt.Errorf("Error reading connection_mode: %v", err) + } + } + + if err = d.Set("protocol", flattenWebProxyFastFallbackProtocol(o["protocol"], d, "protocol", sv)); err != nil { + if !fortiAPIPatch(o["protocol"]) { + return fmt.Errorf("Error reading protocol: %v", err) + } + } + + if err = d.Set("connection_timeout", flattenWebProxyFastFallbackConnectionTimeout(o["connection-timeout"], d, "connection_timeout", sv)); err != nil { + if !fortiAPIPatch(o["connection-timeout"]) { + return fmt.Errorf("Error reading connection_timeout: %v", err) + } + } + + return nil +} + +func flattenWebProxyFastFallbackFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandWebProxyFastFallbackName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWebProxyFastFallbackStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWebProxyFastFallbackConnectionMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWebProxyFastFallbackProtocol(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWebProxyFastFallbackConnectionTimeout(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectWebProxyFastFallback(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandWebProxyFastFallbackName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("status"); ok { + t, err := expandWebProxyFastFallbackStatus(d, v, "status", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["status"] = t + } + } + + if v, ok := d.GetOk("connection_mode"); ok { + t, err := expandWebProxyFastFallbackConnectionMode(d, v, "connection_mode", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["connection-mode"] = t + } + } + + if v, ok := d.GetOk("protocol"); ok { + t, err := expandWebProxyFastFallbackProtocol(d, v, "protocol", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["protocol"] = t + } + } + + if v, ok := d.GetOk("connection_timeout"); ok { + t, err := expandWebProxyFastFallbackConnectionTimeout(d, v, "connection_timeout", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["connection-timeout"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_webproxy_forwardserver.go b/fortios/resource_webproxy_forwardserver.go index d77be5e33..c84f22053 100644 --- a/fortios/resource_webproxy_forwardserver.go +++ b/fortios/resource_webproxy_forwardserver.go @@ -52,6 +52,11 @@ func resourceWebProxyForwardServer() *schema.Resource { Optional: true, Computed: true, }, + "ipv6": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "fqdn": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 255), @@ -235,6 +240,10 @@ func flattenWebProxyForwardServerIp(v interface{}, d *schema.ResourceData, pre s return v } +func flattenWebProxyForwardServerIpv6(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWebProxyForwardServerFqdn(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -288,6 +297,12 @@ func refreshObjectWebProxyForwardServer(d *schema.ResourceData, o map[string]int } } + if err = d.Set("ipv6", flattenWebProxyForwardServerIpv6(o["ipv6"], d, "ipv6", sv)); err != nil { + if !fortiAPIPatch(o["ipv6"]) { + return fmt.Errorf("Error reading ipv6: %v", err) + } + } + if err = d.Set("fqdn", flattenWebProxyForwardServerFqdn(o["fqdn"], d, "fqdn", sv)); err != nil { if !fortiAPIPatch(o["fqdn"]) { return fmt.Errorf("Error reading fqdn: %v", err) @@ -351,6 +366,10 @@ func expandWebProxyForwardServerIp(d *schema.ResourceData, v interface{}, pre st return v, nil } +func expandWebProxyForwardServerIpv6(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWebProxyForwardServerFqdn(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -413,6 +432,15 @@ func getObjectWebProxyForwardServer(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("ipv6"); ok { + t, err := expandWebProxyForwardServerIpv6(d, v, "ipv6", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ipv6"] = t + } + } + if v, ok := d.GetOk("fqdn"); ok { t, err := expandWebProxyForwardServerFqdn(d, v, "fqdn", sv) if err != nil { diff --git a/fortios/resource_webproxy_urlmatch.go b/fortios/resource_webproxy_urlmatch.go index 1c9375af0..09fd7a671 100644 --- a/fortios/resource_webproxy_urlmatch.go +++ b/fortios/resource_webproxy_urlmatch.go @@ -58,6 +58,12 @@ func resourceWebProxyUrlMatch() *schema.Resource { Optional: true, Computed: true, }, + "fast_fallback": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, "cache_exemption": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -209,6 +215,10 @@ func flattenWebProxyUrlMatchForwardServer(v interface{}, d *schema.ResourceData, return v } +func flattenWebProxyUrlMatchFastFallback(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWebProxyUrlMatchCacheExemption(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -244,6 +254,12 @@ func refreshObjectWebProxyUrlMatch(d *schema.ResourceData, o map[string]interfac } } + if err = d.Set("fast_fallback", flattenWebProxyUrlMatchFastFallback(o["fast-fallback"], d, "fast_fallback", sv)); err != nil { + if !fortiAPIPatch(o["fast-fallback"]) { + return fmt.Errorf("Error reading fast_fallback: %v", err) + } + } + if err = d.Set("cache_exemption", flattenWebProxyUrlMatchCacheExemption(o["cache-exemption"], d, "cache_exemption", sv)); err != nil { if !fortiAPIPatch(o["cache-exemption"]) { return fmt.Errorf("Error reading cache_exemption: %v", err) @@ -281,6 +297,10 @@ func expandWebProxyUrlMatchForwardServer(d *schema.ResourceData, v interface{}, return v, nil } +func expandWebProxyUrlMatchFastFallback(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWebProxyUrlMatchCacheExemption(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -328,6 +348,15 @@ func getObjectWebProxyUrlMatch(d *schema.ResourceData, sv string) (*map[string]i } } + if v, ok := d.GetOk("fast_fallback"); ok { + t, err := expandWebProxyUrlMatchFastFallback(d, v, "fast_fallback", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fast-fallback"] = t + } + } + if v, ok := d.GetOk("cache_exemption"); ok { t, err := expandWebProxyUrlMatchCacheExemption(d, v, "cache_exemption", sv) if err != nil { diff --git a/fortios/resource_wirelesscontroller_bleprofile.go b/fortios/resource_wirelesscontroller_bleprofile.go index 8fd67aa23..3a38a6615 100644 --- a/fortios/resource_wirelesscontroller_bleprofile.go +++ b/fortios/resource_wirelesscontroller_bleprofile.go @@ -111,6 +111,41 @@ func resourceWirelessControllerBleProfile() *schema.Resource { Optional: true, Computed: true, }, + "scan_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "scan_threshold": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 7), + Optional: true, + Computed: true, + }, + "scan_period": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1000, 10000), + Optional: true, + Computed: true, + }, + "scan_time": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1000, 10000), + Optional: true, + Computed: true, + }, + "scan_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(10, 1000), + Optional: true, + Computed: true, + }, + "scan_window": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(10, 1000), + Optional: true, + Computed: true, + }, }, } } @@ -288,6 +323,30 @@ func flattenWirelessControllerBleProfileBleScanning(v interface{}, d *schema.Res return v } +func flattenWirelessControllerBleProfileScanType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerBleProfileScanThreshold(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerBleProfileScanPeriod(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerBleProfileScanTime(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerBleProfileScanInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerBleProfileScanWindow(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectWirelessControllerBleProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -369,6 +428,42 @@ func refreshObjectWirelessControllerBleProfile(d *schema.ResourceData, o map[str } } + if err = d.Set("scan_type", flattenWirelessControllerBleProfileScanType(o["scan-type"], d, "scan_type", sv)); err != nil { + if !fortiAPIPatch(o["scan-type"]) { + return fmt.Errorf("Error reading scan_type: %v", err) + } + } + + if err = d.Set("scan_threshold", flattenWirelessControllerBleProfileScanThreshold(o["scan-threshold"], d, "scan_threshold", sv)); err != nil { + if !fortiAPIPatch(o["scan-threshold"]) { + return fmt.Errorf("Error reading scan_threshold: %v", err) + } + } + + if err = d.Set("scan_period", flattenWirelessControllerBleProfileScanPeriod(o["scan-period"], d, "scan_period", sv)); err != nil { + if !fortiAPIPatch(o["scan-period"]) { + return fmt.Errorf("Error reading scan_period: %v", err) + } + } + + if err = d.Set("scan_time", flattenWirelessControllerBleProfileScanTime(o["scan-time"], d, "scan_time", sv)); err != nil { + if !fortiAPIPatch(o["scan-time"]) { + return fmt.Errorf("Error reading scan_time: %v", err) + } + } + + if err = d.Set("scan_interval", flattenWirelessControllerBleProfileScanInterval(o["scan-interval"], d, "scan_interval", sv)); err != nil { + if !fortiAPIPatch(o["scan-interval"]) { + return fmt.Errorf("Error reading scan_interval: %v", err) + } + } + + if err = d.Set("scan_window", flattenWirelessControllerBleProfileScanWindow(o["scan-window"], d, "scan_window", sv)); err != nil { + if !fortiAPIPatch(o["scan-window"]) { + return fmt.Errorf("Error reading scan_window: %v", err) + } + } + return nil } @@ -430,6 +525,30 @@ func expandWirelessControllerBleProfileBleScanning(d *schema.ResourceData, v int return v, nil } +func expandWirelessControllerBleProfileScanType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerBleProfileScanThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerBleProfileScanPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerBleProfileScanTime(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerBleProfileScanInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerBleProfileScanWindow(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectWirelessControllerBleProfile(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -550,5 +669,59 @@ func getObjectWirelessControllerBleProfile(d *schema.ResourceData, sv string) (* } } + if v, ok := d.GetOk("scan_type"); ok { + t, err := expandWirelessControllerBleProfileScanType(d, v, "scan_type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["scan-type"] = t + } + } + + if v, ok := d.GetOk("scan_threshold"); ok { + t, err := expandWirelessControllerBleProfileScanThreshold(d, v, "scan_threshold", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["scan-threshold"] = t + } + } + + if v, ok := d.GetOk("scan_period"); ok { + t, err := expandWirelessControllerBleProfileScanPeriod(d, v, "scan_period", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["scan-period"] = t + } + } + + if v, ok := d.GetOk("scan_time"); ok { + t, err := expandWirelessControllerBleProfileScanTime(d, v, "scan_time", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["scan-time"] = t + } + } + + if v, ok := d.GetOk("scan_interval"); ok { + t, err := expandWirelessControllerBleProfileScanInterval(d, v, "scan_interval", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["scan-interval"] = t + } + } + + if v, ok := d.GetOk("scan_window"); ok { + t, err := expandWirelessControllerBleProfileScanWindow(d, v, "scan_window", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["scan-window"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_wirelesscontroller_widsprofile.go b/fortios/resource_wirelesscontroller_widsprofile.go index 5c9cdf2b6..0b6594245 100644 --- a/fortios/resource_wirelesscontroller_widsprofile.go +++ b/fortios/resource_wirelesscontroller_widsprofile.go @@ -58,6 +58,34 @@ func resourceWirelessControllerWidsProfile() *schema.Resource { Optional: true, Computed: true, }, + "ap_scan_channel_list_2g_5g": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "chan": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 3), + Optional: true, + Computed: true, + }, + }, + }, + }, + "ap_scan_channel_list_6g": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "chan": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 3), + Optional: true, + Computed: true, + }, + }, + }, + }, "ap_bgscan_period": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(10, 3600), @@ -478,6 +506,90 @@ func flattenWirelessControllerWidsProfileApScan(v interface{}, d *schema.Resourc return v } +func flattenWirelessControllerWidsProfileApScanChannelList2G5G(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "chan" + if _, ok := i["chan"]; ok { + tmp["chan"] = flattenWirelessControllerWidsProfileApScanChannelList2G5GChan(i["chan"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "chan", d) + return result +} + +func flattenWirelessControllerWidsProfileApScanChannelList2G5GChan(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWidsProfileApScanChannelList6G(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "chan" + if _, ok := i["chan"]; ok { + tmp["chan"] = flattenWirelessControllerWidsProfileApScanChannelList6GChan(i["chan"], d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "chan", d) + return result +} + +func flattenWirelessControllerWidsProfileApScanChannelList6GChan(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWidsProfileApBgscanPeriod(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -737,6 +849,38 @@ func refreshObjectWirelessControllerWidsProfile(d *schema.ResourceData, o map[st } } + if b_get_all_tables { + if err = d.Set("ap_scan_channel_list_2g_5g", flattenWirelessControllerWidsProfileApScanChannelList2G5G(o["ap-scan-channel-list-2G-5G"], d, "ap_scan_channel_list_2g_5g", sv)); err != nil { + if !fortiAPIPatch(o["ap-scan-channel-list-2G-5G"]) { + return fmt.Errorf("Error reading ap_scan_channel_list_2g_5g: %v", err) + } + } + } else { + if _, ok := d.GetOk("ap_scan_channel_list_2g_5g"); ok { + if err = d.Set("ap_scan_channel_list_2g_5g", flattenWirelessControllerWidsProfileApScanChannelList2G5G(o["ap-scan-channel-list-2G-5G"], d, "ap_scan_channel_list_2g_5g", sv)); err != nil { + if !fortiAPIPatch(o["ap-scan-channel-list-2G-5G"]) { + return fmt.Errorf("Error reading ap_scan_channel_list_2g_5g: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("ap_scan_channel_list_6g", flattenWirelessControllerWidsProfileApScanChannelList6G(o["ap-scan-channel-list-6G"], d, "ap_scan_channel_list_6g", sv)); err != nil { + if !fortiAPIPatch(o["ap-scan-channel-list-6G"]) { + return fmt.Errorf("Error reading ap_scan_channel_list_6g: %v", err) + } + } + } else { + if _, ok := d.GetOk("ap_scan_channel_list_6g"); ok { + if err = d.Set("ap_scan_channel_list_6g", flattenWirelessControllerWidsProfileApScanChannelList6G(o["ap-scan-channel-list-6G"], d, "ap_scan_channel_list_6g", sv)); err != nil { + if !fortiAPIPatch(o["ap-scan-channel-list-6G"]) { + return fmt.Errorf("Error reading ap_scan_channel_list_6g: %v", err) + } + } + } + } + if err = d.Set("ap_bgscan_period", flattenWirelessControllerWidsProfileApBgscanPeriod(o["ap-bgscan-period"], d, "ap_bgscan_period", sv)); err != nil { if !fortiAPIPatch(o["ap-bgscan-period"]) { return fmt.Errorf("Error reading ap_bgscan_period: %v", err) @@ -1054,6 +1198,68 @@ func expandWirelessControllerWidsProfileApScan(d *schema.ResourceData, v interfa return v, nil } +func expandWirelessControllerWidsProfileApScanChannelList2G5G(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "chan" + if _, ok := d.GetOk(pre_append); ok { + tmp["chan"], _ = expandWirelessControllerWidsProfileApScanChannelList2G5GChan(d, i["chan"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandWirelessControllerWidsProfileApScanChannelList2G5GChan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWidsProfileApScanChannelList6G(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "chan" + if _, ok := d.GetOk(pre_append); ok { + tmp["chan"], _ = expandWirelessControllerWidsProfileApScanChannelList6GChan(d, i["chan"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandWirelessControllerWidsProfileApScanChannelList6GChan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWidsProfileApBgscanPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1308,6 +1514,24 @@ func getObjectWirelessControllerWidsProfile(d *schema.ResourceData, sv string) ( } } + if v, ok := d.GetOk("ap_scan_channel_list_2g_5g"); ok || d.HasChange("ap_scan_channel_list_2g_5g") { + t, err := expandWirelessControllerWidsProfileApScanChannelList2G5G(d, v, "ap_scan_channel_list_2g_5g", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ap-scan-channel-list-2G-5G"] = t + } + } + + if v, ok := d.GetOk("ap_scan_channel_list_6g"); ok || d.HasChange("ap_scan_channel_list_6g") { + t, err := expandWirelessControllerWidsProfileApScanChannelList6G(d, v, "ap_scan_channel_list_6g", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ap-scan-channel-list-6G"] = t + } + } + if v, ok := d.GetOk("ap_bgscan_period"); ok { t, err := expandWirelessControllerWidsProfileApBgscanPeriod(d, v, "ap_bgscan_period", sv) if err != nil { diff --git a/fortios/resource_wirelesscontroller_wtp.go b/fortios/resource_wirelesscontroller_wtp.go index e86c9d279..defeb7eef 100644 --- a/fortios/resource_wirelesscontroller_wtp.go +++ b/fortios/resource_wirelesscontroller_wtp.go @@ -120,6 +120,18 @@ func resourceWirelessControllerWtp() *schema.Resource { Optional: true, Computed: true, }, + "ble_major_id": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 65535), + Optional: true, + Computed: true, + }, + "ble_minor_id": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 65535), + Optional: true, + Computed: true, + }, "override_led_state": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1059,6 +1071,14 @@ func flattenWirelessControllerWtpBonjourProfile(v interface{}, d *schema.Resourc return v } +func flattenWirelessControllerWtpBleMajorId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpBleMinorId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpOverrideLedState(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2515,6 +2535,18 @@ func refreshObjectWirelessControllerWtp(d *schema.ResourceData, o map[string]int } } + if err = d.Set("ble_major_id", flattenWirelessControllerWtpBleMajorId(o["ble-major-id"], d, "ble_major_id", sv)); err != nil { + if !fortiAPIPatch(o["ble-major-id"]) { + return fmt.Errorf("Error reading ble_major_id: %v", err) + } + } + + if err = d.Set("ble_minor_id", flattenWirelessControllerWtpBleMinorId(o["ble-minor-id"], d, "ble_minor_id", sv)); err != nil { + if !fortiAPIPatch(o["ble-minor-id"]) { + return fmt.Errorf("Error reading ble_minor_id: %v", err) + } + } + if err = d.Set("override_led_state", flattenWirelessControllerWtpOverrideLedState(o["override-led-state"], d, "override_led_state", sv)); err != nil { if !fortiAPIPatch(o["override-led-state"]) { return fmt.Errorf("Error reading override_led_state: %v", err) @@ -2800,6 +2832,14 @@ func expandWirelessControllerWtpBonjourProfile(d *schema.ResourceData, v interfa return v, nil } +func expandWirelessControllerWtpBleMajorId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpBleMinorId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpOverrideLedState(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4116,6 +4156,24 @@ func getObjectWirelessControllerWtp(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOkExists("ble_major_id"); ok { + t, err := expandWirelessControllerWtpBleMajorId(d, v, "ble_major_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ble-major-id"] = t + } + } + + if v, ok := d.GetOkExists("ble_minor_id"); ok { + t, err := expandWirelessControllerWtpBleMinorId(d, v, "ble_minor_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ble-minor-id"] = t + } + } + if v, ok := d.GetOk("override_led_state"); ok { t, err := expandWirelessControllerWtpOverrideLedState(d, v, "override_led_state", sv) if err != nil { diff --git a/fortios/resource_wirelesscontroller_wtpgroup.go b/fortios/resource_wirelesscontroller_wtpgroup.go index 97d15537e..2851c97e1 100644 --- a/fortios/resource_wirelesscontroller_wtpgroup.go +++ b/fortios/resource_wirelesscontroller_wtpgroup.go @@ -47,6 +47,12 @@ func resourceWirelessControllerWtpGroup() *schema.Resource { Optional: true, Computed: true, }, + "ble_major_id": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 65535), + Optional: true, + Computed: true, + }, "wtps": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -204,6 +210,10 @@ func flattenWirelessControllerWtpGroupPlatformType(v interface{}, d *schema.Reso return v } +func flattenWirelessControllerWtpGroupBleMajorId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpGroupWtps(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -267,6 +277,12 @@ func refreshObjectWirelessControllerWtpGroup(d *schema.ResourceData, o map[strin } } + if err = d.Set("ble_major_id", flattenWirelessControllerWtpGroupBleMajorId(o["ble-major-id"], d, "ble_major_id", sv)); err != nil { + if !fortiAPIPatch(o["ble-major-id"]) { + return fmt.Errorf("Error reading ble_major_id: %v", err) + } + } + if b_get_all_tables { if err = d.Set("wtps", flattenWirelessControllerWtpGroupWtps(o["wtps"], d, "wtps", sv)); err != nil { if !fortiAPIPatch(o["wtps"]) { @@ -300,6 +316,10 @@ func expandWirelessControllerWtpGroupPlatformType(d *schema.ResourceData, v inte return v, nil } +func expandWirelessControllerWtpGroupBleMajorId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpGroupWtps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -352,6 +372,15 @@ func getObjectWirelessControllerWtpGroup(d *schema.ResourceData, sv string) (*ma } } + if v, ok := d.GetOkExists("ble_major_id"); ok { + t, err := expandWirelessControllerWtpGroupBleMajorId(d, v, "ble_major_id", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ble-major-id"] = t + } + } + if v, ok := d.GetOk("wtps"); ok || d.HasChange("wtps") { t, err := expandWirelessControllerWtpGroupWtps(d, v, "wtps", sv) if err != nil { diff --git a/fortios/resource_wirelesscontroller_wtpprofile.go b/fortios/resource_wirelesscontroller_wtpprofile.go index 7c8cd1286..aa571c6d3 100644 --- a/fortios/resource_wirelesscontroller_wtpprofile.go +++ b/fortios/resource_wirelesscontroller_wtpprofile.go @@ -468,6 +468,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "mimo_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "channel_bonding": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -886,6 +891,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "mimo_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "channel_bonding": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1298,6 +1308,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "mimo_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "channel_bonding": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1710,6 +1725,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "mimo_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "channel_bonding": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -2174,6 +2194,82 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "polestar": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "polestar_protocol": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "polestar_server_fqdn": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "polestar_server_path": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + "polestar_server_token": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 31), + Optional: true, + Computed: true, + }, + "polestar_server_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 65535), + Optional: true, + Computed: true, + }, + "polestar_accumulation_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 60), + Optional: true, + Computed: true, + }, + "polestar_reporting_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 600), + Optional: true, + Computed: true, + }, + "polestar_asset_uuid_list1": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 36), + Optional: true, + Computed: true, + }, + "polestar_asset_uuid_list2": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 36), + Optional: true, + Computed: true, + }, + "polestar_asset_uuid_list3": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 36), + Optional: true, + Computed: true, + }, + "polestar_asset_uuid_list4": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 36), + Optional: true, + Computed: true, + }, + "polestar_asset_addrgrp_list": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, }, }, }, @@ -3005,6 +3101,11 @@ func flattenWirelessControllerWtpProfileRadio1(v interface{}, d *schema.Resource result["short_guard_interval"] = flattenWirelessControllerWtpProfileRadio1ShortGuardInterval(i["short-guard-interval"], d, pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := i["mimo-mode"]; ok { + result["mimo_mode"] = flattenWirelessControllerWtpProfileRadio1MimoMode(i["mimo-mode"], d, pre_append, sv) + } + pre_append = pre + ".0." + "channel_bonding" if _, ok := i["channel-bonding"]; ok { result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio1ChannelBonding(i["channel-bonding"], d, pre_append, sv) @@ -3358,6 +3459,10 @@ func flattenWirelessControllerWtpProfileRadio1ShortGuardInterval(v interface{}, return v } +func flattenWirelessControllerWtpProfileRadio1MimoMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio1ChannelBonding(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3751,6 +3856,11 @@ func flattenWirelessControllerWtpProfileRadio2(v interface{}, d *schema.Resource result["short_guard_interval"] = flattenWirelessControllerWtpProfileRadio2ShortGuardInterval(i["short-guard-interval"], d, pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := i["mimo-mode"]; ok { + result["mimo_mode"] = flattenWirelessControllerWtpProfileRadio2MimoMode(i["mimo-mode"], d, pre_append, sv) + } + pre_append = pre + ".0." + "channel_bonding" if _, ok := i["channel-bonding"]; ok { result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio2ChannelBonding(i["channel-bonding"], d, pre_append, sv) @@ -4104,6 +4214,10 @@ func flattenWirelessControllerWtpProfileRadio2ShortGuardInterval(v interface{}, return v } +func flattenWirelessControllerWtpProfileRadio2MimoMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio2ChannelBonding(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4492,6 +4606,11 @@ func flattenWirelessControllerWtpProfileRadio3(v interface{}, d *schema.Resource result["short_guard_interval"] = flattenWirelessControllerWtpProfileRadio3ShortGuardInterval(i["short-guard-interval"], d, pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := i["mimo-mode"]; ok { + result["mimo_mode"] = flattenWirelessControllerWtpProfileRadio3MimoMode(i["mimo-mode"], d, pre_append, sv) + } + pre_append = pre + ".0." + "channel_bonding" if _, ok := i["channel-bonding"]; ok { result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio3ChannelBonding(i["channel-bonding"], d, pre_append, sv) @@ -4841,6 +4960,10 @@ func flattenWirelessControllerWtpProfileRadio3ShortGuardInterval(v interface{}, return v } +func flattenWirelessControllerWtpProfileRadio3MimoMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio3ChannelBonding(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -5229,6 +5352,11 @@ func flattenWirelessControllerWtpProfileRadio4(v interface{}, d *schema.Resource result["short_guard_interval"] = flattenWirelessControllerWtpProfileRadio4ShortGuardInterval(i["short-guard-interval"], d, pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := i["mimo-mode"]; ok { + result["mimo_mode"] = flattenWirelessControllerWtpProfileRadio4MimoMode(i["mimo-mode"], d, pre_append, sv) + } + pre_append = pre + ".0." + "channel_bonding" if _, ok := i["channel-bonding"]; ok { result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio4ChannelBonding(i["channel-bonding"], d, pre_append, sv) @@ -5578,6 +5706,10 @@ func flattenWirelessControllerWtpProfileRadio4ShortGuardInterval(v interface{}, return v } +func flattenWirelessControllerWtpProfileRadio4MimoMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio4ChannelBonding(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -6015,6 +6147,71 @@ func flattenWirelessControllerWtpProfileLbs(v interface{}, d *schema.ResourceDat result["station_locate"] = flattenWirelessControllerWtpProfileLbsStationLocate(i["station-locate"], d, pre_append, sv) } + pre_append = pre + ".0." + "polestar" + if _, ok := i["polestar"]; ok { + result["polestar"] = flattenWirelessControllerWtpProfileLbsPolestar(i["polestar"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_protocol" + if _, ok := i["polestar-protocol"]; ok { + result["polestar_protocol"] = flattenWirelessControllerWtpProfileLbsPolestarProtocol(i["polestar-protocol"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_server_fqdn" + if _, ok := i["polestar-server-fqdn"]; ok { + result["polestar_server_fqdn"] = flattenWirelessControllerWtpProfileLbsPolestarServerFqdn(i["polestar-server-fqdn"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_server_path" + if _, ok := i["polestar-server-path"]; ok { + result["polestar_server_path"] = flattenWirelessControllerWtpProfileLbsPolestarServerPath(i["polestar-server-path"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_server_token" + if _, ok := i["polestar-server-token"]; ok { + result["polestar_server_token"] = flattenWirelessControllerWtpProfileLbsPolestarServerToken(i["polestar-server-token"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_server_port" + if _, ok := i["polestar-server-port"]; ok { + result["polestar_server_port"] = flattenWirelessControllerWtpProfileLbsPolestarServerPort(i["polestar-server-port"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_accumulation_interval" + if _, ok := i["polestar-accumulation-interval"]; ok { + result["polestar_accumulation_interval"] = flattenWirelessControllerWtpProfileLbsPolestarAccumulationInterval(i["polestar-accumulation-interval"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_reporting_interval" + if _, ok := i["polestar-reporting-interval"]; ok { + result["polestar_reporting_interval"] = flattenWirelessControllerWtpProfileLbsPolestarReportingInterval(i["polestar-reporting-interval"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_asset_uuid_list1" + if _, ok := i["polestar-asset-uuid-list1"]; ok { + result["polestar_asset_uuid_list1"] = flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList1(i["polestar-asset-uuid-list1"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_asset_uuid_list2" + if _, ok := i["polestar-asset-uuid-list2"]; ok { + result["polestar_asset_uuid_list2"] = flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList2(i["polestar-asset-uuid-list2"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_asset_uuid_list3" + if _, ok := i["polestar-asset-uuid-list3"]; ok { + result["polestar_asset_uuid_list3"] = flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList3(i["polestar-asset-uuid-list3"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_asset_uuid_list4" + if _, ok := i["polestar-asset-uuid-list4"]; ok { + result["polestar_asset_uuid_list4"] = flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList4(i["polestar-asset-uuid-list4"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "polestar_asset_addrgrp_list" + if _, ok := i["polestar-asset-addrgrp-list"]; ok { + result["polestar_asset_addrgrp_list"] = flattenWirelessControllerWtpProfileLbsPolestarAssetAddrgrpList(i["polestar-asset-addrgrp-list"], d, pre_append, sv) + } + lastresult := []map[string]interface{}{result} return lastresult } @@ -6115,6 +6312,58 @@ func flattenWirelessControllerWtpProfileLbsStationLocate(v interface{}, d *schem return v } +func flattenWirelessControllerWtpProfileLbsPolestar(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarProtocol(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarServerFqdn(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarServerPath(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarServerToken(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarServerPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarAccumulationInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarReportingInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList1(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList2(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList3(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarAssetUuidList4(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerWtpProfileLbsPolestarAssetAddrgrpList(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileExtInfoEnable(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -7172,6 +7421,10 @@ func expandWirelessControllerWtpProfileRadio1(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["short-guard-interval"], _ = expandWirelessControllerWtpProfileRadio1ShortGuardInterval(d, i["short_guard_interval"], pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := d.GetOk(pre_append); ok { + result["mimo-mode"], _ = expandWirelessControllerWtpProfileRadio1MimoMode(d, i["mimo_mode"], pre_append, sv) + } pre_append = pre + ".0." + "channel_bonding" if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio1ChannelBonding(d, i["channel_bonding"], pre_append, sv) @@ -7472,6 +7725,10 @@ func expandWirelessControllerWtpProfileRadio1ShortGuardInterval(d *schema.Resour return v, nil } +func expandWirelessControllerWtpProfileRadio1MimoMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio1ChannelBonding(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -7828,6 +8085,10 @@ func expandWirelessControllerWtpProfileRadio2(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["short-guard-interval"], _ = expandWirelessControllerWtpProfileRadio2ShortGuardInterval(d, i["short_guard_interval"], pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := d.GetOk(pre_append); ok { + result["mimo-mode"], _ = expandWirelessControllerWtpProfileRadio2MimoMode(d, i["mimo_mode"], pre_append, sv) + } pre_append = pre + ".0." + "channel_bonding" if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio2ChannelBonding(d, i["channel_bonding"], pre_append, sv) @@ -8128,6 +8389,10 @@ func expandWirelessControllerWtpProfileRadio2ShortGuardInterval(d *schema.Resour return v, nil } +func expandWirelessControllerWtpProfileRadio2MimoMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio2ChannelBonding(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8480,6 +8745,10 @@ func expandWirelessControllerWtpProfileRadio3(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["short-guard-interval"], _ = expandWirelessControllerWtpProfileRadio3ShortGuardInterval(d, i["short_guard_interval"], pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := d.GetOk(pre_append); ok { + result["mimo-mode"], _ = expandWirelessControllerWtpProfileRadio3MimoMode(d, i["mimo_mode"], pre_append, sv) + } pre_append = pre + ".0." + "channel_bonding" if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio3ChannelBonding(d, i["channel_bonding"], pre_append, sv) @@ -8776,6 +9045,10 @@ func expandWirelessControllerWtpProfileRadio3ShortGuardInterval(d *schema.Resour return v, nil } +func expandWirelessControllerWtpProfileRadio3MimoMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio3ChannelBonding(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -9128,6 +9401,10 @@ func expandWirelessControllerWtpProfileRadio4(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["short-guard-interval"], _ = expandWirelessControllerWtpProfileRadio4ShortGuardInterval(d, i["short_guard_interval"], pre_append, sv) } + pre_append = pre + ".0." + "mimo_mode" + if _, ok := d.GetOk(pre_append); ok { + result["mimo-mode"], _ = expandWirelessControllerWtpProfileRadio4MimoMode(d, i["mimo_mode"], pre_append, sv) + } pre_append = pre + ".0." + "channel_bonding" if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio4ChannelBonding(d, i["channel_bonding"], pre_append, sv) @@ -9424,6 +9701,10 @@ func expandWirelessControllerWtpProfileRadio4ShortGuardInterval(d *schema.Resour return v, nil } +func expandWirelessControllerWtpProfileRadio4MimoMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio4ChannelBonding(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -9812,6 +10093,58 @@ func expandWirelessControllerWtpProfileLbs(d *schema.ResourceData, v interface{} if _, ok := d.GetOk(pre_append); ok { result["station-locate"], _ = expandWirelessControllerWtpProfileLbsStationLocate(d, i["station_locate"], pre_append, sv) } + pre_append = pre + ".0." + "polestar" + if _, ok := d.GetOk(pre_append); ok { + result["polestar"], _ = expandWirelessControllerWtpProfileLbsPolestar(d, i["polestar"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_protocol" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-protocol"], _ = expandWirelessControllerWtpProfileLbsPolestarProtocol(d, i["polestar_protocol"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_server_fqdn" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-server-fqdn"], _ = expandWirelessControllerWtpProfileLbsPolestarServerFqdn(d, i["polestar_server_fqdn"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_server_path" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-server-path"], _ = expandWirelessControllerWtpProfileLbsPolestarServerPath(d, i["polestar_server_path"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_server_token" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-server-token"], _ = expandWirelessControllerWtpProfileLbsPolestarServerToken(d, i["polestar_server_token"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_server_port" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-server-port"], _ = expandWirelessControllerWtpProfileLbsPolestarServerPort(d, i["polestar_server_port"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_accumulation_interval" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-accumulation-interval"], _ = expandWirelessControllerWtpProfileLbsPolestarAccumulationInterval(d, i["polestar_accumulation_interval"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_reporting_interval" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-reporting-interval"], _ = expandWirelessControllerWtpProfileLbsPolestarReportingInterval(d, i["polestar_reporting_interval"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_asset_uuid_list1" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-asset-uuid-list1"], _ = expandWirelessControllerWtpProfileLbsPolestarAssetUuidList1(d, i["polestar_asset_uuid_list1"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_asset_uuid_list2" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-asset-uuid-list2"], _ = expandWirelessControllerWtpProfileLbsPolestarAssetUuidList2(d, i["polestar_asset_uuid_list2"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_asset_uuid_list3" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-asset-uuid-list3"], _ = expandWirelessControllerWtpProfileLbsPolestarAssetUuidList3(d, i["polestar_asset_uuid_list3"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_asset_uuid_list4" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-asset-uuid-list4"], _ = expandWirelessControllerWtpProfileLbsPolestarAssetUuidList4(d, i["polestar_asset_uuid_list4"], pre_append, sv) + } + pre_append = pre + ".0." + "polestar_asset_addrgrp_list" + if _, ok := d.GetOk(pre_append); ok { + result["polestar-asset-addrgrp-list"], _ = expandWirelessControllerWtpProfileLbsPolestarAssetAddrgrpList(d, i["polestar_asset_addrgrp_list"], pre_append, sv) + } return result, nil } @@ -9912,6 +10245,58 @@ func expandWirelessControllerWtpProfileLbsStationLocate(d *schema.ResourceData, return v, nil } +func expandWirelessControllerWtpProfileLbsPolestar(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarProtocol(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarServerFqdn(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarServerPath(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarServerToken(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarServerPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarAccumulationInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarReportingInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarAssetUuidList1(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarAssetUuidList2(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarAssetUuidList3(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarAssetUuidList4(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerWtpProfileLbsPolestarAssetAddrgrpList(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileExtInfoEnable(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/sdk/request/request.go b/sdk/request/request.go index d3db82ae3..450240708 100644 --- a/sdk/request/request.go +++ b/sdk/request/request.go @@ -366,6 +366,16 @@ func (r *Request) LoginToken() (string, error) { } } + if rsp == nil { + err = fmt.Errorf("Host is unreachable. HTTP response is nil.") + return token, err + } + + if rsp.Header == nil { + err = fmt.Errorf("HTTP response header is nil.") + return token, err + } + body, err := ioutil.ReadAll(rsp.Body) rsp.Body.Close() @@ -417,6 +427,16 @@ func (r *Request) LoginSession() (*Cookies, error) { } } + if rsp == nil { + err = fmt.Errorf("Host is unreachable. HTTP response is nil.") + return nil, err + } + + if rsp.Header == nil { + err = fmt.Errorf("HTTP response header is nil.") + return nil, err + } + csrfToken := "" cookie := "" if setCookie, ok := rsp.Header["Set-Cookie"]; ok { diff --git a/sdk/sdkcore/firewall_centralsnatmap_move.go b/sdk/sdkcore/firewall_centralsnatmap_move.go index bf50234c4..3eea15058 100644 --- a/sdk/sdkcore/firewall_centralsnatmap_move.go +++ b/sdk/sdkcore/firewall_centralsnatmap_move.go @@ -44,15 +44,15 @@ func (c *FortiSDKClient) CreateUpdateFirewallCentralsnatmapMove(srcId, dstId, mv return } -// JSONFirewallCentralsnatmapItem contains the necessary parameters for each item -type JSONFirewallCentralsnatmapItem struct { +// JSONMoveFirewallCentralsnatmapItem contains the necessary parameters for each item +type JSONMoveFirewallCentralsnatmapItem struct { Policyid string `json:"policyid"` } // GetFirewallCentralsnatmapList API operation for FortiOS gets the list // Returns the requested API user value when the request executes successfully. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) GetFirewallCentralsnatmapList(vdomparam string) (out []JSONFirewallCentralsnatmapItem, err error) { +func (c *FortiSDKClient) GetFirewallCentralsnatmapList(vdomparam string) (out []JSONMoveFirewallCentralsnatmapItem, err error) { HTTPMethod := "GET" path := "/api/v2/cmdb/firewall/central-snat-map/" @@ -92,12 +92,12 @@ func (c *FortiSDKClient) GetFirewallCentralsnatmapList(vdomparam string) (out [] return } - var members []JSONFirewallCentralsnatmapItem + var members []JSONMoveFirewallCentralsnatmapItem for _, v := range mapTmp { c := v.(map[string]interface{}) members = append(members, - JSONFirewallCentralsnatmapItem{ + JSONMoveFirewallCentralsnatmapItem{ Policyid: strconv.Itoa(int(c["policyid"].(float64))), }) } diff --git a/sdk/sdkcore/firewall_centralsnatmap_sort.go b/sdk/sdkcore/firewall_centralsnatmap_sort.go index d18049a54..5362f22b8 100644 --- a/sdk/sdkcore/firewall_centralsnatmap_sort.go +++ b/sdk/sdkcore/firewall_centralsnatmap_sort.go @@ -9,15 +9,18 @@ import ( "strconv" ) -type policySortFirewallCentralsnatmap struct { +// sortFirewallCentralsnatmapItem contains the parameters for each Policy item +type sortFirewallCentralsnatmapItem struct { policyid int + name string + action string } -func getPolicyListFirewallCentralsnatmap(c *FortiSDKClient, vdomparam string) (idlist []policySortFirewallCentralsnatmap, err error) { +func getPolicyListFirewallCentralsnatmap(c *FortiSDKClient, vdomparam string) (itemList []sortFirewallCentralsnatmapItem, err error) { HTTPMethod := "GET" path := "/api/v2/cmdb/firewall/central-snat-map" - specialparams := "format=policyid|name" + specialparams := "format=policyid|name|action" req := c.NewRequest(HTTPMethod, path, nil, nil) err = req.SendWithSpecialParams(specialparams, vdomparam) @@ -52,31 +55,81 @@ func getPolicyListFirewallCentralsnatmap(c *FortiSDKClient, vdomparam string) (i return } + var members []sortFirewallCentralsnatmapItem for _, v := range mapTmp { c := v.(map[string]interface{}) - idlist = append(idlist, policySortFirewallCentralsnatmap{policyid: int(c["policyid"].(float64))}) + members = append(members, + sortFirewallCentralsnatmapItem{ + policyid: int(c["policyid"].(float64)), + name: c["name"].(string), + action: c["action"].(string), + }) } + + itemList = members } return } -func bPolicyListSortedFirewallCentralsnatmap(idlist []policySortFirewallCentralsnatmap, sortby, sortdirection string) (bsorted bool) { +func bPolicyListSortedFirewallCentralsnatmap(itemList []sortFirewallCentralsnatmapItem, sortby, sortdirection string, manual_order []string) (bsorted bool) { bsorted = true - if sortby == "policyid" { - for i := 0; i < len(idlist)-1; i++ { + for i := 0; i < len(itemList)-1; i++ { + if sortdirection == "ascending" { + if itemList[i].policyid > itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "descending" { + if itemList[i].policyid < itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := strconv.Itoa(item.policyid) + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } + } + } + } + if sortby == "name" { + for i := 0; i < len(itemList)-1; i++ { if sortdirection == "ascending" { - if idlist[i].policyid > idlist[i+1].policyid { + if itemList[i].name > itemList[i+1].name { bsorted = false return } } else if sortdirection == "descending" { - if idlist[i].policyid < idlist[i+1].policyid { + if itemList[i].name < itemList[i+1].name { bsorted = false return } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := item.name + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } } } } @@ -118,46 +171,92 @@ func moveAfterFirewallCentralsnatmap(idbefore, idafter int, c *FortiSDKClient, v return } -func sortPolicyListFirewallCentralsnatmap(idlist []policySortFirewallCentralsnatmap, sortby, sortdirection string, c *FortiSDKClient, vdomparam string) (err error) { +func sortPolicyListFirewallCentralsnatmap(itemList []sortFirewallCentralsnatmapItem, sortby, sortdirection string, c *FortiSDKClient, vdomparam string, manual_order []string) (err error) { + var targetItemOrder []sortFirewallCentralsnatmapItem if sortby == "policyid" { if sortdirection == "ascending" { - sort.Slice(idlist, func(i, j int) bool { - return idlist[i].policyid < idlist[j].policyid + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid < itemList[j].policyid }) + targetItemOrder = itemList } else if sortdirection == "descending" { - sort.Slice(idlist, func(i, j int) bool { - return idlist[i].policyid > idlist[j].policyid + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid > itemList[j].policyid }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallCentralsnatmapItem) + for _, item := range itemList { + curIndex := strconv.Itoa(item.policyid) + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } + } } + } - for i := 0; i < len(idlist)-1; i++ { - err = moveAfterFirewallCentralsnatmap(idlist[i+1].policyid, idlist[i].policyid, c, vdomparam) - if err != nil { - err = fmt.Errorf("sort err %s", err) - return + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallCentralsnatmap(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + if sortby == "name" { + if sortdirection == "ascending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name < itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "descending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name > itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallCentralsnatmapItem) + for _, item := range itemList { + curIndex := item.name + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } } } } + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallCentralsnatmap(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + return nil } // CreateUpdateFirewallCentralsnatmapSort API operation for FortiOS to sort the firewall policies. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) CreateUpdateFirewallCentralsnatmapSort(sortby, sortdirection, vdomparam string) (err error) { - idlist, err := getPolicyListFirewallCentralsnatmap(c, vdomparam) - log.Printf("shengh: %v", idlist) +func (c *FortiSDKClient) CreateUpdateFirewallCentralsnatmapSort(sortby, sortdirection, vdomparam string, manual_order []string) (err error) { + itemList, err := getPolicyListFirewallCentralsnatmap(c, vdomparam) + log.Printf("[INFO] Firewall policy id list: %v", itemList) if err != nil { err = fmt.Errorf("sort err %s", err) return } - bsorted := bPolicyListSortedFirewallCentralsnatmap(idlist, sortby, sortdirection) + bsorted := bPolicyListSortedFirewallCentralsnatmap(itemList, sortby, sortdirection, manual_order) if bsorted == true { return } - err = sortPolicyListFirewallCentralsnatmap(idlist, sortby, sortdirection, c, vdomparam) + err = sortPolicyListFirewallCentralsnatmap(itemList, sortby, sortdirection, c, vdomparam, manual_order) if err != nil { err = fmt.Errorf("sort err %s", err) return @@ -169,21 +268,27 @@ func (c *FortiSDKClient) CreateUpdateFirewallCentralsnatmapSort(sortby, sortdire // ReadFirewallCentralsnatmapSort API operation for FortiOS to read the firewall policies sort results // Returns sort status // Returns error for service API and SDK errors. -func (c *FortiSDKClient) ReadFirewallCentralsnatmapSort(sortby, sortdirection string, vdomparam string) (sorted bool, err error) { - idlist, err := getPolicyListFirewallCentralsnatmap(c, vdomparam) +func (c *FortiSDKClient) ReadFirewallCentralsnatmapSort(sortby, sortdirection string, vdomparam string, manual_order []string) (sorted bool, itemMapList []interface{}, err error) { + itemList, err := getPolicyListFirewallCentralsnatmap(c, vdomparam) if err != nil { err = fmt.Errorf("sort err %s", err) return } - bsorted := bPolicyListSortedFirewallCentralsnatmap(idlist, sortby, sortdirection) - log.Printf("shengh: %v", bsorted) + bsorted := bPolicyListSortedFirewallCentralsnatmap(itemList, sortby, sortdirection, manual_order) if bsorted == true { sorted = true return } sorted = false + for _, item := range itemList { + curItemMap := make(map[string]interface{}) + curItemMap["policyid"] = item.policyid + curItemMap["name"] = item.name + curItemMap["action"] = item.action + itemMapList = append(itemMapList, curItemMap) + } return } diff --git a/sdk/sdkcore/firewall_policy_move.go b/sdk/sdkcore/firewall_policy_move.go new file mode 100644 index 000000000..5113c705f --- /dev/null +++ b/sdk/sdkcore/firewall_policy_move.go @@ -0,0 +1,109 @@ +package forticlient + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" + "strconv" +) + +// CreateUpdateFirewallPolicyMove API operation for FortiOS moves the specified item. +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) CreateUpdateFirewallPolicyMove(srcId, dstId, mv, vdomparam string) (err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/firewall/policy" + path += "/" + srcId + + specialparams := "action=move&" + specialparams += mv + specialparams += "=" + specialparams += dstId + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + err = fortiAPIErrorFormat(result, string(body)) + + return +} + +// JSONMoveFirewallPolicyItem contains the necessary parameters for each item +type JSONMoveFirewallPolicyItem struct { + Policyid string `json:"policyid"` +} + +// GetFirewallPolicyList API operation for FortiOS gets the list +// Returns the requested API user value when the request executes successfully. +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) GetFirewallPolicyList(vdomparam string) (out []JSONMoveFirewallPolicyItem, err error) { + + HTTPMethod := "GET" + path := "/api/v2/cmdb/firewall/policy/" + + specialparams := "format=policyid" + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + if fortiAPIHttpStatus404Checking(result) == true { + return + } + + err = fortiAPIErrorFormat(result, string(body)) + + if err == nil { + mapTmp := result["results"].([]interface{}) //)[0].(map[string]interface{}) + + if mapTmp == nil { + err = fmt.Errorf("cannot get the results from the response") + return + } + + var members []JSONMoveFirewallPolicyItem + for _, v := range mapTmp { + c := v.(map[string]interface{}) + + members = append(members, + JSONMoveFirewallPolicyItem{ + Policyid: strconv.Itoa(int(c["policyid"].(float64))), + }) + } + + out = members + } + + return +} diff --git a/sdk/sdkcore/firewall_policy_sort.go b/sdk/sdkcore/firewall_policy_sort.go new file mode 100644 index 000000000..15ca9036a --- /dev/null +++ b/sdk/sdkcore/firewall_policy_sort.go @@ -0,0 +1,294 @@ +package forticlient + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" + "sort" + "strconv" +) + +// sortFirewallPolicyItem contains the parameters for each Policy item +type sortFirewallPolicyItem struct { + policyid int + name string + action string +} + +func getPolicyListFirewallPolicy(c *FortiSDKClient, vdomparam string) (itemList []sortFirewallPolicyItem, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/firewall/policy" + + specialparams := "format=policyid|name|action" + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + if fortiAPIHttpStatus404Checking(result) == true { + return + } + + err = fortiAPIErrorFormat(result, string(body)) + + if err == nil { + mapTmp := result["results"].([]interface{}) + + if mapTmp == nil { + err = fmt.Errorf("cannot get the results from the response") + return + } + + var members []sortFirewallPolicyItem + for _, v := range mapTmp { + c := v.(map[string]interface{}) + + members = append(members, + sortFirewallPolicyItem{ + policyid: int(c["policyid"].(float64)), + name: c["name"].(string), + action: c["action"].(string), + }) + } + + itemList = members + } + + return +} + +func bPolicyListSortedFirewallPolicy(itemList []sortFirewallPolicyItem, sortby, sortdirection string, manual_order []string) (bsorted bool) { + bsorted = true + if sortby == "policyid" { + for i := 0; i < len(itemList)-1; i++ { + if sortdirection == "ascending" { + if itemList[i].policyid > itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "descending" { + if itemList[i].policyid < itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := strconv.Itoa(item.policyid) + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } + } + } + } + if sortby == "name" { + for i := 0; i < len(itemList)-1; i++ { + if sortdirection == "ascending" { + if itemList[i].name > itemList[i+1].name { + bsorted = false + return + } + } else if sortdirection == "descending" { + if itemList[i].name < itemList[i+1].name { + bsorted = false + return + } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := item.name + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } + } + } + } + + return +} + +func moveAfterFirewallPolicy(idbefore, idafter int, c *FortiSDKClient, vdomparam string) (err error) { + idbefores := strconv.Itoa(idbefore) + idafters := strconv.Itoa(idafter) + + HTTPMethod := "PUT" + path := "/api/v2/cmdb/firewall/policy/" + path += idbefores + + specialparams := "action=move&after=" + specialparams += idafters + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + err = fortiAPIErrorFormat(result, string(body)) + return +} + +func sortPolicyListFirewallPolicy(itemList []sortFirewallPolicyItem, sortby, sortdirection string, c *FortiSDKClient, vdomparam string, manual_order []string) (err error) { + var targetItemOrder []sortFirewallPolicyItem + if sortby == "policyid" { + if sortdirection == "ascending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid < itemList[j].policyid + }) + targetItemOrder = itemList + } else if sortdirection == "descending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid > itemList[j].policyid + }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallPolicyItem) + for _, item := range itemList { + curIndex := strconv.Itoa(item.policyid) + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } + } + } + } + + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallPolicy(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + if sortby == "name" { + if sortdirection == "ascending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name < itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "descending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name > itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallPolicyItem) + for _, item := range itemList { + curIndex := item.name + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } + } + } + } + + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallPolicy(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + + return nil +} + +// CreateUpdateFirewallPolicySort API operation for FortiOS to sort the firewall policies. +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) CreateUpdateFirewallPolicySort(sortby, sortdirection, vdomparam string, manual_order []string) (err error) { + itemList, err := getPolicyListFirewallPolicy(c, vdomparam) + log.Printf("[INFO] Firewall policy id list: %v", itemList) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + + bsorted := bPolicyListSortedFirewallPolicy(itemList, sortby, sortdirection, manual_order) + if bsorted == true { + return + } + + err = sortPolicyListFirewallPolicy(itemList, sortby, sortdirection, c, vdomparam, manual_order) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + + return +} + +// ReadFirewallPolicySort API operation for FortiOS to read the firewall policies sort results +// Returns sort status +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) ReadFirewallPolicySort(sortby, sortdirection string, vdomparam string, manual_order []string) (sorted bool, itemMapList []interface{}, err error) { + itemList, err := getPolicyListFirewallPolicy(c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + + bsorted := bPolicyListSortedFirewallPolicy(itemList, sortby, sortdirection, manual_order) + if bsorted == true { + sorted = true + return + } + + sorted = false + for _, item := range itemList { + curItemMap := make(map[string]interface{}) + curItemMap["policyid"] = item.policyid + curItemMap["name"] = item.name + curItemMap["action"] = item.action + itemMapList = append(itemMapList, curItemMap) + } + + return +} diff --git a/sdk/sdkcore/firewall_proxypolicy_move.go b/sdk/sdkcore/firewall_proxypolicy_move.go index 3e574da6b..8493d3cc8 100644 --- a/sdk/sdkcore/firewall_proxypolicy_move.go +++ b/sdk/sdkcore/firewall_proxypolicy_move.go @@ -44,15 +44,15 @@ func (c *FortiSDKClient) CreateUpdateFirewallProxypolicyMove(srcId, dstId, mv, v return } -// JSONFirewallProxypolicyItem contains the necessary parameters for each item -type JSONFirewallProxypolicyItem struct { +// JSONMoveFirewallProxypolicyItem contains the necessary parameters for each item +type JSONMoveFirewallProxypolicyItem struct { Policyid string `json:"policyid"` } // GetFirewallProxypolicyList API operation for FortiOS gets the list // Returns the requested API user value when the request executes successfully. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) GetFirewallProxypolicyList(vdomparam string) (out []JSONFirewallProxypolicyItem, err error) { +func (c *FortiSDKClient) GetFirewallProxypolicyList(vdomparam string) (out []JSONMoveFirewallProxypolicyItem, err error) { HTTPMethod := "GET" path := "/api/v2/cmdb/firewall/proxy-policy/" @@ -92,12 +92,12 @@ func (c *FortiSDKClient) GetFirewallProxypolicyList(vdomparam string) (out []JSO return } - var members []JSONFirewallProxypolicyItem + var members []JSONMoveFirewallProxypolicyItem for _, v := range mapTmp { c := v.(map[string]interface{}) members = append(members, - JSONFirewallProxypolicyItem{ + JSONMoveFirewallProxypolicyItem{ Policyid: strconv.Itoa(int(c["policyid"].(float64))), }) } diff --git a/sdk/sdkcore/firewall_proxypolicy_sort.go b/sdk/sdkcore/firewall_proxypolicy_sort.go index 532e45bcd..70568eabb 100644 --- a/sdk/sdkcore/firewall_proxypolicy_sort.go +++ b/sdk/sdkcore/firewall_proxypolicy_sort.go @@ -9,15 +9,18 @@ import ( "strconv" ) -type policySortFirewallProxypolicy struct { +// sortFirewallProxypolicyItem contains the parameters for each Policy item +type sortFirewallProxypolicyItem struct { policyid int + name string + action string } -func getPolicyListFirewallProxypolicy(c *FortiSDKClient, vdomparam string) (idlist []policySortFirewallProxypolicy, err error) { +func getPolicyListFirewallProxypolicy(c *FortiSDKClient, vdomparam string) (itemList []sortFirewallProxypolicyItem, err error) { HTTPMethod := "GET" path := "/api/v2/cmdb/firewall/proxy-policy" - specialparams := "format=policyid|name" + specialparams := "format=policyid|name|action" req := c.NewRequest(HTTPMethod, path, nil, nil) err = req.SendWithSpecialParams(specialparams, vdomparam) @@ -52,31 +55,81 @@ func getPolicyListFirewallProxypolicy(c *FortiSDKClient, vdomparam string) (idli return } + var members []sortFirewallProxypolicyItem for _, v := range mapTmp { c := v.(map[string]interface{}) - idlist = append(idlist, policySortFirewallProxypolicy{policyid: int(c["policyid"].(float64))}) + members = append(members, + sortFirewallProxypolicyItem{ + policyid: int(c["policyid"].(float64)), + name: c["name"].(string), + action: c["action"].(string), + }) } + + itemList = members } return } -func bPolicyListSortedFirewallProxypolicy(idlist []policySortFirewallProxypolicy, sortby, sortdirection string) (bsorted bool) { +func bPolicyListSortedFirewallProxypolicy(itemList []sortFirewallProxypolicyItem, sortby, sortdirection string, manual_order []string) (bsorted bool) { bsorted = true - if sortby == "policyid" { - for i := 0; i < len(idlist)-1; i++ { + for i := 0; i < len(itemList)-1; i++ { + if sortdirection == "ascending" { + if itemList[i].policyid > itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "descending" { + if itemList[i].policyid < itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := strconv.Itoa(item.policyid) + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } + } + } + } + if sortby == "name" { + for i := 0; i < len(itemList)-1; i++ { if sortdirection == "ascending" { - if idlist[i].policyid > idlist[i+1].policyid { + if itemList[i].name > itemList[i+1].name { bsorted = false return } } else if sortdirection == "descending" { - if idlist[i].policyid < idlist[i+1].policyid { + if itemList[i].name < itemList[i+1].name { bsorted = false return } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := item.name + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } } } } @@ -118,46 +171,92 @@ func moveAfterFirewallProxypolicy(idbefore, idafter int, c *FortiSDKClient, vdom return } -func sortPolicyListFirewallProxypolicy(idlist []policySortFirewallProxypolicy, sortby, sortdirection string, c *FortiSDKClient, vdomparam string) (err error) { +func sortPolicyListFirewallProxypolicy(itemList []sortFirewallProxypolicyItem, sortby, sortdirection string, c *FortiSDKClient, vdomparam string, manual_order []string) (err error) { + var targetItemOrder []sortFirewallProxypolicyItem if sortby == "policyid" { if sortdirection == "ascending" { - sort.Slice(idlist, func(i, j int) bool { - return idlist[i].policyid < idlist[j].policyid + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid < itemList[j].policyid }) + targetItemOrder = itemList } else if sortdirection == "descending" { - sort.Slice(idlist, func(i, j int) bool { - return idlist[i].policyid > idlist[j].policyid + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid > itemList[j].policyid }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallProxypolicyItem) + for _, item := range itemList { + curIndex := strconv.Itoa(item.policyid) + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } + } } + } - for i := 0; i < len(idlist)-1; i++ { - err = moveAfterFirewallProxypolicy(idlist[i+1].policyid, idlist[i].policyid, c, vdomparam) - if err != nil { - err = fmt.Errorf("sort err %s", err) - return + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallProxypolicy(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + if sortby == "name" { + if sortdirection == "ascending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name < itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "descending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name > itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallProxypolicyItem) + for _, item := range itemList { + curIndex := item.name + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } } } } + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallProxypolicy(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + return nil } // CreateUpdateFirewallProxypolicySort API operation for FortiOS to sort the firewall policies. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) CreateUpdateFirewallProxypolicySort(sortby, sortdirection, vdomparam string) (err error) { - idlist, err := getPolicyListFirewallProxypolicy(c, vdomparam) - log.Printf("shengh: %v", idlist) +func (c *FortiSDKClient) CreateUpdateFirewallProxypolicySort(sortby, sortdirection, vdomparam string, manual_order []string) (err error) { + itemList, err := getPolicyListFirewallProxypolicy(c, vdomparam) + log.Printf("[INFO] Firewall policy id list: %v", itemList) if err != nil { err = fmt.Errorf("sort err %s", err) return } - bsorted := bPolicyListSortedFirewallProxypolicy(idlist, sortby, sortdirection) + bsorted := bPolicyListSortedFirewallProxypolicy(itemList, sortby, sortdirection, manual_order) if bsorted == true { return } - err = sortPolicyListFirewallProxypolicy(idlist, sortby, sortdirection, c, vdomparam) + err = sortPolicyListFirewallProxypolicy(itemList, sortby, sortdirection, c, vdomparam, manual_order) if err != nil { err = fmt.Errorf("sort err %s", err) return @@ -169,21 +268,27 @@ func (c *FortiSDKClient) CreateUpdateFirewallProxypolicySort(sortby, sortdirecti // ReadFirewallProxypolicySort API operation for FortiOS to read the firewall policies sort results // Returns sort status // Returns error for service API and SDK errors. -func (c *FortiSDKClient) ReadFirewallProxypolicySort(sortby, sortdirection string, vdomparam string) (sorted bool, err error) { - idlist, err := getPolicyListFirewallProxypolicy(c, vdomparam) +func (c *FortiSDKClient) ReadFirewallProxypolicySort(sortby, sortdirection string, vdomparam string, manual_order []string) (sorted bool, itemMapList []interface{}, err error) { + itemList, err := getPolicyListFirewallProxypolicy(c, vdomparam) if err != nil { err = fmt.Errorf("sort err %s", err) return } - bsorted := bPolicyListSortedFirewallProxypolicy(idlist, sortby, sortdirection) - log.Printf("shengh: %v", bsorted) + bsorted := bPolicyListSortedFirewallProxypolicy(itemList, sortby, sortdirection, manual_order) if bsorted == true { sorted = true return } sorted = false + for _, item := range itemList { + curItemMap := make(map[string]interface{}) + curItemMap["policyid"] = item.policyid + curItemMap["name"] = item.name + curItemMap["action"] = item.action + itemMapList = append(itemMapList, curItemMap) + } return } diff --git a/sdk/sdkcore/firewall_security_policyseq.go b/sdk/sdkcore/firewall_security_policyseq.go index 5cae12009..6c3addad8 100644 --- a/sdk/sdkcore/firewall_security_policyseq.go +++ b/sdk/sdkcore/firewall_security_policyseq.go @@ -8,9 +8,9 @@ import ( "strconv" ) -// CreateUpdateFirewallSecurityPolicySeq API operation for FortiOS alters the specified firewall policy sequence. +// CreateUpdateFirewallPolicyOldvSeq API operation for FortiOS alters the specified firewall policy sequence. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) CreateUpdateFirewallSecurityPolicySeq(srcId, dstId, alterPos, vdomparam string) (err error) { +func (c *FortiSDKClient) CreateUpdateFirewallPolicyOldvSeq(srcId, dstId, alterPos, vdomparam string) (err error) { HTTPMethod := "PUT" path := "/api/v2/cmdb/firewall/policy" path += "/" + srcId @@ -45,28 +45,28 @@ func (c *FortiSDKClient) CreateUpdateFirewallSecurityPolicySeq(srcId, dstId, alt } // Not suitable operation -func (c *FortiSDKClient) ReadFirewallSecurityPolicySeq() (err error) { +func (c *FortiSDKClient) ReadFirewallPolicyOldvSeq() (err error) { return } // Not suitable operation -func (c *FortiSDKClient) DelFirewallSecurityPolicySeq() (err error) { +func (c *FortiSDKClient) DelFirewallPolicyOldvSeq() (err error) { return } -// JSONSecurityPolicyItem contains the parameters for each Security Policy item -type JSONSecurityPolicyItem struct { +// JSONPolicyItem contains the parameters for each Policy item +type JSONPolicyItem struct { PolicyID string `json:"policyid"` Name string `json:"name"` Action string `json:"action"` } -// GetSecurityPolicyList API operation for FortiOS gets the Security Policy list +// GetPolicyList API operation for FortiOS gets the Policy list // Returns the requested API user value when the request executes successfully. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) GetSecurityPolicyList(vdomparam string) (out []JSONSecurityPolicyItem, err error) { +func (c *FortiSDKClient) GetPolicyList(vdomparam string) (out []JSONPolicyItem, err error) { HTTPMethod := "GET" path := "/api/v2/cmdb/firewall/policy/" @@ -106,12 +106,12 @@ func (c *FortiSDKClient) GetSecurityPolicyList(vdomparam string) (out []JSONSecu return } - var members []JSONSecurityPolicyItem + var members []JSONPolicyItem for _, v := range mapTmp { c := v.(map[string]interface{}) members = append(members, - JSONSecurityPolicyItem{ + JSONPolicyItem{ PolicyID: strconv.Itoa(int(c["policyid"].(float64))), Name: c["name"].(string), Action: c["action"].(string), diff --git a/sdk/sdkcore/firewall_security_policysort.go b/sdk/sdkcore/firewall_security_policysort.go index 5b901d270..7aa03ae78 100644 --- a/sdk/sdkcore/firewall_security_policysort.go +++ b/sdk/sdkcore/firewall_security_policysort.go @@ -18,7 +18,7 @@ func getPolicyList(c *FortiSDKClient, vdomparam string) (idlist []policySort, er HTTPMethod := "GET" path := "/api/v2/cmdb/firewall/policy/" - specialparams := "format=policyid|name" + specialparams := "format=policyid|name|action" req := c.NewRequest(HTTPMethod, path, nil, nil) err = req.SendWithSpecialParams(specialparams, vdomparam) @@ -175,11 +175,11 @@ func sortPolicyList(idlist []policySort, sortby, sortdirection string, c *FortiS return nil } -// CreateUpdateFirewallSecurityPolicySort API operation for FortiOS to sort the firewall policies. +// CreateUpdateFirewallPolicyOldvSort API operation for FortiOS to sort the firewall policies. // Returns error for service API and SDK errors. -func (c *FortiSDKClient) CreateUpdateFirewallSecurityPolicySort(sortby, sortdirection, vdomparam string) (err error) { +func (c *FortiSDKClient) CreateUpdateFirewallPolicyOldvSort(sortby, sortdirection, vdomparam string) (err error) { idlist, err := getPolicyList(c, vdomparam) - log.Printf("shengh: %v", idlist) + log.Printf("[INFO] Firewall policy id list: %v", idlist) if err != nil { err = fmt.Errorf("sort err %s", err) return @@ -199,10 +199,10 @@ func (c *FortiSDKClient) CreateUpdateFirewallSecurityPolicySort(sortby, sortdire return } -// ReadFirewallSecurityPolicySort API operation for FortiOS to read the firewall policies sort results +// ReadFirewallPolicyOldvSort API operation for FortiOS to read the firewall policies sort results // Returns sort status // Returns error for service API and SDK errors. -func (c *FortiSDKClient) ReadFirewallSecurityPolicySort(sortby, sortdirection, vdomparam string) (sorted bool, err error) { +func (c *FortiSDKClient) ReadFirewallPolicyOldvSort(sortby, sortdirection, vdomparam string) (sorted bool, err error) { idlist, err := getPolicyList(c, vdomparam) if err != nil { err = fmt.Errorf("sort err %s", err) @@ -210,7 +210,6 @@ func (c *FortiSDKClient) ReadFirewallSecurityPolicySort(sortby, sortdirection, v } bsorted := bPolicyListSorted(idlist, sortby, sortdirection) - log.Printf("shengh: %v", bsorted) if bsorted == true { sorted = true return diff --git a/sdk/sdkcore/firewall_securitypolicy_move.go b/sdk/sdkcore/firewall_securitypolicy_move.go new file mode 100644 index 000000000..e5b13fd6a --- /dev/null +++ b/sdk/sdkcore/firewall_securitypolicy_move.go @@ -0,0 +1,109 @@ +package forticlient + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" + "strconv" +) + +// CreateUpdateFirewallSecuritypolicyMove API operation for FortiOS moves the specified item. +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) CreateUpdateFirewallSecuritypolicyMove(srcId, dstId, mv, vdomparam string) (err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/firewall/security-policy" + path += "/" + srcId + + specialparams := "action=move&" + specialparams += mv + specialparams += "=" + specialparams += dstId + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + err = fortiAPIErrorFormat(result, string(body)) + + return +} + +// JSONMoveFirewallSecuritypolicyItem contains the necessary parameters for each item +type JSONMoveFirewallSecuritypolicyItem struct { + Policyid string `json:"policyid"` +} + +// GetFirewallSecuritypolicyList API operation for FortiOS gets the list +// Returns the requested API user value when the request executes successfully. +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) GetFirewallSecuritypolicyList(vdomparam string) (out []JSONMoveFirewallSecuritypolicyItem, err error) { + + HTTPMethod := "GET" + path := "/api/v2/cmdb/firewall/security-policy/" + + specialparams := "format=policyid" + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + if fortiAPIHttpStatus404Checking(result) == true { + return + } + + err = fortiAPIErrorFormat(result, string(body)) + + if err == nil { + mapTmp := result["results"].([]interface{}) //)[0].(map[string]interface{}) + + if mapTmp == nil { + err = fmt.Errorf("cannot get the results from the response") + return + } + + var members []JSONMoveFirewallSecuritypolicyItem + for _, v := range mapTmp { + c := v.(map[string]interface{}) + + members = append(members, + JSONMoveFirewallSecuritypolicyItem{ + Policyid: strconv.Itoa(int(c["policyid"].(float64))), + }) + } + + out = members + } + + return +} diff --git a/sdk/sdkcore/firewall_securitypolicy_sort.go b/sdk/sdkcore/firewall_securitypolicy_sort.go new file mode 100644 index 000000000..41e772c34 --- /dev/null +++ b/sdk/sdkcore/firewall_securitypolicy_sort.go @@ -0,0 +1,294 @@ +package forticlient + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "log" + "sort" + "strconv" +) + +// sortFirewallSecuritypolicyItem contains the parameters for each Policy item +type sortFirewallSecuritypolicyItem struct { + policyid int + name string + action string +} + +func getPolicyListFirewallSecuritypolicy(c *FortiSDKClient, vdomparam string) (itemList []sortFirewallSecuritypolicyItem, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/firewall/security-policy" + + specialparams := "format=policyid|name|action" + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + if fortiAPIHttpStatus404Checking(result) == true { + return + } + + err = fortiAPIErrorFormat(result, string(body)) + + if err == nil { + mapTmp := result["results"].([]interface{}) + + if mapTmp == nil { + err = fmt.Errorf("cannot get the results from the response") + return + } + + var members []sortFirewallSecuritypolicyItem + for _, v := range mapTmp { + c := v.(map[string]interface{}) + + members = append(members, + sortFirewallSecuritypolicyItem{ + policyid: int(c["policyid"].(float64)), + name: c["name"].(string), + action: c["action"].(string), + }) + } + + itemList = members + } + + return +} + +func bPolicyListSortedFirewallSecuritypolicy(itemList []sortFirewallSecuritypolicyItem, sortby, sortdirection string, manual_order []string) (bsorted bool) { + bsorted = true + if sortby == "policyid" { + for i := 0; i < len(itemList)-1; i++ { + if sortdirection == "ascending" { + if itemList[i].policyid > itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "descending" { + if itemList[i].policyid < itemList[i+1].policyid { + bsorted = false + return + } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := strconv.Itoa(item.policyid) + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } + } + } + } + if sortby == "name" { + for i := 0; i < len(itemList)-1; i++ { + if sortdirection == "ascending" { + if itemList[i].name > itemList[i+1].name { + bsorted = false + return + } + } else if sortdirection == "descending" { + if itemList[i].name < itemList[i+1].name { + bsorted = false + return + } + } else if sortdirection == "manual" { + curItemMap := make(map[string]int) + for index, item := range itemList { + curKeyValue := item.name + curItemMap[curKeyValue] = index + } + for j := 0; j < len(manual_order)-1; j++ { + indexL, okL := curItemMap[manual_order[j]] + indexR, okR := curItemMap[manual_order[j+1]] + if okL && okR && indexL > indexR { + bsorted = false + return + } + } + } + } + } + + return +} + +func moveAfterFirewallSecuritypolicy(idbefore, idafter int, c *FortiSDKClient, vdomparam string) (err error) { + idbefores := strconv.Itoa(idbefore) + idafters := strconv.Itoa(idafter) + + HTTPMethod := "PUT" + path := "/api/v2/cmdb/firewall/security-policy/" + path += idbefores + + specialparams := "action=move&after=" + specialparams += idafters + + req := c.NewRequest(HTTPMethod, path, nil, nil) + err = req.SendWithSpecialParams(specialparams, vdomparam) + if err != nil || req.HTTPResponse == nil { + err = fmt.Errorf("cannot send request %s", err) + return + } + + body, err := ioutil.ReadAll(req.HTTPResponse.Body) + req.HTTPResponse.Body.Close() + + if err != nil || body == nil { + err = fmt.Errorf("cannot get response body %s", err) + return + } + log.Printf("FOS-fortios response: %s", string(body)) + + var result map[string]interface{} + json.Unmarshal([]byte(string(body)), &result) + + err = fortiAPIErrorFormat(result, string(body)) + return +} + +func sortPolicyListFirewallSecuritypolicy(itemList []sortFirewallSecuritypolicyItem, sortby, sortdirection string, c *FortiSDKClient, vdomparam string, manual_order []string) (err error) { + var targetItemOrder []sortFirewallSecuritypolicyItem + if sortby == "policyid" { + if sortdirection == "ascending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid < itemList[j].policyid + }) + targetItemOrder = itemList + } else if sortdirection == "descending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].policyid > itemList[j].policyid + }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallSecuritypolicyItem) + for _, item := range itemList { + curIndex := strconv.Itoa(item.policyid) + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } + } + } + } + + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallSecuritypolicy(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + if sortby == "name" { + if sortdirection == "ascending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name < itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "descending" { + sort.Slice(itemList, func(i, j int) bool { + return itemList[i].name > itemList[j].name + }) + targetItemOrder = itemList + } else if sortdirection == "manual" { + curItemMap := make(map[string]sortFirewallSecuritypolicyItem) + for _, item := range itemList { + curIndex := item.name + curItemMap[curIndex] = item + } + for _, val := range manual_order { + if item, ok := curItemMap[val]; ok { + targetItemOrder = append(targetItemOrder, item) + } + } + } + } + + for i := 0; i < len(targetItemOrder)-1; i++ { + err = moveAfterFirewallSecuritypolicy(targetItemOrder[i+1].policyid, targetItemOrder[i].policyid, c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + } + + return nil +} + +// CreateUpdateFirewallSecuritypolicySort API operation for FortiOS to sort the firewall policies. +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) CreateUpdateFirewallSecuritypolicySort(sortby, sortdirection, vdomparam string, manual_order []string) (err error) { + itemList, err := getPolicyListFirewallSecuritypolicy(c, vdomparam) + log.Printf("[INFO] Firewall policy id list: %v", itemList) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + + bsorted := bPolicyListSortedFirewallSecuritypolicy(itemList, sortby, sortdirection, manual_order) + if bsorted == true { + return + } + + err = sortPolicyListFirewallSecuritypolicy(itemList, sortby, sortdirection, c, vdomparam, manual_order) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + + return +} + +// ReadFirewallSecuritypolicySort API operation for FortiOS to read the firewall policies sort results +// Returns sort status +// Returns error for service API and SDK errors. +func (c *FortiSDKClient) ReadFirewallSecuritypolicySort(sortby, sortdirection string, vdomparam string, manual_order []string) (sorted bool, itemMapList []interface{}, err error) { + itemList, err := getPolicyListFirewallSecuritypolicy(c, vdomparam) + if err != nil { + err = fmt.Errorf("sort err %s", err) + return + } + + bsorted := bPolicyListSortedFirewallSecuritypolicy(itemList, sortby, sortdirection, manual_order) + if bsorted == true { + sorted = true + return + } + + sorted = false + for _, item := range itemList { + curItemMap := make(map[string]interface{}) + curItemMap["policyid"] = item.policyid + curItemMap["name"] = item.name + curItemMap["action"] = item.action + itemMapList = append(itemMapList, curItemMap) + } + + return +} diff --git a/sdk/sdkcore/forticlient.go b/sdk/sdkcore/forticlient.go index 094f097c3..4fd6ac2f7 100644 --- a/sdk/sdkcore/forticlient.go +++ b/sdk/sdkcore/forticlient.go @@ -77,9 +77,9 @@ func (c *FortiSDKClient) CheckUP() error { _, err = read(c, "GET", "/api/v2/monitor/system/status", true, "") if err != nil { if c.Config.Auth.Token == "" { - err = fmt.Errorf("Username or Password not correct.") + err = fmt.Errorf("Error using Username/Password to login: %v", err) } else { - err = fmt.Errorf("Token is not valid.") + err = fmt.Errorf("Error using Token to login: %v", err) } } return err diff --git a/sdk/sdkcore/sdkfos.go b/sdk/sdkcore/sdkfos.go index 53668ca72..f8346367a 100644 --- a/sdk/sdkcore/sdkfos.go +++ b/sdk/sdkcore/sdkfos.go @@ -533,6 +533,60 @@ func (c *FortiSDKClient) ReadApplicationRuleSettings(mkey string, vdomparam stri return } +// CreateCasbUserActivity API operation for FortiOS creates a new User Activity. +// Returns the index value of the User Activity and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - user-activity chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateCasbUserActivity(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/casb/user-activity" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateCasbUserActivity API operation for FortiOS updates the specified User Activity. +// Returns the index value of the User Activity and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - user-activity chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateCasbUserActivity(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/casb/user-activity" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteCasbUserActivity API operation for FortiOS deletes the specified User Activity. +// Returns error for service API and SDK errors. +// See the casb - user-activity chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteCasbUserActivity(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/casb/user-activity" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadCasbUserActivity API operation for FortiOS gets the User Activity +// with the specified index value. +// Returns the requested User Activity value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - user-activity chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadCasbUserActivity(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/casb/user-activity" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateAuthenticationRule API operation for FortiOS creates a new Rule. // Returns the index value of the Rule and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -587,6 +641,60 @@ func (c *FortiSDKClient) ReadAuthenticationRule(mkey string, vdomparam string) ( return } +// CreateCasbSaasApplication API operation for FortiOS creates a new Saas Application. +// Returns the index value of the Saas Application and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - saas-application chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateCasbSaasApplication(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/casb/saas-application" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateCasbSaasApplication API operation for FortiOS updates the specified Saas Application. +// Returns the index value of the Saas Application and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - saas-application chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateCasbSaasApplication(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/casb/saas-application" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteCasbSaasApplication API operation for FortiOS deletes the specified Saas Application. +// Returns error for service API and SDK errors. +// See the casb - saas-application chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteCasbSaasApplication(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/casb/saas-application" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadCasbSaasApplication API operation for FortiOS gets the Saas Application +// with the specified index value. +// Returns the requested Saas Application value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - saas-application chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadCasbSaasApplication(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/casb/saas-application" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateAuthenticationScheme API operation for FortiOS creates a new Scheme. // Returns the index value of the Scheme and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -641,6 +749,60 @@ func (c *FortiSDKClient) ReadAuthenticationScheme(mkey string, vdomparam string) return } +// CreateCasbProfile API operation for FortiOS creates a new Profile. +// Returns the index value of the Profile and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateCasbProfile(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/casb/profile" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateCasbProfile API operation for FortiOS updates the specified Profile. +// Returns the index value of the Profile and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateCasbProfile(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/casb/profile" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteCasbProfile API operation for FortiOS deletes the specified Profile. +// Returns error for service API and SDK errors. +// See the casb - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteCasbProfile(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/casb/profile" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadCasbProfile API operation for FortiOS gets the Profile +// with the specified index value. +// Returns the requested Profile value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the casb - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadCasbProfile(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/casb/profile" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // UpdateAuthenticationSetting API operation for FortiOS updates the specified Setting. // Returns the index value of the Setting and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -2182,60 +2344,6 @@ func (c *FortiSDKClient) ReadEmailfilterProfile(mkey string, vdomparam string) ( return } -// CreateEndpointControlFctemsOverride API operation for FortiOS creates a new Fctems Override. -// Returns the index value of the Fctems Override and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateEndpointControlFctemsOverride(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { - - HTTPMethod := "POST" - path := "/api/v2/cmdb/endpoint-control/fctems-override" - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// UpdateEndpointControlFctemsOverride API operation for FortiOS updates the specified Fctems Override. -// Returns the index value of the Fctems Override and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateEndpointControlFctemsOverride(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { - HTTPMethod := "PUT" - path := "/api/v2/cmdb/endpoint-control/fctems-override" - path += "/" + escapeURLString(mkey) - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// DeleteEndpointControlFctemsOverride API operation for FortiOS deletes the specified Fctems Override. -// Returns error for service API and SDK errors. -// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteEndpointControlFctemsOverride(mkey string, vdomparam string) (err error) { - HTTPMethod := "DELETE" - path := "/api/v2/cmdb/endpoint-control/fctems-override" - path += "/" + escapeURLString(mkey) - - err = delete(c, HTTPMethod, path, vdomparam) - return -} - -// ReadEndpointControlFctemsOverride API operation for FortiOS gets the Fctems Override -// with the specified index value. -// Returns the requested Fctems Override value when the request executes successfully. -// Returns error for service API and SDK errors. -// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadEndpointControlFctemsOverride(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { - HTTPMethod := "GET" - path := "/api/v2/cmdb/endpoint-control/fctems-override" - path += "/" + escapeURLString(mkey) - - mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) - return -} - // CreateEndpointControlClient API operation for FortiOS creates a new Client. // Returns the index value of the Client and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -2344,6 +2452,60 @@ func (c *FortiSDKClient) ReadEndpointControlFctems(mkey string, vdomparam string return } +// CreateEndpointControlFctemsOverride API operation for FortiOS creates a new Fctems Override. +// Returns the index value of the Fctems Override and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateEndpointControlFctemsOverride(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/endpoint-control/fctems-override" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateEndpointControlFctemsOverride API operation for FortiOS updates the specified Fctems Override. +// Returns the index value of the Fctems Override and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateEndpointControlFctemsOverride(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/endpoint-control/fctems-override" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteEndpointControlFctemsOverride API operation for FortiOS deletes the specified Fctems Override. +// Returns error for service API and SDK errors. +// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteEndpointControlFctemsOverride(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/endpoint-control/fctems-override" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadEndpointControlFctemsOverride API operation for FortiOS gets the Fctems Override +// with the specified index value. +// Returns the requested Fctems Override value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the endpoint-control - fctems-override chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadEndpointControlFctemsOverride(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/endpoint-control/fctems-override" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateEndpointControlForticlientEms API operation for FortiOS creates a new Forticlient Ems. // Returns the index value of the Forticlient Ems and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -12094,6 +12256,60 @@ func (c *FortiSDKClient) ReadRouterRouteMap(mkey string, vdomparam string) (mapT return } +// CreateRuleOtvp API operation for FortiOS creates a new Otvp. +// Returns the index value of the Otvp and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the rule - otvp chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateRuleOtvp(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/rule/otvp" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateRuleOtvp API operation for FortiOS updates the specified Otvp. +// Returns the index value of the Otvp and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the rule - otvp chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateRuleOtvp(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/rule/otvp" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteRuleOtvp API operation for FortiOS deletes the specified Otvp. +// Returns error for service API and SDK errors. +// See the rule - otvp chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteRuleOtvp(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/rule/otvp" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadRuleOtvp API operation for FortiOS gets the Otvp +// with the specified index value. +// Returns the requested Otvp value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the rule - otvp chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadRuleOtvp(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/rule/otvp" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // UpdateRouterSetting API operation for FortiOS updates the specified Setting. // Returns the index value of the Setting and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -12129,14 +12345,68 @@ func (c *FortiSDKClient) ReadRouterSetting(mkey string, vdomparam string) (mapTm return } -// CreateRouterStatic API operation for FortiOS creates a new Static. -// Returns the index value of the Static and execution result when the request executes successfully. +// CreateRuleOtdt API operation for FortiOS creates a new Otdt. +// Returns the index value of the Otdt and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the router - static chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateRouterStatic(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the rule - otdt chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateRuleOtdt(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/router/static" + path := "/api/v2/cmdb/rule/otdt" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateRuleOtdt API operation for FortiOS updates the specified Otdt. +// Returns the index value of the Otdt and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the rule - otdt chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateRuleOtdt(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/rule/otdt" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteRuleOtdt API operation for FortiOS deletes the specified Otdt. +// Returns error for service API and SDK errors. +// See the rule - otdt chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteRuleOtdt(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/rule/otdt" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadRuleOtdt API operation for FortiOS gets the Otdt +// with the specified index value. +// Returns the requested Otdt value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the rule - otdt chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadRuleOtdt(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/rule/otdt" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + +// CreateRouterStatic API operation for FortiOS creates a new Static. +// Returns the index value of the Static and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the router - static chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateRouterStatic(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/router/static" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) @@ -14271,27 +14541,27 @@ func (c *FortiSDKClient) ReadSwitchControllerTrafficSniffer(mkey string, vdompar return } -// CreateSwitchControllerAclIngress API operation for FortiOS creates a new Ingress. -// Returns the index value of the Ingress and execution result when the request executes successfully. +// CreateSwitchControllerVirtualPortPool API operation for FortiOS creates a new Virtual Port Pool. +// Returns the index value of the Virtual Port Pool and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSwitchControllerAclIngress(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerVirtualPortPool(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/switch-controller.acl/ingress" + path := "/api/v2/cmdb/switch-controller/virtual-port-pool" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateSwitchControllerAclIngress API operation for FortiOS updates the specified Ingress. -// Returns the index value of the Ingress and execution result when the request executes successfully. +// UpdateSwitchControllerVirtualPortPool API operation for FortiOS updates the specified Virtual Port Pool. +// Returns the index value of the Virtual Port Pool and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSwitchControllerAclIngress(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerVirtualPortPool(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/switch-controller.acl/ingress" + path := "/api/v2/cmdb/switch-controller/virtual-port-pool" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -14299,53 +14569,53 @@ func (c *FortiSDKClient) UpdateSwitchControllerAclIngress(params *map[string]int return } -// DeleteSwitchControllerAclIngress API operation for FortiOS deletes the specified Ingress. +// DeleteSwitchControllerVirtualPortPool API operation for FortiOS deletes the specified Virtual Port Pool. // Returns error for service API and SDK errors. -// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSwitchControllerAclIngress(mkey string, vdomparam string) (err error) { +// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerVirtualPortPool(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/switch-controller.acl/ingress" + path := "/api/v2/cmdb/switch-controller/virtual-port-pool" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadSwitchControllerAclIngress API operation for FortiOS gets the Ingress +// ReadSwitchControllerVirtualPortPool API operation for FortiOS gets the Virtual Port Pool // with the specified index value. -// Returns the requested Ingress value when the request executes successfully. +// Returns the requested Virtual Port Pool value when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSwitchControllerAclIngress(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerVirtualPortPool(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller.acl/ingress" + path := "/api/v2/cmdb/switch-controller/virtual-port-pool" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) return } -// CreateSwitchControllerVirtualPortPool API operation for FortiOS creates a new Virtual Port Pool. -// Returns the index value of the Virtual Port Pool and execution result when the request executes successfully. +// CreateSwitchControllerVlan API operation for FortiOS creates a new Vlan. +// Returns the index value of the Vlan and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSwitchControllerVirtualPortPool(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerVlan(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/switch-controller/virtual-port-pool" + path := "/api/v2/cmdb/switch-controller/vlan" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateSwitchControllerVirtualPortPool API operation for FortiOS updates the specified Virtual Port Pool. -// Returns the index value of the Virtual Port Pool and execution result when the request executes successfully. +// UpdateSwitchControllerVlan API operation for FortiOS updates the specified Vlan. +// Returns the index value of the Vlan and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSwitchControllerVirtualPortPool(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerVlan(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/switch-controller/virtual-port-pool" + path := "/api/v2/cmdb/switch-controller/vlan" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -14353,53 +14623,53 @@ func (c *FortiSDKClient) UpdateSwitchControllerVirtualPortPool(params *map[strin return } -// DeleteSwitchControllerVirtualPortPool API operation for FortiOS deletes the specified Virtual Port Pool. +// DeleteSwitchControllerVlan API operation for FortiOS deletes the specified Vlan. // Returns error for service API and SDK errors. -// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSwitchControllerVirtualPortPool(mkey string, vdomparam string) (err error) { +// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerVlan(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/switch-controller/virtual-port-pool" + path := "/api/v2/cmdb/switch-controller/vlan" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadSwitchControllerVirtualPortPool API operation for FortiOS gets the Virtual Port Pool +// ReadSwitchControllerVlan API operation for FortiOS gets the Vlan // with the specified index value. -// Returns the requested Virtual Port Pool value when the request executes successfully. +// Returns the requested Vlan value when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - virtual-port-pool chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSwitchControllerVirtualPortPool(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerVlan(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller/virtual-port-pool" + path := "/api/v2/cmdb/switch-controller/vlan" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) return } -// CreateSwitchControllerAclGroup API operation for FortiOS creates a new Group. -// Returns the index value of the Group and execution result when the request executes successfully. +// CreateSwitchControllerVlanPolicy API operation for FortiOS creates a new Vlan Policy. +// Returns the index value of the Vlan Policy and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSwitchControllerAclGroup(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerVlanPolicy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/switch-controller.acl/group" + path := "/api/v2/cmdb/switch-controller/vlan-policy" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateSwitchControllerAclGroup API operation for FortiOS updates the specified Group. -// Returns the index value of the Group and execution result when the request executes successfully. +// UpdateSwitchControllerVlanPolicy API operation for FortiOS updates the specified Vlan Policy. +// Returns the index value of the Vlan Policy and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSwitchControllerAclGroup(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerVlanPolicy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/switch-controller.acl/group" + path := "/api/v2/cmdb/switch-controller/vlan-policy" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -14407,53 +14677,53 @@ func (c *FortiSDKClient) UpdateSwitchControllerAclGroup(params *map[string]inter return } -// DeleteSwitchControllerAclGroup API operation for FortiOS deletes the specified Group. +// DeleteSwitchControllerVlanPolicy API operation for FortiOS deletes the specified Vlan Policy. // Returns error for service API and SDK errors. -// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSwitchControllerAclGroup(mkey string, vdomparam string) (err error) { +// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerVlanPolicy(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/switch-controller.acl/group" + path := "/api/v2/cmdb/switch-controller/vlan-policy" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadSwitchControllerAclGroup API operation for FortiOS gets the Group +// ReadSwitchControllerVlanPolicy API operation for FortiOS gets the Vlan Policy // with the specified index value. -// Returns the requested Group value when the request executes successfully. +// Returns the requested Vlan Policy value when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSwitchControllerAclGroup(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerVlanPolicy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller.acl/group" + path := "/api/v2/cmdb/switch-controller/vlan-policy" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) return } -// CreateSwitchControllerVlan API operation for FortiOS creates a new Vlan. -// Returns the index value of the Vlan and execution result when the request executes successfully. +// CreateSwitchControllerAclGroup API operation for FortiOS creates a new Group. +// Returns the index value of the Group and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSwitchControllerVlan(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerAclGroup(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/switch-controller/vlan" + path := "/api/v2/cmdb/switch-controller.acl/group" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateSwitchControllerVlan API operation for FortiOS updates the specified Vlan. -// Returns the index value of the Vlan and execution result when the request executes successfully. +// UpdateSwitchControllerAclGroup API operation for FortiOS updates the specified Group. +// Returns the index value of the Group and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSwitchControllerVlan(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerAclGroup(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/switch-controller/vlan" + path := "/api/v2/cmdb/switch-controller.acl/group" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -14461,53 +14731,53 @@ func (c *FortiSDKClient) UpdateSwitchControllerVlan(params *map[string]interface return } -// DeleteSwitchControllerVlan API operation for FortiOS deletes the specified Vlan. +// DeleteSwitchControllerAclGroup API operation for FortiOS deletes the specified Group. // Returns error for service API and SDK errors. -// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSwitchControllerVlan(mkey string, vdomparam string) (err error) { +// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerAclGroup(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/switch-controller/vlan" + path := "/api/v2/cmdb/switch-controller.acl/group" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadSwitchControllerVlan API operation for FortiOS gets the Vlan +// ReadSwitchControllerAclGroup API operation for FortiOS gets the Group // with the specified index value. -// Returns the requested Vlan value when the request executes successfully. +// Returns the requested Group value when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - vlan chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSwitchControllerVlan(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the switch-controller.acl - group chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerAclGroup(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller/vlan" + path := "/api/v2/cmdb/switch-controller.acl/group" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) return } -// CreateSwitchControllerVlanPolicy API operation for FortiOS creates a new Vlan Policy. -// Returns the index value of the Vlan Policy and execution result when the request executes successfully. +// CreateSwitchControllerAclIngress API operation for FortiOS creates a new Ingress. +// Returns the index value of the Ingress and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSwitchControllerVlanPolicy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerAclIngress(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/switch-controller/vlan-policy" + path := "/api/v2/cmdb/switch-controller.acl/ingress" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateSwitchControllerVlanPolicy API operation for FortiOS updates the specified Vlan Policy. -// Returns the index value of the Vlan Policy and execution result when the request executes successfully. +// UpdateSwitchControllerAclIngress API operation for FortiOS updates the specified Ingress. +// Returns the index value of the Ingress and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSwitchControllerVlanPolicy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerAclIngress(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/switch-controller/vlan-policy" + path := "/api/v2/cmdb/switch-controller.acl/ingress" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -14515,26 +14785,26 @@ func (c *FortiSDKClient) UpdateSwitchControllerVlanPolicy(params *map[string]int return } -// DeleteSwitchControllerVlanPolicy API operation for FortiOS deletes the specified Vlan Policy. +// DeleteSwitchControllerAclIngress API operation for FortiOS deletes the specified Ingress. // Returns error for service API and SDK errors. -// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSwitchControllerVlanPolicy(mkey string, vdomparam string) (err error) { +// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerAclIngress(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/switch-controller/vlan-policy" + path := "/api/v2/cmdb/switch-controller.acl/ingress" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadSwitchControllerVlanPolicy API operation for FortiOS gets the Vlan Policy +// ReadSwitchControllerAclIngress API operation for FortiOS gets the Ingress // with the specified index value. -// Returns the requested Vlan Policy value when the request executes successfully. +// Returns the requested Ingress value when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller - vlan-policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSwitchControllerVlanPolicy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the switch-controller.acl - ingress chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerAclIngress(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller/vlan-policy" + path := "/api/v2/cmdb/switch-controller.acl/ingress" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) @@ -14624,33 +14894,141 @@ func (c *FortiSDKClient) DeleteSwitchControllerAutoConfigDefault(mkey string, vd // See the switch-controller.auto-config - default chapter in the FortiOS Handbook - CLI Reference. func (c *FortiSDKClient) ReadSwitchControllerAutoConfigDefault(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller.auto-config/default" + path := "/api/v2/cmdb/switch-controller.auto-config/default" + + mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) + return +} + +// CreateSwitchControllerPtpProfile API operation for FortiOS creates a new Profile. +// Returns the index value of the Profile and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the switch-controller.ptp - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerPtpProfile(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/switch-controller.ptp/profile" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateSwitchControllerPtpProfile API operation for FortiOS updates the specified Profile. +// Returns the index value of the Profile and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the switch-controller.ptp - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerPtpProfile(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/switch-controller.ptp/profile" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSwitchControllerPtpProfile API operation for FortiOS deletes the specified Profile. +// Returns error for service API and SDK errors. +// See the switch-controller.ptp - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerPtpProfile(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/switch-controller.ptp/profile" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadSwitchControllerPtpProfile API operation for FortiOS gets the Profile +// with the specified index value. +// Returns the requested Profile value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the switch-controller.ptp - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerPtpProfile(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/switch-controller.ptp/profile" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + +// CreateSwitchControllerAutoConfigPolicy API operation for FortiOS creates a new Policy. +// Returns the index value of the Policy and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerAutoConfigPolicy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/switch-controller.auto-config/policy" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateSwitchControllerAutoConfigPolicy API operation for FortiOS updates the specified Policy. +// Returns the index value of the Policy and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerAutoConfigPolicy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSwitchControllerAutoConfigPolicy API operation for FortiOS deletes the specified Policy. +// Returns error for service API and SDK errors. +// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerAutoConfigPolicy(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadSwitchControllerAutoConfigPolicy API operation for FortiOS gets the Policy +// with the specified index value. +// Returns the requested Policy value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerAutoConfigPolicy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path += "/" + escapeURLString(mkey) - mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) return } -// CreateSwitchControllerAutoConfigPolicy API operation for FortiOS creates a new Policy. -// Returns the index value of the Policy and execution result when the request executes successfully. +// CreateSwitchControllerPtpInterfacePolicy API operation for FortiOS creates a new Interface Policy. +// Returns the index value of the Interface Policy and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSwitchControllerAutoConfigPolicy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller.ptp - interface-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSwitchControllerPtpInterfacePolicy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path := "/api/v2/cmdb/switch-controller.ptp/interface-policy" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateSwitchControllerAutoConfigPolicy API operation for FortiOS updates the specified Policy. -// Returns the index value of the Policy and execution result when the request executes successfully. +// UpdateSwitchControllerPtpInterfacePolicy API operation for FortiOS updates the specified Interface Policy. +// Returns the index value of the Interface Policy and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSwitchControllerAutoConfigPolicy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the switch-controller.ptp - interface-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSwitchControllerPtpInterfacePolicy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path := "/api/v2/cmdb/switch-controller.ptp/interface-policy" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -14658,26 +15036,26 @@ func (c *FortiSDKClient) UpdateSwitchControllerAutoConfigPolicy(params *map[stri return } -// DeleteSwitchControllerAutoConfigPolicy API operation for FortiOS deletes the specified Policy. +// DeleteSwitchControllerPtpInterfacePolicy API operation for FortiOS deletes the specified Interface Policy. // Returns error for service API and SDK errors. -// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSwitchControllerAutoConfigPolicy(mkey string, vdomparam string) (err error) { +// See the switch-controller.ptp - interface-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSwitchControllerPtpInterfacePolicy(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path := "/api/v2/cmdb/switch-controller.ptp/interface-policy" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadSwitchControllerAutoConfigPolicy API operation for FortiOS gets the Policy +// ReadSwitchControllerPtpInterfacePolicy API operation for FortiOS gets the Interface Policy // with the specified index value. -// Returns the requested Policy value when the request executes successfully. +// Returns the requested Interface Policy value when the request executes successfully. // Returns error for service API and SDK errors. -// See the switch-controller.auto-config - policy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSwitchControllerAutoConfigPolicy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the switch-controller.ptp - interface-policy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSwitchControllerPtpInterfacePolicy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/switch-controller.auto-config/policy" + path := "/api/v2/cmdb/switch-controller.ptp/interface-policy" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) @@ -16527,60 +16905,6 @@ func (c *FortiSDKClient) ReadSystemDns64(mkey string, vdomparam string) (mapTmp return } -// CreateSystemEvpn API operation for FortiOS creates a new Evpn. -// Returns the index value of the Evpn and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSystemEvpn(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { - - HTTPMethod := "POST" - path := "/api/v2/cmdb/system/evpn" - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// UpdateSystemEvpn API operation for FortiOS updates the specified Evpn. -// Returns the index value of the Evpn and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSystemEvpn(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { - HTTPMethod := "PUT" - path := "/api/v2/cmdb/system/evpn" - path += "/" + escapeURLString(mkey) - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// DeleteSystemEvpn API operation for FortiOS deletes the specified Evpn. -// Returns error for service API and SDK errors. -// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSystemEvpn(mkey string, vdomparam string) (err error) { - HTTPMethod := "DELETE" - path := "/api/v2/cmdb/system/evpn" - path += "/" + escapeURLString(mkey) - - err = delete(c, HTTPMethod, path, vdomparam) - return -} - -// ReadSystemEvpn API operation for FortiOS gets the Evpn -// with the specified index value. -// Returns the requested Evpn value when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSystemEvpn(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { - HTTPMethod := "GET" - path := "/api/v2/cmdb/system/evpn" - path += "/" + escapeURLString(mkey) - - mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) - return -} - // CreateSystemDscpBasedPriority API operation for FortiOS creates a new Dscp Based Priority. // Returns the index value of the Dscp Based Priority and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -16670,6 +16994,60 @@ func (c *FortiSDKClient) ReadSystemEmailServer(mkey string, vdomparam string) (m return } +// CreateSystemEvpn API operation for FortiOS creates a new Evpn. +// Returns the index value of the Evpn and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSystemEvpn(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/system/evpn" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateSystemEvpn API operation for FortiOS updates the specified Evpn. +// Returns the index value of the Evpn and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSystemEvpn(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/system/evpn" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSystemEvpn API operation for FortiOS deletes the specified Evpn. +// Returns error for service API and SDK errors. +// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSystemEvpn(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/system/evpn" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadSystemEvpn API operation for FortiOS gets the Evpn +// with the specified index value. +// Returns the requested Evpn value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - evpn chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSystemEvpn(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/system/evpn" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateSystemExternalResource API operation for FortiOS creates a new External Resource. // Returns the index value of the External Resource and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -18444,41 +18822,6 @@ func (c *FortiSDKClient) ReadSystemObjectTagging(mkey string, vdomparam string) return } -// UpdateSystemPcpServer API operation for FortiOS updates the specified Pcp Server. -// Returns the index value of the Pcp Server and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - pcp-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSystemPcpServer(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { - HTTPMethod := "PUT" - path := "/api/v2/cmdb/system/pcp-server" - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// DeleteSystemPcpServer API operation for FortiOS deletes the specified Pcp Server. -// Returns error for service API and SDK errors. -// See the system - pcp-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSystemPcpServer(mkey string, vdomparam string) (err error) { - - //No unset API for system - pcp-server - return -} - -// ReadSystemPcpServer API operation for FortiOS gets the Pcp Server -// with the specified index value. -// Returns the requested Pcp Server value when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - pcp-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSystemPcpServer(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { - HTTPMethod := "GET" - path := "/api/v2/cmdb/system/pcp-server" - - mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) - return -} - // UpdateSystemPasswordPolicy API operation for FortiOS updates the specified Password Policy. // Returns the index value of the Password Policy and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -18549,6 +18892,41 @@ func (c *FortiSDKClient) ReadSystemPasswordPolicyGuestAdmin(mkey string, vdompar return } +// UpdateSystemPcpServer API operation for FortiOS updates the specified Pcp Server. +// Returns the index value of the Pcp Server and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - pcp-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSystemPcpServer(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/system/pcp-server" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSystemPcpServer API operation for FortiOS deletes the specified Pcp Server. +// Returns error for service API and SDK errors. +// See the system - pcp-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSystemPcpServer(mkey string, vdomparam string) (err error) { + + //No unset API for system - pcp-server + return +} + +// ReadSystemPcpServer API operation for FortiOS gets the Pcp Server +// with the specified index value. +// Returns the requested Pcp Server value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - pcp-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSystemPcpServer(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/system/pcp-server" + + mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) + return +} + // CreateSystemPhysicalSwitch API operation for FortiOS creates a new Physical Switch. // Returns the index value of the Physical Switch and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -18890,91 +19268,37 @@ func (c *FortiSDKClient) ReadSystemReplacemsgImage(mkey string, vdomparam string } // UpdateSystemResourceLimits API operation for FortiOS updates the specified Resource Limits. -// Returns the index value of the Resource Limits and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - resource-limits chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSystemResourceLimits(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { - HTTPMethod := "PUT" - path := "/api/v2/cmdb/system/resource-limits" - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// DeleteSystemResourceLimits API operation for FortiOS deletes the specified Resource Limits. -// Returns error for service API and SDK errors. -// See the system - resource-limits chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSystemResourceLimits(mkey string, vdomparam string) (err error) { - - //No unset API for system - resource-limits - return -} - -// ReadSystemResourceLimits API operation for FortiOS gets the Resource Limits -// with the specified index value. -// Returns the requested Resource Limits value when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - resource-limits chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSystemResourceLimits(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { - HTTPMethod := "GET" - path := "/api/v2/cmdb/system/resource-limits" - - mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) - return -} - -// CreateSystemSdnProxy API operation for FortiOS creates a new Sdn Proxy. -// Returns the index value of the Sdn Proxy and execution result when the request executes successfully. -// Returns error for service API and SDK errors. -// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateSystemSdnProxy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { - - HTTPMethod := "POST" - path := "/api/v2/cmdb/system/sdn-proxy" - output = make(map[string]interface{}) - - err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) - return -} - -// UpdateSystemSdnProxy API operation for FortiOS updates the specified Sdn Proxy. -// Returns the index value of the Sdn Proxy and execution result when the request executes successfully. +// Returns the index value of the Resource Limits and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateSystemSdnProxy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the system - resource-limits chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSystemResourceLimits(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/system/sdn-proxy" - path += "/" + escapeURLString(mkey) + path := "/api/v2/cmdb/system/resource-limits" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// DeleteSystemSdnProxy API operation for FortiOS deletes the specified Sdn Proxy. +// DeleteSystemResourceLimits API operation for FortiOS deletes the specified Resource Limits. // Returns error for service API and SDK errors. -// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteSystemSdnProxy(mkey string, vdomparam string) (err error) { - HTTPMethod := "DELETE" - path := "/api/v2/cmdb/system/sdn-proxy" - path += "/" + escapeURLString(mkey) +// See the system - resource-limits chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSystemResourceLimits(mkey string, vdomparam string) (err error) { - err = delete(c, HTTPMethod, path, vdomparam) + //No unset API for system - resource-limits return } -// ReadSystemSdnProxy API operation for FortiOS gets the Sdn Proxy +// ReadSystemResourceLimits API operation for FortiOS gets the Resource Limits // with the specified index value. -// Returns the requested Sdn Proxy value when the request executes successfully. +// Returns the requested Resource Limits value when the request executes successfully. // Returns error for service API and SDK errors. -// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadSystemSdnProxy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the system - resource-limits chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSystemResourceLimits(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/system/sdn-proxy" - path += "/" + escapeURLString(mkey) + path := "/api/v2/cmdb/system/resource-limits" - mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) return } @@ -19067,6 +19391,60 @@ func (c *FortiSDKClient) ReadSystemSdnConnector(mkey string, vdomparam string) ( return } +// CreateSystemSdnProxy API operation for FortiOS creates a new Sdn Proxy. +// Returns the index value of the Sdn Proxy and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateSystemSdnProxy(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/system/sdn-proxy" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateSystemSdnProxy API operation for FortiOS updates the specified Sdn Proxy. +// Returns the index value of the Sdn Proxy and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSystemSdnProxy(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/system/sdn-proxy" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSystemSdnProxy API operation for FortiOS deletes the specified Sdn Proxy. +// Returns error for service API and SDK errors. +// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSystemSdnProxy(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/system/sdn-proxy" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadSystemSdnProxy API operation for FortiOS gets the Sdn Proxy +// with the specified index value. +// Returns the requested Sdn Proxy value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - sdn-proxy chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSystemSdnProxy(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/system/sdn-proxy" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // UpdateSystemSdwan API operation for FortiOS updates the specified Sdwan. // Returns the index value of the Sdwan and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -19369,6 +19747,41 @@ func (c *FortiSDKClient) ReadSystemSmsServer(mkey string, vdomparam string) (map return } +// UpdateSystemSpeedTestSetting API operation for FortiOS updates the specified Speed Test Setting. +// Returns the index value of the Speed Test Setting and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - speed-test-setting chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSystemSpeedTestSetting(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/system/speed-test-setting" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSystemSpeedTestSetting API operation for FortiOS deletes the specified Speed Test Setting. +// Returns error for service API and SDK errors. +// See the system - speed-test-setting chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSystemSpeedTestSetting(mkey string, vdomparam string) (err error) { + + //No unset API for system - speed-test-setting + return +} + +// ReadSystemSpeedTestSetting API operation for FortiOS gets the Speed Test Setting +// with the specified index value. +// Returns the requested Speed Test Setting value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - speed-test-setting chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSystemSpeedTestSetting(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/system/speed-test-setting" + + mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) + return +} + // CreateSystemSpeedTestSchedule API operation for FortiOS creates a new Speed Test Schedule. // Returns the index value of the Speed Test Schedule and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -23207,27 +23620,27 @@ func (c *FortiSDKClient) ReadVideofilterProfile(mkey string, vdomparam string) ( return } -// CreateVideofilterYoutubeChannelFilter API operation for FortiOS creates a new Youtube Channel Filter. -// Returns the index value of the Youtube Channel Filter and execution result when the request executes successfully. +// CreateVirtualPatchProfile API operation for FortiOS creates a new Profile. +// Returns the index value of the Profile and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateVideofilterYoutubeChannelFilter(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the virtual-patch - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateVirtualPatchProfile(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/videofilter/youtube-channel-filter" + path := "/api/v2/cmdb/virtual-patch/profile" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateVideofilterYoutubeChannelFilter API operation for FortiOS updates the specified Youtube Channel Filter. -// Returns the index value of the Youtube Channel Filter and execution result when the request executes successfully. +// UpdateVirtualPatchProfile API operation for FortiOS updates the specified Profile. +// Returns the index value of the Profile and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateVideofilterYoutubeChannelFilter(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the virtual-patch - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateVirtualPatchProfile(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/videofilter/youtube-channel-filter" + path := "/api/v2/cmdb/virtual-patch/profile" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -23235,53 +23648,53 @@ func (c *FortiSDKClient) UpdateVideofilterYoutubeChannelFilter(params *map[strin return } -// DeleteVideofilterYoutubeChannelFilter API operation for FortiOS deletes the specified Youtube Channel Filter. +// DeleteVirtualPatchProfile API operation for FortiOS deletes the specified Profile. // Returns error for service API and SDK errors. -// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteVideofilterYoutubeChannelFilter(mkey string, vdomparam string) (err error) { +// See the virtual-patch - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteVirtualPatchProfile(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/videofilter/youtube-channel-filter" + path := "/api/v2/cmdb/virtual-patch/profile" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadVideofilterYoutubeChannelFilter API operation for FortiOS gets the Youtube Channel Filter +// ReadVirtualPatchProfile API operation for FortiOS gets the Profile // with the specified index value. -// Returns the requested Youtube Channel Filter value when the request executes successfully. +// Returns the requested Profile value when the request executes successfully. // Returns error for service API and SDK errors. -// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadVideofilterYoutubeChannelFilter(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the virtual-patch - profile chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadVirtualPatchProfile(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/videofilter/youtube-channel-filter" + path := "/api/v2/cmdb/virtual-patch/profile" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) return } -// CreateVpnKmipServer API operation for FortiOS creates a new Kmip Server. -// Returns the index value of the Kmip Server and execution result when the request executes successfully. +// CreateVideofilterYoutubeChannelFilter API operation for FortiOS creates a new Youtube Channel Filter. +// Returns the index value of the Youtube Channel Filter and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) CreateVpnKmipServer(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { +// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateVideofilterYoutubeChannelFilter(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "POST" - path := "/api/v2/cmdb/vpn/kmip-server" + path := "/api/v2/cmdb/videofilter/youtube-channel-filter" output = make(map[string]interface{}) err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) return } -// UpdateVpnKmipServer API operation for FortiOS updates the specified Kmip Server. -// Returns the index value of the Kmip Server and execution result when the request executes successfully. +// UpdateVideofilterYoutubeChannelFilter API operation for FortiOS updates the specified Youtube Channel Filter. +// Returns the index value of the Youtube Channel Filter and execution result when the request executes successfully. // Returns error for service API and SDK errors. -// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) UpdateVpnKmipServer(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { +// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateVideofilterYoutubeChannelFilter(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { HTTPMethod := "PUT" - path := "/api/v2/cmdb/vpn/kmip-server" + path := "/api/v2/cmdb/videofilter/youtube-channel-filter" path += "/" + escapeURLString(mkey) output = make(map[string]interface{}) @@ -23289,26 +23702,26 @@ func (c *FortiSDKClient) UpdateVpnKmipServer(params *map[string]interface{}, mke return } -// DeleteVpnKmipServer API operation for FortiOS deletes the specified Kmip Server. +// DeleteVideofilterYoutubeChannelFilter API operation for FortiOS deletes the specified Youtube Channel Filter. // Returns error for service API and SDK errors. -// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) DeleteVpnKmipServer(mkey string, vdomparam string) (err error) { +// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteVideofilterYoutubeChannelFilter(mkey string, vdomparam string) (err error) { HTTPMethod := "DELETE" - path := "/api/v2/cmdb/vpn/kmip-server" + path := "/api/v2/cmdb/videofilter/youtube-channel-filter" path += "/" + escapeURLString(mkey) err = delete(c, HTTPMethod, path, vdomparam) return } -// ReadVpnKmipServer API operation for FortiOS gets the Kmip Server +// ReadVideofilterYoutubeChannelFilter API operation for FortiOS gets the Youtube Channel Filter // with the specified index value. -// Returns the requested Kmip Server value when the request executes successfully. +// Returns the requested Youtube Channel Filter value when the request executes successfully. // Returns error for service API and SDK errors. -// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. -func (c *FortiSDKClient) ReadVpnKmipServer(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { +// See the videofilter - youtube-channel-filter chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadVideofilterYoutubeChannelFilter(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { HTTPMethod := "GET" - path := "/api/v2/cmdb/vpn/kmip-server" + path := "/api/v2/cmdb/videofilter/youtube-channel-filter" path += "/" + escapeURLString(mkey) mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) @@ -23423,6 +23836,60 @@ func (c *FortiSDKClient) ReadVoipProfile(mkey string, vdomparam string) (mapTmp return } +// CreateVpnKmipServer API operation for FortiOS creates a new Kmip Server. +// Returns the index value of the Kmip Server and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateVpnKmipServer(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/vpn/kmip-server" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateVpnKmipServer API operation for FortiOS updates the specified Kmip Server. +// Returns the index value of the Kmip Server and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateVpnKmipServer(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/vpn/kmip-server" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteVpnKmipServer API operation for FortiOS deletes the specified Kmip Server. +// Returns error for service API and SDK errors. +// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteVpnKmipServer(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/vpn/kmip-server" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadVpnKmipServer API operation for FortiOS gets the Kmip Server +// with the specified index value. +// Returns the requested Kmip Server value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the vpn - kmip-server chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadVpnKmipServer(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/vpn/kmip-server" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // UpdateVpnL2Tp API operation for FortiOS updates the specified L2Tp. // Returns the index value of the L2Tp and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -25250,6 +25717,60 @@ func (c *FortiSDKClient) ReadWanoptWebcache(mkey string, vdomparam string) (mapT return } +// CreateWebProxyFastFallback API operation for FortiOS creates a new Fast Fallback. +// Returns the index value of the Fast Fallback and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the web-proxy - fast-fallback chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateWebProxyFastFallback(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/web-proxy/fast-fallback" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateWebProxyFastFallback API operation for FortiOS updates the specified Fast Fallback. +// Returns the index value of the Fast Fallback and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the web-proxy - fast-fallback chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateWebProxyFastFallback(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/web-proxy/fast-fallback" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteWebProxyFastFallback API operation for FortiOS deletes the specified Fast Fallback. +// Returns error for service API and SDK errors. +// See the web-proxy - fast-fallback chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteWebProxyFastFallback(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/web-proxy/fast-fallback" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadWebProxyFastFallback API operation for FortiOS gets the Fast Fallback +// with the specified index value. +// Returns the requested Fast Fallback value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the web-proxy - fast-fallback chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadWebProxyFastFallback(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/web-proxy/fast-fallback" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateWebProxyDebugUrl API operation for FortiOS creates a new Debug Url. // Returns the index value of the Debug Url and execution result when the request executes successfully. // Returns error for service API and SDK errors. diff --git a/sdk/sdkcore/sdkutils.go b/sdk/sdkcore/sdkutils.go index 3b0e8c869..986e5e9ec 100644 --- a/sdk/sdkcore/sdkutils.go +++ b/sdk/sdkcore/sdkutils.go @@ -20,7 +20,7 @@ func createUpdate(c *FortiSDKClient, method string, path string, params *map[str req := c.NewRequest(method, path, nil, bytes) err = req.Send3(vdomparam) if err != nil || req.HTTPResponse == nil { - err = fmt.Errorf("cannot send request %v", err) + err = fmt.Errorf("Cannot send request: %v", err) return } @@ -28,7 +28,7 @@ func createUpdate(c *FortiSDKClient, method string, path string, params *map[str req.HTTPResponse.Body.Close() //# if err != nil || body == nil { - err = fmt.Errorf("cannot get response body %v", err) + err = fmt.Errorf("Cannot get response body: %v", err) return } @@ -54,7 +54,7 @@ func delete(c *FortiSDKClient, method string, path string, vdomparam string) (er req := c.NewRequest(method, path, nil, nil) err = req.Send3(vdomparam) if err != nil || req.HTTPResponse == nil { - err = fmt.Errorf("cannot send request %v", err) + err = fmt.Errorf("Cannot send request: %v", err) return } @@ -62,7 +62,7 @@ func delete(c *FortiSDKClient, method string, path string, vdomparam string) (er req.HTTPResponse.Body.Close() //# if err != nil || body == nil { - err = fmt.Errorf("cannot get response body %v", err) + err = fmt.Errorf("Cannot get response body: %v", err) return } log.Printf("FOS-fortios response: %s", string(body)) @@ -79,7 +79,7 @@ func read(c *FortiSDKClient, method string, path string, bcomplex bool, vdompara req := c.NewRequest(method, path, nil, nil) err = req.Send3(vdomparam) if err != nil || req.HTTPResponse == nil { - err = fmt.Errorf("cannot send request %v", err) + err = fmt.Errorf("Cannot send request: %v", err) return } @@ -87,7 +87,7 @@ func read(c *FortiSDKClient, method string, path string, bcomplex bool, vdompara req.HTTPResponse.Body.Close() //# if err != nil || body == nil { - err = fmt.Errorf("cannot get response body %v", err) + err = fmt.Errorf("Cannot get response body: %v", err) return } log.Printf("FOS-fortios reading response: %s", string(body)) diff --git a/website/docs/d/fortios_firewall_policy.html.markdown b/website/docs/d/fortios_firewall_policy.html.markdown index df2762d1f..68f761dc8 100644 --- a/website/docs/d/fortios_firewall_policy.html.markdown +++ b/website/docs/d/fortios_firewall_policy.html.markdown @@ -108,11 +108,13 @@ The following attributes are exported: * `voip_profile` - Name of an existing VoIP profile. * `ips_voip_filter` - Name of an existing VoIP (ips) profile. * `sctp_filter_profile` - Name of an existing SCTP filter profile. +* `virtual_patch_profile` - Name of an existing virtual-patch profile. * `icap_profile` - Name of an existing ICAP profile. * `cifs_profile` - Name of an existing CIFS profile. * `videofilter_profile` - Name of an existing VideoFilter profile. * `waf_profile` - Name of an existing Web application firewall profile. * `ssh_filter_profile` - Name of an existing SSH filter profile. +* `casb_profile` - Name of an existing CASB profile. * `profile_protocol_options` - Name of an existing Protocol options profile. * `ssl_ssh_profile` - Name of an existing SSL SSH profile. * `logtraffic` - Enable or disable logging. Log all sessions or security profile sessions. diff --git a/website/docs/d/fortios_firewall_proxypolicy.html.markdown b/website/docs/d/fortios_firewall_proxypolicy.html.markdown index 1a75ba748..d9a58b824 100644 --- a/website/docs/d/fortios_firewall_proxypolicy.html.markdown +++ b/website/docs/d/fortios_firewall_proxypolicy.html.markdown @@ -82,11 +82,13 @@ The following attributes are exported: * `ips_voip_filter` - Name of an existing VoIP (ips) profile. * `voip_profile` - Name of an existing VoIP profile. * `sctp_filter_profile` - Name of an existing SCTP filter profile. +* `virtual_patch_profile` - Name of an existing virtual-patch profile. * `icap_profile` - Name of an existing ICAP profile. * `cifs_profile` - Name of an existing CIFS profile. * `videofilter_profile` - Name of an existing VideoFilter profile. * `waf_profile` - Name of an existing Web application firewall profile. * `ssh_filter_profile` - Name of an existing SSH filter profile. +* `casb_profile` - Name of an existing CASB profile. * `profile_protocol_options` - Name of an existing Protocol options profile. * `ssl_ssh_profile` - Name of an existing SSL SSH profile. * `replacemsg_override_group` - Authentication replacement message override group. @@ -98,6 +100,7 @@ The following attributes are exported: * `block_notification` - Enable/disable block notification. * `redirect_url` - Redirect URL for further explicit web proxy processing. * `decrypted_traffic_mirror` - Decrypted traffic mirror. +* `detect_https_in_http_request` - Enable/disable detection of HTTPS in HTTP request. The `access_proxy` block contains: diff --git a/website/docs/d/fortios_router_bgp.html.markdown b/website/docs/d/fortios_router_bgp.html.markdown index a967d9cd7..6555c8898 100644 --- a/website/docs/d/fortios_router_bgp.html.markdown +++ b/website/docs/d/fortios_router_bgp.html.markdown @@ -189,8 +189,10 @@ The `neighbor` block contains: * `ebgp_multihop_ttl` - EBGP multihop TTL for this peer. * `filter_list_in` - BGP filter for IPv4 inbound routes. * `filter_list_in6` - BGP filter for IPv6 inbound routes. +* `filter_list_in_vpnv4` - BGP filter for VPNv4 inbound routes. * `filter_list_out` - BGP filter for IPv4 outbound routes. * `filter_list_out6` - BGP filter for IPv6 outbound routes. +* `filter_list_out_vpnv4` - BGP filter for VPNv4 outbound routes. * `interface` - Interface * `maximum_prefix` - Maximum number of IPv4 prefixes to accept from this peer. * `maximum_prefix6` - Maximum number of IPv6 prefixes to accept from this peer. @@ -333,8 +335,10 @@ The `neighbor_group` block contains: * `ebgp_multihop_ttl` - EBGP multihop TTL for this peer. * `filter_list_in` - BGP filter for IPv4 inbound routes. * `filter_list_in6` - BGP filter for IPv6 inbound routes. +* `filter_list_in_vpnv4` - BGP filter for VPNv4 inbound routes. * `filter_list_out` - BGP filter for IPv4 outbound routes. * `filter_list_out6` - BGP filter for IPv6 outbound routes. +* `filter_list_out_vpnv4` - BGP filter for VPNv4 outbound routes. * `interface` - Interface * `maximum_prefix` - Maximum number of IPv4 prefixes to accept from this peer. * `maximum_prefix6` - Maximum number of IPv6 prefixes to accept from this peer. diff --git a/website/docs/d/fortios_router_policy6.html.markdown b/website/docs/d/fortios_router_policy6.html.markdown index 74889bc85..fb055a30f 100644 --- a/website/docs/d/fortios_router_policy6.html.markdown +++ b/website/docs/d/fortios_router_policy6.html.markdown @@ -32,6 +32,8 @@ The following attributes are exported: * `protocol` - Protocol number (0 - 255). * `start_port` - Start destination port number (1 - 65535). * `end_port` - End destination port number (1 - 65535). +* `start_source_port` - Start source port number (1 - 65535). +* `end_source_port` - End source port number (1 - 65535). * `gateway` - IPv6 address of the gateway. * `output_device` - Outgoing interface name. * `tos` - Type of service bit pattern. diff --git a/website/docs/d/fortios_router_routemap.html.markdown b/website/docs/d/fortios_router_routemap.html.markdown index fc1b341da..b16837ec0 100644 --- a/website/docs/d/fortios_router_routemap.html.markdown +++ b/website/docs/d/fortios_router_routemap.html.markdown @@ -59,6 +59,7 @@ The `rule` block contains: * `set_extcommunity_soo` - Site-of-Origin extended community. The structure of `set_extcommunity_soo` block is documented below. * `set_ip_nexthop` - IP address of next hop. * `set_ip_prefsrc` - IP address of preferred source. +* `set_vpnv4_nexthop` - IP address of VPNv4 next-hop. * `set_ip6_nexthop` - IPv6 global address of next hop. * `set_ip6_nexthop_local` - IPv6 local address of next hop. * `set_local_preference` - BGP local preference path attribute. diff --git a/website/docs/d/fortios_routerbgp_neighbor.html.markdown b/website/docs/d/fortios_routerbgp_neighbor.html.markdown index b6c2d5047..946585aa7 100644 --- a/website/docs/d/fortios_routerbgp_neighbor.html.markdown +++ b/website/docs/d/fortios_routerbgp_neighbor.html.markdown @@ -102,8 +102,10 @@ The following attributes are exported: * `ebgp_multihop_ttl` - EBGP multihop TTL for this peer. * `filter_list_in` - BGP filter for IPv4 inbound routes. * `filter_list_in6` - BGP filter for IPv6 inbound routes. +* `filter_list_in_vpnv4` - BGP filter for VPNv4 inbound routes. * `filter_list_out` - BGP filter for IPv4 outbound routes. * `filter_list_out6` - BGP filter for IPv6 outbound routes. +* `filter_list_out_vpnv4` - BGP filter for VPNv4 outbound routes. * `interface` - Interface * `maximum_prefix` - Maximum number of IPv4 prefixes to accept from this peer. * `maximum_prefix6` - Maximum number of IPv6 prefixes to accept from this peer. diff --git a/website/docs/d/fortios_system_accprofile.html.markdown b/website/docs/d/fortios_system_accprofile.html.markdown index fbc82d8eb..a7cad3cc8 100644 --- a/website/docs/d/fortios_system_accprofile.html.markdown +++ b/website/docs/d/fortios_system_accprofile.html.markdown @@ -89,4 +89,6 @@ The `utmgrp_permission` block contains: * `dnsfilter` - DNS Filter profiles and settings. * `endpoint_control` - FortiClient Profiles. * `videofilter` - Video filter profiles and settings. +* `virtual_patch` - Virtual patch profiles and settings. +* `casb` - Inline CASB filter profile and settings diff --git a/website/docs/d/fortios_system_dnsdatabase.html.markdown b/website/docs/d/fortios_system_dnsdatabase.html.markdown index 4531f87d5..4c2d59ba0 100644 --- a/website/docs/d/fortios_system_dnsdatabase.html.markdown +++ b/website/docs/d/fortios_system_dnsdatabase.html.markdown @@ -34,7 +34,9 @@ The following attributes are exported: * `ttl` - Default time-to-live value for the entries of this DNS zone (0 - 2147483647 sec, default = 86400). * `authoritative` - Enable/disable authoritative zone. * `forwarder` - DNS zone forwarder IP address list. +* `forwarder6` - Forwarder IPv6 address. * `source_ip` - Source IP for forwarding to DNS server. +* `source_ip6` - IPv6 source IP address for forwarding to DNS server. * `rr_max` - Maximum number of resource records (10 - 65536, 0 means infinite). * `dns_entry` - DNS entry. The structure of `dns_entry` block is documented below. diff --git a/website/docs/d/fortios_system_dnsserver.html.markdown b/website/docs/d/fortios_system_dnsserver.html.markdown index 608a308e4..6bf125a57 100644 --- a/website/docs/d/fortios_system_dnsserver.html.markdown +++ b/website/docs/d/fortios_system_dnsserver.html.markdown @@ -23,4 +23,6 @@ The following attributes are exported: * `mode` - DNS server mode. * `dnsfilter_profile` - DNS filter profile. * `doh` - DNS over HTTPS. +* `doh3` - Enable/disable DNS over QUIC/HTTP3/443 (default = disable). +* `doq` - Enable/disable DNS over QUIC/853 (default = disable). diff --git a/website/docs/d/fortios_system_ftmpush.html.markdown b/website/docs/d/fortios_system_ftmpush.html.markdown index 8d1582b09..e0f1884a4 100644 --- a/website/docs/d/fortios_system_ftmpush.html.markdown +++ b/website/docs/d/fortios_system_ftmpush.html.markdown @@ -19,6 +19,7 @@ Use this data source to get information on fortios system ftmpush The following attributes are exported: +* `proxy` - Enable/disable communication to the proxy server in FortiGuard configuration. * `server_port` - Port to communicate with FortiToken Mobile push services server (1 - 65535, default = 4433). * `server_cert` - Name of the server certificate to be used for SSL (default = Fortinet_Factory). * `server_ip` - IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx). diff --git a/website/docs/d/fortios_system_global.html.markdown b/website/docs/d/fortios_system_global.html.markdown index 5ab10f145..c1ad475a4 100644 --- a/website/docs/d/fortios_system_global.html.markdown +++ b/website/docs/d/fortios_system_global.html.markdown @@ -79,6 +79,12 @@ The following attributes are exported: * `timezone` - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. * `traffic_priority` - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. * `traffic_priority_level` - Default system-wide level of priority for traffic prioritization. +* `quic_congestion_control_algo` - QUIC congestion control algorithm (default = cubic). +* `quic_max_datagram_size` - Maximum transmit datagram size (1200 - 1500, default = 1500). +* `quic_udp_payload_size_shaping_per_cid` - Enable/disable UDP payload size shaping per connection ID (default = enable). +* `quic_ack_thresold` - Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3). +* `quic_pmtud` - Enable/disable path MTU discovery (default = enable). +* `quic_tls_handshake_timeout` - Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5). * `anti_replay` - Level of checking for packet replay and TCP sequence checking. * `send_pmtu_icmp` - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. * `honor_df` - Enable/disable honoring of Don't-Fragment (DF) flag. @@ -91,6 +97,7 @@ The following attributes are exported: * `hostname` - FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. * `gui_allow_default_hostname` - Enable/disable the GUI warning about using a default hostname * `gui_forticare_registration_setup_warning` - Enable/disable the FortiCare registration setup warning on the GUI. +* `gui_auto_upgrade_setup_warning` - Enable/disable the automatic patch upgrade setup prompt on the GUI. * `gui_workflow_management` - Enable/disable Workflow management features on the GUI. * `gui_cdn_usage` - Enable/disable Load GUI static files from a CDN. * `alias` - Alias for your FortiGate unit. @@ -221,6 +228,7 @@ The following attributes are exported: * `cert_chain_max` - Maximum number of certificates that can be traversed in a certificate chain. * `sslvpn_max_worker_count` - Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. * `vpn_ems_sn_check` - Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. +* `sslvpn_web_mode` - Enable/disable SSL-VPN web mode. * `sslvpn_ems_sn_check` - Enable/disable verification of EMS serial number in SSL-VPN connection. * `sslvpn_kxp_hardware_acceleration` - Enable/disable SSL VPN KXP hardware acceleration. * `sslvpn_cipher_hardware_acceleration` - Enable/disable SSL VPN hardware acceleration. @@ -283,6 +291,8 @@ The following attributes are exported: * `fec_port` - Local UDP port for Forward Error Correction (49152 - 65535). * `ipsec_ha_seqjump_rate` - ESP jump ahead rate (1G - 10G pps equivalent). * `fortitoken_cloud` - Enable/disable FortiToken Cloud service. +* `fortitoken_cloud_push_status` - Enable/disable FTM push service of FortiToken Cloud. +* `fortitoken_cloud_sync_interval` - Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0). * `faz_disk_buffer_size` - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble. * `irq_time_accounting` - Configure CPU IRQ time accounting mode. * `fortiipam_integration` - Enable/disable integration with the FortiIPAM cloud service. diff --git a/website/docs/d/fortios_system_ha.html.markdown b/website/docs/d/fortios_system_ha.html.markdown index 2262c70ce..cd5c9aa40 100644 --- a/website/docs/d/fortios_system_ha.html.markdown +++ b/website/docs/d/fortios_system_ha.html.markdown @@ -52,6 +52,7 @@ The following attributes are exported: * `session_pickup_nat` - Enable/disable NAT session sync for FGSP. * `session_pickup_delay` - Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. * `link_failed_signal` - Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. +* `upgrade_mode` - The mode to upgrade a cluster. * `uninterruptible_upgrade` - Enable to upgrade a cluster without blocking network traffic. * `uninterruptible_primary_wait` - Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade (1 - 300, default = 30). * `standalone_mgmt_vdom` - Enable/disable standalone management VDOM. diff --git a/website/docs/d/fortios_system_interface.html.markdown b/website/docs/d/fortios_system_interface.html.markdown index 3901d00b0..aab549f54 100644 --- a/website/docs/d/fortios_system_interface.html.markdown +++ b/website/docs/d/fortios_system_interface.html.markdown @@ -46,6 +46,8 @@ The following attributes are exported: * `dhcp_broadcast_flag` - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). * `dhcp_relay_service` - Enable/disable allowing this interface to act as a DHCP relay. * `dhcp_relay_ip` - DHCP relay IP address. +* `dhcp_relay_source_ip` - IP address used by the DHCP relay as its source IP. +* `dhcp_relay_circuit_id` - DHCP relay circuit ID. * `dhcp_relay_link_selection` - DHCP relay link selection. * `dhcp_relay_request_all_server` - Enable/disable sending DHCP request to all servers. * `dhcp_relay_type` - DHCP relay type (regular or IPsec). @@ -241,6 +243,9 @@ The following attributes are exported: * `switch_controller_dynamic` - Integrated FortiLink settings for managed FortiSwitch. * `switch_controller_feature` - Interface's purpose when assigning traffic (read only). * `switch_controller_iot_scanning` - Enable/disable managed FortiSwitch IoT scanning. +* `switch_controller_offload` - Enable/disable managed FortiSwitch routing offload. +* `switch_controller_offload_ip` - IP for routing offload on FortiSwitch. +* `switch_controller_offload_gw` - Enable/disable managed FortiSwitch routing offload gateway. * `swc_vlan` - Creation status for switch-controller VLANs. * `swc_first_create` - Initial create for switch-controller VLANs. * `color` - Color of icon on the GUI. @@ -366,6 +371,8 @@ The `ipv6` block contains: * `dhcp6_relay_type` - DHCPv6 relay type. * `dhcp6_relay_source_interface` - Enable/disable use of address on this interface as the source address of the relay message. * `dhcp6_relay_ip` - DHCPv6 relay IP address. +* `dhcp6_relay_source_ip` - IPv6 address used by the DHCP6 relay as its source IP. +* `dhcp6_relay_interface_id` - DHCP6 relay interface ID. * `dhcp6_client_options` - DHCPv6 client options. * `dhcp6_prefix_delegation` - Enable/disable DHCPv6 prefix delegation. * `dhcp6_information_request` - Enable/disable DHCPv6 information request. diff --git a/website/docs/d/fortios_system_sessionttl.html.markdown b/website/docs/d/fortios_system_sessionttl.html.markdown index 162fad87c..b2563ad74 100644 --- a/website/docs/d/fortios_system_sessionttl.html.markdown +++ b/website/docs/d/fortios_system_sessionttl.html.markdown @@ -29,4 +29,5 @@ The `port` block contains: * `start_port` - Start port number. * `end_port` - End port number. * `timeout` - Session timeout (TTL). +* `refresh_direction` - Refresh direction: Both, outgoing, incoming diff --git a/website/docs/d/fortios_user_saml.html.markdown b/website/docs/d/fortios_user_saml.html.markdown index 9a404d673..2c48a0136 100644 --- a/website/docs/d/fortios_user_saml.html.markdown +++ b/website/docs/d/fortios_user_saml.html.markdown @@ -37,4 +37,5 @@ The following attributes are exported: * `adfs_claim` - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). * `user_claim_type` - User name claim in assertion statement. * `group_claim_type` - Group claim in assertion statement. +* `reauth` - Enable/disable signalling of IDP to force user re-authentication (default = disable). diff --git a/website/docs/guides/fgt_policymove.html.md b/website/docs/guides/fgt_policymove.html.md index 79ffd80ee..e6df19209 100644 --- a/website/docs/guides/fgt_policymove.html.md +++ b/website/docs/guides/fgt_policymove.html.md @@ -10,8 +10,8 @@ description: |- Methods used to move the position of a policy, relative to another policy, in the sequence order of how policies are applied. -## Option I: Move with fortios_firewall_security_policyseq -* See resource [fortios_firewall_security_policyseq](https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/resources/fortios_firewall_security_policyseq) for further information. +## Option I: Move with fortios_firewall_policy_move +* See resource [fortios_firewall_policy_move](https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/resources/fortios_firewall_policy_move) for further information. ## Option II: Quickly move with curl 1. List existing policies diff --git a/website/docs/guides/fgt_policysort.html.md b/website/docs/guides/fgt_policysort.html.md index fc2fccb98..33c3235a1 100644 --- a/website/docs/guides/fgt_policysort.html.md +++ b/website/docs/guides/fgt_policysort.html.md @@ -10,8 +10,8 @@ description: |- Methods used to sort security policies. -## Option I: Sort security policies on FGT by policyid with fortios_firewall_security_policysort -* See resource [fortios_firewall_security_policysort](https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/resources/fortios_firewall_security_policysort) for further information. +## Option I: Sort security policies on FGT by policyid with fortios_firewall_policy_sort +* See resource [fortios_firewall_policy_sort](https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/resources/fortios_firewall_policy_sort) for further information. ## Option II: Sort security policies with terraform depends_on during configuration Terraform is a parallel system, that means when Terraform walks the dependency tree, it will create as many resources in parallel as it can, so terraform can figure out the most efficient way to make it happen. We can make resources be submitted to the device in order with the help of terraform's depends_on feature, which includes 'depends_on for resource' and 'depends_on for modules' (supported in terraform0.13). For example, let's suppose there are the following modules: diff --git a/website/docs/r/fortios_authentication_rule.html.markdown b/website/docs/r/fortios_authentication_rule.html.markdown index 4fc7619c6..adf1b3cca 100644 --- a/website/docs/r/fortios_authentication_rule.html.markdown +++ b/website/docs/r/fortios_authentication_rule.html.markdown @@ -38,6 +38,8 @@ The following arguments are supported: * `active_auth_method` - Select an active authentication method. * `sso_auth_method` - Select a single-sign on (SSO) authentication method. * `web_auth_cookie` - Enable/disable Web authentication cookies (default = disable). Valid values: `enable`, `disable`. +* `cors_stateful` - Enable/disable allowance of CORS access (default = disable). Valid values: `enable`, `disable`. +* `cors_depth` - Depth to allow CORS access (default = 3). * `transaction_based` - Enable/disable transaction based authentication (default = disable). Valid values: `enable`, `disable`. * `web_portal` - Enable/disable web portal for proxy transparent policy (default = enable). Valid values: `enable`, `disable`. * `comments` - Comment. diff --git a/website/docs/r/fortios_casb_profile.html.markdown b/website/docs/r/fortios_casb_profile.html.markdown new file mode 100644 index 000000000..781fe46f1 --- /dev/null +++ b/website/docs/r/fortios_casb_profile.html.markdown @@ -0,0 +1,83 @@ +--- +subcategory: "FortiGate Casb" +layout: "fortios" +page_title: "FortiOS: fortios_casb_profile" +description: |- + Configure CASB profile. +--- + +# fortios_casb_profile +Configure CASB profile. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - CASB profile name. +* `saas_application` - CASB profile SaaS application. The structure of `saas_application` block is documented below. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `saas_application` block supports: + +* `name` - CASB profile SaaS application name. +* `safe_search` - Enable/disable safe search. Valid values: `enable`, `disable`. +* `safe_search_control` - CASB profile safe search control. The structure of `safe_search_control` block is documented below. +* `tenant_control` - Enable/disable tenant control. Valid values: `enable`, `disable`. +* `tenant_control_tenants` - CASB profile tenant control tenants. The structure of `tenant_control_tenants` block is documented below. +* `domain_control` - Enable/disable domain control. Valid values: `enable`, `disable`. +* `domain_control_domains` - CASB profile domain control domains. The structure of `domain_control_domains` block is documented below. +* `log` - Enable/disable log settings. Valid values: `enable`, `disable`. +* `access_rule` - CASB profile access rule. The structure of `access_rule` block is documented below. +* `custom_control` - CASB profile custom control. The structure of `custom_control` block is documented below. + +The `safe_search_control` block supports: + +* `name` - Safe search control name. + +The `tenant_control_tenants` block supports: + +* `name` - Tenant control tenants name. + +The `domain_control_domains` block supports: + +* `name` - Domain control domain name. + +The `access_rule` block supports: + +* `name` - CASB access rule activity name. +* `action` - CASB access rule action. Valid values: `bypass`, `block`, `monitor`. +* `bypass` - CASB bypass options. Valid values: `av`, `dlp`, `web-filter`, `file-filter`, `video-filter`. + +The `custom_control` block supports: + +* `name` - CASB custom control user activity name. +* `option` - CASB custom control option. The structure of `option` block is documented below. + +The `option` block supports: + +* `name` - CASB custom control option name. +* `user_input` - CASB custom control user input. The structure of `user_input` block is documented below. + +The `user_input` block supports: + +* `value` - user input value. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +Casb Profile can be imported using any of these accepted formats: +``` +$ terraform import fortios_casb_profile.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_casb_profile.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_casb_saasapplication.html.markdown b/website/docs/r/fortios_casb_saasapplication.html.markdown new file mode 100644 index 000000000..43a493c6c --- /dev/null +++ b/website/docs/r/fortios_casb_saasapplication.html.markdown @@ -0,0 +1,46 @@ +--- +subcategory: "FortiGate Casb" +layout: "fortios" +page_title: "FortiOS: fortios_casb_saasapplication" +description: |- + Configure CASB SaaS application. +--- + +# fortios_casb_saasapplication +Configure CASB SaaS application. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - SaaS application name. +* `uuid` - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). +* `type` - SaaS application type. Valid values: `built-in`, `customized`. +* `casb_name` - SaaS application signature name. +* `description` - SaaS application description. +* `domains` - SaaS application domain list. The structure of `domains` block is documented below. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `domains` block supports: + +* `domain` - Domain list separated by space. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +Casb SaasApplication can be imported using any of these accepted formats: +``` +$ terraform import fortios_casb_saasapplication.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_casb_saasapplication.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_casb_useractivity.html.markdown b/website/docs/r/fortios_casb_useractivity.html.markdown new file mode 100644 index 000000000..a88a2dd4b --- /dev/null +++ b/website/docs/r/fortios_casb_useractivity.html.markdown @@ -0,0 +1,94 @@ +--- +subcategory: "FortiGate Casb" +layout: "fortios" +page_title: "FortiOS: fortios_casb_useractivity" +description: |- + Configure CASB user activity. +--- + +# fortios_casb_useractivity +Configure CASB user activity. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - CASB user activity name. +* `uuid` - Universally Unique Identifier (UUID; automatically assigned but can be manually reset). +* `description` - CASB user activity description. +* `type` - CASB user activity type. Valid values: `built-in`, `customized`. +* `casb_name` - CASB user activity signature name. +* `application` - CASB SaaS application name. +* `category` - CASB user activity category. Valid values: `activity-control`, `tenant-control`, `domain-control`, `safe-search-control`, `other`. +* `match_strategy` - CASB user activity match strategy. Valid values: `and`, `or`. +* `match` - CASB user activity match rules. The structure of `match` block is documented below. +* `control_options` - CASB control options. The structure of `control_options` block is documented below. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `match` block supports: + +* `id` - CASB user activity match rules ID. +* `strategy` - CASB user activity rules strategy. Valid values: `and`, `or`. +* `rules` - CASB user activity rules. The structure of `rules` block is documented below. + +The `rules` block supports: + +* `id` - CASB user activity rule ID. +* `type` - CASB user activity rule type. Valid values: `domains`, `host`, `path`, `header`, `header-value`, `method`. +* `domains` - CASB user activity domain list. The structure of `domains` block is documented below. +* `methods` - CASB user activity method list. The structure of `methods` block is documented below. +* `match_pattern` - CASB user activity rule match pattern. Valid values: `simple`, `substr`, `regexp`. +* `match_value` - CASB user activity rule match value. +* `header_name` - CASB user activity rule header name. +* `case_sensitive` - CASB user activity match case sensitive. Valid values: `enable`, `disable`. +* `negate` - Enable/disable what the matching strategy must not be. Valid values: `enable`, `disable`. + +The `domains` block supports: + +* `domain` - Domain list separated by space. + +The `methods` block supports: + +* `method` - User activity method. + +The `control_options` block supports: + +* `name` - CASB control option name. +* `operations` - CASB control option operations. The structure of `operations` block is documented below. + +The `operations` block supports: + +* `name` - CASB control option operation name. +* `target` - CASB operation target. Valid values: `header`, `path`. +* `action` - CASB operation action. Valid values: `append`, `prepend`, `replace`, `new`, `new-on-not-found`, `delete`. +* `direction` - CASB operation direction. Valid values: `request`. +* `header_name` - CASB operation header name to search. +* `search_pattern` - CASB operation search pattern. Valid values: `simple`, `substr`, `regexp`. +* `search_key` - CASB operation key to search. +* `case_sensitive` - CASB operation search case sensitive. Valid values: `enable`, `disable`. +* `value_from_input` - Enable/disable value from user input. Valid values: `enable`, `disable`. +* `values` - CASB operation new values. The structure of `values` block is documented below. + +The `values` block supports: + +* `value` - Operation value. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +Casb UserActivity can be imported using any of these accepted formats: +``` +$ terraform import fortios_casb_useractivity.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_casb_useractivity.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_certificate_ca.html.markdown b/website/docs/r/fortios_certificate_ca.html.markdown index f80d2e07b..15e2a8b2f 100644 --- a/website/docs/r/fortios_certificate_ca.html.markdown +++ b/website/docs/r/fortios_certificate_ca.html.markdown @@ -20,6 +20,7 @@ The following arguments are supported: * `ssl_inspection_trusted` - Enable/disable this CA as a trusted CA for SSL inspection. Valid values: `enable`, `disable`. * `trusted` - Enable/disable as a trusted CA. Valid values: `enable`, `disable`. * `scep_url` - URL of the SCEP server. +* `est_url` - URL of the EST server. * `auto_update_days` - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). * `auto_update_days_warning` - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). * `source_ip` - Source IP address for communications to the SCEP server. diff --git a/website/docs/r/fortios_credentialstore_domaincontroller.html.markdown b/website/docs/r/fortios_credentialstore_domaincontroller.html.markdown index 725b85b76..09e84eeda 100644 --- a/website/docs/r/fortios_credentialstore_domaincontroller.html.markdown +++ b/website/docs/r/fortios_credentialstore_domaincontroller.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_credentialstore_domaincontroller -Define known domain controller servers. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0`. +Define known domain controller servers. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0`. ## Argument Reference diff --git a/website/docs/r/fortios_dnsfilter_profile.html.markdown b/website/docs/r/fortios_dnsfilter_profile.html.markdown index a791488c1..e6ab539e5 100644 --- a/website/docs/r/fortios_dnsfilter_profile.html.markdown +++ b/website/docs/r/fortios_dnsfilter_profile.html.markdown @@ -75,6 +75,7 @@ The following arguments are supported: * `youtube_restrict` - Set safe search for YouTube restriction level. Valid values: `strict`, `moderate`. * `external_ip_blocklist` - One or more external IP block lists. The structure of `external_ip_blocklist` block is documented below. * `dns_translation` - DNS translation settings. The structure of `dns_translation` block is documented below. +* `transparent_dns_database` - Transparent DNS database zones. The structure of `transparent_dns_database` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. @@ -111,6 +112,10 @@ The `dns_translation` block supports: * `dst6` - IPv6 address or subnet on the external network to substitute for the resolved address in DNS query replies. Can be single IP address or subnet on the external network, but number of addresses must equal number of mapped IP addresses in src6. * `prefix` - If src6 and dst6 are subnets rather than single IP addresses, enter the prefix for both src6 and dst6 (1 - 128, default = 128). +The `transparent_dns_database` block supports: + +* `name` - DNS database zone name. + ## Attribute Reference diff --git a/website/docs/r/fortios_emailfilter_bwl.html.markdown b/website/docs/r/fortios_emailfilter_bwl.html.markdown index 741ab2d71..d1df1e7db 100644 --- a/website/docs/r/fortios_emailfilter_bwl.html.markdown +++ b/website/docs/r/fortios_emailfilter_bwl.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_emailfilter_bwl -Configure anti-spam black/white list. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12`. +Configure anti-spam black/white list. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14`. ## Argument Reference diff --git a/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown b/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown index 12db50236..2de7d5f28 100644 --- a/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown +++ b/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown @@ -29,7 +29,7 @@ The following arguments are supported: * `pull_tags` - Enable/disable pulling FortiClient user tags from EMS. Valid values: `enable`, `disable`. * `pull_malware_hash` - Enable/disable pulling FortiClient malware hash from EMS. Valid values: `enable`, `disable`. * `cloud_server_type` - Cloud server type. Valid values: `production`, `alpha`, `beta`. -* `capabilities` - List of EMS capabilities. Valid values: `fabric-auth`, `silent-approval`, `websocket`, `websocket-malware`, `push-ca-certs`, `common-tags-api`, `tenant-id`, `single-vdom-connector`. +* `capabilities` - List of EMS capabilities. * `call_timeout` - FortiClient EMS call timeout in seconds (1 - 180 seconds, default = 30). * `out_of_sync_threshold` - Outdated resource threshold in seconds (10 - 3600, default = 180). * `websocket_override` - Enable/disable override behavior for how this FortiGate unit connects to EMS using a WebSocket connection. Valid values: `disable`, `enable`. diff --git a/website/docs/r/fortios_endpointcontrol_settings.html.markdown b/website/docs/r/fortios_endpointcontrol_settings.html.markdown index 7eef04be8..1715ee756 100644 --- a/website/docs/r/fortios_endpointcontrol_settings.html.markdown +++ b/website/docs/r/fortios_endpointcontrol_settings.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_endpointcontrol_settings -Configure endpoint control settings. Applies to FortiOS Version `6.2.0,6.2.4,6.2.6,7.4.0`. +Configure endpoint control settings. Applies to FortiOS Version `6.2.0,6.2.4,6.2.6,7.4.0,7.4.1`. ## Example Usage diff --git a/website/docs/r/fortios_extendercontroller_dataplan.html.markdown b/website/docs/r/fortios_extendercontroller_dataplan.html.markdown index f8bdc6ed5..d4e593322 100644 --- a/website/docs/r/fortios_extendercontroller_dataplan.html.markdown +++ b/website/docs/r/fortios_extendercontroller_dataplan.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_extendercontroller_dataplan -FortiExtender dataplan configuration. Applies to FortiOS Version `6.4.2,6.4.10,6.4.11,6.4.12,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.2.0`. +FortiExtender dataplan configuration. Applies to FortiOS Version `6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.2.0`. ## Argument Reference diff --git a/website/docs/r/fortios_extendercontroller_extenderprofile.html.markdown b/website/docs/r/fortios_extendercontroller_extenderprofile.html.markdown index 063c75783..54ac43a68 100644 --- a/website/docs/r/fortios_extendercontroller_extenderprofile.html.markdown +++ b/website/docs/r/fortios_extendercontroller_extenderprofile.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_extendercontroller_extenderprofile -FortiExtender extender profile configuration. Applies to FortiOS Version `7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.2.0`. +FortiExtender extender profile configuration. Applies to FortiOS Version `7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.2.0`. ## Argument Reference diff --git a/website/docs/r/fortios_firewall_accessproxy.html.markdown b/website/docs/r/fortios_firewall_accessproxy.html.markdown index 5f388d3d2..014492a05 100644 --- a/website/docs/r/fortios_firewall_accessproxy.html.markdown +++ b/website/docs/r/fortios_firewall_accessproxy.html.markdown @@ -26,6 +26,7 @@ The following arguments are supported: * `svr_pool_multiplex` - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values: `enable`, `disable`. * `svr_pool_ttl` - Time-to-live in the server pool for idle connections to servers. * `svr_pool_server_max_request` - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited). +* `svr_pool_server_max_concurrent_request` - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited). * `decrypted_traffic_mirror` - Decrypted traffic mirror. * `api_gateway` - Set IPv4 API Gateway. The structure of `api_gateway` block is documented below. * `api_gateway6` - Set IPv6 API Gateway. The structure of `api_gateway6` block is documented below. @@ -41,6 +42,9 @@ The `api_gateway` block supports: * `ldb_method` - Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `first-alive`, `http-host`. * `virtual_host` - Virtual host. * `url_map_type` - Type of url-map. Valid values: `sub-string`, `wildcard`, `regex`. +* `h2_support` - HTTP2 support, default=Enable. Valid values: `enable`, `disable`. +* `h3_support` - HTTP3/QUIC support, default=Disable. Valid values: `enable`, `disable`. +* `quic` - QUIC setting. The structure of `quic` block is documented below. * `realservers` - Select the real servers that this Access Proxy will distribute traffic to. The structure of `realservers` block is documented below. * `application` - SaaS application controlled by this Access Proxy. The structure of `application` block is documented below. * `persistence` - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`. @@ -61,6 +65,17 @@ The `api_gateway` block supports: * `ssl_renegotiation` - Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`. * `ssl_vpn_web_portal` - SSL-VPN web portal. +The `quic` block supports: + +* `max_idle_timeout` - Maximum idle timeout milliseconds (1 - 60000, default = 30000). +* `max_udp_payload_size` - Maximum UDP payload size in bytes (1200 - 1500, default = 1500). +* `active_connection_id_limit` - Active connection ID limit (1 - 8, default = 2). +* `ack_delay_exponent` - ACK delay exponent (1 - 20, default = 3). +* `max_ack_delay` - Maximum ACK delay in milliseconds (1 - 16383, default = 25). +* `max_datagram_frame_size` - Maximum datagram frame size in bytes (1 - 1500, default = 1500). +* `active_migration` - Enable/disable active migration (default = disable). Valid values: `enable`, `disable`. +* `grease_quic_bit` - Enable/disable grease QUIC bit (default = enable). Valid values: `enable`, `disable`. + The `realservers` block supports: * `id` - Real server ID. @@ -106,6 +121,9 @@ The `api_gateway6` block supports: * `ldb_method` - Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `first-alive`, `http-host`. * `virtual_host` - Virtual host. * `url_map_type` - Type of url-map. Valid values: `sub-string`, `wildcard`, `regex`. +* `h2_support` - HTTP2 support, default=Enable. Valid values: `enable`, `disable`. +* `h3_support` - HTTP3/QUIC support, default=Disable. Valid values: `enable`, `disable`. +* `quic` - QUIC setting. The structure of `quic` block is documented below. * `realservers` - Select the real servers that this Access Proxy will distribute traffic to. The structure of `realservers` block is documented below. * `application` - SaaS application controlled by this Access Proxy. The structure of `application` block is documented below. * `persistence` - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`. @@ -126,6 +144,17 @@ The `api_gateway6` block supports: * `ssl_renegotiation` - Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`. * `ssl_vpn_web_portal` - SSL-VPN web portal. +The `quic` block supports: + +* `max_idle_timeout` - Maximum idle timeout milliseconds (1 - 60000, default = 30000). +* `max_udp_payload_size` - Maximum UDP payload size in bytes (1200 - 1500, default = 1500). +* `active_connection_id_limit` - Active connection ID limit (1 - 8, default = 2). +* `ack_delay_exponent` - ACK delay exponent (1 - 20, default = 3). +* `max_ack_delay` - Maximum ACK delay in milliseconds (1 - 16383, default = 25). +* `max_datagram_frame_size` - Maximum datagram frame size in bytes (1 - 1500, default = 1500). +* `active_migration` - Enable/disable active migration (default = disable). Valid values: `enable`, `disable`. +* `grease_quic_bit` - Enable/disable grease QUIC bit (default = enable). Valid values: `enable`, `disable`. + The `realservers` block supports: * `id` - Real server ID. diff --git a/website/docs/r/fortios_firewall_accessproxy6.html.markdown b/website/docs/r/fortios_firewall_accessproxy6.html.markdown index 7c2bda468..0ca4f4858 100644 --- a/website/docs/r/fortios_firewall_accessproxy6.html.markdown +++ b/website/docs/r/fortios_firewall_accessproxy6.html.markdown @@ -26,6 +26,7 @@ The following arguments are supported: * `svr_pool_multiplex` - Enable/disable server pool multiplexing. Share connected server in HTTP, HTTPS, and web-portal api-gateway. Valid values: `enable`, `disable`. * `svr_pool_ttl` - Time-to-live in the server pool for idle connections to servers. * `svr_pool_server_max_request` - Maximum number of requests that servers in server pool handle before disconnecting (default = unlimited). +* `svr_pool_server_max_concurrent_request` - Maximum number of concurrent requests that servers in server pool could handle (default = unlimited). * `decrypted_traffic_mirror` - Decrypted traffic mirror. * `api_gateway` - Set IPv4 API Gateway. The structure of `api_gateway` block is documented below. * `api_gateway6` - Set IPv6 API Gateway. The structure of `api_gateway6` block is documented below. @@ -41,6 +42,9 @@ The `api_gateway` block supports: * `ldb_method` - Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `first-alive`, `http-host`. * `virtual_host` - Virtual host. * `url_map_type` - Type of url-map. Valid values: `sub-string`, `wildcard`, `regex`. +* `h2_support` - HTTP2 support, default=Enable. Valid values: `enable`, `disable`. +* `h3_support` - HTTP3/QUIC support, default=Disable. Valid values: `enable`, `disable`. +* `quic` - QUIC setting. The structure of `quic` block is documented below. * `realservers` - Select the real servers that this Access Proxy will distribute traffic to. The structure of `realservers` block is documented below. * `application` - SaaS application controlled by this Access Proxy. The structure of `application` block is documented below. * `persistence` - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`. @@ -61,6 +65,17 @@ The `api_gateway` block supports: * `ssl_renegotiation` - Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`. * `ssl_vpn_web_portal` - SSL-VPN web portal. +The `quic` block supports: + +* `max_idle_timeout` - Maximum idle timeout milliseconds (1 - 60000, default = 30000). +* `max_udp_payload_size` - Maximum UDP payload size in bytes (1200 - 1500, default = 1500). +* `active_connection_id_limit` - Active connection ID limit (1 - 8, default = 2). +* `ack_delay_exponent` - ACK delay exponent (1 - 20, default = 3). +* `max_ack_delay` - Maximum ACK delay in milliseconds (1 - 16383, default = 25). +* `max_datagram_frame_size` - Maximum datagram frame size in bytes (1 - 1500, default = 1500). +* `active_migration` - Enable/disable active migration (default = disable). Valid values: `enable`, `disable`. +* `grease_quic_bit` - Enable/disable grease QUIC bit (default = enable). Valid values: `enable`, `disable`. + The `realservers` block supports: * `id` - Real server ID. @@ -106,6 +121,9 @@ The `api_gateway6` block supports: * `ldb_method` - Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `first-alive`, `http-host`. * `virtual_host` - Virtual host. * `url_map_type` - Type of url-map. Valid values: `sub-string`, `wildcard`, `regex`. +* `h2_support` - HTTP2 support, default=Enable. Valid values: `enable`, `disable`. +* `h3_support` - HTTP3/QUIC support, default=Disable. Valid values: `enable`, `disable`. +* `quic` - QUIC setting. The structure of `quic` block is documented below. * `realservers` - Select the real servers that this Access Proxy will distribute traffic to. The structure of `realservers` block is documented below. * `application` - SaaS application controlled by this Access Proxy. The structure of `application` block is documented below. * `persistence` - Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. Valid values: `none`, `http-cookie`. @@ -126,6 +144,17 @@ The `api_gateway6` block supports: * `ssl_renegotiation` - Enable/disable secure renegotiation to comply with RFC 5746. Valid values: `enable`, `disable`. * `ssl_vpn_web_portal` - SSL-VPN web portal. +The `quic` block supports: + +* `max_idle_timeout` - Maximum idle timeout milliseconds (1 - 60000, default = 30000). +* `max_udp_payload_size` - Maximum UDP payload size in bytes (1200 - 1500, default = 1500). +* `active_connection_id_limit` - Active connection ID limit (1 - 8, default = 2). +* `ack_delay_exponent` - ACK delay exponent (1 - 20, default = 3). +* `max_ack_delay` - Maximum ACK delay in milliseconds (1 - 16383, default = 25). +* `max_datagram_frame_size` - Maximum datagram frame size in bytes (1 - 1500, default = 1500). +* `active_migration` - Enable/disable active migration (default = disable). Valid values: `enable`, `disable`. +* `grease_quic_bit` - Enable/disable grease QUIC bit (default = enable). Valid values: `enable`, `disable`. + The `realservers` block supports: * `id` - Real server ID. diff --git a/website/docs/r/fortios_firewall_centralsnatmap_sort.html.markdown b/website/docs/r/fortios_firewall_centralsnatmap_sort.html.markdown index 94f553c4d..1b451a1c4 100644 --- a/website/docs/r/fortios_firewall_centralsnatmap_sort.html.markdown +++ b/website/docs/r/fortios_firewall_centralsnatmap_sort.html.markdown @@ -22,8 +22,9 @@ resource "fortios_firewall_centralsnatmap_sort" "test" { The following arguments are supported: -* `sortby` - (Required) Sort security policies by the value, it currently supports "policyid". +* `sortby` - (Required) Sort security policies by the value, it currently supports "policyid" and "name". * `sortdirection` - (Required) Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". * `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. * `comment` - Comment. * `vdomparam` - Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. @@ -31,11 +32,13 @@ The following arguments are supported: The following attributes are exported: * `id` - an identifier for the resource. -* `sortby` - Sort security policies by the value, it currently supports "policyid". +* `sortby` - Sort security policies by the value, it currently supports "policyid" and "name". * `sortdirection` - Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". * `status` - The parameter is read-only, it is used to indicate whether the sorting of the policies on FGT matches the terraform configuration, if matched, the value is empty(that means ""), otherwise the value is "unsorted", usually the modification outside of the terrform will cause that the status value is "unsorted". * `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. * `comment` - Comment. +* `state_policy_list` - The parameter is read-only, it is used to get the latest policy list. It will be updated after each terraform apply or terraform refresh. ~> **Note** Since the policy changes caused by modifications outside the terraform may be beyond the control of the resource, terraform destroy for the resource will not restore the original sequence state of security policies. diff --git a/website/docs/r/fortios_firewall_interfacepolicy.html.markdown b/website/docs/r/fortios_firewall_interfacepolicy.html.markdown index 610ee5c85..63dea92b7 100644 --- a/website/docs/r/fortios_firewall_interfacepolicy.html.markdown +++ b/website/docs/r/fortios_firewall_interfacepolicy.html.markdown @@ -63,6 +63,8 @@ The following arguments are supported: * `av_profile` - Antivirus profile. * `webfilter_profile_status` - Enable/disable web filtering. Valid values: `enable`, `disable`. * `webfilter_profile` - Web filter profile. +* `casb_profile_status` - Enable/disable CASB. Valid values: `enable`, `disable`. +* `casb_profile` - CASB profile. * `emailfilter_profile_status` - Enable/disable email filter. Valid values: `enable`, `disable`. * `emailfilter_profile` - Email filter profile. * `dlp_profile_status` - Enable/disable DLP. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_firewall_interfacepolicy6.html.markdown b/website/docs/r/fortios_firewall_interfacepolicy6.html.markdown index 31e581c8f..2eda3f3c9 100644 --- a/website/docs/r/fortios_firewall_interfacepolicy6.html.markdown +++ b/website/docs/r/fortios_firewall_interfacepolicy6.html.markdown @@ -63,6 +63,8 @@ The following arguments are supported: * `av_profile` - Antivirus profile. * `webfilter_profile_status` - Enable/disable web filtering. Valid values: `enable`, `disable`. * `webfilter_profile` - Web filter profile. +* `casb_profile_status` - Enable/disable CASB. Valid values: `enable`, `disable`. +* `casb_profile` - CASB profile. * `emailfilter_profile_status` - Enable/disable email filter. Valid values: `enable`, `disable`. * `emailfilter_profile` - Email filter profile. * `dlp_profile_status` - Enable/disable DLP. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_firewall_internetserviceappend.html.markdown b/website/docs/r/fortios_firewall_internetserviceappend.html.markdown index 0c9307b77..80ce774a6 100644 --- a/website/docs/r/fortios_firewall_internetserviceappend.html.markdown +++ b/website/docs/r/fortios_firewall_internetserviceappend.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_firewall_internetserviceappend -Configure additional port mappings for Internet Services. Applies to FortiOS Version `6.2.4,6.2.6,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4,7.4.0`. +Configure additional port mappings for Internet Services. Applies to FortiOS Version `6.2.4,6.2.6,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4,7.4.0,7.4.1`. ## Argument Reference diff --git a/website/docs/r/fortios_firewall_policy.html.markdown b/website/docs/r/fortios_firewall_policy.html.markdown index c744fd4cb..3d62e162a 100644 --- a/website/docs/r/fortios_firewall_policy.html.markdown +++ b/website/docs/r/fortios_firewall_policy.html.markdown @@ -179,11 +179,13 @@ The following arguments are supported: * `voip_profile` - Name of an existing VoIP profile. * `ips_voip_filter` - Name of an existing VoIP (ips) profile. * `sctp_filter_profile` - Name of an existing SCTP filter profile. +* `virtual_patch_profile` - Name of an existing virtual-patch profile. * `icap_profile` - Name of an existing ICAP profile. * `cifs_profile` - Name of an existing CIFS profile. * `videofilter_profile` - Name of an existing VideoFilter profile. * `waf_profile` - Name of an existing Web application firewall profile. * `ssh_filter_profile` - Name of an existing SSH filter profile. +* `casb_profile` - Name of an existing CASB profile. * `profile_protocol_options` - Name of an existing Protocol options profile. * `ssl_ssh_profile` - Name of an existing SSL SSH profile. * `logtraffic` - Enable or disable logging. Log all sessions or security profile sessions. Valid values: `all`, `utm`, `disable`. diff --git a/website/docs/r/fortios_firewall_policy_move.html.markdown b/website/docs/r/fortios_firewall_policy_move.html.markdown new file mode 100644 index 000000000..6f8aeb14c --- /dev/null +++ b/website/docs/r/fortios_firewall_policy_move.html.markdown @@ -0,0 +1,49 @@ + + +--- +layout: "fortios" +page_title: "FortiOS: fortios_firewall_policy_move" +sidebar_current: "docs-fortios_firewall_policy_move" +subcategory: "FortiGate Firewall" +description: |- + Provides a resource to move firewall policy policy +--- + +# fortios_firewall_policy_move +Provides a resource to move firewall policy policy + +```hcl + +resource "fortios_firewall_policy_move" "test1" { + policyid_src = 2 + policyid_dst = 3 + move = "after" +} + +``` + +The following arguments are supported: + +* `policyid_src` - (Required) The item's id which you want to move +* `policyid_dst` - (Required) The target item's id of the move action +* `move` - (Required) The move action. Valid values: `before`, `after` +* `comment` - Comment +* `vdomparam` - Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The following attributes are exported: + +* `id` - an identifier for the resource. +* `policyid_src` - The item's id which you want to move +* `policyid_dst` - The target item's id of the move action +* `move` - (Required) the move action. Valid values: `before`, `after` +* `comment` - Comment +* `state_policy_srcdst_pos` - The parameter is read-only, it is used to get the lastest relative position of the policy with policyid_src and the policy with policyid_dst. This can help check whether the latest relative position of the two plicies matches the configuration, and help check whether they have been deleted. This is generally used in the following situations: These two policies are deleted or moved outside of Terraform. Terraform plan will determine the consistency of the state based on this attribute. It includs the following states: + * ""(empty string): the lastest relative position of the two plicies is same as the configuration. + * Similar to "policy with policyid_src(3) is 1 ahead of policy with policyid_dst(5)" or "policy with policyid_src(3) is 4 behind policy with policyid_dst(5)" : The lastest relative position of the two plicies doesn't match the configuration and terraform outputs the relative position offset. Here 5 and 3 are the policyid of the corresponding policy. + * Similar to "policy with policyid_dst(5) was deleted" or "policy with policyid_src(3) was deleted" or "policies with policyid_src(3) and policyid_dst(5) were deleted": It indicates that one or both of these two policies have been deleted outside of terraform. +* `comment` - Comment + + +~> **Warning:** Since the policy changes caused by modifications outside the terraform may be beyond the control of the resource, terraform destroy for the resource will not restore the original sequence state of security policies. Please re-use the resource or resource_json_generic_api to adjust sequence as needed. + + diff --git a/website/docs/r/fortios_firewall_policy_sort.html.markdown b/website/docs/r/fortios_firewall_policy_sort.html.markdown new file mode 100644 index 000000000..9f46ee7cf --- /dev/null +++ b/website/docs/r/fortios_firewall_policy_sort.html.markdown @@ -0,0 +1,48 @@ + +--- +layout: "fortios" +page_title: "FortiOS: fortios_firewall_policy_sort" +sidebar_current: "docs-fortios_firewall_policy_sort" +subcategory: "FortiGate Firewall" +description: |- + Provides a resource to sort firewall policy policy +--- + +# fortios_firewall_policy_sort +Provides a resource to sort firewall policy policy + +```hcl + +resource "fortios_firewall_policy_sort" "test" { + sortby = "policyid" + sortdirection = "ascending" +} + +``` + +The following arguments are supported: + +* `sortby` - (Required) Sort security policies by the value, it currently supports "policyid" and "name". +* `sortdirection` - (Required) Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". +* `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. +* `comment` - Comment. +* `vdomparam` - Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The following attributes are exported: + +* `id` - an identifier for the resource. +* `sortby` - Sort security policies by the value, it currently supports "policyid" and "name". +* `sortdirection` - Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". +* `status` - The parameter is read-only, it is used to indicate whether the sorting of the policies on FGT matches the terraform configuration, if matched, the value is empty(that means ""), otherwise the value is "unsorted", usually the modification outside of the terrform will cause that the status value is "unsorted". +* `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. +* `comment` - Comment. +* `state_policy_list` - The parameter is read-only, it is used to get the latest policy list. It will be updated after each terraform apply or terraform refresh. + + +~> **Note** Since the policy changes caused by modifications outside the terraform may be beyond the control of the resource, terraform destroy for the resource will not restore the original sequence state of security policies. + +!> **Warning** This resource involves the priority shift of many policies, when using terraform apply to apply this resource, please try to ensure that the FGT is offline to avoid business interruption or unnecessary security risks. + + diff --git a/website/docs/r/fortios_firewall_profilegroup.html.markdown b/website/docs/r/fortios_firewall_profilegroup.html.markdown index 801e8c9e5..35ab11cf0 100644 --- a/website/docs/r/fortios_firewall_profilegroup.html.markdown +++ b/website/docs/r/fortios_firewall_profilegroup.html.markdown @@ -37,11 +37,13 @@ The following arguments are supported: * `voip_profile` - Name of an existing VoIP profile. * `ips_voip_filter` - Name of an existing VoIP (ips) profile. * `sctp_filter_profile` - Name of an existing SCTP filter profile. +* `virtual_patch_profile` - Name of an existing virtual-patch profile. * `icap_profile` - Name of an existing ICAP profile. * `cifs_profile` - Name of an existing CIFS profile. * `videofilter_profile` - Name of an existing VideoFilter profile. * `waf_profile` - Name of an existing Web application firewall profile. * `ssh_filter_profile` - Name of an existing SSH filter profile. +* `casb_profile` - Name of an existing CASB profile. * `profile_protocol_options` - Name of an existing Protocol options profile. * `ssl_ssh_profile` - Name of an existing SSL SSH profile. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_firewall_proxypolicy.html.markdown b/website/docs/r/fortios_firewall_proxypolicy.html.markdown index 3856979f9..bd59ab1a0 100644 --- a/website/docs/r/fortios_firewall_proxypolicy.html.markdown +++ b/website/docs/r/fortios_firewall_proxypolicy.html.markdown @@ -124,11 +124,13 @@ The following arguments are supported: * `ips_voip_filter` - Name of an existing VoIP (ips) profile. * `voip_profile` - Name of an existing VoIP profile. * `sctp_filter_profile` - Name of an existing SCTP filter profile. +* `virtual_patch_profile` - Name of an existing virtual-patch profile. * `icap_profile` - Name of an existing ICAP profile. * `cifs_profile` - Name of an existing CIFS profile. * `videofilter_profile` - Name of an existing VideoFilter profile. * `waf_profile` - Name of an existing Web application firewall profile. * `ssh_filter_profile` - Name of an existing SSH filter profile. +* `casb_profile` - Name of an existing CASB profile. * `profile_protocol_options` - Name of an existing Protocol options profile. * `ssl_ssh_profile` - Name of an existing SSL SSH profile. * `replacemsg_override_group` - Authentication replacement message override group. @@ -140,6 +142,7 @@ The following arguments are supported: * `block_notification` - Enable/disable block notification. Valid values: `enable`, `disable`. * `redirect_url` - Redirect URL for further explicit web proxy processing. * `decrypted_traffic_mirror` - Decrypted traffic mirror. +* `detect_https_in_http_request` - Enable/disable detection of HTTPS in HTTP request. Valid values: `enable`, `disable`. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_firewall_proxypolicy_sort.html.markdown b/website/docs/r/fortios_firewall_proxypolicy_sort.html.markdown index aca92d0a2..a297bd650 100644 --- a/website/docs/r/fortios_firewall_proxypolicy_sort.html.markdown +++ b/website/docs/r/fortios_firewall_proxypolicy_sort.html.markdown @@ -22,8 +22,9 @@ resource "fortios_firewall_proxypolicy_sort" "test" { The following arguments are supported: -* `sortby` - (Required) Sort security policies by the value, it currently supports "policyid". +* `sortby` - (Required) Sort security policies by the value, it currently supports "policyid" and "name". * `sortdirection` - (Required) Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". * `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. * `comment` - Comment. * `vdomparam` - Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. @@ -31,11 +32,13 @@ The following arguments are supported: The following attributes are exported: * `id` - an identifier for the resource. -* `sortby` - Sort security policies by the value, it currently supports "policyid". +* `sortby` - Sort security policies by the value, it currently supports "policyid" and "name". * `sortdirection` - Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". * `status` - The parameter is read-only, it is used to indicate whether the sorting of the policies on FGT matches the terraform configuration, if matched, the value is empty(that means ""), otherwise the value is "unsorted", usually the modification outside of the terrform will cause that the status value is "unsorted". * `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. * `comment` - Comment. +* `state_policy_list` - The parameter is read-only, it is used to get the latest policy list. It will be updated after each terraform apply or terraform refresh. ~> **Note** Since the policy changes caused by modifications outside the terraform may be beyond the control of the resource, terraform destroy for the resource will not restore the original sequence state of security policies. diff --git a/website/docs/r/fortios_firewall_security_policyseq.html.markdown b/website/docs/r/fortios_firewall_security_policyseq.html.markdown index 19ddc90ae..9ba61a242 100644 --- a/website/docs/r/fortios_firewall_security_policyseq.html.markdown +++ b/website/docs/r/fortios_firewall_security_policyseq.html.markdown @@ -10,6 +10,8 @@ description: |- # fortios_firewall_security_policyseq Provides a resource to alter firewall security policy sequence +!> **Warning:** "This resource will be deprecated after 3 releases from v1.18.0, use `fortios_firewall_policy_move` resource instead. + ## Example Usage ```hcl resource "fortios_firewall_security_policy" "test1" { diff --git a/website/docs/r/fortios_firewall_security_policysort.html.markdown b/website/docs/r/fortios_firewall_security_policysort.html.markdown index 1154e545f..bf54c5f09 100644 --- a/website/docs/r/fortios_firewall_security_policysort.html.markdown +++ b/website/docs/r/fortios_firewall_security_policysort.html.markdown @@ -10,6 +10,8 @@ description: |- # fortios_firewall_security_policysort Resource to sort firewall security policies by policyid or policy name, in ascending or descending order. +!> **Warning:** "This resource will be deprecated after 3 releases from v1.18.0, use `fortios_firewall_policy_sort` resource instead. + ## Example Usage ### Example1 diff --git a/website/docs/r/fortios_firewall_securitypolicy.html.markdown b/website/docs/r/fortios_firewall_securitypolicy.html.markdown index 5f034c08c..200e540e1 100644 --- a/website/docs/r/fortios_firewall_securitypolicy.html.markdown +++ b/website/docs/r/fortios_firewall_securitypolicy.html.markdown @@ -114,10 +114,12 @@ The following arguments are supported: * `voip_profile` - Name of an existing VoIP profile. * `ips_voip_filter` - Name of an existing VoIP (ips) profile. * `sctp_filter_profile` - Name of an existing SCTP filter profile. +* `virtual_patch_profile` - Name of an existing virtual-patch profile. * `icap_profile` - Name of an existing ICAP profile. * `cifs_profile` - Name of an existing CIFS profile. * `videofilter_profile` - Name of an existing VideoFilter profile. * `ssh_filter_profile` - Name of an existing SSH filter profile. +* `casb_profile` - Name of an existing CASB profile. * `application` - Application ID list. The structure of `application` block is documented below. * `app_category` - Application category ID list. The structure of `app_category` block is documented below. * `url_category_unitary` - URL categories or groups. diff --git a/website/docs/r/fortios_firewall_securitypolicy_move.html.markdown b/website/docs/r/fortios_firewall_securitypolicy_move.html.markdown new file mode 100644 index 000000000..42a823a92 --- /dev/null +++ b/website/docs/r/fortios_firewall_securitypolicy_move.html.markdown @@ -0,0 +1,49 @@ + + +--- +layout: "fortios" +page_title: "FortiOS: fortios_firewall_securitypolicy_move" +sidebar_current: "docs-fortios_firewall_securitypolicy_move" +subcategory: "FortiGate Firewall" +description: |- + Provides a resource to move firewall securitypolicy policy +--- + +# fortios_firewall_securitypolicy_move +Provides a resource to move firewall securitypolicy policy + +```hcl + +resource "fortios_firewall_securitypolicy_move" "test1" { + policyid_src = 2 + policyid_dst = 3 + move = "after" +} + +``` + +The following arguments are supported: + +* `policyid_src` - (Required) The item's id which you want to move +* `policyid_dst` - (Required) The target item's id of the move action +* `move` - (Required) The move action. Valid values: `before`, `after` +* `comment` - Comment +* `vdomparam` - Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The following attributes are exported: + +* `id` - an identifier for the resource. +* `policyid_src` - The item's id which you want to move +* `policyid_dst` - The target item's id of the move action +* `move` - (Required) the move action. Valid values: `before`, `after` +* `comment` - Comment +* `state_policy_srcdst_pos` - The parameter is read-only, it is used to get the lastest relative position of the policy with policyid_src and the policy with policyid_dst. This can help check whether the latest relative position of the two plicies matches the configuration, and help check whether they have been deleted. This is generally used in the following situations: These two policies are deleted or moved outside of Terraform. Terraform plan will determine the consistency of the state based on this attribute. It includs the following states: + * ""(empty string): the lastest relative position of the two plicies is same as the configuration. + * Similar to "policy with policyid_src(3) is 1 ahead of policy with policyid_dst(5)" or "policy with policyid_src(3) is 4 behind policy with policyid_dst(5)" : The lastest relative position of the two plicies doesn't match the configuration and terraform outputs the relative position offset. Here 5 and 3 are the policyid of the corresponding policy. + * Similar to "policy with policyid_dst(5) was deleted" or "policy with policyid_src(3) was deleted" or "policies with policyid_src(3) and policyid_dst(5) were deleted": It indicates that one or both of these two policies have been deleted outside of terraform. +* `comment` - Comment + + +~> **Warning:** Since the policy changes caused by modifications outside the terraform may be beyond the control of the resource, terraform destroy for the resource will not restore the original sequence state of security policies. Please re-use the resource or resource_json_generic_api to adjust sequence as needed. + + diff --git a/website/docs/r/fortios_firewall_securitypolicy_sort.html.markdown b/website/docs/r/fortios_firewall_securitypolicy_sort.html.markdown new file mode 100644 index 000000000..ce27b56a3 --- /dev/null +++ b/website/docs/r/fortios_firewall_securitypolicy_sort.html.markdown @@ -0,0 +1,48 @@ + +--- +layout: "fortios" +page_title: "FortiOS: fortios_firewall_securitypolicy_sort" +sidebar_current: "docs-fortios_firewall_securitypolicy_sort" +subcategory: "FortiGate Firewall" +description: |- + Provides a resource to sort firewall securitypolicy policy +--- + +# fortios_firewall_securitypolicy_sort +Provides a resource to sort firewall securitypolicy policy + +```hcl + +resource "fortios_firewall_securitypolicy_sort" "test" { + sortby = "policyid" + sortdirection = "ascending" +} + +``` + +The following arguments are supported: + +* `sortby` - (Required) Sort security policies by the value, it currently supports "policyid" and "name". +* `sortdirection` - (Required) Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". +* `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. +* `comment` - Comment. +* `vdomparam` - Specifies the vdom to which the data source will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The following attributes are exported: + +* `id` - an identifier for the resource. +* `sortby` - Sort security policies by the value, it currently supports "policyid" and "name". +* `sortdirection` - Sort dirction, supports "ascending" and "descending". +* `manual_order` - Manual order for resources you want to be sorted. Content must be the category of `sortby`. Available when `sortdirection` set to "manual". +* `status` - The parameter is read-only, it is used to indicate whether the sorting of the policies on FGT matches the terraform configuration, if matched, the value is empty(that means ""), otherwise the value is "unsorted", usually the modification outside of the terrform will cause that the status value is "unsorted". +* `force_recreate` - The argument is optional, if it is set, when the value changes, the resource will be re-created. It is usually used when new policies are added, or old policies are deleted. +* `comment` - Comment. +* `state_policy_list` - The parameter is read-only, it is used to get the latest policy list. It will be updated after each terraform apply or terraform refresh. + + +~> **Note** Since the policy changes caused by modifications outside the terraform may be beyond the control of the resource, terraform destroy for the resource will not restore the original sequence state of security policies. + +!> **Warning** This resource involves the priority shift of many policies, when using terraform apply to apply this resource, please try to ensure that the FGT is offline to avoid business interruption or unnecessary security risks. + + diff --git a/website/docs/r/fortios_firewall_sniffer.html.markdown b/website/docs/r/fortios_firewall_sniffer.html.markdown index 7c31ecb46..5bef50909 100644 --- a/website/docs/r/fortios_firewall_sniffer.html.markdown +++ b/website/docs/r/fortios_firewall_sniffer.html.markdown @@ -53,6 +53,8 @@ The following arguments are supported: * `dsri` - Enable/disable DSRI. Valid values: `enable`, `disable`. * `av_profile_status` - Enable/disable antivirus profile. Valid values: `enable`, `disable`. * `av_profile` - Name of an existing antivirus profile. +* `casb_profile_status` - Enable/disable CASB profile. Valid values: `enable`, `disable`. +* `casb_profile` - Name of an existing CASB profile. * `webfilter_profile_status` - Enable/disable web filter profile. Valid values: `enable`, `disable`. * `webfilter_profile` - Name of an existing web filter profile. * `emailfilter_profile_status` - Enable/disable emailfilter. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_firewall_sslsshprofile.html.markdown b/website/docs/r/fortios_firewall_sslsshprofile.html.markdown index 15fbf5f6d..775408d19 100644 --- a/website/docs/r/fortios_firewall_sslsshprofile.html.markdown +++ b/website/docs/r/fortios_firewall_sslsshprofile.html.markdown @@ -114,6 +114,7 @@ The `https` block supports: * `ports` - Ports to use for scanning (1 - 65535, default = 443). * `status` - Configure protocol inspection status. Valid values: `disable`, `certificate-inspection`, `deep-inspection`. +* `quic` - Enable/disable QUIC inspection (default = disable). Valid values: `disable`, `enable`. * `proxy_after_tcp_handshake` - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: `enable`, `disable`. * `client_certificate` - Action based on received client certificate. Valid values: `bypass`, `inspect`, `block`. * `unsupported_ssl_version` - Action based on the SSL version used being unsupported. @@ -221,6 +222,7 @@ The `ssh` block supports: The `dot` block supports: * `status` - Configure protocol inspection status. Valid values: `disable`, `deep-inspection`. +* `quic` - Enable/disable QUIC inspection (default = disable). Valid values: `disable`, `enable`. * `proxy_after_tcp_handshake` - Proxy traffic after the TCP 3-way handshake has been established (not before). Valid values: `enable`, `disable`. * `client_certificate` - Action based on received client certificate. Valid values: `bypass`, `inspect`, `block`. * `unsupported_ssl_version` - Action based on the SSL version used being unsupported. diff --git a/website/docs/r/fortios_firewall_vip.html.markdown b/website/docs/r/fortios_firewall_vip.html.markdown index 742ad7b5a..4c5cc2eaf 100644 --- a/website/docs/r/fortios_firewall_vip.html.markdown +++ b/website/docs/r/fortios_firewall_vip.html.markdown @@ -88,6 +88,9 @@ The following arguments are supported: * `service` - Service name. The structure of `service` block is documented below. * `extip` - IP address or address range on the external interface that you want to map to an address or address range on the destination network. * `extaddr` - External FQDN address name. The structure of `extaddr` block is documented below. +* `h2_support` - Enable/disable HTTP2 support (default = enable). Valid values: `enable`, `disable`. +* `h3_support` - Enable/disable HTTP3/QUIC support (default = disable). Valid values: `enable`, `disable`. +* `quic` - QUIC setting. The structure of `quic` block is documented below. * `nat44` - Enable/disable NAT44. Valid values: `disable`, `enable`. * `nat46` - Enable/disable NAT46. Valid values: `disable`, `enable`. * `add_nat46_route` - Enable/disable adding NAT46 route. Valid values: `disable`, `enable`. @@ -118,6 +121,7 @@ The following arguments are supported: * `http_multiplex` - Enable/disable HTTP multiplexing. Valid values: `enable`, `disable`. * `http_multiplex_ttl` - Time-to-live for idle connections to servers. * `http_multiplex_max_request` - Maximum number of requests that a multiplex server can handle before disconnecting sessions (default = unlimited). +* `http_multiplex_max_concurrent_request` - Maximum number of concurrent requests that a multiplex server can handle (default = unlimited). * `http_supported_max_version` - Maximum supported HTTP versions. default = HTTP2 Valid values: `http1`, `http2`. * `http_ip_header` - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. Valid values: `enable`, `disable`. * `http_ip_header_name` - For HTTP multiplexing, enter a custom HTTPS header name. The original client IP address is added to this header. If empty, X-Forwarded-For is used. @@ -180,6 +184,17 @@ The `extaddr` block supports: * `name` - Address name. +The `quic` block supports: + +* `max_idle_timeout` - Maximum idle timeout milliseconds (1 - 60000, default = 30000). +* `max_udp_payload_size` - Maximum UDP payload size in bytes (1200 - 1500, default = 1500). +* `active_connection_id_limit` - Active connection ID limit (1 - 8, default = 2). +* `ack_delay_exponent` - ACK delay exponent (1 - 20, default = 3). +* `max_ack_delay` - Maximum ACK delay in milliseconds (1 - 16383, default = 25). +* `max_datagram_frame_size` - Maximum datagram frame size in bytes (1 - 1500, default = 1500). +* `active_migration` - Enable/disable active migration (default = disable). Valid values: `enable`, `disable`. +* `grease_quic_bit` - Enable/disable grease QUIC bit (default = enable). Valid values: `enable`, `disable`. + The `mappedip` block supports: * `range` - Mapped IP range. diff --git a/website/docs/r/fortios_ips_global.html.markdown b/website/docs/r/fortios_ips_global.html.markdown index 97617155b..80b87b6cd 100644 --- a/website/docs/r/fortios_ips_global.html.markdown +++ b/website/docs/r/fortios_ips_global.html.markdown @@ -47,7 +47,7 @@ The following arguments are supported: * `skype_client_public_ipaddr` - Public IP addresses of your network that receive Skype sessions. Helps identify Skype sessions. Separate IP addresses with commas. * `deep_app_insp_timeout` - Timeout for Deep application inspection (1 - 2147483647 sec., 0 = use recommended setting). * `deep_app_insp_db_limit` - Limit on number of entries in deep application inspection database (1 - 2147483647, 0 = use recommended setting) -* `exclude_signatures` - Excluded signatures. Valid values: `none`, `industrial`. +* `exclude_signatures` - Excluded signatures. * `packet_log_queue_depth` - Packet/pcap log queue depth per IPS engine. * `ngfw_max_scan_range` - NGFW policy-mode app detection threshold. * `tls_active_probe` - TLS active probe configuration. The structure of `tls_active_probe` block is documented below. diff --git a/website/docs/r/fortios_logfortianalyzer2_overridesetting.html.markdown b/website/docs/r/fortios_logfortianalyzer2_overridesetting.html.markdown index 633a9f97a..edbadf12d 100644 --- a/website/docs/r/fortios_logfortianalyzer2_overridesetting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzer2_overridesetting.html.markdown @@ -41,11 +41,13 @@ The following arguments are supported: * `status` - Enable/disable logging to FortiAnalyzer. Valid values: `enable`, `disable`. * `ips_archive` - Enable/disable IPS packet archive logging. Valid values: `enable`, `disable`. * `server` - The remote FortiAnalyzer. +* `alt_server` - Alternate FortiAnalyzer. +* `fallback_to_primary` - Enable/disable this FortiGate unit to fallback to the primary FortiAnalyzer when it is available. Valid values: `enable`, `disable`. * `certificate_verification` - Enable/disable identity verification of FortiAnalyzer by use of certificate. Valid values: `enable`, `disable`. * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Enable/disable sending FortiAnalyzer log data with SSL encryption. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortianalyzer2_setting.html.markdown b/website/docs/r/fortios_logfortianalyzer2_setting.html.markdown index c06eb7dde..67b60a596 100644 --- a/website/docs/r/fortios_logfortianalyzer2_setting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzer2_setting.html.markdown @@ -38,11 +38,13 @@ The following arguments are supported: * `status` - Enable/disable logging to FortiAnalyzer. Valid values: `enable`, `disable`. * `ips_archive` - Enable/disable IPS packet archive logging. Valid values: `enable`, `disable`. * `server` - The remote FortiAnalyzer. +* `alt_server` - Alternate FortiAnalyzer. +* `fallback_to_primary` - Enable/disable this FortiGate unit to fallback to the primary FortiAnalyzer when it is available. Valid values: `enable`, `disable`. * `certificate_verification` - Enable/disable identity verification of FortiAnalyzer by use of certificate. Valid values: `enable`, `disable`. * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Enable/disable sending FortiAnalyzer log data with SSL encryption. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortianalyzer3_overridesetting.html.markdown b/website/docs/r/fortios_logfortianalyzer3_overridesetting.html.markdown index fd1b886ed..dc084c4a6 100644 --- a/website/docs/r/fortios_logfortianalyzer3_overridesetting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzer3_overridesetting.html.markdown @@ -41,11 +41,13 @@ The following arguments are supported: * `status` - Enable/disable logging to FortiAnalyzer. Valid values: `enable`, `disable`. * `ips_archive` - Enable/disable IPS packet archive logging. Valid values: `enable`, `disable`. * `server` - The remote FortiAnalyzer. +* `alt_server` - Alternate FortiAnalyzer. +* `fallback_to_primary` - Enable/disable this FortiGate unit to fallback to the primary FortiAnalyzer when it is available. Valid values: `enable`, `disable`. * `certificate_verification` - Enable/disable identity verification of FortiAnalyzer by use of certificate. Valid values: `enable`, `disable`. * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Enable/disable sending FortiAnalyzer log data with SSL encryption. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortianalyzer3_setting.html.markdown b/website/docs/r/fortios_logfortianalyzer3_setting.html.markdown index e2fcc0e14..e3c0c7db8 100644 --- a/website/docs/r/fortios_logfortianalyzer3_setting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzer3_setting.html.markdown @@ -38,11 +38,13 @@ The following arguments are supported: * `status` - Enable/disable logging to FortiAnalyzer. Valid values: `enable`, `disable`. * `ips_archive` - Enable/disable IPS packet archive logging. Valid values: `enable`, `disable`. * `server` - The remote FortiAnalyzer. +* `alt_server` - Alternate FortiAnalyzer. +* `fallback_to_primary` - Enable/disable this FortiGate unit to fallback to the primary FortiAnalyzer when it is available. Valid values: `enable`, `disable`. * `certificate_verification` - Enable/disable identity verification of FortiAnalyzer by use of certificate. Valid values: `enable`, `disable`. * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Enable/disable sending FortiAnalyzer log data with SSL encryption. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortianalyzer_overridesetting.html.markdown b/website/docs/r/fortios_logfortianalyzer_overridesetting.html.markdown index 47e306dd0..c63b1faff 100644 --- a/website/docs/r/fortios_logfortianalyzer_overridesetting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzer_overridesetting.html.markdown @@ -41,11 +41,13 @@ The following arguments are supported: * `status` - Enable/disable logging to FortiAnalyzer. Valid values: `enable`, `disable`. * `ips_archive` - Enable/disable IPS packet archive logging. Valid values: `enable`, `disable`. * `server` - The remote FortiAnalyzer. +* `alt_server` - Alternate FortiAnalyzer. +* `fallback_to_primary` - Enable/disable this FortiGate unit to fallback to the primary FortiAnalyzer when it is available. Valid values: `enable`, `disable`. * `certificate_verification` - Enable/disable identity verification of FortiAnalyzer by use of certificate. Valid values: `enable`, `disable`. * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Enable/disable sending FortiAnalyzer log data with SSL encryption. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortianalyzer_setting.html.markdown b/website/docs/r/fortios_logfortianalyzer_setting.html.markdown index fb66d1614..1a3712305 100644 --- a/website/docs/r/fortios_logfortianalyzer_setting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzer_setting.html.markdown @@ -38,11 +38,13 @@ The following arguments are supported: * `status` - Enable/disable logging to FortiAnalyzer. Valid values: `enable`, `disable`. * `ips_archive` - Enable/disable IPS packet archive logging. Valid values: `enable`, `disable`. * `server` - The remote FortiAnalyzer. +* `alt_server` - Alternate FortiAnalyzer. +* `fallback_to_primary` - Enable/disable this FortiGate unit to fallback to the primary FortiAnalyzer when it is available. Valid values: `enable`, `disable`. * `certificate_verification` - Enable/disable identity verification of FortiAnalyzer by use of certificate. Valid values: `enable`, `disable`. * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Enable/disable sending FortiAnalyzer log data with SSL encryption. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortianalyzercloud_setting.html.markdown b/website/docs/r/fortios_logfortianalyzercloud_setting.html.markdown index 2682d0ba7..446627485 100644 --- a/website/docs/r/fortios_logfortianalyzercloud_setting.html.markdown +++ b/website/docs/r/fortios_logfortianalyzercloud_setting.html.markdown @@ -19,7 +19,7 @@ The following arguments are supported: * `serial` - Serial numbers of the FortiAnalyzer. The structure of `serial` block is documented below. * `preshared_key` - Preshared-key used for auto-authorization on FortiAnalyzer. * `access_config` - Enable/disable FortiAnalyzer access to configuration and data. Valid values: `enable`, `disable`. -* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. Valid values: `sha256`, `sha1`. +* `hmac_algorithm` - FortiAnalyzer IPsec tunnel HMAC algorithm. * `enc_algorithm` - Configure the level of SSL protection for secure communication with FortiAnalyzer. Valid values: `high-medium`, `high`, `low`. * `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiAnalyzer connection time-out in seconds (for status and log buffer). diff --git a/website/docs/r/fortios_logfortiguard_setting.html.markdown b/website/docs/r/fortios_logfortiguard_setting.html.markdown index 29e99873c..bde3099d4 100644 --- a/website/docs/r/fortios_logfortiguard_setting.html.markdown +++ b/website/docs/r/fortios_logfortiguard_setting.html.markdown @@ -36,7 +36,7 @@ The following arguments are supported: * `max_log_rate` - FortiCloud maximum log rate in MBps (0 = unlimited). * `access_config` - Enable/disable FortiCloud access to configuration and data. Valid values: `enable`, `disable`. * `enc_algorithm` - Enable and set the SSL security level for for sending encrypted logs to FortiCloud. Valid values: `high-medium`, `high`, `low`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `conn_timeout` - FortiGate Cloud connection timeout in seconds. * `source_ip` - Source IP address used to connect FortiCloud. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd2_overridesetting.html.markdown b/website/docs/r/fortios_logsyslogd2_overridesetting.html.markdown index 3841ac4f8..752d8486b 100644 --- a/website/docs/r/fortios_logsyslogd2_overridesetting.html.markdown +++ b/website/docs/r/fortios_logsyslogd2_overridesetting.html.markdown @@ -24,7 +24,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd2_setting.html.markdown b/website/docs/r/fortios_logsyslogd2_setting.html.markdown index 0ed4db690..ab8ebc1c9 100644 --- a/website/docs/r/fortios_logsyslogd2_setting.html.markdown +++ b/website/docs/r/fortios_logsyslogd2_setting.html.markdown @@ -38,7 +38,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd3_overridesetting.html.markdown b/website/docs/r/fortios_logsyslogd3_overridesetting.html.markdown index 351eccb8a..e97ed3342 100644 --- a/website/docs/r/fortios_logsyslogd3_overridesetting.html.markdown +++ b/website/docs/r/fortios_logsyslogd3_overridesetting.html.markdown @@ -24,7 +24,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd3_setting.html.markdown b/website/docs/r/fortios_logsyslogd3_setting.html.markdown index ffc37a012..e5fe33872 100644 --- a/website/docs/r/fortios_logsyslogd3_setting.html.markdown +++ b/website/docs/r/fortios_logsyslogd3_setting.html.markdown @@ -38,7 +38,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd4_overridesetting.html.markdown b/website/docs/r/fortios_logsyslogd4_overridesetting.html.markdown index 7b073edbb..4662f12ba 100644 --- a/website/docs/r/fortios_logsyslogd4_overridesetting.html.markdown +++ b/website/docs/r/fortios_logsyslogd4_overridesetting.html.markdown @@ -24,7 +24,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd4_setting.html.markdown b/website/docs/r/fortios_logsyslogd4_setting.html.markdown index 647f61103..c8a49c1e5 100644 --- a/website/docs/r/fortios_logsyslogd4_setting.html.markdown +++ b/website/docs/r/fortios_logsyslogd4_setting.html.markdown @@ -38,7 +38,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd_overridesetting.html.markdown b/website/docs/r/fortios_logsyslogd_overridesetting.html.markdown index d5bb14506..22134f6ef 100644 --- a/website/docs/r/fortios_logsyslogd_overridesetting.html.markdown +++ b/website/docs/r/fortios_logsyslogd_overridesetting.html.markdown @@ -24,7 +24,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_logsyslogd_setting.html.markdown b/website/docs/r/fortios_logsyslogd_setting.html.markdown index 7f33bffdc..1dccd05d5 100644 --- a/website/docs/r/fortios_logsyslogd_setting.html.markdown +++ b/website/docs/r/fortios_logsyslogd_setting.html.markdown @@ -38,7 +38,7 @@ The following arguments are supported: * `priority` - Set log transmission priority. Valid values: `default`, `low`. * `max_log_rate` - Syslog maximum log rate in MBps (0 = unlimited). * `enc_algorithm` - Enable/disable reliable syslogging with TLS encryption. Valid values: `high-medium`, `high`, `low`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `certificate` - Certificate used to communicate with Syslog server. * `custom_field_name` - Custom field name for CEF format logging. The structure of `custom_field_name` block is documented below. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_router_bgp.html.markdown b/website/docs/r/fortios_router_bgp.html.markdown index 776f8132c..69726c340 100644 --- a/website/docs/r/fortios_router_bgp.html.markdown +++ b/website/docs/r/fortios_router_bgp.html.markdown @@ -260,8 +260,10 @@ The `neighbor` block supports: * `ebgp_multihop_ttl` - EBGP multihop TTL for this peer. * `filter_list_in` - BGP filter for IPv4 inbound routes. * `filter_list_in6` - BGP filter for IPv6 inbound routes. +* `filter_list_in_vpnv4` - BGP filter for VPNv4 inbound routes. * `filter_list_out` - BGP filter for IPv4 outbound routes. * `filter_list_out6` - BGP filter for IPv6 outbound routes. +* `filter_list_out_vpnv4` - BGP filter for VPNv4 outbound routes. * `interface` - Interface * `maximum_prefix` - Maximum number of IPv4 prefixes to accept from this peer. * `maximum_prefix6` - Maximum number of IPv6 prefixes to accept from this peer. @@ -404,8 +406,10 @@ The `neighbor_group` block supports: * `ebgp_multihop_ttl` - EBGP multihop TTL for this peer. * `filter_list_in` - BGP filter for IPv4 inbound routes. * `filter_list_in6` - BGP filter for IPv6 inbound routes. +* `filter_list_in_vpnv4` - BGP filter for VPNv4 inbound routes. * `filter_list_out` - BGP filter for IPv4 outbound routes. * `filter_list_out6` - BGP filter for IPv6 outbound routes. +* `filter_list_out_vpnv4` - BGP filter for VPNv4 outbound routes. * `interface` - Interface * `maximum_prefix` - Maximum number of IPv4 prefixes to accept from this peer. * `maximum_prefix6` - Maximum number of IPv6 prefixes to accept from this peer. diff --git a/website/docs/r/fortios_router_policy6.html.markdown b/website/docs/r/fortios_router_policy6.html.markdown index 88becbbf6..162ddb923 100644 --- a/website/docs/r/fortios_router_policy6.html.markdown +++ b/website/docs/r/fortios_router_policy6.html.markdown @@ -45,6 +45,8 @@ The following arguments are supported: * `protocol` - Protocol number (0 - 255). * `start_port` - Start destination port number (1 - 65535). * `end_port` - End destination port number (1 - 65535). +* `start_source_port` - Start source port number (1 - 65535). +* `end_source_port` - End source port number (1 - 65535). * `gateway` - IPv6 address of the gateway. * `output_device` - Outgoing interface name. * `tos` - Type of service bit pattern. diff --git a/website/docs/r/fortios_router_routemap.html.markdown b/website/docs/r/fortios_router_routemap.html.markdown index 2e56ac5b1..6012d1142 100644 --- a/website/docs/r/fortios_router_routemap.html.markdown +++ b/website/docs/r/fortios_router_routemap.html.markdown @@ -96,6 +96,7 @@ The `rule` block supports: * `set_extcommunity_soo` - Site-of-Origin extended community. The structure of `set_extcommunity_soo` block is documented below. * `set_ip_nexthop` - IP address of next hop. * `set_ip_prefsrc` - IP address of preferred source. +* `set_vpnv4_nexthop` - IP address of VPNv4 next-hop. * `set_ip6_nexthop` - IPv6 global address of next hop. * `set_ip6_nexthop_local` - IPv6 local address of next hop. * `set_local_preference` - BGP local preference path attribute. diff --git a/website/docs/r/fortios_routerbgp_neighbor.html.markdown b/website/docs/r/fortios_routerbgp_neighbor.html.markdown index 94cf59031..d25fca3c9 100644 --- a/website/docs/r/fortios_routerbgp_neighbor.html.markdown +++ b/website/docs/r/fortios_routerbgp_neighbor.html.markdown @@ -88,8 +88,10 @@ The following arguments are supported: * `ebgp_multihop_ttl` - EBGP multihop TTL for this peer. * `filter_list_in` - BGP filter for IPv4 inbound routes. * `filter_list_in6` - BGP filter for IPv6 inbound routes. +* `filter_list_in_vpnv4` - BGP filter for VPNv4 inbound routes. * `filter_list_out` - BGP filter for IPv4 outbound routes. * `filter_list_out6` - BGP filter for IPv6 outbound routes. +* `filter_list_out_vpnv4` - BGP filter for VPNv4 outbound routes. * `interface` - Interface * `maximum_prefix` - Maximum number of IPv4 prefixes to accept from this peer. * `maximum_prefix6` - Maximum number of IPv6 prefixes to accept from this peer. diff --git a/website/docs/r/fortios_rule_otdt.html.markdown b/website/docs/r/fortios_rule_otdt.html.markdown new file mode 100644 index 000000000..76fa86a70 --- /dev/null +++ b/website/docs/r/fortios_rule_otdt.html.markdown @@ -0,0 +1,58 @@ +--- +subcategory: "FortiGate Rule" +layout: "fortios" +page_title: "FortiOS: fortios_rule_otdt" +description: |- + Show OT detection signatures. +--- + +# fortios_rule_otdt +Show OT detection signatures. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Application name. +* `fosid` - Application ID. +* `category` - Application category ID. +* `popularity` - Application popularity. +* `risk` - Application risk. +* `weight` - Application weight. +* `protocol` - Application protocol. +* `technology` - Application technology. +* `behavior` - Application behavior. +* `vendor` - Application vendor. +* `parameters` - Application parameters. The structure of `parameters` block is documented below. +* `metadata` - Meta data. The structure of `metadata` block is documented below. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `parameters` block supports: + +* `name` - Parameter name. + +The `metadata` block supports: + +* `id` - ID. +* `metaid` - Meta ID. +* `valueid` - Value ID. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +Rule Otdt can be imported using any of these accepted formats: +``` +$ terraform import fortios_rule_otdt.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_rule_otdt.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_rule_otvp.html.markdown b/website/docs/r/fortios_rule_otvp.html.markdown new file mode 100644 index 000000000..66671aa25 --- /dev/null +++ b/website/docs/r/fortios_rule_otvp.html.markdown @@ -0,0 +1,56 @@ +--- +subcategory: "FortiGate Rule" +layout: "fortios" +page_title: "FortiOS: fortios_rule_otvp" +description: |- + Show OT patch signatures. +--- + +# fortios_rule_otvp +Show OT patch signatures. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Rule name. +* `log` - Enable/disable logging. Valid values: `disable`, `enable`. +* `log_packet` - Enable/disable packet logging. Valid values: `disable`, `enable`. +* `action` - Action. Valid values: `pass`, `block`. +* `group` - Group. +* `severity` - Severity. +* `location` - Vulnerable location. +* `os` - Vulnerable operation systems. +* `application` - Vulnerable applications. +* `service` - Vulnerable service. +* `rule_id` - Rule ID. +* `rev` - Revision. +* `date` - Date. +* `metadata` - Meta data. The structure of `metadata` block is documented below. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `metadata` block supports: + +* `id` - ID. +* `metaid` - Meta ID. +* `valueid` - Value ID. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +Rule Otvp can be imported using any of these accepted formats: +``` +$ terraform import fortios_rule_otvp.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_rule_otvp.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_switchcontroller_fortilinksettings.html.markdown b/website/docs/r/fortios_switchcontroller_fortilinksettings.html.markdown index aff950c0c..f3dbf4695 100644 --- a/website/docs/r/fortios_switchcontroller_fortilinksettings.html.markdown +++ b/website/docs/r/fortios_switchcontroller_fortilinksettings.html.markdown @@ -17,6 +17,7 @@ The following arguments are supported: * `fortilink` - FortiLink interface to which this fortilink-setting belongs. * `inactive_timer` - Time interval(minutes) to be included in the inactive devices expiry calculation (mac age-out + inactive-time + periodic scan interval). * `link_down_flush` - Clear NAC and dynamic devices on switch ports on link down event. Valid values: `disable`, `enable`. +* `access_vlan_mode` - Intra VLAN traffic behavior with loss of connection to the FortiGate. Valid values: `legacy`, `fail-open`, `fail-close`. * `nac_ports` - NAC specific configuration. The structure of `nac_ports` block is documented below. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_switchcontroller_global.html.markdown b/website/docs/r/fortios_switchcontroller_global.html.markdown index 2503e0525..e3eb79254 100644 --- a/website/docs/r/fortios_switchcontroller_global.html.markdown +++ b/website/docs/r/fortios_switchcontroller_global.html.markdown @@ -31,6 +31,7 @@ The following arguments are supported: * `https_image_push` - Enable/disable image push to FortiSwitch using HTTPS. Valid values: `enable`, `disable`. * `vlan_all_mode` - VLAN configuration mode, user-defined-vlans or all-possible-vlans. Valid values: `all`, `defined`. * `vlan_optimization` - FortiLink VLAN optimization. Valid values: `enable`, `disable`. +* `vlan_identity` - Identity of the VLAN. Commonly used for RADIUS Tunnel-Private-Group-Id. Valid values: `description`, `name`. * `disable_discovery` - Prevent this FortiSwitch from discovering. The structure of `disable_discovery` block is documented below. * `mac_retention_period` - Time in hours after which an inactive MAC is removed from client DB. * `default_virtual_switch_vlan` - Default VLAN for ports when added to the virtual-switch. diff --git a/website/docs/r/fortios_switchcontroller_lldpprofile.html.markdown b/website/docs/r/fortios_switchcontroller_lldpprofile.html.markdown index f6fcc78a9..acbb54117 100644 --- a/website/docs/r/fortios_switchcontroller_lldpprofile.html.markdown +++ b/website/docs/r/fortios_switchcontroller_lldpprofile.html.markdown @@ -35,6 +35,12 @@ The following arguments are supported: * `auto_isl_receive_timeout` - Auto inter-switch LAG timeout if no response is received (3 - 90 sec, default = 9). * `auto_isl_port_group` - Auto inter-switch LAG port group ID (0 - 9). * `auto_mclag_icl` - Enable/disable MCLAG inter chassis link. Valid values: `disable`, `enable`. +* `auto_isl_auth` - Auto inter-switch LAG authentication mode. Valid values: `legacy`, `strict`, `relax`. +* `auto_isl_auth_user` - Auto inter-switch LAG authentication user certificate. +* `auto_isl_auth_identity` - Auto inter-switch LAG authentication identity. +* `auto_isl_auth_reauth` - Auto inter-switch LAG authentication reauth period in seconds(10 - 3600, default = 3600). +* `auto_isl_auth_encrypt` - Auto inter-switch LAG encryption mode. Valid values: `none`, `mixed`, `must`. +* `auto_isl_auth_macsec_profile` - Auto inter-switch LAG macsec profile for encryption. * `med_network_policy` - Configuration method to edit Media Endpoint Discovery (MED) network policy type-length-value (TLV) categories. The structure of `med_network_policy` block is documented below. * `med_location_service` - Configuration method to edit Media Endpoint Discovery (MED) location service type-length-value (TLV) categories. The structure of `med_location_service` block is documented below. * `custom_tlvs` - Configuration method to edit custom TLV entries. The structure of `custom_tlvs` block is documented below. diff --git a/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown b/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown index a244e7b93..654e39d74 100644 --- a/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown +++ b/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown @@ -38,6 +38,11 @@ The following arguments are supported: * `switch_dhcp_opt43_key` - DHCP option43 key. * `mclag_igmp_snooping_aware` - Enable/disable MCLAG IGMP-snooping awareness. Valid values: `enable`, `disable`. * `dynamically_discovered` - Dynamically discovered FortiSwitch. +* `ptp_status` - Enable/disable PTP profile on this FortiSwitch. Valid values: `disable`, `enable`. +* `ptp_profile` - PTP profile configuration. +* `route_offload` - Enable/disable route offload on this FortiSwitch. Valid values: `disable`, `enable`. +* `route_offload_mclag` - Enable/disable route offload MCLAG on this FortiSwitch. Valid values: `disable`, `enable`. +* `route_offload_router` - Configure route offload MCLAG IP address. The structure of `route_offload_router` block is documented below. * `type` - Indication of switch type, physical or virtual. Valid values: `virtual`, `physical`. * `owner_vdom` - VDOM which owner of port belongs to. * `flow_identity` - Flow-tracking netflow ipfix switch identity in hex format(00000000-FFFFFFFF default=0). @@ -74,6 +79,11 @@ The following arguments are supported: * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. +The `route_offload_router` block supports: + +* `vlan_name` - VLAN name. +* `router_ip` - Router IP address. + The `ports` block supports: * `port_name` - Switch port name. @@ -84,6 +94,7 @@ The `ports` block supports: * `status` - Switch port admin status: up or down. Valid values: `up`, `down`. * `poe_status` - Enable/disable PoE status. Valid values: `enable`, `disable`. * `ip_source_guard` - Enable/disable IP source guard. Valid values: `disable`, `enable`. +* `ptp_status` - Enable/disable PTP policy on this FortiSwitch port. Valid values: `disable`, `enable`. * `ptp_policy` - PTP policy configuration. * `aggregator_mode` - LACP member select mode. Valid values: `bandwidth`, `count`. * `flapguard` - Enable/disable flap guard. Valid values: `enable`, `disable`. @@ -100,6 +111,9 @@ The `ports` block supports: * `stacking_port` - Stacking port. * `p2p_port` - General peer to peer tunnel port. * `mclag_icl_port` - MCLAG-ICL port. +* `authenticated_port` - Peer to Peer Authenticated port. +* `restricted_auth_port` - Peer to Peer Restricted Authenticated port. +* `encrypted_port` - Peer to Peer Encrypted port. * `fiber_port` - Fiber-port. * `media_type` - Media type. * `poe_standard` - PoE standard supported. diff --git a/website/docs/r/fortios_switchcontroller_nacdevice.html.markdown b/website/docs/r/fortios_switchcontroller_nacdevice.html.markdown index 17159b286..95add98e0 100644 --- a/website/docs/r/fortios_switchcontroller_nacdevice.html.markdown +++ b/website/docs/r/fortios_switchcontroller_nacdevice.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_switchcontroller_nacdevice -Configure/list NAC devices learned on the managed FortiSwitch ports which matches NAC policy. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0`. +Configure/list NAC devices learned on the managed FortiSwitch ports which matches NAC policy. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0`. ## Argument Reference diff --git a/website/docs/r/fortios_switchcontroller_nacsettings.html.markdown b/website/docs/r/fortios_switchcontroller_nacsettings.html.markdown index eeb999449..440bb1731 100644 --- a/website/docs/r/fortios_switchcontroller_nacsettings.html.markdown +++ b/website/docs/r/fortios_switchcontroller_nacsettings.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_switchcontroller_nacsettings -Configure integrated NAC settings for FortiSwitch. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0`. +Configure integrated NAC settings for FortiSwitch. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0`. ## Argument Reference diff --git a/website/docs/r/fortios_switchcontroller_portpolicy.html.markdown b/website/docs/r/fortios_switchcontroller_portpolicy.html.markdown index 794176efa..9e67850be 100644 --- a/website/docs/r/fortios_switchcontroller_portpolicy.html.markdown +++ b/website/docs/r/fortios_switchcontroller_portpolicy.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_switchcontroller_portpolicy -Configure port policy to be applied on the managed FortiSwitch ports through NAC device. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0`. +Configure port policy to be applied on the managed FortiSwitch ports through NAC device. Applies to FortiOS Version `6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0`. ## Argument Reference diff --git a/website/docs/r/fortios_switchcontrollerptp_interfacepolicy.html.markdown b/website/docs/r/fortios_switchcontrollerptp_interfacepolicy.html.markdown new file mode 100644 index 000000000..7b565ae93 --- /dev/null +++ b/website/docs/r/fortios_switchcontrollerptp_interfacepolicy.html.markdown @@ -0,0 +1,38 @@ +--- +subcategory: "FortiGate Switch-Controller" +layout: "fortios" +page_title: "FortiOS: fortios_switchcontrollerptp_interfacepolicy" +description: |- + PTP interface-policy configuration. +--- + +# fortios_switchcontrollerptp_interfacepolicy +PTP interface-policy configuration. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Policy name. +* `description` - Description. +* `vlan` - PTP VLAN. +* `vlan_pri` - Configure PTP VLAN priority (0 - 7, default = 4). +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +SwitchControllerPtp InterfacePolicy can be imported using any of these accepted formats: +``` +$ terraform import fortios_switchcontrollerptp_interfacepolicy.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_switchcontrollerptp_interfacepolicy.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_switchcontrollerptp_policy.html.markdown b/website/docs/r/fortios_switchcontrollerptp_policy.html.markdown index ab18c26ad..f73397248 100644 --- a/website/docs/r/fortios_switchcontrollerptp_policy.html.markdown +++ b/website/docs/r/fortios_switchcontrollerptp_policy.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_switchcontrollerptp_policy -PTP policy configuration. Applies to FortiOS Version `>= 6.4.2`. +PTP policy configuration. Applies to FortiOS Version `6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4,7.4.0`. ## Argument Reference diff --git a/website/docs/r/fortios_switchcontrollerptp_profile.html.markdown b/website/docs/r/fortios_switchcontrollerptp_profile.html.markdown new file mode 100644 index 000000000..a0d734e6e --- /dev/null +++ b/website/docs/r/fortios_switchcontrollerptp_profile.html.markdown @@ -0,0 +1,41 @@ +--- +subcategory: "FortiGate Switch-Controller" +layout: "fortios" +page_title: "FortiOS: fortios_switchcontrollerptp_profile" +description: |- + Global PTP profile. +--- + +# fortios_switchcontrollerptp_profile +Global PTP profile. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Profile name. +* `description` - Description. +* `mode` - Select PTP mode. Valid values: `transparent-e2e`, `transparent-p2p`. +* `ptp_profile` - Configure PTP power profile. Valid values: `C37.238-2017`. +* `transport` - Configure PTP transport mode. Valid values: `l2-mcast`. +* `domain` - Configure PTP domain value (0 - 255, default = 254). +* `pdelay_req_interval` - Configure PTP peer delay request interval. Valid values: `1sec`, `2sec`, `4sec`, `8sec`, `16sec`, `32sec`. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +SwitchControllerPtp Profile can be imported using any of these accepted formats: +``` +$ terraform import fortios_switchcontrollerptp_profile.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_switchcontrollerptp_profile.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_switchcontrollerptp_settings.html.markdown b/website/docs/r/fortios_switchcontrollerptp_settings.html.markdown index 6409372f1..6b61555c6 100644 --- a/website/docs/r/fortios_switchcontrollerptp_settings.html.markdown +++ b/website/docs/r/fortios_switchcontrollerptp_settings.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_switchcontrollerptp_settings -Global PTP settings. Applies to FortiOS Version `>= 6.4.2`. +Global PTP settings. Applies to FortiOS Version `6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4,7.4.0`. ## Argument Reference diff --git a/website/docs/r/fortios_system_accprofile.html.markdown b/website/docs/r/fortios_system_accprofile.html.markdown index 4af087957..b1a14f2b5 100644 --- a/website/docs/r/fortios_system_accprofile.html.markdown +++ b/website/docs/r/fortios_system_accprofile.html.markdown @@ -147,6 +147,8 @@ The `utmgrp_permission` block supports: * `dnsfilter` - DNS Filter profiles and settings. Valid values: `none`, `read`, `read-write`. * `endpoint_control` - FortiClient Profiles. Valid values: `none`, `read`, `read-write`. * `videofilter` - Video filter profiles and settings. Valid values: `none`, `read`, `read-write`. +* `virtual_patch` - Virtual patch profiles and settings. Valid values: `none`, `read`, `read-write`. +* `casb` - Inline CASB filter profile and settings Valid values: `none`, `read`, `read-write`. ## Attribute Reference diff --git a/website/docs/r/fortios_system_affinityinterrupt.html.markdown b/website/docs/r/fortios_system_affinityinterrupt.html.markdown index 8cbc00aa3..6a576bc23 100644 --- a/website/docs/r/fortios_system_affinityinterrupt.html.markdown +++ b/website/docs/r/fortios_system_affinityinterrupt.html.markdown @@ -16,6 +16,7 @@ The following arguments are supported: * `fosid` - (Required) ID of the interrupt affinity setting. * `interrupt` - (Required) Interrupt name. * `affinity_cpumask` - (Required) Affinity setting for VM throughput (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). +* `default_affinity_cpumask` - Default affinity setting (64-bit hexadecimal value in the format of 0xxxxxxxxxxxxxxxxx). * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_deviceupgrade.html.markdown b/website/docs/r/fortios_system_deviceupgrade.html.markdown index 315bffbdb..006d736de 100644 --- a/website/docs/r/fortios_system_deviceupgrade.html.markdown +++ b/website/docs/r/fortios_system_deviceupgrade.html.markdown @@ -21,7 +21,7 @@ The following arguments are supported: * `upgrade_path` - Fortinet OS image versions to upgrade through in major-minor-patch format, such as 7-0-4. * `device_type` - Fortinet device type. Valid values: `fortiswitch`, `fortiap`, `fortiextender`. * `status` - Current status of the upgrade. Valid values: `disabled`, `initialized`, `downloading`, `device-disconnected`, `ready`, `coordinating`, `staging`, `final-check`, `upgrade-devices`, `cancelled`, `confirmed`, `done`, `failed`. -* `failure_reason` - Upgrade failure reason. Valid values: `none`, `internal`, `timeout`, `device-type-unsupported`, `download-failed`, `device-missing`, `version-unavailable`, `staging-failed`, `reboot-failed`, `device-not-reconnected`, `node-not-ready`, `no-final-confirmation`, `no-confirmation-query`, `config-error-log-nonempty`, `node-failed`. +* `failure_reason` - Upgrade failure reason. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_dnsdatabase.html.markdown b/website/docs/r/fortios_system_dnsdatabase.html.markdown index 12bc49f9c..8918e330f 100644 --- a/website/docs/r/fortios_system_dnsdatabase.html.markdown +++ b/website/docs/r/fortios_system_dnsdatabase.html.markdown @@ -52,7 +52,9 @@ The following arguments are supported: * `ttl` - (Required) Default time-to-live value for the entries of this DNS zone (0 - 2147483647 sec, default = 86400). * `authoritative` - (Required) Enable/disable authoritative zone. Valid values: `enable`, `disable`. * `forwarder` - DNS zone forwarder IP address list. +* `forwarder6` - Forwarder IPv6 address. * `source_ip` - Source IP for forwarding to DNS server. +* `source_ip6` - IPv6 source IP address for forwarding to DNS server. * `rr_max` - Maximum number of resource records (10 - 65536, 0 means infinite). * `dns_entry` - DNS entry. The structure of `dns_entry` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. diff --git a/website/docs/r/fortios_system_dnsserver.html.markdown b/website/docs/r/fortios_system_dnsserver.html.markdown index a732413e7..bff8f09f4 100644 --- a/website/docs/r/fortios_system_dnsserver.html.markdown +++ b/website/docs/r/fortios_system_dnsserver.html.markdown @@ -27,6 +27,8 @@ The following arguments are supported: * `mode` - DNS server mode. Valid values: `recursive`, `non-recursive`, `forward-only`. * `dnsfilter_profile` - DNS filter profile. * `doh` - DNS over HTTPS. Valid values: `enable`, `disable`. +* `doh3` - Enable/disable DNS over QUIC/HTTP3/443 (default = disable). Valid values: `enable`, `disable`. +* `doq` - Enable/disable DNS over QUIC/853 (default = disable). Valid values: `enable`, `disable`. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_emailserver.html.markdown b/website/docs/r/fortios_system_emailserver.html.markdown index 59f9196cd..24af84c1e 100644 --- a/website/docs/r/fortios_system_emailserver.html.markdown +++ b/website/docs/r/fortios_system_emailserver.html.markdown @@ -40,7 +40,7 @@ The following arguments are supported: * `username` - SMTP server user name for authentication. * `password` - SMTP server user password for authentication. * `security` - Connection security used by the email server. Valid values: `none`, `starttls`, `smtps`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. * `interface` - Specify outgoing interface to reach server. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_fortisandbox.html.markdown b/website/docs/r/fortios_system_fortisandbox.html.markdown index e97cecfc1..797a91bf0 100644 --- a/website/docs/r/fortios_system_fortisandbox.html.markdown +++ b/website/docs/r/fortios_system_fortisandbox.html.markdown @@ -31,7 +31,7 @@ The following arguments are supported: * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. * `interface` - Specify outgoing interface to reach server. * `enc_algorithm` - Configure the level of SSL protection for secure communication with FortiSandbox. Valid values: `default`, `high`, `low`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `email` - Notifier email address. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_ftmpush.html.markdown b/website/docs/r/fortios_system_ftmpush.html.markdown index e825bdcd8..cd7637bb2 100644 --- a/website/docs/r/fortios_system_ftmpush.html.markdown +++ b/website/docs/r/fortios_system_ftmpush.html.markdown @@ -23,6 +23,7 @@ resource "fortios_system_ftmpush" "trname" { The following arguments are supported: +* `proxy` - Enable/disable communication to the proxy server in FortiGuard configuration. Valid values: `enable`, `disable`. * `server_port` - Port to communicate with FortiToken Mobile push services server (1 - 65535, default = 4433). * `server_cert` - Name of the server certificate to be used for SSL (default = Fortinet_Factory). * `server_ip` - IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx). diff --git a/website/docs/r/fortios_system_global.html.markdown b/website/docs/r/fortios_system_global.html.markdown index 54d1cf154..9b4338016 100644 --- a/website/docs/r/fortios_system_global.html.markdown +++ b/website/docs/r/fortios_system_global.html.markdown @@ -73,6 +73,12 @@ The following arguments are supported: * `timezone` - Number corresponding to your time zone from 00 to 86. Enter set timezone ? to view the list of time zones and the numbers that represent them. Valid values: `01`, `02`, `03`, `04`, `05`, `81`, `06`, `07`, `08`, `09`, `10`, `11`, `12`, `13`, `74`, `14`, `77`, `15`, `87`, `16`, `17`, `18`, `19`, `20`, `75`, `21`, `22`, `23`, `24`, `80`, `79`, `25`, `26`, `27`, `28`, `78`, `29`, `30`, `31`, `32`, `33`, `34`, `35`, `36`, `37`, `38`, `83`, `84`, `40`, `85`, `41`, `42`, `43`, `39`, `44`, `46`, `47`, `51`, `48`, `45`, `49`, `50`, `52`, `53`, `54`, `55`, `56`, `57`, `58`, `59`, `60`, `62`, `63`, `61`, `64`, `65`, `66`, `67`, `68`, `69`, `70`, `71`, `72`, `00`, `82`, `73`, `86`, `76`. * `traffic_priority` - Choose Type of Service (ToS) or Differentiated Services Code Point (DSCP) for traffic prioritization in traffic shaping. Valid values: `tos`, `dscp`. * `traffic_priority_level` - Default system-wide level of priority for traffic prioritization. Valid values: `low`, `medium`, `high`. +* `quic_congestion_control_algo` - QUIC congestion control algorithm (default = cubic). Valid values: `cubic`, `bbr`, `bbr2`, `reno`. +* `quic_max_datagram_size` - Maximum transmit datagram size (1200 - 1500, default = 1500). +* `quic_udp_payload_size_shaping_per_cid` - Enable/disable UDP payload size shaping per connection ID (default = enable). Valid values: `enable`, `disable`. +* `quic_ack_thresold` - Maximum number of unacknowledged packets before sending ACK (2 - 5, default = 3). +* `quic_pmtud` - Enable/disable path MTU discovery (default = enable). Valid values: `enable`, `disable`. +* `quic_tls_handshake_timeout` - Time-to-live (TTL) for TLS handshake in seconds (1 - 60, default = 5). * `anti_replay` - Level of checking for packet replay and TCP sequence checking. Valid values: `disable`, `loose`, `strict`. * `send_pmtu_icmp` - Enable/disable sending of path maximum transmission unit (PMTU) - ICMP destination unreachable packet and to support PMTUD protocol on your network to reduce fragmentation of packets. Valid values: `enable`, `disable`. * `honor_df` - Enable/disable honoring of Don't-Fragment (DF) flag. Valid values: `enable`, `disable`. @@ -85,6 +91,7 @@ The following arguments are supported: * `hostname` - FortiGate unit's hostname. Most models will truncate names longer than 24 characters. Some models support hostnames up to 35 characters. * `gui_allow_default_hostname` - Enable/disable the GUI warning about using a default hostname Valid values: `enable`, `disable`. * `gui_forticare_registration_setup_warning` - Enable/disable the FortiCare registration setup warning on the GUI. Valid values: `enable`, `disable`. +* `gui_auto_upgrade_setup_warning` - Enable/disable the automatic patch upgrade setup prompt on the GUI. Valid values: `enable`, `disable`. * `gui_workflow_management` - Enable/disable Workflow management features on the GUI. Valid values: `enable`, `disable`. * `gui_cdn_usage` - Enable/disable Load GUI static files from a CDN. Valid values: `enable`, `disable`. * `alias` - Alias for your FortiGate unit. @@ -94,7 +101,7 @@ The following arguments are supported: * `ssh_kex_sha1` - Enable/disable SHA1 key exchange for SSH access. Valid values: `enable`, `disable`. * `ssh_mac_weak` - Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Valid values: `enable`, `disable`. * `ssl_static_key_ciphers` - Enable/disable static key ciphers in SSL/TLS connections (e.g. AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256). Valid values: `enable`, `disable`. -* `ssh_kex_algo` - Select one or more SSH kex algorithms. Valid values: `diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1`, `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`, `curve25519-sha256@libssh.org`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`. +* `ssh_kex_algo` - Select one or more SSH kex algorithms. * `ssh_enc_algo` - Select one or more SSH ciphers. Valid values: `chacha20-poly1305@openssh.com`, `aes128-ctr`, `aes192-ctr`, `aes256-ctr`, `arcfour256`, `arcfour128`, `aes128-cbc`, `3des-cbc`, `blowfish-cbc`, `cast128-cbc`, `aes192-cbc`, `aes256-cbc`, `arcfour`, `rijndael-cbc@lysator.liu.se`, `aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`. * `ssh_mac_algo` - Select one or more SSH MAC algorithms. Valid values: `hmac-md5`, `hmac-md5-etm@openssh.com`, `hmac-md5-96`, `hmac-md5-96-etm@openssh.com`, `hmac-sha1`, `hmac-sha1-etm@openssh.com`, `hmac-sha2-256`, `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512`, `hmac-sha2-512-etm@openssh.com`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com`, `hmac-ripemd160-etm@openssh.com`, `umac-64@openssh.com`, `umac-128@openssh.com`, `umac-64-etm@openssh.com`, `umac-128-etm@openssh.com`. * `ssh_hostkey_algo` - Select one or more SSH hostkey algorithms. Valid values: `ssh-rsa`, `ecdsa-sha2-nistp521`, `rsa-sha2-256`, `rsa-sha2-512`, `ssh-ed25519`. @@ -215,6 +222,7 @@ The following arguments are supported: * `cert_chain_max` - Maximum number of certificates that can be traversed in a certificate chain. * `sslvpn_max_worker_count` - Maximum number of SSL VPN processes. Upper limit for this value is the number of CPUs and depends on the model. * `vpn_ems_sn_check` - Enable/disable verification of EMS serial number in SSL-VPN and IPsec VPN connection. Valid values: `enable`, `disable`. +* `sslvpn_web_mode` - Enable/disable SSL-VPN web mode. Valid values: `enable`, `disable`. * `sslvpn_ems_sn_check` - Enable/disable verification of EMS serial number in SSL-VPN connection. Valid values: `enable`, `disable`. * `sslvpn_kxp_hardware_acceleration` - Enable/disable SSL VPN KXP hardware acceleration. Valid values: `enable`, `disable`. * `sslvpn_cipher_hardware_acceleration` - Enable/disable SSL VPN hardware acceleration. Valid values: `enable`, `disable`. @@ -277,6 +285,8 @@ The following arguments are supported: * `fec_port` - Local UDP port for Forward Error Correction (49152 - 65535). * `ipsec_ha_seqjump_rate` - ESP jump ahead rate (1G - 10G pps equivalent). * `fortitoken_cloud` - Enable/disable FortiToken Cloud service. Valid values: `enable`, `disable`. +* `fortitoken_cloud_push_status` - Enable/disable FTM push service of FortiToken Cloud. Valid values: `enable`, `disable`. +* `fortitoken_cloud_sync_interval` - Interval in which to clean up remote users in FortiToken Cloud (0 - 336 hours (14 days), default = 24, disable = 0). * `faz_disk_buffer_size` - Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. To be used in the event that FortiAnalyzer is unavailalble. * `irq_time_accounting` - Configure CPU IRQ time accounting mode. Valid values: `auto`, `force`. * `fortiipam_integration` - Enable/disable integration with the FortiIPAM cloud service. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_system_interface.html.markdown b/website/docs/r/fortios_system_interface.html.markdown index 05fefb9dc..a6f003a4f 100644 --- a/website/docs/r/fortios_system_interface.html.markdown +++ b/website/docs/r/fortios_system_interface.html.markdown @@ -50,6 +50,8 @@ The following arguments are supported: * `dhcp_broadcast_flag` - Enable/disable setting of the broadcast flag in messages sent by the DHCP client (default = enable). Valid values: `disable`, `enable`. * `dhcp_relay_service` - Enable/disable allowing this interface to act as a DHCP relay. Valid values: `disable`, `enable`. * `dhcp_relay_ip` - DHCP relay IP address. +* `dhcp_relay_source_ip` - IP address used by the DHCP relay as its source IP. +* `dhcp_relay_circuit_id` - DHCP relay circuit ID. * `dhcp_relay_link_selection` - DHCP relay link selection. * `dhcp_relay_request_all_server` - Enable/disable sending DHCP request to all servers. Valid values: `disable`, `enable`. * `dhcp_relay_type` - DHCP relay type (regular or IPsec). Valid values: `regular`, `ipsec`. @@ -245,6 +247,9 @@ The following arguments are supported: * `switch_controller_dynamic` - Integrated FortiLink settings for managed FortiSwitch. * `switch_controller_feature` - Interface's purpose when assigning traffic (read only). * `switch_controller_iot_scanning` - Enable/disable managed FortiSwitch IoT scanning. Valid values: `enable`, `disable`. +* `switch_controller_offload` - Enable/disable managed FortiSwitch routing offload. Valid values: `enable`, `disable`. +* `switch_controller_offload_ip` - IP for routing offload on FortiSwitch. +* `switch_controller_offload_gw` - Enable/disable managed FortiSwitch routing offload gateway. Valid values: `enable`, `disable`. * `swc_vlan` - Creation status for switch-controller VLANs. * `swc_first_create` - Initial create for switch-controller VLANs. * `color` - Color of icon on the GUI. @@ -374,6 +379,8 @@ The `ipv6` block supports: * `dhcp6_relay_type` - DHCPv6 relay type. Valid values: `regular`. * `dhcp6_relay_source_interface` - Enable/disable use of address on this interface as the source address of the relay message. Valid values: `disable`, `enable`. * `dhcp6_relay_ip` - DHCPv6 relay IP address. +* `dhcp6_relay_source_ip` - IPv6 address used by the DHCP6 relay as its source IP. +* `dhcp6_relay_interface_id` - DHCP6 relay interface ID. * `dhcp6_client_options` - DHCPv6 client options. Valid values: `rapid`, `iapd`, `iana`. * `dhcp6_prefix_delegation` - Enable/disable DHCPv6 prefix delegation. Valid values: `enable`, `disable`. * `dhcp6_information_request` - Enable/disable DHCPv6 information request. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_system_linkmonitor.html.markdown b/website/docs/r/fortios_system_linkmonitor.html.markdown index 524acf4fb..06ca18879 100644 --- a/website/docs/r/fortios_system_linkmonitor.html.markdown +++ b/website/docs/r/fortios_system_linkmonitor.html.markdown @@ -93,7 +93,7 @@ The `server_list` block supports: * `id` - Server ID. * `dst` - IP address of the server to be monitored. -* `protocol` - Protocols used to monitor the server. Valid values: `ping`, `tcp-echo`, `udp-echo`, `http`, `twamp`. +* `protocol` - Protocols used to monitor the server. * `port` - Port number of the traffic to be used to monitor the server. * `weight` - Weight of the monitor to this dst (0 - 255). diff --git a/website/docs/r/fortios_system_sdwan.html.markdown b/website/docs/r/fortios_system_sdwan.html.markdown index 970971800..f07a6959d 100644 --- a/website/docs/r/fortios_system_sdwan.html.markdown +++ b/website/docs/r/fortios_system_sdwan.html.markdown @@ -41,6 +41,7 @@ The `zone` block supports: * `name` - Zone name. * `service_sla_tie_break` - Method of selecting member if more than one meets the SLA. +* `minimum_sla_meet_members` - Minimum number of members which meet SLA when the neighbor is preferred. The `members` block supports: @@ -132,6 +133,7 @@ The `neighbor` block supports: * `member_block` - Member sequence number list. The structure of `member_block` block is documented below. * `minimum_sla_meet_members` - Minimum number of members which meet SLA when the neighbor is preferred. * `member` - Member sequence number. +* `service_id` - SD-WAN service ID to work with the neighbor. * `mode` - What metric to select the neighbor. Valid values: `sla`, `speedtest`. * `role` - Role of neighbor. Valid values: `standalone`, `primary`, `secondary`. * `health_check` - SD-WAN health-check name. @@ -146,11 +148,13 @@ The `service` block supports: * `id` - SD-WAN rule ID (1 - 4000). * `name` - SD-WAN rule name. * `addr_mode` - Address mode (IPv4 or IPv6). Valid values: `ipv4`, `ipv6`. +* `load_balance` - Enable/disable load-balance. Valid values: `enable`, `disable`. * `shortcut_stickiness` - Enable/disable shortcut-stickiness of ADVPN. Valid values: `enable`, `disable`. * `input_device` - Source interface name. The structure of `input_device` block is documented below. * `input_device_negate` - Enable/disable negation of input device match. Valid values: `enable`, `disable`. * `input_zone` - Source input-zone name. The structure of `input_zone` block is documented below. -* `mode` - Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN. Valid values: `auto`, `manual`, `priority`, `sla`, `load-balance`. +* `mode` - Control how the SD-WAN rule sets the priority of interfaces in the SD-WAN. +* `zone_mode` - Enable/disable zone mode. Valid values: `enable`, `disable`. * `minimum_sla_meet_members` - Minimum number of members which meet SLA. * `hash_mode` - Hash algorithm for selected priority members for load balance mode. Valid values: `round-robin`, `source-ip-based`, `source-dest-ip-based`, `inbandwidth`, `outbandwidth`, `bibandwidth`. * `role` - Service role to work with neighbor. Valid values: `standalone`, `primary`, `secondary`. @@ -161,6 +165,8 @@ The `service` block supports: * `protocol` - Protocol number. * `start_port` - Start destination port number. * `end_port` - End destination port number. +* `start_src_port` - Start source port number. +* `end_src_port` - End source port number. * `route_tag` - IPv4 route map route-tag. * `dst` - Destination address name. The structure of `dst` block is documented below. * `dst_negate` - Enable/disable negation of destination address match. Valid values: `enable`, `disable`. @@ -186,6 +192,7 @@ The `service` block supports: * `bandwidth_weight` - Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1. * `link_cost_threshold` - Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10). * `hold_down_time` - Waiting period in seconds when switching from the back-up member to the primary member (0 - 10000000, default = 0). +* `sla_stickiness` - Enable/disable SLA stickiness (default = disable). Valid values: `enable`, `disable`. * `dscp_forward` - Enable/disable forward traffic DSCP tag. Valid values: `enable`, `disable`. * `dscp_reverse` - Enable/disable reverse traffic DSCP tag. Valid values: `enable`, `disable`. * `dscp_forward_tag` - Forward traffic DSCP tag. diff --git a/website/docs/r/fortios_system_sessionttl.html.markdown b/website/docs/r/fortios_system_sessionttl.html.markdown index 6d1390644..d1ee8c047 100644 --- a/website/docs/r/fortios_system_sessionttl.html.markdown +++ b/website/docs/r/fortios_system_sessionttl.html.markdown @@ -34,6 +34,7 @@ The `port` block supports: * `start_port` - Start port number. * `end_port` - End port number. * `timeout` - Session timeout (TTL). +* `refresh_direction` - Refresh direction: Both, outgoing, incoming Valid values: `both`, `outgoing`, `incoming`. ## Attribute Reference diff --git a/website/docs/r/fortios_system_settings.html.markdown b/website/docs/r/fortios_system_settings.html.markdown index 15fe4bafd..a997b6b9e 100644 --- a/website/docs/r/fortios_system_settings.html.markdown +++ b/website/docs/r/fortios_system_settings.html.markdown @@ -132,6 +132,7 @@ The following arguments are supported: * `gui_endpoint_control_advanced` - Enable/disable advanced endpoint control options on the GUI. Valid values: `enable`, `disable`. * `gui_dhcp_advanced` - Enable/disable advanced DHCP options on the GUI. Valid values: `enable`, `disable`. * `gui_vpn` - Enable/disable VPN tunnels on the GUI. Valid values: `enable`, `disable`. +* `gui_sslvpn` - Enable/disable SSL-VPN settings pages on the GUI. Valid values: `enable`, `disable`. * `gui_wireless_controller` - Enable/disable the wireless controller on the GUI. Valid values: `enable`, `disable`. * `gui_advanced_wireless_features` - Enable/disable advanced wireless features in GUI. Valid values: `enable`, `disable`. * `gui_switch_controller` - Enable/disable the switch controller on the GUI. Valid values: `enable`, `disable`. @@ -145,6 +146,8 @@ The following arguments are supported: * `gui_dnsfilter` - Enable/disable DNS Filtering on the GUI. Valid values: `enable`, `disable`. * `gui_waf_profile` - Enable/disable Web Application Firewall on the GUI. Valid values: `enable`, `disable`. * `gui_dlp_profile` - Enable/disable Data Leak Prevention on the GUI. Valid values: `enable`, `disable`. +* `gui_virtual_patch_profile` - Enable/disable Virtual Patching on the GUI. Valid values: `enable`, `disable`. +* `gui_casb` - Enable/disable Inline-CASB on the GUI. Valid values: `enable`, `disable`. * `gui_fortiextender_controller` - Enable/disable FortiExtender on the GUI. Valid values: `enable`, `disable`. * `gui_proxy_inspection` - Enable/disable the proxy features on the GUI. Valid values: `enable`, `disable`. * `gui_advanced_policy` - Enable/disable advanced policy configuration on the GUI. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_system_speedtestschedule.html.markdown b/website/docs/r/fortios_system_speedtestschedule.html.markdown index 42e5d7327..884f4eb74 100644 --- a/website/docs/r/fortios_system_speedtestschedule.html.markdown +++ b/website/docs/r/fortios_system_speedtestschedule.html.markdown @@ -17,6 +17,7 @@ The following arguments are supported: * `status` - Enable/disable scheduled speed test. Valid values: `disable`, `enable`. * `diffserv` - DSCP used for speed test. * `server_name` - Speed test server name. +* `mode` - Protocol Auto(default), TCP or UDP used for speed test. Valid values: `UDP`, `TCP`, `Auto`. * `schedules` - Schedules for the interface. The structure of `schedules` block is documented below. * `dynamic_server` - Enable/disable dynamic server option. Valid values: `disable`, `enable`. * `update_inbandwidth` - Enable/disable bypassing interface's inbound bandwidth setting. Valid values: `disable`, `enable`. diff --git a/website/docs/r/fortios_system_speedtestsetting.html.markdown b/website/docs/r/fortios_system_speedtestsetting.html.markdown new file mode 100644 index 000000000..6503e2a9f --- /dev/null +++ b/website/docs/r/fortios_system_speedtestsetting.html.markdown @@ -0,0 +1,36 @@ +--- +subcategory: "FortiGate System" +layout: "fortios" +page_title: "FortiOS: fortios_system_speedtestsetting" +description: |- + Configure speed test setting. +--- + +# fortios_system_speedtestsetting +Configure speed test setting. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `latency_threshold` - Speed test latency threshold in milliseconds (0 - 2000, default = 60) for the Auto mode. If the latency exceeds this threshold, the speed test will use the UDP protocol; otherwise, it will use the TCP protocol. +* `multiple_tcp_stream` - Number of parallel client streams (1 - 64, default = 4) for the TCP protocol to run during the speed test. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource. + +## Import + +System SpeedTestSetting can be imported using any of these accepted formats: +``` +$ terraform import fortios_system_speedtestsetting.labelname SystemSpeedTestSetting + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_system_speedtestsetting.labelname SystemSpeedTestSetting +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_user_exchange.html.markdown b/website/docs/r/fortios_user_exchange.html.markdown index fc4bae8c9..df42ab21e 100644 --- a/website/docs/r/fortios_user_exchange.html.markdown +++ b/website/docs/r/fortios_user_exchange.html.markdown @@ -23,7 +23,7 @@ The following arguments are supported: * `auth_type` - Authentication security type used for the RPC protocol layer. Valid values: `spnego`, `ntlm`, `kerberos`. * `auth_level` - Authentication security level used for the RPC protocol layer. Valid values: `connect`, `call`, `packet`, `integrity`, `privacy`. * `http_auth_type` - Authentication security type used for the HTTP transport. Valid values: `basic`, `ntlm`. -* `ssl_min_proto_version` - Minimum SSL/TLS protocol version for HTTPS transport (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum SSL/TLS protocol version for HTTPS transport (default is to follow system global setting). * `auto_discover_kdc` - Enable/disable automatic discovery of KDC IP addresses. Valid values: `enable`, `disable`. * `kdc_ip` - KDC IPv4 addresses for Kerberos authentication. The structure of `kdc_ip` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. diff --git a/website/docs/r/fortios_user_ldap.html.markdown b/website/docs/r/fortios_user_ldap.html.markdown index 58b338f70..5f92329ce 100644 --- a/website/docs/r/fortios_user_ldap.html.markdown +++ b/website/docs/r/fortios_user_ldap.html.markdown @@ -58,13 +58,14 @@ The following arguments are supported: * `group_object_filter` - Filter used for group searching. * `group_filter` - Filter used for group matching. * `secure` - Port to be used for authentication. Valid values: `disable`, `starttls`, `ldaps`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `ca_cert` - CA certificate name. * `port` - Port to be used for communication with the LDAP server (default = 389). * `password_expiry_warning` - Enable/disable password expiry warnings. Valid values: `enable`, `disable`. * `password_renewal` - Enable/disable online password renewal. Valid values: `enable`, `disable`. * `member_attr` - Name of attribute from which to get group membership. * `account_key_processing` - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: `same`, `strip`. +* `account_key_cert_field` - Define subject identity field in certificate for user access right checking. Valid values: `othername`, `rfc822name`, `dnsname`. * `account_key_upn_san` - Define SAN in certificate for user principle name matching. Valid values: `othername`, `rfc822name`, `dnsname`. * `account_key_filter` - Account key filter, using the UPN as the search filter. * `search_type` - Search type. Valid values: `recursive`. diff --git a/website/docs/r/fortios_user_passwordpolicy.html.markdown b/website/docs/r/fortios_user_passwordpolicy.html.markdown index dbb4654b1..b14b24bce 100644 --- a/website/docs/r/fortios_user_passwordpolicy.html.markdown +++ b/website/docs/r/fortios_user_passwordpolicy.html.markdown @@ -27,6 +27,14 @@ The following arguments are supported: * `expire_days` - Time in days before the user's password expires. * `warn_days` - Time in days before a password expiration warning message is displayed to the user upon login. * `expired_password_renewal` - Enable/disable renewal of a password that already is expired. Valid values: `enable`, `disable`. +* `minimum_length` - Minimum password length (8 - 128, default = 8). +* `min_lower_case_letter` - Minimum number of lowercase characters in password (0 - 128, default = 0). +* `min_upper_case_letter` - Minimum number of uppercase characters in password (0 - 128, default = 0). +* `min_non_alphanumeric` - Minimum number of non-alphanumeric characters in password (0 - 128, default = 0). +* `min_number` - Minimum number of numeric characters in password (0 - 128, default = 0). +* `min_change_characters` - Minimum number of unique characters in new password which do not exist in old password (0 - 128, default = 0. This attribute overrides reuse-password if both are enabled). +* `expire_status` - Enable/disable password expiration. Valid values: `enable`, `disable`. +* `reuse_password` - Enable/disable reuse of password. If both reuse-password and min-change-characters are enabled, min-change-characters overrides. Valid values: `enable`, `disable`. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_user_peer.html.markdown b/website/docs/r/fortios_user_peer.html.markdown index 319c13b59..1786b9f45 100644 --- a/website/docs/r/fortios_user_peer.html.markdown +++ b/website/docs/r/fortios_user_peer.html.markdown @@ -32,6 +32,10 @@ The following arguments are supported: * `subject` - Peer certificate name constraints. * `cn` - Peer certificate common name. * `cn_type` - Peer certificate common name type. Valid values: `string`, `email`, `FQDN`, `ipv4`, `ipv6`. +* `mfa_mode` - MFA mode for remote peer authentication/authorization. Valid values: `none`, `password`, `subject-identity`. +* `mfa_server` - Name of a remote authenticator. Performs client access right check. +* `mfa_username` - Unified username for remote authentication. +* `mfa_password` - Unified password for remote authentication. This field may be left empty when RADIUS authentication is used, in which case the FortiGate will use the RADIUS username as a password. * `ldap_server` - Name of an LDAP server defined under the user ldap command. Performs client access rights check. * `ldap_username` - Username for LDAP server bind. * `ldap_password` - Password for LDAP server bind. diff --git a/website/docs/r/fortios_user_pop3.html.markdown b/website/docs/r/fortios_user_pop3.html.markdown index 9f8c62f22..551f25f95 100644 --- a/website/docs/r/fortios_user_pop3.html.markdown +++ b/website/docs/r/fortios_user_pop3.html.markdown @@ -29,7 +29,7 @@ The following arguments are supported: * `server` - (Required) {} server domain name or IP. * `port` - POP3 service port number. * `secure` - SSL connection. Valid values: `none`, `starttls`, `pop3s`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_user_radius.html.markdown b/website/docs/r/fortios_user_radius.html.markdown index 73956cb05..b5cbf9c92 100644 --- a/website/docs/r/fortios_user_radius.html.markdown +++ b/website/docs/r/fortios_user_radius.html.markdown @@ -60,6 +60,7 @@ The following arguments are supported: * `use_management_vdom` - Enable/disable using management VDOM to send requests. Valid values: `enable`, `disable`. * `nas_ip` - IP address used to communicate with the RADIUS server and used as NAS-IP-Address and Called-Station-ID attributes. * `nas_id_type` - NAS identifier type configuration (default = legacy). Valid values: `legacy`, `custom`, `hostname`. +* `call_station_id_type` - Calling & Called station identifier type configuration (default = legacy), this option is not available for 802.1x authentication. Valid values: `legacy`, `IP`, `MAC`. * `nas_id` - Custom NAS identifier. * `acct_interim_interval` - Time in seconds between each accounting interim update message. * `radius_coa` - Enable to allow a mechanism to change the attributes of an authentication, authorization, and accounting session after it is authenticated. Valid values: `enable`, `disable`. @@ -81,10 +82,12 @@ The following arguments are supported: * `interface` - Specify outgoing interface to reach server. * `switch_controller_service_type` - RADIUS service type. Valid values: `login`, `framed`, `callback-login`, `callback-framed`, `outbound`, `administrative`, `nas-prompt`, `authenticate-only`, `callback-nas-prompt`, `call-check`, `callback-administrative`. * `transport_protocol` - Transport protocol to be used (default = udp). Valid values: `udp`, `tcp`, `tls`. -* `tls_min_proto_version` - Minimum supported protocol version for TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `tls_min_proto_version` - Minimum supported protocol version for TLS connections (default is to follow system global setting). * `ca_cert` - CA of server to trust under TLS. * `client_cert` - Client certificate to use under TLS. * `server_identity_check` - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: `enable`, `disable`. +* `account_key_processing` - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: `same`, `strip`. +* `account_key_cert_field` - Define subject identity field in certificate for user access right checking. Valid values: `othername`, `rfc822name`, `dnsname`. * `rsso` - Enable/disable RADIUS based single sign on feature. Valid values: `enable`, `disable`. * `rsso_radius_server_port` - UDP port to listen on for RADIUS Start and Stop records. * `rsso_radius_response` - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_user_saml.html.markdown b/website/docs/r/fortios_user_saml.html.markdown index 0f837b4a5..0a0cad47c 100644 --- a/website/docs/r/fortios_user_saml.html.markdown +++ b/website/docs/r/fortios_user_saml.html.markdown @@ -48,6 +48,7 @@ The following arguments are supported: * `adfs_claim` - Enable/disable ADFS Claim for user/group attribute in assertion statement (default = disable). Valid values: `enable`, `disable`. * `user_claim_type` - User name claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`. * `group_claim_type` - Group claim in assertion statement. Valid values: `email`, `given-name`, `name`, `upn`, `common-name`, `email-adfs-1x`, `group`, `upn-adfs-1x`, `role`, `sur-name`, `ppid`, `name-identifier`, `authentication-method`, `deny-only-group-sid`, `deny-only-primary-sid`, `deny-only-primary-group-sid`, `group-sid`, `primary-group-sid`, `primary-sid`, `windows-account-name`. +* `reauth` - Enable/disable signalling of IDP to force user re-authentication (default = disable). Valid values: `enable`, `disable`. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_user_setting.html.markdown b/website/docs/r/fortios_user_setting.html.markdown index d87cb51d7..b3e003638 100644 --- a/website/docs/r/fortios_user_setting.html.markdown +++ b/website/docs/r/fortios_user_setting.html.markdown @@ -53,9 +53,10 @@ The following arguments are supported: * `auth_lockout_duration` - Lockout period in seconds after too many login failures. * `per_policy_disclaimer` - Enable/disable per policy disclaimer. Valid values: `enable`, `disable`. * `auth_ports` - Set up non-standard ports for authentication with HTTP, HTTPS, FTP, and TELNET. The structure of `auth_ports` block is documented below. -* `auth_ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `auth_ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `auth_ssl_max_proto_version` - Maximum supported protocol version for SSL/TLS connections (default is no limit). Valid values: `sslv3`, `tlsv1`, `tlsv1-1`, `tlsv1-2`, `tlsv1-3`. * `auth_ssl_sigalgs` - Set signature algorithms related to HTTPS authentication (affects TLS version <= 1.2 only, default is to enable all). Valid values: `no-rsa-pss`, `all`. +* `default_user_password_policy` - Default password policy to apply to all local users unless otherwise specified, as defined in config user password-policy. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_virtualpatch_profile.html.markdown b/website/docs/r/fortios_virtualpatch_profile.html.markdown new file mode 100644 index 000000000..9eeab8e8a --- /dev/null +++ b/website/docs/r/fortios_virtualpatch_profile.html.markdown @@ -0,0 +1,57 @@ +--- +subcategory: "FortiGate Virtual-Patch" +layout: "fortios" +page_title: "FortiOS: fortios_virtualpatch_profile" +description: |- + Configure virtual-patch profile. +--- + +# fortios_virtualpatch_profile +Configure virtual-patch profile. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Profile name. +* `comment` - Comment. +* `severity` - Relative severity of the signature (low, medium, high, critical). Valid values: `low`, `medium`, `high`, `critical`. +* `action` - Action (pass/block). Valid values: `pass`, `block`. +* `log` - Enable/disable logging of detection. Valid values: `enable`, `disable`. +* `exemption` - Exempt devices or rules. The structure of `exemption` block is documented below. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `exemption` block supports: + +* `id` - IDs. +* `status` - Enable/disable exemption. Valid values: `enable`, `disable`. +* `rule` - Patch signature rule IDs. The structure of `rule` block is documented below. +* `device` - Device MAC addresses. The structure of `device` block is documented below. + +The `rule` block supports: + +* `id` - Rule IDs. + +The `device` block supports: + +* `mac` - Device MAC address. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +VirtualPatch Profile can be imported using any of these accepted formats: +``` +$ terraform import fortios_virtualpatch_profile.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_virtualpatch_profile.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_vpn_kmipserver.html.markdown b/website/docs/r/fortios_vpn_kmipserver.html.markdown index 6a018cedf..d0d703a8a 100644 --- a/website/docs/r/fortios_vpn_kmipserver.html.markdown +++ b/website/docs/r/fortios_vpn_kmipserver.html.markdown @@ -17,7 +17,7 @@ The following arguments are supported: * `server_list` - KMIP server list. The structure of `server_list` block is documented below. * `username` - User name to use for connectivity to the KMIP server. * `password` - Password to use for connectivity to the KMIP server. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `server_identity_check` - Enable/disable KMIP server identity check (verify server FQDN/IP address against the server certificate). Valid values: `enable`, `disable`. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. * `interface` - Specify outgoing interface to reach server. diff --git a/website/docs/r/fortios_vpn_ocvpn.html.markdown b/website/docs/r/fortios_vpn_ocvpn.html.markdown index 9504ca4df..433125715 100644 --- a/website/docs/r/fortios_vpn_ocvpn.html.markdown +++ b/website/docs/r/fortios_vpn_ocvpn.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_vpn_ocvpn -Configure Overlay Controller VPN settings. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4`. +Configure Overlay Controller VPN settings. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4`. ## Argument Reference diff --git a/website/docs/r/fortios_vpncertificate_ca.html.markdown b/website/docs/r/fortios_vpncertificate_ca.html.markdown index fd7650956..6d01a5f30 100644 --- a/website/docs/r/fortios_vpncertificate_ca.html.markdown +++ b/website/docs/r/fortios_vpncertificate_ca.html.markdown @@ -20,6 +20,7 @@ The following arguments are supported: * `ssl_inspection_trusted` - Enable/disable this CA as a trusted CA for SSL inspection. Valid values: `enable`, `disable`. * `trusted` - Enable/disable as a trusted CA. Valid values: `enable`, `disable`. * `scep_url` - URL of the SCEP server. +* `est_url` - URL of the EST server. * `auto_update_days` - Number of days to wait before requesting an updated CA certificate (0 - 4294967295, 0 = disabled). * `auto_update_days_warning` - Number of days before an expiry-warning message is generated (0 - 4294967295, 0 = disabled). * `source_ip` - Source IP address for communications to the SCEP server. diff --git a/website/docs/r/fortios_vpncertificate_local.html.markdown b/website/docs/r/fortios_vpncertificate_local.html.markdown index bd49c1667..bb4697e0a 100644 --- a/website/docs/r/fortios_vpncertificate_local.html.markdown +++ b/website/docs/r/fortios_vpncertificate_local.html.markdown @@ -43,6 +43,14 @@ The following arguments are supported: * `acme_email` - Contact email address that is required by some CAs like LetsEncrypt. * `acme_rsa_key_size` - Length of the RSA private key of the generated cert (Minimum 2048 bits). * `acme_renew_window` - Beginning of the renewal window (in days before certificate expiration, 30 by default). +* `est_server` - Address and port for EST server (e.g. https://example.com:1234). +* `est_ca_id` - CA identifier of the CA server for signing via EST. +* `est_http_username` - HTTP Authentication username for signing via EST. +* `est_http_password` - HTTP Authentication password for signing via EST. +* `est_client_cert` - Certificate used to authenticate this FortiGate to EST server. +* `est_server_cert` - EST server's certificate must be verifiable by this certificate to be authenticated. +* `est_srp_username` - EST SRP authentication username. +* `est_srp_password` - EST SRP authentication password. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_vpncertificate_setting.html.markdown b/website/docs/r/fortios_vpncertificate_setting.html.markdown index 9396e5c29..dd67e17e4 100644 --- a/website/docs/r/fortios_vpncertificate_setting.html.markdown +++ b/website/docs/r/fortios_vpncertificate_setting.html.markdown @@ -56,7 +56,7 @@ The following arguments are supported: * `crl_verification` - CRL verification options. The structure of `crl_verification` block is documented below. * `strict_crl_check` - Enable/disable strict mode CRL checking. Valid values: `enable`, `disable`. * `strict_ocsp_check` - Enable/disable strict mode OCSP checking. Valid values: `enable`, `disable`. -* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). Valid values: `default`, `SSLv3`, `TLSv1`, `TLSv1-1`, `TLSv1-2`. +* `ssl_min_proto_version` - Minimum supported protocol version for SSL/TLS connections (default is to follow system global setting). * `cmp_save_extra_certs` - Enable/disable saving extra certificates in CMP mode. Valid values: `enable`, `disable`. * `cmp_key_usage_checking` - Enable/disable server certificate key usage checking in CMP mode (default = enable). Valid values: `enable`, `disable`. * `cert_expire_warning` - Number of days before a certificate expires to send a warning. Set to 0 to disable sending of the warning (0 - 100, default = 14). diff --git a/website/docs/r/fortios_vpnipsec_phase1.html.markdown b/website/docs/r/fortios_vpnipsec_phase1.html.markdown index 02c236231..7b9395d1f 100644 --- a/website/docs/r/fortios_vpnipsec_phase1.html.markdown +++ b/website/docs/r/fortios_vpnipsec_phase1.html.markdown @@ -122,6 +122,7 @@ The following arguments are supported: * `ipv4_dns_server1` - IPv4 DNS server 1. * `ipv4_dns_server2` - IPv4 DNS server 2. * `ipv4_dns_server3` - IPv4 DNS server 3. +* `internal_domain_list` - One or more internal domain names in quotes separated by spaces. The structure of `internal_domain_list` block is documented below. * `ipv4_wins_server1` - WINS server 1. * `ipv4_wins_server2` - WINS server 2. * `ipv4_exclude_range` - Configuration Method IPv4 exclude ranges. The structure of `ipv4_exclude_range` block is documented below. @@ -223,6 +224,10 @@ The `certificate` block supports: * `name` - Certificate name. +The `internal_domain_list` block supports: + +* `domain_name` - Domain name. + The `ipv4_exclude_range` block supports: * `id` - ID. diff --git a/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown b/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown index f066618a3..4373492e8 100644 --- a/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown +++ b/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown @@ -140,6 +140,7 @@ The following arguments are supported: * `peer` - Accept this peer certificate. * `peergrp` - Accept this peer certificate group. * `monitor` - IPsec interface as backup for primary interface. +* `monitor_min` - Minimum number of links to become degraded before activating this interface. Zero (0) means all links must be down before activating this interface. * `monitor_hold_down_type` - Recovery time method when primary interface re-establishes. Valid values: `immediate`, `delay`, `time`. * `monitor_hold_down_delay` - Time to wait in seconds before recovery once primary re-establishes. * `monitor_hold_down_weekday` - Day of the week to recover once primary re-establishes. Valid values: `everyday`, `sunday`, `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`. @@ -166,6 +167,7 @@ The following arguments are supported: * `ipv4_dns_server1` - IPv4 DNS server 1. * `ipv4_dns_server2` - IPv4 DNS server 2. * `ipv4_dns_server3` - IPv4 DNS server 3. +* `internal_domain_list` - One or more internal domain names in quotes separated by spaces. The structure of `internal_domain_list` block is documented below. * `ipv4_wins_server1` - WINS server 1. * `ipv4_wins_server2` - WINS server 2. * `ipv4_exclude_range` - Configuration Method IPv4 exclude ranges. The structure of `ipv4_exclude_range` block is documented below. @@ -279,6 +281,7 @@ The following arguments are supported: * `link_cost` - VPN tunnel underlay link cost. * `kms` - Key Management Services server. * `exchange_fgt_device_id` - Enable/disable device identifier exchange with peer FortiGate units for use of VPN monitor data by FortiManager. Valid values: `enable`, `disable`. +* `ems_sn_check` - Enable/disable verification of EMS serial number. Valid values: `enable`, `disable`. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. @@ -287,6 +290,10 @@ The `certificate` block supports: * `name` - Certificate name. +The `internal_domain_list` block supports: + +* `domain_name` - Domain name. + The `ipv4_exclude_range` block supports: * `id` - ID. diff --git a/website/docs/r/fortios_vpnsslweb_portal.html.markdown b/website/docs/r/fortios_vpnsslweb_portal.html.markdown index 73a524e4f..5a00724c0 100644 --- a/website/docs/r/fortios_vpnsslweb_portal.html.markdown +++ b/website/docs/r/fortios_vpnsslweb_portal.html.markdown @@ -109,10 +109,12 @@ The following arguments are supported: * `display_bookmark` - Enable to display the web portal bookmark widget. Valid values: `enable`, `disable`. * `user_bookmark` - Enable to allow web portal users to create their own bookmarks. Valid values: `enable`, `disable`. * `allow_user_access` - Allow user access to SSL-VPN applications. +* `default_protocol` - Application type that is set by default. Valid values: `web`, `ftp`, `telnet`, `smb`, `vnc`, `rdp`, `ssh`, `sftp`. * `user_group_bookmark` - Enable to allow web portal users to create bookmarks for all users in the same user group. Valid values: `enable`, `disable`. * `bookmark_group` - Portal bookmark group. The structure of `bookmark_group` block is documented below. * `display_connection_tools` - Enable to display the web portal connection tools widget. Valid values: `enable`, `disable`. * `display_history` - Enable to display the web portal user login history widget. Valid values: `enable`, `disable`. +* `focus_bookmark` - Enable to prioritize the placement of the bookmark section over the quick-connection section in the SSL-VPN application. Valid values: `enable`, `disable`. * `display_status` - Enable to display the web portal status widget. Valid values: `enable`, `disable`. * `rewrite_ip_uri_ui` - Rewrite contents for URI contains IP and "/ui/". (default = disable) Valid values: `enable`, `disable`. * `heading` - Web portal heading message. diff --git a/website/docs/r/fortios_webproxy_fastfallback.html.markdown b/website/docs/r/fortios_webproxy_fastfallback.html.markdown new file mode 100644 index 000000000..91dbcad3e --- /dev/null +++ b/website/docs/r/fortios_webproxy_fastfallback.html.markdown @@ -0,0 +1,39 @@ +--- +subcategory: "FortiGate Web-Proxy" +layout: "fortios" +page_title: "FortiOS: fortios_webproxy_fastfallback" +description: |- + Proxy destination connection fast-fallback. +--- + +# fortios_webproxy_fastfallback +Proxy destination connection fast-fallback. Applies to FortiOS Version `>= 7.4.1`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Configure a name for the fast-fallback entry. +* `status` - Enable/disable the fast-fallback entry. Valid values: `enable`, `disable`. +* `connection_mode` - Connection mode for multiple destinations. Valid values: `sequentially`, `simultaneously`. +* `protocol` - Connection protocols for multiple destinations. Valid values: `IPv4-first`, `IPv6-first`, `IPv4-only`, `IPv6-only`. +* `connection_timeout` - Number of milliseconds to wait before starting another connection (200 - 1800000, default = 200). For sequential connection-mode only. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +WebProxy FastFallback can be imported using any of these accepted formats: +``` +$ terraform import fortios_webproxy_fastfallback.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_webproxy_fastfallback.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_webproxy_forwardserver.html.markdown b/website/docs/r/fortios_webproxy_forwardserver.html.markdown index 91f5a670f..b06ce6f38 100644 --- a/website/docs/r/fortios_webproxy_forwardserver.html.markdown +++ b/website/docs/r/fortios_webproxy_forwardserver.html.markdown @@ -28,8 +28,9 @@ resource "fortios_webproxy_forwardserver" "trname" { The following arguments are supported: * `name` - Server name. -* `addr_type` - Address type of the forwarding proxy server: IP or FQDN. Valid values: `ip`, `fqdn`. +* `addr_type` - Address type of the forwarding proxy server: IP or FQDN. * `ip` - Forward proxy server IP address. +* `ipv6` - Forward proxy server IPv6 address. * `fqdn` - Forward server Fully Qualified Domain Name (FQDN). * `port` - Port number that the forwarding server expects to receive HTTP sessions on (1 - 65535, default = 3128). * `healthcheck` - Enable/disable forward server health checking. Attempts to connect through the remote forwarding server to a destination to verify that the forwarding server is operating normally. Valid values: `disable`, `enable`. diff --git a/website/docs/r/fortios_webproxy_urlmatch.html.markdown b/website/docs/r/fortios_webproxy_urlmatch.html.markdown index 8543d3f2a..f0791f650 100644 --- a/website/docs/r/fortios_webproxy_urlmatch.html.markdown +++ b/website/docs/r/fortios_webproxy_urlmatch.html.markdown @@ -39,6 +39,7 @@ The following arguments are supported: * `status` - Enable/disable exempting the URLs matching the URL pattern from web proxy forwarding and caching. Valid values: `enable`, `disable`. * `url_pattern` - (Required) URL pattern to be exempted from web proxy forwarding and caching. * `forward_server` - Forward server name. +* `fast_fallback` - Fast fallback configuration entry name. * `cache_exemption` - Enable/disable exempting this URL pattern from caching. Valid values: `enable`, `disable`. * `comment` - Comment. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_wirelesscontroller_address.html.markdown b/website/docs/r/fortios_wirelesscontroller_address.html.markdown index 9d77cb2d0..35e4ee913 100644 --- a/website/docs/r/fortios_wirelesscontroller_address.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_address.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_wirelesscontroller_address -Configure the client with its MAC address. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11`. +Configure the client with its MAC address. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12`. ## Argument Reference diff --git a/website/docs/r/fortios_wirelesscontroller_addrgrp.html.markdown b/website/docs/r/fortios_wirelesscontroller_addrgrp.html.markdown index c4e9dfb24..da5f01a75 100644 --- a/website/docs/r/fortios_wirelesscontroller_addrgrp.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_addrgrp.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_wirelesscontroller_addrgrp -Configure the MAC address group. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11`. +Configure the MAC address group. Applies to FortiOS Version `6.2.4,6.2.6,6.4.0,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12`. ## Argument Reference diff --git a/website/docs/r/fortios_wirelesscontroller_bleprofile.html.markdown b/website/docs/r/fortios_wirelesscontroller_bleprofile.html.markdown index 6aaf1f334..5ac14132a 100644 --- a/website/docs/r/fortios_wirelesscontroller_bleprofile.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_bleprofile.html.markdown @@ -26,6 +26,12 @@ The following arguments are supported: * `txpower` - Transmit power level (default = 0). Valid values: `0`, `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `9`, `10`, `11`, `12`. * `beacon_interval` - Beacon interval (default = 100 msec). * `ble_scanning` - Enable/disable Bluetooth Low Energy (BLE) scanning. Valid values: `enable`, `disable`. +* `scan_type` - Scan Type (default = active). Valid values: `active`, `passive`. +* `scan_threshold` - Minimum signal level/threshold in dBm required for the AP to report detected BLE device (-95 to -20, default = -90). +* `scan_period` - Scan Period (default = 4000 msec). +* `scan_time` - Scan Time (default = 1000 msec). +* `scan_interval` - Scan Interval (default = 50 msec). +* `scan_window` - Scan Windows (default = 50 msec). * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_wirelesscontroller_vap.html.markdown b/website/docs/r/fortios_wirelesscontroller_vap.html.markdown index 3ab8b1081..d0dedfe09 100644 --- a/website/docs/r/fortios_wirelesscontroller_vap.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_vap.html.markdown @@ -60,7 +60,7 @@ The following arguments are supported: * `radius_mac_mpsk_auth` - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: `enable`, `disable`. * `radius_mac_mpsk_timeout` - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). * `radius_mac_auth_usergroups` - Selective user groups that are permitted for RADIUS mac authentication. The structure of `radius_mac_auth_usergroups` block is documented below. -* `auth` - Authentication protocol. Valid values: `psk`, `radius`, `usergroup`. +* `auth` - Authentication protocol. * `encrypt` - Encryption protocol to use (only available when security is set to a WPA type). Valid values: `TKIP`, `AES`, `TKIP-AES`. * `keyindex` - WEP key index (1 - 4). * `key` - WEP Key. @@ -151,8 +151,8 @@ The following arguments are supported: * `secondary_wag_profile` - Secondary wireless access gateway profile name. * `tunnel_echo_interval` - The time interval to send echo to both primary and secondary tunnel peers (1 - 65535 sec, default = 300). * `tunnel_fallback_interval` - The time interval for secondary tunnel to fall back to primary tunnel (0 - 65535 sec, default = 7200). -* `rates_11a` - Allowed data rates for 802.11a. Valid values: `1`, `1-basic`, `2`, `2-basic`, `5.5`, `5.5-basic`, `11`, `11-basic`, `6`, `6-basic`, `9`, `9-basic`, `12`, `12-basic`, `18`, `18-basic`, `24`, `24-basic`, `36`, `36-basic`, `48`, `48-basic`, `54`, `54-basic`. -* `rates_11bg` - Allowed data rates for 802.11b/g. Valid values: `1`, `1-basic`, `2`, `2-basic`, `5.5`, `5.5-basic`, `11`, `11-basic`, `6`, `6-basic`, `9`, `9-basic`, `12`, `12-basic`, `18`, `18-basic`, `24`, `24-basic`, `36`, `36-basic`, `48`, `48-basic`, `54`, `54-basic`. +* `rates_11a` - Allowed data rates for 802.11a. +* `rates_11bg` - Allowed data rates for 802.11b/g. * `rates_11n_ss12` - Allowed data rates for 802.11n with 1 or 2 spatial streams. Valid values: `mcs0/1`, `mcs1/1`, `mcs2/1`, `mcs3/1`, `mcs4/1`, `mcs5/1`, `mcs6/1`, `mcs7/1`, `mcs8/2`, `mcs9/2`, `mcs10/2`, `mcs11/2`, `mcs12/2`, `mcs13/2`, `mcs14/2`, `mcs15/2`. * `rates_11n_ss34` - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: `mcs16/3`, `mcs17/3`, `mcs18/3`, `mcs19/3`, `mcs20/3`, `mcs21/3`, `mcs22/3`, `mcs23/3`, `mcs24/4`, `mcs25/4`, `mcs26/4`, `mcs27/4`, `mcs28/4`, `mcs29/4`, `mcs30/4`, `mcs31/4`. * `rates_11ac_mcs_map` - Comma separated list of max supported VHT MCS for spatial streams 1 through 8. diff --git a/website/docs/r/fortios_wirelesscontroller_widsprofile.html.markdown b/website/docs/r/fortios_wirelesscontroller_widsprofile.html.markdown index 79732d9d4..6644a322d 100644 --- a/website/docs/r/fortios_wirelesscontroller_widsprofile.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_widsprofile.html.markdown @@ -17,6 +17,8 @@ The following arguments are supported: * `comment` - Comment. * `sensor_mode` - Scan WiFi nearby stations (default = disable). Valid values: `disable`, `foreign`, `both`. * `ap_scan` - Enable/disable rogue AP detection. Valid values: `disable`, `enable`. +* `ap_scan_channel_list_2g_5g` - Selected ap scan channel list for 2.4G and 5G bands. The structure of `ap_scan_channel_list_2g_5g` block is documented below. +* `ap_scan_channel_list_6g` - Selected ap scan channel list for 6G band. The structure of `ap_scan_channel_list_6g` block is documented below. * `ap_bgscan_period` - Period of time between background scans (60 - 3600 sec, default = 600). * `ap_bgscan_intv` - Period of time between scanning two channels (1 - 600 sec, default = 1). * `ap_bgscan_duration` - Listening time on a scanning channel (10 - 1000 msec, default = 20). @@ -68,6 +70,14 @@ The following arguments are supported: * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. +The `ap_scan_channel_list_2g_5g` block supports: + +* `chan` - Channel number. + +The `ap_scan_channel_list_6g` block supports: + +* `chan` - Channel 6g number. + The `ap_bgscan_disable_schedules` block supports: * `name` - Schedule name. diff --git a/website/docs/r/fortios_wirelesscontroller_wtp.html.markdown b/website/docs/r/fortios_wirelesscontroller_wtp.html.markdown index cad777493..24c0b8c6d 100644 --- a/website/docs/r/fortios_wirelesscontroller_wtp.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_wtp.html.markdown @@ -28,6 +28,8 @@ The following arguments are supported: * `wtp_mode` - WTP, AP, or FortiAP operating mode; normal (by default) or remote. A tunnel mode SSID can be assigned to an AP in normal mode but not remote mode, while a local-bridge mode SSID can be assigned to an AP in either normal mode or remote mode. Valid values: `normal`, `remote`. * `apcfg_profile` - AP local configuration profile name. * `bonjour_profile` - Bonjour profile name. +* `ble_major_id` - Override BLE Major ID. +* `ble_minor_id` - Override BLE Minor ID. * `override_led_state` - Enable to override the profile LED state setting for this FortiAP. You must enable this option to use the led-state command to turn off the FortiAP's LEDs. Valid values: `enable`, `disable`. * `led_state` - Enable to allow the FortiAPs LEDs to light. Disable to keep the LEDs off. You may want to keep the LEDs off so they are not distracting in low light areas etc. Valid values: `enable`, `disable`. * `override_wan_port_mode` - Enable/disable overriding the wan-port-mode in the WTP profile. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_wirelesscontroller_wtpgroup.html.markdown b/website/docs/r/fortios_wirelesscontroller_wtpgroup.html.markdown index f460e23bc..d48daa6f9 100644 --- a/website/docs/r/fortios_wirelesscontroller_wtpgroup.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_wtpgroup.html.markdown @@ -15,6 +15,7 @@ The following arguments are supported: * `name` - WTP group name. * `platform_type` - FortiAP models to define the WTP group platform type. +* `ble_major_id` - Override BLE Major ID. * `wtps` - WTP list. The structure of `wtps` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwish conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. diff --git a/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown b/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown index f4ce69cf8..291bafa2e 100644 --- a/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown @@ -125,6 +125,7 @@ The `radio_1` block supports: * `bss_color` - BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). * `bss_color_mode` - BSS color mode for this 11ax radio (default = auto). Valid values: `auto`, `static`. * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. +* `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. * `channel_bonding` - Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. * `optional_antenna` - Optional antenna used on FAP (default = none). Valid values: `none`, `FANT-04ABGN-0606-O-N`, `FANT-04ABGN-1414-P-N`, `FANT-04ABGN-8065-P-N`, `FANT-04ABGN-0606-O-R`, `FANT-04ABGN-0606-P-R`, `FANT-10ACAX-1213-D-N`, `FANT-08ABGN-1213-D-R`. * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference (default = disable). Valid values: `enable`, `disable`. @@ -209,6 +210,7 @@ The `radio_2` block supports: * `bss_color` - BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). * `bss_color_mode` - BSS color mode for this 11ax radio (default = auto). Valid values: `auto`, `static`. * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. +* `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. * `channel_bonding` - Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. * `optional_antenna` - Optional antenna used on FAP (default = none). Valid values: `none`, `FANT-04ABGN-0606-O-N`, `FANT-04ABGN-1414-P-N`, `FANT-04ABGN-8065-P-N`, `FANT-04ABGN-0606-O-R`, `FANT-04ABGN-0606-P-R`, `FANT-10ACAX-1213-D-N`, `FANT-08ABGN-1213-D-R`. * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference (default = disable). Valid values: `enable`, `disable`. @@ -292,6 +294,7 @@ The `radio_3` block supports: * `bss_color` - BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). * `bss_color_mode` - BSS color mode for this 11ax radio (default = auto). Valid values: `auto`, `static`. * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. +* `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. * `channel_bonding` - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Valid values: `160MHz`, `80MHz`, `40MHz`, `20MHz`. * `optional_antenna` - Optional antenna used on FAP (default = none). Valid values: `none`, `FANT-04ABGN-0606-O-N`, `FANT-04ABGN-1414-P-N`, `FANT-04ABGN-8065-P-N`, `FANT-04ABGN-0606-O-R`, `FANT-04ABGN-0606-P-R`, `FANT-10ACAX-1213-D-N`, `FANT-08ABGN-1213-D-R`. * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Valid values: `enable`, `disable`. @@ -375,6 +378,7 @@ The `radio_4` block supports: * `bss_color` - BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). * `bss_color_mode` - BSS color mode for this 11ax radio (default = auto). Valid values: `auto`, `static`. * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. +* `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. * `channel_bonding` - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Valid values: `160MHz`, `80MHz`, `40MHz`, `20MHz`. * `optional_antenna` - Optional antenna used on FAP (default = none). Valid values: `none`, `FANT-04ABGN-0606-O-N`, `FANT-04ABGN-1414-P-N`, `FANT-04ABGN-8065-P-N`, `FANT-04ABGN-0606-O-R`, `FANT-04ABGN-0606-P-R`, `FANT-10ACAX-1213-D-N`, `FANT-08ABGN-1213-D-R`. * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Valid values: `enable`, `disable`. @@ -467,6 +471,19 @@ The `lbs` block supports: * `fortipresence_unassoc` - Enable/disable FortiPresence finding and reporting unassociated stations. Valid values: `enable`, `disable`. * `fortipresence_ble` - Enable/disable FortiPresence finding and reporting BLE devices. Valid values: `enable`, `disable`. * `station_locate` - Enable/disable client station locating services for all clients, whether associated or not (default = disable). Valid values: `enable`, `disable`. +* `polestar` - Enable/disable PoleStar BLE NAO Track Real Time Location Service (RTLS) support (default = disable). Valid values: `enable`, `disable`. +* `polestar_protocol` - Select the protocol to report Measurements, Advertising Data, or Location Data to NAO Cloud. (default = WSS). Valid values: `WSS`. +* `polestar_server_fqdn` - FQDN of PoleStar Nao Track Server (default = ws.nao-cloud.com). +* `polestar_server_path` - Path of PoleStar Nao Track Server (default = /v1/token//pst-v2). +* `polestar_server_token` - Access Token of PoleStar Nao Track Server. +* `polestar_server_port` - Port of PoleStar Nao Track Server (default = 443). +* `polestar_accumulation_interval` - Time that measurements should be accumulated in seconds (default = 2). +* `polestar_reporting_interval` - Time between reporting accumulated measurements in seconds (default = 2). +* `polestar_asset_uuid_list1` - Tags and asset UUID list 1 to be reported (string in the format of 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'). +* `polestar_asset_uuid_list2` - Tags and asset UUID list 2 to be reported (string in the format of 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'). +* `polestar_asset_uuid_list3` - Tags and asset UUID list 3 to be reported (string in the format of 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'). +* `polestar_asset_uuid_list4` - Tags and asset UUID list 4 to be reported (string in the format of 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'). +* `polestar_asset_addrgrp_list` - Tags and asset addrgrp list to be reported. The `esl_ses_dongle` block supports: