From db33c6126d42ad176cf7b6c28dfe9f2c5c15105f Mon Sep 17 00:00:00 2001 From: FTNT-HQCM Date: Fri, 21 Jun 2024 10:00:12 -0700 Subject: [PATCH] init/updateFortiOSTerraform: 1.20.0 Signed-off-by: FTNT-HQCM --- CHANGELOG.md | 19 +- .../data_source_firewall_centralsnatmap.go | 14 + fortios/data_source_firewall_policy.go | 14 + fortios/data_source_router_bgp.go | 13 + fortios/data_source_system_accprofile.go | 13 + fortios/data_source_system_global.go | 14 + fortios/data_source_system_interface.go | 14 + fortios/data_source_system_ntp.go | 13 + fortios/provider.go | 3 + fortios/resource_authentication_rule.go | 28 + fortios/resource_casb_profile.go | 28 + fortios/resource_certificate_ca.go | 28 + fortios/resource_dnsfilter_profile.go | 28 + fortios/resource_endpointcontrol_fctems.go | 29 + ...resource_endpointcontrol_fctemsoverride.go | 29 + ...rce_extensioncontroller_extenderprofile.go | 1636 ++++++++++++++--- ...esource_extensioncontroller_extendervap.go | 807 ++++++++ fortios/resource_firewall_centralsnatmap.go | 28 + fortios/resource_firewall_ippool.go | 29 + fortios/resource_firewall_localinpolicy.go | 492 +++++ fortios/resource_firewall_localinpolicy6.go | 492 +++++ fortios/resource_firewall_ondemandsniffer.go | 696 +++++++ fortios/resource_firewall_policy.go | 28 + fortios/resource_firewall_sslsshprofile.go | 180 ++ fortios/resource_firewall_vip.go | 28 + fortios/resource_firewall_vip6.go | 28 + fortios/resource_router_bgp.go | 24 + ...urce_switchcontroller_dynamicportpolicy.go | 47 + ...resource_switchcontroller_managedswitch.go | 47 + ...ce_switchcontrollersecuritypolicy_8021X.go | 85 + fortios/resource_system_accprofile.go | 22 + fortios/resource_system_automationstitch.go | 76 +- fortios/resource_system_global.go | 39 +- fortios/resource_system_interface.go | 28 + fortios/resource_system_ipam.go | 128 ++ fortios/resource_system_ntp.go | 23 + fortios/resource_system_sdwan.go | 5 + fortios/resource_system_settings.go | 32 + fortios/resource_system_sshconfig.go | 397 ++++ fortios/resource_user_fortitoken.go | 2 +- fortios/resource_user_ldap.go | 29 + fortios/resource_user_nacpolicy.go | 86 + fortios/resource_user_tacacs.go | 29 + fortios/resource_vpncertificate_ca.go | 28 + fortios/resource_vpnipsec_phase1.go | 402 ++++ fortios/resource_vpnipsec_phase1interface.go | 113 ++ fortios/resource_vpnssl_settings.go | 2 +- fortios/resource_webproxy_explicit.go | 96 + fortios/resource_webproxy_global.go | 64 + fortios/resource_wirelesscontroller_global.go | 194 ++ fortios/resource_wirelesscontroller_log.go | 32 + ...resource_wirelesscontroller_mpskprofile.go | 178 ++ fortios/resource_wirelesscontroller_timers.go | 96 + fortios/resource_wirelesscontroller_vap.go | 203 +- .../resource_wirelesscontroller_wtpprofile.go | 124 +- go.mod | 35 +- go.sum | 90 +- sdk/sdkcore/sdkfos.go | 143 ++ ...tios_firewall_centralsnatmap.html.markdown | 1 + .../d/fortios_firewall_policy.html.markdown | 1 + .../docs/d/fortios_router_bgp.html.markdown | 1 + .../d/fortios_system_accprofile.html.markdown | 1 + .../d/fortios_system_global.html.markdown | 1 + .../d/fortios_system_interface.html.markdown | 1 + .../docs/d/fortios_system_ntp.html.markdown | 1 + .../fortios_authentication_rule.html.markdown | 1 + .../docs/r/fortios_casb_profile.html.markdown | 1 + .../r/fortios_certificate_ca.html.markdown | 1 + .../r/fortios_dnsfilter_profile.html.markdown | 3 +- ...rtios_endpointcontrol_fctems.html.markdown | 1 + ...dpointcontrol_fctemsoverride.html.markdown | 1 + ...ios_endpointcontrol_settings.html.markdown | 2 +- ...oncontroller_extenderprofile.html.markdown | 55 +- ...ensioncontroller_extendervap.html.markdown | 55 + ...tios_firewall_centralsnatmap.html.markdown | 1 + ...rewall_internetserviceappend.html.markdown | 2 +- .../r/fortios_firewall_ippool.html.markdown | 1 + ...rtios_firewall_localinpolicy.html.markdown | 22 + ...tios_firewall_localinpolicy6.html.markdown | 22 + ...ios_firewall_ondemandsniffer.html.markdown | 56 + .../r/fortios_firewall_policy.html.markdown | 1 + ...rtios_firewall_sslsshprofile.html.markdown | 8 + .../docs/r/fortios_firewall_vip.html.markdown | 1 + .../r/fortios_firewall_vip6.html.markdown | 1 + .../docs/r/fortios_router_bgp.html.markdown | 1 + .../docs/r/fortios_rule_fmwp.html.markdown | 2 +- ...controller_dynamicportpolicy.html.markdown | 2 + ...itchcontroller_managedswitch.html.markdown | 2 + ...tios_switchcontroller_system.html.markdown | 12 +- ...ntrollersecuritypolicy_8021X.html.markdown | 3 + .../r/fortios_system_accprofile.html.markdown | 1 + .../r/fortios_system_ftmpush.html.markdown | 2 +- .../r/fortios_system_global.html.markdown | 1 + .../r/fortios_system_interface.html.markdown | 3 +- .../docs/r/fortios_system_ipam.html.markdown | 6 + .../docs/r/fortios_system_ntp.html.markdown | 7 +- .../r/fortios_system_settings.html.markdown | 1 + ...tios_system_speedtestsetting.html.markdown | 2 +- .../r/fortios_system_sshconfig.html.markdown | 41 + ...ser_externalidentityprovider.html.markdown | 2 +- .../docs/r/fortios_user_ldap.html.markdown | 3 +- .../r/fortios_user_nacpolicy.html.markdown | 3 + .../docs/r/fortios_user_radius.html.markdown | 2 +- .../docs/r/fortios_user_tacacs.html.markdown | 1 + .../r/fortios_vpncertificate_ca.html.markdown | 1 + .../r/fortios_vpnipsec_phase1.html.markdown | 14 + ...ios_vpnipsec_phase1interface.html.markdown | 4 + .../r/fortios_vpnssl_settings.html.markdown | 4 +- .../r/fortios_webproxy_explicit.html.markdown | 5 +- .../r/fortios_webproxy_global.html.markdown | 2 + ...relesscontroller_arrpprofile.html.markdown | 2 +- ...os_wirelesscontroller_global.html.markdown | 6 + ...rtios_wirelesscontroller_log.html.markdown | 1 + ...relesscontroller_mpskprofile.html.markdown | 7 + ...s_wirelesscontroller_setting.html.markdown | 4 +- ...os_wirelesscontroller_timers.html.markdown | 3 + ...rtios_wirelesscontroller_vap.html.markdown | 25 +- ...irelesscontroller_wtpprofile.html.markdown | 9 +- 118 files changed, 7622 insertions(+), 434 deletions(-) create mode 100644 fortios/resource_extensioncontroller_extendervap.go create mode 100644 fortios/resource_firewall_ondemandsniffer.go create mode 100644 fortios/resource_system_sshconfig.go create mode 100644 website/docs/r/fortios_extensioncontroller_extendervap.html.markdown create mode 100644 website/docs/r/fortios_firewall_ondemandsniffer.html.markdown create mode 100644 website/docs/r/fortios_system_sshconfig.html.markdown diff --git a/CHANGELOG.md b/CHANGELOG.md index 3775e36dc..f80889527 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,21 @@ -## 1.20.0 (Unreleased) +## 1.21.0 (Unreleased) + + +## 1.20.0 (Jun 21, 2024) +BUG FIXES: + +* Fix extra quote issue; +* Fix issue of multiple argument conflict caused by version differences for resource system_automationstitch; + +IMPROVEMENTS: + +* Support FortiOS version 7.4.4; + +FEATURES: + +* **New Data source:** `fortios_extensioncontroller_extendervap` +* **New Data source:** `fortios_firewall_ondemandsniffer` +* **New Data source:** `fortios_system_sshconfig` ## 1.19.1 (Apr 29, 2024) diff --git a/fortios/data_source_firewall_centralsnatmap.go b/fortios/data_source_firewall_centralsnatmap.go index 86586cc63..0c144f745 100644 --- a/fortios/data_source_firewall_centralsnatmap.go +++ b/fortios/data_source_firewall_centralsnatmap.go @@ -140,6 +140,10 @@ func dataSourceFirewallCentralSnatMap() *schema.Resource { }, }, }, + "port_preserve": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "protocol": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -523,6 +527,10 @@ func dataSourceFlattenFirewallCentralSnatMapNatIppool6Name(v interface{}, d *sch return v } +func dataSourceFlattenFirewallCentralSnatMapPortPreserve(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenFirewallCentralSnatMapProtocol(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -630,6 +638,12 @@ func dataSourceRefreshObjectFirewallCentralSnatMap(d *schema.ResourceData, o map } } + if err = d.Set("port_preserve", dataSourceFlattenFirewallCentralSnatMapPortPreserve(o["port-preserve"], d, "port_preserve")); err != nil { + if !fortiAPIPatch(o["port-preserve"]) { + return fmt.Errorf("Error reading port_preserve: %v", err) + } + } + if err = d.Set("protocol", dataSourceFlattenFirewallCentralSnatMapProtocol(o["protocol"], d, "protocol")); err != nil { if !fortiAPIPatch(o["protocol"]) { return fmt.Errorf("Error reading protocol: %v", err) diff --git a/fortios/data_source_firewall_policy.go b/fortios/data_source_firewall_policy.go index 2264ede56..2354378ef 100644 --- a/fortios/data_source_firewall_policy.go +++ b/fortios/data_source_firewall_policy.go @@ -828,6 +828,10 @@ func dataSourceFirewallPolicy() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "port_preserve": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "ippool": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -2915,6 +2919,10 @@ func dataSourceFlattenFirewallPolicyFixedport(v interface{}, d *schema.ResourceD return v } +func dataSourceFlattenFirewallPolicyPortPreserve(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenFirewallPolicyIppool(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -4273,6 +4281,12 @@ func dataSourceRefreshObjectFirewallPolicy(d *schema.ResourceData, o map[string] } } + if err = d.Set("port_preserve", dataSourceFlattenFirewallPolicyPortPreserve(o["port-preserve"], d, "port_preserve")); err != nil { + if !fortiAPIPatch(o["port-preserve"]) { + return fmt.Errorf("Error reading port_preserve: %v", err) + } + } + if err = d.Set("ippool", dataSourceFlattenFirewallPolicyIppool(o["ippool"], d, "ippool")); err != nil { if !fortiAPIPatch(o["ippool"]) { return fmt.Errorf("Error reading ippool: %v", err) diff --git a/fortios/data_source_router_bgp.go b/fortios/data_source_router_bgp.go index b3e73d034..8f9e96c89 100644 --- a/fortios/data_source_router_bgp.go +++ b/fortios/data_source_router_bgp.go @@ -1430,6 +1430,10 @@ func dataSourceRouterBgp() *schema.Resource { Type: schema.TypeInt, Computed: true, }, + "remote_as_filter": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "local_as": &schema.Schema{ Type: schema.TypeInt, Computed: true, @@ -4518,6 +4522,11 @@ func dataSourceFlattenRouterBgpNeighborGroup(v interface{}, d *schema.ResourceDa tmp["remote_as"] = dataSourceFlattenRouterBgpNeighborGroupRemoteAs(i["remote-as"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "remote_as_filter" + if _, ok := i["remote-as-filter"]; ok { + tmp["remote_as_filter"] = dataSourceFlattenRouterBgpNeighborGroupRemoteAsFilter(i["remote-as-filter"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "local_as" if _, ok := i["local-as"]; ok { tmp["local_as"] = dataSourceFlattenRouterBgpNeighborGroupLocalAs(i["local-as"], d, pre_append) @@ -5191,6 +5200,10 @@ func dataSourceFlattenRouterBgpNeighborGroupRemoteAs(v interface{}, d *schema.Re return v } +func dataSourceFlattenRouterBgpNeighborGroupRemoteAsFilter(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenRouterBgpNeighborGroupLocalAs(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } diff --git a/fortios/data_source_system_accprofile.go b/fortios/data_source_system_accprofile.go index d34d2aa3e..877b469c4 100644 --- a/fortios/data_source_system_accprofile.go +++ b/fortios/data_source_system_accprofile.go @@ -201,6 +201,10 @@ func dataSourceSystemAccprofile() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "dlp": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "data_leak_prevention": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -624,6 +628,11 @@ func dataSourceFlattenSystemAccprofileUtmgrpPermission(v interface{}, d *schema. result["emailfilter"] = dataSourceFlattenSystemAccprofileUtmgrpPermissionEmailfilter(i["emailfilter"], d, pre_append) } + pre_append = pre + ".0." + "dlp" + if _, ok := i["dlp"]; ok { + result["dlp"] = dataSourceFlattenSystemAccprofileUtmgrpPermissionDlp(i["dlp"], d, pre_append) + } + pre_append = pre + ".0." + "data_leak_prevention" if _, ok := i["data-leak-prevention"]; ok { result["data_leak_prevention"] = dataSourceFlattenSystemAccprofileUtmgrpPermissionDataLeakPrevention(i["data-leak-prevention"], d, pre_append) @@ -709,6 +718,10 @@ func dataSourceFlattenSystemAccprofileUtmgrpPermissionEmailfilter(v interface{}, return v } +func dataSourceFlattenSystemAccprofileUtmgrpPermissionDlp(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemAccprofileUtmgrpPermissionDataLeakPrevention(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } diff --git a/fortios/data_source_system_global.go b/fortios/data_source_system_global.go index cf43fd212..d7d4c30a6 100644 --- a/fortios/data_source_system_global.go +++ b/fortios/data_source_system_global.go @@ -657,6 +657,10 @@ func dataSourceSystemGlobal() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "dhcp_lease_backup_interval": &schema.Schema{ + Type: schema.TypeInt, + Computed: true, + }, "wifi_ca_certificate": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1851,6 +1855,10 @@ func dataSourceFlattenSystemGlobalWifiCertificate(v interface{}, d *schema.Resou return v } +func dataSourceFlattenSystemGlobalDhcpLeaseBackupInterval(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemGlobalWifiCaCertificate(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -3355,6 +3363,12 @@ func dataSourceRefreshObjectSystemGlobal(d *schema.ResourceData, o map[string]in } } + if err = d.Set("dhcp_lease_backup_interval", dataSourceFlattenSystemGlobalDhcpLeaseBackupInterval(o["dhcp-lease-backup-interval"], d, "dhcp_lease_backup_interval")); err != nil { + if !fortiAPIPatch(o["dhcp-lease-backup-interval"]) { + return fmt.Errorf("Error reading dhcp_lease_backup_interval: %v", err) + } + } + if err = d.Set("wifi_ca_certificate", dataSourceFlattenSystemGlobalWifiCaCertificate(o["wifi-ca-certificate"], d, "wifi_ca_certificate")); err != nil { if !fortiAPIPatch(o["wifi-ca-certificate"]) { return fmt.Errorf("Error reading wifi_ca_certificate: %v", err) diff --git a/fortios/data_source_system_interface.go b/fortios/data_source_system_interface.go index a42275695..5f772732a 100644 --- a/fortios/data_source_system_interface.go +++ b/fortios/data_source_system_interface.go @@ -128,6 +128,10 @@ func dataSourceSystemInterface() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "dhcp_relay_allow_no_end_option": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "dhcp_relay_type": &schema.Schema{ Type: schema.TypeString, Computed: true, @@ -1696,6 +1700,10 @@ func dataSourceFlattenSystemInterfaceDhcpRelayRequestAllServer(v interface{}, d return v } +func dataSourceFlattenSystemInterfaceDhcpRelayAllowNoEndOption(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemInterfaceDhcpRelayType(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } @@ -4098,6 +4106,12 @@ func dataSourceRefreshObjectSystemInterface(d *schema.ResourceData, o map[string } } + if err = d.Set("dhcp_relay_allow_no_end_option", dataSourceFlattenSystemInterfaceDhcpRelayAllowNoEndOption(o["dhcp-relay-allow-no-end-option"], d, "dhcp_relay_allow_no_end_option")); err != nil { + if !fortiAPIPatch(o["dhcp-relay-allow-no-end-option"]) { + return fmt.Errorf("Error reading dhcp_relay_allow_no_end_option: %v", err) + } + } + if err = d.Set("dhcp_relay_type", dataSourceFlattenSystemInterfaceDhcpRelayType(o["dhcp-relay-type"], d, "dhcp_relay_type")); err != nil { if !fortiAPIPatch(o["dhcp-relay-type"]) { return fmt.Errorf("Error reading dhcp_relay_type: %v", err) diff --git a/fortios/data_source_system_ntp.go b/fortios/data_source_system_ntp.go index c594c5422..943fd7609 100644 --- a/fortios/data_source_system_ntp.go +++ b/fortios/data_source_system_ntp.go @@ -61,6 +61,10 @@ func dataSourceSystemNtp() *schema.Resource { Type: schema.TypeString, Computed: true, }, + "key_type": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, "key": &schema.Schema{ Type: schema.TypeString, Sensitive: true, @@ -215,6 +219,11 @@ func dataSourceFlattenSystemNtpNtpserver(v interface{}, d *schema.ResourceData, tmp["authentication"] = dataSourceFlattenSystemNtpNtpserverAuthentication(i["authentication"], d, pre_append) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key_type" + if _, ok := i["key-type"]; ok { + tmp["key_type"] = dataSourceFlattenSystemNtpNtpserverKeyType(i["key-type"], d, pre_append) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key" if _, ok := i["key"]; ok { tmp["key"] = dataSourceFlattenSystemNtpNtpserverKey(i["key"], d, pre_append) @@ -268,6 +277,10 @@ func dataSourceFlattenSystemNtpNtpserverAuthentication(v interface{}, d *schema. return v } +func dataSourceFlattenSystemNtpNtpserverKeyType(v interface{}, d *schema.ResourceData, pre string) interface{} { + return v +} + func dataSourceFlattenSystemNtpNtpserverKey(v interface{}, d *schema.ResourceData, pre string) interface{} { return v } diff --git a/fortios/provider.go b/fortios/provider.go index d62aa600b..161cf21c5 100644 --- a/fortios/provider.go +++ b/fortios/provider.go @@ -494,6 +494,7 @@ func Provider() *schema.Provider { "fortios_extendercontroller_extenderprofile": resourceExtenderControllerExtenderProfile(), "fortios_extendercontroller_extender1": resourceExtenderControllerExtender1(), "fortios_extensioncontroller_dataplan": resourceExtensionControllerDataplan(), + "fortios_extensioncontroller_extendervap": resourceExtensionControllerExtenderVap(), "fortios_extensioncontroller_extender": resourceExtensionControllerExtender(), "fortios_extensioncontroller_extenderprofile": resourceExtensionControllerExtenderProfile(), "fortios_extensioncontroller_fortigate": resourceExtensionControllerFortigate(), @@ -546,6 +547,7 @@ func Provider() *schema.Provider { "fortios_firewall_multicastaddress": resourceFirewallMulticastAddress(), "fortios_firewall_multicastaddress6": resourceFirewallMulticastAddress6(), "fortios_firewall_multicastpolicy": resourceFirewallMulticastPolicy(), + "fortios_firewall_ondemandsniffer": resourceFirewallOnDemandSniffer(), "fortios_firewall_multicastpolicy6": resourceFirewallMulticastPolicy6(), "fortios_firewall_networkservicedynamic": resourceFirewallNetworkServiceDynamic(), "fortios_firewall_policy": resourceFirewallPolicy(), @@ -857,6 +859,7 @@ func Provider() *schema.Provider { "fortios_system_sittunnel": resourceSystemSitTunnel(), "fortios_system_smsserver": resourceSystemSmsServer(), "fortios_system_speedtestschedule": resourceSystemSpeedTestSchedule(), + "fortios_system_sshconfig": resourceSystemSshConfig(), "fortios_system_speedtestserver": resourceSystemSpeedTestServer(), "fortios_system_speedtestsetting": resourceSystemSpeedTestSetting(), "fortios_system_ssoadmin": resourceSystemSsoAdmin(), diff --git a/fortios/resource_authentication_rule.go b/fortios/resource_authentication_rule.go index de4188899..aac9c794d 100644 --- a/fortios/resource_authentication_rule.go +++ b/fortios/resource_authentication_rule.go @@ -156,6 +156,11 @@ func resourceAuthenticationRule() *schema.Resource { Optional: true, Computed: true, }, + "cert_auth_cookie": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "transaction_based": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -582,6 +587,10 @@ func flattenAuthenticationRuleCorsDepth(v interface{}, d *schema.ResourceData, p return v } +func flattenAuthenticationRuleCertAuthCookie(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenAuthenticationRuleTransactionBased(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -737,6 +746,12 @@ func refreshObjectAuthenticationRule(d *schema.ResourceData, o map[string]interf } } + if err = d.Set("cert_auth_cookie", flattenAuthenticationRuleCertAuthCookie(o["cert-auth-cookie"], d, "cert_auth_cookie", sv)); err != nil { + if !fortiAPIPatch(o["cert-auth-cookie"]) { + return fmt.Errorf("Error reading cert_auth_cookie: %v", err) + } + } + if err = d.Set("transaction_based", flattenAuthenticationRuleTransactionBased(o["transaction-based"], d, "transaction_based", sv)); err != nil { if !fortiAPIPatch(o["transaction-based"]) { return fmt.Errorf("Error reading transaction_based: %v", err) @@ -940,6 +955,10 @@ func expandAuthenticationRuleCorsDepth(d *schema.ResourceData, v interface{}, pr return v, nil } +func expandAuthenticationRuleCertAuthCookie(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandAuthenticationRuleTransactionBased(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1081,6 +1100,15 @@ func getObjectAuthenticationRule(d *schema.ResourceData, sv string) (*map[string } } + if v, ok := d.GetOk("cert_auth_cookie"); ok { + t, err := expandAuthenticationRuleCertAuthCookie(d, v, "cert_auth_cookie", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cert-auth-cookie"] = t + } + } + if v, ok := d.GetOk("transaction_based"); ok { t, err := expandAuthenticationRuleTransactionBased(d, v, "transaction_based", sv) if err != nil { diff --git a/fortios/resource_casb_profile.go b/fortios/resource_casb_profile.go index 7a51778b5..bd5428073 100644 --- a/fortios/resource_casb_profile.go +++ b/fortios/resource_casb_profile.go @@ -43,6 +43,11 @@ func resourceCasbProfile() *schema.Resource { Optional: true, Computed: true, }, + "comment": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + }, "saas_application": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -359,6 +364,10 @@ func flattenCasbProfileName(v interface{}, d *schema.ResourceData, pre string, s return v } +func flattenCasbProfileComment(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenCasbProfileSaasApplication(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -808,6 +817,12 @@ func refreshObjectCasbProfile(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("comment", flattenCasbProfileComment(o["comment"], d, "comment", sv)); err != nil { + if !fortiAPIPatch(o["comment"]) { + return fmt.Errorf("Error reading comment: %v", err) + } + } + if b_get_all_tables { if err = d.Set("saas_application", flattenCasbProfileSaasApplication(o["saas-application"], d, "saas_application", sv)); err != nil { if !fortiAPIPatch(o["saas-application"]) { @@ -837,6 +852,10 @@ func expandCasbProfileName(d *schema.ResourceData, v interface{}, pre string, sv return v, nil } +func expandCasbProfileComment(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandCasbProfileSaasApplication(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -1197,6 +1216,15 @@ func getObjectCasbProfile(d *schema.ResourceData, sv string) (*map[string]interf } } + if v, ok := d.GetOk("comment"); ok { + t, err := expandCasbProfileComment(d, v, "comment", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["comment"] = t + } + } + if v, ok := d.GetOk("saas_application"); ok || d.HasChange("saas_application") { t, err := expandCasbProfileSaasApplication(d, v, "saas_application", sv) if err != nil { diff --git a/fortios/resource_certificate_ca.go b/fortios/resource_certificate_ca.go index a36b310c8..da1090345 100644 --- a/fortios/resource_certificate_ca.go +++ b/fortios/resource_certificate_ca.go @@ -105,6 +105,11 @@ func resourceCertificateCa() *schema.Resource { Optional: true, Computed: true, }, + "fabric_ca": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "last_updated": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -317,6 +322,10 @@ func flattenCertificateCaObsolete(v interface{}, d *schema.ResourceData, pre str return v } +func flattenCertificateCaFabricCa(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenCertificateCaLastUpdated(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -396,6 +405,12 @@ func refreshObjectCertificateCa(d *schema.ResourceData, o map[string]interface{} } } + if err = d.Set("fabric_ca", flattenCertificateCaFabricCa(o["fabric-ca"], d, "fabric_ca", sv)); err != nil { + if !fortiAPIPatch(o["fabric-ca"]) { + return fmt.Errorf("Error reading fabric_ca: %v", err) + } + } + if err = d.Set("last_updated", flattenCertificateCaLastUpdated(o["last-updated"], d, "last_updated", sv)); err != nil { if !fortiAPIPatch(o["last-updated"]) { return fmt.Errorf("Error reading last_updated: %v", err) @@ -463,6 +478,10 @@ func expandCertificateCaObsolete(d *schema.ResourceData, v interface{}, pre stri return v, nil } +func expandCertificateCaFabricCa(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandCertificateCaLastUpdated(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -587,6 +606,15 @@ func getObjectCertificateCa(d *schema.ResourceData, sv string) (*map[string]inte } } + if v, ok := d.GetOk("fabric_ca"); ok { + t, err := expandCertificateCaFabricCa(d, v, "fabric_ca", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fabric-ca"] = t + } + } + if v, ok := d.GetOkExists("last_updated"); ok { t, err := expandCertificateCaLastUpdated(d, v, "last_updated", sv) if err != nil { diff --git a/fortios/resource_dnsfilter_profile.go b/fortios/resource_dnsfilter_profile.go index b21d5cd05..0165d6ce7 100644 --- a/fortios/resource_dnsfilter_profile.go +++ b/fortios/resource_dnsfilter_profile.go @@ -234,6 +234,11 @@ func resourceDnsfilterProfile() *schema.Resource { }, }, }, + "strip_ech": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -759,6 +764,10 @@ func flattenDnsfilterProfileTransparentDnsDatabaseName(v interface{}, d *schema. return v } +func flattenDnsfilterProfileStripEch(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectDnsfilterProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -914,6 +923,12 @@ func refreshObjectDnsfilterProfile(d *schema.ResourceData, o map[string]interfac } } + if err = d.Set("strip_ech", flattenDnsfilterProfileStripEch(o["strip-ech"], d, "strip_ech", sv)); err != nil { + if !fortiAPIPatch(o["strip-ech"]) { + return fmt.Errorf("Error reading strip_ech: %v", err) + } + } + return nil } @@ -1234,6 +1249,10 @@ func expandDnsfilterProfileTransparentDnsDatabaseName(d *schema.ResourceData, v return v, nil } +func expandDnsfilterProfileStripEch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectDnsfilterProfile(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -1381,5 +1400,14 @@ func getObjectDnsfilterProfile(d *schema.ResourceData, sv string) (*map[string]i } } + if v, ok := d.GetOk("strip_ech"); ok { + t, err := expandDnsfilterProfileStripEch(d, v, "strip_ech", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["strip-ech"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_endpointcontrol_fctems.go b/fortios/resource_endpointcontrol_fctems.go index d1296c946..669e9a61a 100644 --- a/fortios/resource_endpointcontrol_fctems.go +++ b/fortios/resource_endpointcontrol_fctems.go @@ -82,6 +82,12 @@ func resourceEndpointControlFctems() *schema.Resource { Optional: true, Computed: true, }, + "cloud_authentication_access_key": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 20), + Optional: true, + Computed: true, + }, "https_port": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(1, 65535), @@ -388,6 +394,10 @@ func flattenEndpointControlFctemsFortinetoneCloudAuthentication(v interface{}, d return v } +func flattenEndpointControlFctemsCloudAuthenticationAccessKey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenEndpointControlFctemsHttpsPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -527,6 +537,12 @@ func refreshObjectEndpointControlFctems(d *schema.ResourceData, o map[string]int } } + if err = d.Set("cloud_authentication_access_key", flattenEndpointControlFctemsCloudAuthenticationAccessKey(o["cloud-authentication-access-key"], d, "cloud_authentication_access_key", sv)); err != nil { + if !fortiAPIPatch(o["cloud-authentication-access-key"]) { + return fmt.Errorf("Error reading cloud_authentication_access_key: %v", err) + } + } + if err = d.Set("https_port", flattenEndpointControlFctemsHttpsPort(o["https-port"], d, "https_port", sv)); err != nil { if !fortiAPIPatch(o["https-port"]) { return fmt.Errorf("Error reading https_port: %v", err) @@ -694,6 +710,10 @@ func expandEndpointControlFctemsFortinetoneCloudAuthentication(d *schema.Resourc return v, nil } +func expandEndpointControlFctemsCloudAuthenticationAccessKey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandEndpointControlFctemsHttpsPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -857,6 +877,15 @@ func getObjectEndpointControlFctems(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("cloud_authentication_access_key"); ok { + t, err := expandEndpointControlFctemsCloudAuthenticationAccessKey(d, v, "cloud_authentication_access_key", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cloud-authentication-access-key"] = t + } + } + if v, ok := d.GetOk("https_port"); ok { t, err := expandEndpointControlFctemsHttpsPort(d, v, "https_port", sv) if err != nil { diff --git a/fortios/resource_endpointcontrol_fctemsoverride.go b/fortios/resource_endpointcontrol_fctemsoverride.go index ac06aa836..acf048b8a 100644 --- a/fortios/resource_endpointcontrol_fctemsoverride.go +++ b/fortios/resource_endpointcontrol_fctemsoverride.go @@ -64,6 +64,12 @@ func resourceEndpointControlFctemsOverride() *schema.Resource { Optional: true, Computed: true, }, + "cloud_authentication_access_key": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 20), + Optional: true, + Computed: true, + }, "server": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 255), @@ -352,6 +358,10 @@ func flattenEndpointControlFctemsOverrideFortinetoneCloudAuthentication(v interf return v } +func flattenEndpointControlFctemsOverrideCloudAuthenticationAccessKey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenEndpointControlFctemsOverrideServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -469,6 +479,12 @@ func refreshObjectEndpointControlFctemsOverride(d *schema.ResourceData, o map[st } } + if err = d.Set("cloud_authentication_access_key", flattenEndpointControlFctemsOverrideCloudAuthenticationAccessKey(o["cloud-authentication-access-key"], d, "cloud_authentication_access_key", sv)); err != nil { + if !fortiAPIPatch(o["cloud-authentication-access-key"]) { + return fmt.Errorf("Error reading cloud_authentication_access_key: %v", err) + } + } + if err = d.Set("server", flattenEndpointControlFctemsOverrideServer(o["server"], d, "server", sv)); err != nil { if !fortiAPIPatch(o["server"]) { return fmt.Errorf("Error reading server: %v", err) @@ -624,6 +640,10 @@ func expandEndpointControlFctemsOverrideFortinetoneCloudAuthentication(d *schema return v, nil } +func expandEndpointControlFctemsOverrideCloudAuthenticationAccessKey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandEndpointControlFctemsOverrideServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -756,6 +776,15 @@ func getObjectEndpointControlFctemsOverride(d *schema.ResourceData, sv string) ( } } + if v, ok := d.GetOk("cloud_authentication_access_key"); ok { + t, err := expandEndpointControlFctemsOverrideCloudAuthenticationAccessKey(d, v, "cloud_authentication_access_key", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cloud-authentication-access-key"] = t + } + } + if v, ok := d.GetOk("server"); ok { t, err := expandEndpointControlFctemsOverrideServer(d, v, "server", sv) if err != nil { diff --git a/fortios/resource_extensioncontroller_extenderprofile.go b/fortios/resource_extensioncontroller_extenderprofile.go index 59de76ac0..02bb6736b 100644 --- a/fortios/resource_extensioncontroller_extenderprofile.go +++ b/fortios/resource_extensioncontroller_extenderprofile.go @@ -525,6 +525,229 @@ func resourceExtensionControllerExtenderProfile() *schema.Resource { }, }, }, + "wifi": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "country": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "radio_1": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "band": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "operating_standard": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "guard_interval": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "channel": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bandwidth": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "power_level": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 100), + Optional: true, + Computed: true, + }, + "beacon_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(100, 3500), + Optional: true, + Computed: true, + }, + "n80211d": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "max_clients": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 512), + Optional: true, + Computed: true, + }, + "extension_channel": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bss_color_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bss_color": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 63), + Optional: true, + Computed: true, + }, + "lan_ext_vap": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 31), + Optional: true, + Computed: true, + }, + "local_vaps": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + "radio_2": &schema.Schema{ + Type: schema.TypeList, + Computed: true, + Optional: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "band": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "status": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "operating_standard": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "guard_interval": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "channel": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bandwidth": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "power_level": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 100), + Optional: true, + Computed: true, + }, + "beacon_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(100, 3500), + Optional: true, + Computed: true, + }, + "n80211d": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "max_clients": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 512), + Optional: true, + Computed: true, + }, + "extension_channel": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bss_color_mode": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bss_color": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 63), + Optional: true, + Computed: true, + }, + "lan_ext_vap": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 31), + Optional: true, + Computed: true, + }, + "local_vaps": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, "get_all_tables": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1527,86 +1750,508 @@ func flattenExtensionControllerExtenderProfileLanExtensionBackhaulWeight(v inter return v } -func refreshObjectExtensionControllerExtenderProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { - var err error - var b_get_all_tables bool - if get_all_tables, ok := d.GetOk("get_all_tables"); ok { - b_get_all_tables = get_all_tables.(string) == "true" - } else { - b_get_all_tables = isImportTable() +func flattenExtensionControllerExtenderProfileWifi(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil } - if err = d.Set("name", flattenExtensionControllerExtenderProfileName(o["name"], d, "name", sv)); err != nil { - if !fortiAPIPatch(o["name"]) { - return fmt.Errorf("Error reading name: %v", err) - } + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "country" + if _, ok := i["country"]; ok { + result["country"] = flattenExtensionControllerExtenderProfileWifiCountry(i["country"], d, pre_append, sv) } - if err = d.Set("fosid", flattenExtensionControllerExtenderProfileId(o["id"], d, "fosid", sv)); err != nil { - if !fortiAPIPatch(o["id"]) { - return fmt.Errorf("Error reading fosid: %v", err) - } + pre_append = pre + ".0." + "radio_1" + if _, ok := i["radio-1"]; ok { + result["radio_1"] = flattenExtensionControllerExtenderProfileWifiRadio1(i["radio-1"], d, pre_append, sv) } - if err = d.Set("model", flattenExtensionControllerExtenderProfileModel(o["model"], d, "model", sv)); err != nil { - if !fortiAPIPatch(o["model"]) { - return fmt.Errorf("Error reading model: %v", err) - } + pre_append = pre + ".0." + "radio_2" + if _, ok := i["radio-2"]; ok { + result["radio_2"] = flattenExtensionControllerExtenderProfileWifiRadio2(i["radio-2"], d, pre_append, sv) } - if err = d.Set("extension", flattenExtensionControllerExtenderProfileExtension(o["extension"], d, "extension", sv)); err != nil { - if !fortiAPIPatch(o["extension"]) { - return fmt.Errorf("Error reading extension: %v", err) - } + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenExtensionControllerExtenderProfileWifiCountry(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil } - if err = d.Set("allowaccess", flattenExtensionControllerExtenderProfileAllowaccess(o["allowaccess"], d, "allowaccess", sv)); err != nil { - if !fortiAPIPatch(o["allowaccess"]) { - return fmt.Errorf("Error reading allowaccess: %v", err) - } + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "mode" + if _, ok := i["mode"]; ok { + result["mode"] = flattenExtensionControllerExtenderProfileWifiRadio1Mode(i["mode"], d, pre_append, sv) } - if err = d.Set("login_password_change", flattenExtensionControllerExtenderProfileLoginPasswordChange(o["login-password-change"], d, "login_password_change", sv)); err != nil { - if !fortiAPIPatch(o["login-password-change"]) { - return fmt.Errorf("Error reading login_password_change: %v", err) - } + pre_append = pre + ".0." + "band" + if _, ok := i["band"]; ok { + result["band"] = flattenExtensionControllerExtenderProfileWifiRadio1Band(i["band"], d, pre_append, sv) } - if err = d.Set("login_password", flattenExtensionControllerExtenderProfileLoginPassword(o["login-password"], d, "login_password", sv)); err != nil { - if !fortiAPIPatch(o["login-password"]) { - return fmt.Errorf("Error reading login_password: %v", err) - } + pre_append = pre + ".0." + "status" + if _, ok := i["status"]; ok { + result["status"] = flattenExtensionControllerExtenderProfileWifiRadio1Status(i["status"], d, pre_append, sv) } - if err = d.Set("enforce_bandwidth", flattenExtensionControllerExtenderProfileEnforceBandwidth(o["enforce-bandwidth"], d, "enforce_bandwidth", sv)); err != nil { - if !fortiAPIPatch(o["enforce-bandwidth"]) { - return fmt.Errorf("Error reading enforce_bandwidth: %v", err) - } + pre_append = pre + ".0." + "operating_standard" + if _, ok := i["operating-standard"]; ok { + result["operating_standard"] = flattenExtensionControllerExtenderProfileWifiRadio1OperatingStandard(i["operating-standard"], d, pre_append, sv) } - if err = d.Set("bandwidth_limit", flattenExtensionControllerExtenderProfileBandwidthLimit(o["bandwidth-limit"], d, "bandwidth_limit", sv)); err != nil { - if !fortiAPIPatch(o["bandwidth-limit"]) { - return fmt.Errorf("Error reading bandwidth_limit: %v", err) - } + pre_append = pre + ".0." + "guard_interval" + if _, ok := i["guard-interval"]; ok { + result["guard_interval"] = flattenExtensionControllerExtenderProfileWifiRadio1GuardInterval(i["guard-interval"], d, pre_append, sv) } - if b_get_all_tables { - if err = d.Set("cellular", flattenExtensionControllerExtenderProfileCellular(o["cellular"], d, "cellular", sv)); err != nil { - if !fortiAPIPatch(o["cellular"]) { - return fmt.Errorf("Error reading cellular: %v", err) - } - } - } else { - if _, ok := d.GetOk("cellular"); ok { - if err = d.Set("cellular", flattenExtensionControllerExtenderProfileCellular(o["cellular"], d, "cellular", sv)); err != nil { - if !fortiAPIPatch(o["cellular"]) { - return fmt.Errorf("Error reading cellular: %v", err) - } - } - } + pre_append = pre + ".0." + "channel" + if _, ok := i["channel"]; ok { + result["channel"] = flattenExtensionControllerExtenderProfileWifiRadio1Channel(i["channel"], d, pre_append, sv) } - if b_get_all_tables { + pre_append = pre + ".0." + "bandwidth" + if _, ok := i["bandwidth"]; ok { + result["bandwidth"] = flattenExtensionControllerExtenderProfileWifiRadio1Bandwidth(i["bandwidth"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "power_level" + if _, ok := i["power-level"]; ok { + result["power_level"] = flattenExtensionControllerExtenderProfileWifiRadio1PowerLevel(i["power-level"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "beacon_interval" + if _, ok := i["beacon-interval"]; ok { + result["beacon_interval"] = flattenExtensionControllerExtenderProfileWifiRadio1BeaconInterval(i["beacon-interval"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "n80211d" + if _, ok := i["80211d"]; ok { + result["n80211d"] = flattenExtensionControllerExtenderProfileWifiRadio180211D(i["80211d"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_clients" + if _, ok := i["max-clients"]; ok { + result["max_clients"] = flattenExtensionControllerExtenderProfileWifiRadio1MaxClients(i["max-clients"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "extension_channel" + if _, ok := i["extension-channel"]; ok { + result["extension_channel"] = flattenExtensionControllerExtenderProfileWifiRadio1ExtensionChannel(i["extension-channel"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "bss_color_mode" + if _, ok := i["bss-color-mode"]; ok { + result["bss_color_mode"] = flattenExtensionControllerExtenderProfileWifiRadio1BssColorMode(i["bss-color-mode"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "bss_color" + if _, ok := i["bss-color"]; ok { + result["bss_color"] = flattenExtensionControllerExtenderProfileWifiRadio1BssColor(i["bss-color"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "lan_ext_vap" + if _, ok := i["lan-ext-vap"]; ok { + result["lan_ext_vap"] = flattenExtensionControllerExtenderProfileWifiRadio1LanExtVap(i["lan-ext-vap"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "local_vaps" + if _, ok := i["local-vaps"]; ok { + result["local_vaps"] = flattenExtensionControllerExtenderProfileWifiRadio1LocalVaps(i["local-vaps"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenExtensionControllerExtenderProfileWifiRadio1Mode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1Band(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1Status(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1OperatingStandard(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1GuardInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1Channel(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1Bandwidth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1PowerLevel(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1BeaconInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio180211D(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1MaxClients(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1ExtensionChannel(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1BssColorMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1BssColor(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1LanExtVap(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio1LocalVaps(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenExtensionControllerExtenderProfileWifiRadio1LocalVapsName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenExtensionControllerExtenderProfileWifiRadio1LocalVapsName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + i := v.(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "mode" + if _, ok := i["mode"]; ok { + result["mode"] = flattenExtensionControllerExtenderProfileWifiRadio2Mode(i["mode"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "band" + if _, ok := i["band"]; ok { + result["band"] = flattenExtensionControllerExtenderProfileWifiRadio2Band(i["band"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "status" + if _, ok := i["status"]; ok { + result["status"] = flattenExtensionControllerExtenderProfileWifiRadio2Status(i["status"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "operating_standard" + if _, ok := i["operating-standard"]; ok { + result["operating_standard"] = flattenExtensionControllerExtenderProfileWifiRadio2OperatingStandard(i["operating-standard"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "guard_interval" + if _, ok := i["guard-interval"]; ok { + result["guard_interval"] = flattenExtensionControllerExtenderProfileWifiRadio2GuardInterval(i["guard-interval"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "channel" + if _, ok := i["channel"]; ok { + result["channel"] = flattenExtensionControllerExtenderProfileWifiRadio2Channel(i["channel"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "bandwidth" + if _, ok := i["bandwidth"]; ok { + result["bandwidth"] = flattenExtensionControllerExtenderProfileWifiRadio2Bandwidth(i["bandwidth"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "power_level" + if _, ok := i["power-level"]; ok { + result["power_level"] = flattenExtensionControllerExtenderProfileWifiRadio2PowerLevel(i["power-level"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "beacon_interval" + if _, ok := i["beacon-interval"]; ok { + result["beacon_interval"] = flattenExtensionControllerExtenderProfileWifiRadio2BeaconInterval(i["beacon-interval"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "n80211d" + if _, ok := i["80211d"]; ok { + result["n80211d"] = flattenExtensionControllerExtenderProfileWifiRadio280211D(i["80211d"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "max_clients" + if _, ok := i["max-clients"]; ok { + result["max_clients"] = flattenExtensionControllerExtenderProfileWifiRadio2MaxClients(i["max-clients"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "extension_channel" + if _, ok := i["extension-channel"]; ok { + result["extension_channel"] = flattenExtensionControllerExtenderProfileWifiRadio2ExtensionChannel(i["extension-channel"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "bss_color_mode" + if _, ok := i["bss-color-mode"]; ok { + result["bss_color_mode"] = flattenExtensionControllerExtenderProfileWifiRadio2BssColorMode(i["bss-color-mode"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "bss_color" + if _, ok := i["bss-color"]; ok { + result["bss_color"] = flattenExtensionControllerExtenderProfileWifiRadio2BssColor(i["bss-color"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "lan_ext_vap" + if _, ok := i["lan-ext-vap"]; ok { + result["lan_ext_vap"] = flattenExtensionControllerExtenderProfileWifiRadio2LanExtVap(i["lan-ext-vap"], d, pre_append, sv) + } + + pre_append = pre + ".0." + "local_vaps" + if _, ok := i["local-vaps"]; ok { + result["local_vaps"] = flattenExtensionControllerExtenderProfileWifiRadio2LocalVaps(i["local-vaps"], d, pre_append, sv) + } + + lastresult := []map[string]interface{}{result} + return lastresult +} + +func flattenExtensionControllerExtenderProfileWifiRadio2Mode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2Band(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2Status(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2OperatingStandard(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2GuardInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2Channel(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2Bandwidth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2PowerLevel(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2BeaconInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio280211D(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2MaxClients(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2ExtensionChannel(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2BssColorMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2BssColor(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2LanExtVap(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderProfileWifiRadio2LocalVaps(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenExtensionControllerExtenderProfileWifiRadio2LocalVapsName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenExtensionControllerExtenderProfileWifiRadio2LocalVapsName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectExtensionControllerExtenderProfile(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenExtensionControllerExtenderProfileName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("fosid", flattenExtensionControllerExtenderProfileId(o["id"], d, "fosid", sv)); err != nil { + if !fortiAPIPatch(o["id"]) { + return fmt.Errorf("Error reading fosid: %v", err) + } + } + + if err = d.Set("model", flattenExtensionControllerExtenderProfileModel(o["model"], d, "model", sv)); err != nil { + if !fortiAPIPatch(o["model"]) { + return fmt.Errorf("Error reading model: %v", err) + } + } + + if err = d.Set("extension", flattenExtensionControllerExtenderProfileExtension(o["extension"], d, "extension", sv)); err != nil { + if !fortiAPIPatch(o["extension"]) { + return fmt.Errorf("Error reading extension: %v", err) + } + } + + if err = d.Set("allowaccess", flattenExtensionControllerExtenderProfileAllowaccess(o["allowaccess"], d, "allowaccess", sv)); err != nil { + if !fortiAPIPatch(o["allowaccess"]) { + return fmt.Errorf("Error reading allowaccess: %v", err) + } + } + + if err = d.Set("login_password_change", flattenExtensionControllerExtenderProfileLoginPasswordChange(o["login-password-change"], d, "login_password_change", sv)); err != nil { + if !fortiAPIPatch(o["login-password-change"]) { + return fmt.Errorf("Error reading login_password_change: %v", err) + } + } + + if err = d.Set("login_password", flattenExtensionControllerExtenderProfileLoginPassword(o["login-password"], d, "login_password", sv)); err != nil { + if !fortiAPIPatch(o["login-password"]) { + return fmt.Errorf("Error reading login_password: %v", err) + } + } + + if err = d.Set("enforce_bandwidth", flattenExtensionControllerExtenderProfileEnforceBandwidth(o["enforce-bandwidth"], d, "enforce_bandwidth", sv)); err != nil { + if !fortiAPIPatch(o["enforce-bandwidth"]) { + return fmt.Errorf("Error reading enforce_bandwidth: %v", err) + } + } + + if err = d.Set("bandwidth_limit", flattenExtensionControllerExtenderProfileBandwidthLimit(o["bandwidth-limit"], d, "bandwidth_limit", sv)); err != nil { + if !fortiAPIPatch(o["bandwidth-limit"]) { + return fmt.Errorf("Error reading bandwidth_limit: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("cellular", flattenExtensionControllerExtenderProfileCellular(o["cellular"], d, "cellular", sv)); err != nil { + if !fortiAPIPatch(o["cellular"]) { + return fmt.Errorf("Error reading cellular: %v", err) + } + } + } else { + if _, ok := d.GetOk("cellular"); ok { + if err = d.Set("cellular", flattenExtensionControllerExtenderProfileCellular(o["cellular"], d, "cellular", sv)); err != nil { + if !fortiAPIPatch(o["cellular"]) { + return fmt.Errorf("Error reading cellular: %v", err) + } + } + } + } + + if b_get_all_tables { if err = d.Set("lan_extension", flattenExtensionControllerExtenderProfileLanExtension(o["lan-extension"], d, "lan_extension", sv)); err != nil { if !fortiAPIPatch(o["lan-extension"]) { return fmt.Errorf("Error reading lan_extension: %v", err) @@ -1622,6 +2267,22 @@ func refreshObjectExtensionControllerExtenderProfile(d *schema.ResourceData, o m } } + if b_get_all_tables { + if err = d.Set("wifi", flattenExtensionControllerExtenderProfileWifi(o["wifi"], d, "wifi", sv)); err != nil { + if !fortiAPIPatch(o["wifi"]) { + return fmt.Errorf("Error reading wifi: %v", err) + } + } + } else { + if _, ok := d.GetOk("wifi"); ok { + if err = d.Set("wifi", flattenExtensionControllerExtenderProfileWifi(o["wifi"], d, "wifi", sv)); err != nil { + if !fortiAPIPatch(o["wifi"]) { + return fmt.Errorf("Error reading wifi: %v", err) + } + } + } + } + return nil } @@ -1839,107 +2500,285 @@ func expandExtensionControllerExtenderProfileCellularSmsNotificationAlert(d *sch } pre_append = pre + ".0." + "os_image_fallback" if _, ok := d.GetOk(pre_append); ok { - result["os-image-fallback"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationAlertOsImageFallback(d, i["os_image_fallback"], pre_append, sv) + result["os-image-fallback"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationAlertOsImageFallback(d, i["os_image_fallback"], pre_append, sv) + } + pre_append = pre + ".0." + "mode_switch" + if _, ok := d.GetOk(pre_append); ok { + result["mode-switch"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationAlertModeSwitch(d, i["mode_switch"], pre_append, sv) + } + pre_append = pre + ".0." + "fgt_backup_mode_switch" + if _, ok := d.GetOk(pre_append); ok { + result["fgt-backup-mode-switch"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationAlertFgtBackupModeSwitch(d, i["fgt_backup_mode_switch"], pre_append, sv) + } + + return result, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertSystemReboot(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertDataExhausted(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertSessionDisconnect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertLowSignalStrength(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertOsImageFallback(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertModeSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertFgtBackupModeSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiver(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "status" + if _, ok := d.GetOk(pre_append); ok { + tmp["status"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverStatus(d, i["status"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "phone_number" + if _, ok := d.GetOk(pre_append); ok { + tmp["phone-number"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverPhoneNumber(d, i["phone_number"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "alert" + if _, ok := d.GetOk(pre_append); ok { + tmp["alert"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverAlert(d, i["alert"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverPhoneNumber(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverAlert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "redundant_mode" + if _, ok := d.GetOk(pre_append); ok { + result["redundant-mode"], _ = expandExtensionControllerExtenderProfileCellularModem1RedundantMode(d, i["redundant_mode"], pre_append, sv) + } + pre_append = pre + ".0." + "redundant_intf" + if _, ok := d.GetOk(pre_append); ok { + result["redundant-intf"], _ = expandExtensionControllerExtenderProfileCellularModem1RedundantIntf(d, i["redundant_intf"], pre_append, sv) + } + pre_append = pre + ".0." + "conn_status" + if _, ok := d.GetOk(pre_append); ok { + result["conn-status"], _ = expandExtensionControllerExtenderProfileCellularModem1ConnStatus(d, i["conn_status"], pre_append, sv) + } + pre_append = pre + ".0." + "default_sim" + if _, ok := d.GetOk(pre_append); ok { + result["default-sim"], _ = expandExtensionControllerExtenderProfileCellularModem1DefaultSim(d, i["default_sim"], pre_append, sv) + } + pre_append = pre + ".0." + "gps" + if _, ok := d.GetOk(pre_append); ok { + result["gps"], _ = expandExtensionControllerExtenderProfileCellularModem1Gps(d, i["gps"], pre_append, sv) + } + pre_append = pre + ".0." + "sim1_pin" + if _, ok := d.GetOk(pre_append); ok { + result["sim1-pin"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim1Pin(d, i["sim1_pin"], pre_append, sv) + } + pre_append = pre + ".0." + "sim2_pin" + if _, ok := d.GetOk(pre_append); ok { + result["sim2-pin"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim2Pin(d, i["sim2_pin"], pre_append, sv) + } + pre_append = pre + ".0." + "sim1_pin_code" + if _, ok := d.GetOk(pre_append); ok { + result["sim1-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim1PinCode(d, i["sim1_pin_code"], pre_append, sv) + } + pre_append = pre + ".0." + "sim2_pin_code" + if _, ok := d.GetOk(pre_append); ok { + result["sim2-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim2PinCode(d, i["sim2_pin_code"], pre_append, sv) + } + pre_append = pre + ".0." + "preferred_carrier" + if _, ok := d.GetOk(pre_append); ok { + result["preferred-carrier"], _ = expandExtensionControllerExtenderProfileCellularModem1PreferredCarrier(d, i["preferred_carrier"], pre_append, sv) + } + pre_append = pre + ".0." + "auto_switch" + if _, ok := d.GetOk(pre_append); ok { + result["auto-switch"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitch(d, i["auto_switch"], pre_append, sv) + } else { + result["auto-switch"] = make([]string, 0) + } + + return result, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1RedundantMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1RedundantIntf(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1ConnStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1DefaultSim(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1Gps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1Sim1Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1Sim2Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1Sim1PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1Sim2PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1PreferredCarrier(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "disconnect" + if _, ok := d.GetOk(pre_append); ok { + result["disconnect"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnect(d, i["disconnect"], pre_append, sv) + } + pre_append = pre + ".0." + "disconnect_threshold" + if _, ok := d.GetOk(pre_append); ok { + result["disconnect-threshold"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectThreshold(d, i["disconnect_threshold"], pre_append, sv) + } + pre_append = pre + ".0." + "disconnect_period" + if _, ok := d.GetOk(pre_append); ok { + result["disconnect-period"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectPeriod(d, i["disconnect_period"], pre_append, sv) + } + pre_append = pre + ".0." + "signal" + if _, ok := d.GetOk(pre_append); ok { + result["signal"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSignal(d, i["signal"], pre_append, sv) + } + pre_append = pre + ".0." + "dataplan" + if _, ok := d.GetOk(pre_append); ok { + result["dataplan"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDataplan(d, i["dataplan"], pre_append, sv) + } + pre_append = pre + ".0." + "switch_back" + if _, ok := d.GetOk(pre_append); ok { + result["switch-back"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBack(d, i["switch_back"], pre_append, sv) } - pre_append = pre + ".0." + "mode_switch" + pre_append = pre + ".0." + "switch_back_time" if _, ok := d.GetOk(pre_append); ok { - result["mode-switch"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationAlertModeSwitch(d, i["mode_switch"], pre_append, sv) + result["switch-back-time"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTime(d, i["switch_back_time"], pre_append, sv) } - pre_append = pre + ".0." + "fgt_backup_mode_switch" + pre_append = pre + ".0." + "switch_back_timer" if _, ok := d.GetOk(pre_append); ok { - result["fgt-backup-mode-switch"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationAlertFgtBackupModeSwitch(d, i["fgt_backup_mode_switch"], pre_append, sv) + result["switch-back-timer"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTimer(d, i["switch_back_timer"], pre_append, sv) } return result, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertSystemReboot(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} - -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertDataExhausted(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} - -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertSessionDisconnect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} - -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertLowSignalStrength(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertOsImageFallback(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertModeSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationAlertFgtBackupModeSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSignal(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiver(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - l := v.([]interface{}) - result := make([]map[string]interface{}, 0, len(l)) - - if len(l) == 0 || l[0] == nil { - return result, nil - } - - con := 0 - for _, r := range l { - tmp := make(map[string]interface{}) - i := r.(map[string]interface{}) - pre_append := "" // table - - pre_append = pre + "." + strconv.Itoa(con) + "." + "name" - if _, ok := d.GetOk(pre_append); ok { - tmp["name"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverName(d, i["name"], pre_append, sv) - } - - pre_append = pre + "." + strconv.Itoa(con) + "." + "status" - if _, ok := d.GetOk(pre_append); ok { - tmp["status"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverStatus(d, i["status"], pre_append, sv) - } - - pre_append = pre + "." + strconv.Itoa(con) + "." + "phone_number" - if _, ok := d.GetOk(pre_append); ok { - tmp["phone-number"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverPhoneNumber(d, i["phone_number"], pre_append, sv) - } - - pre_append = pre + "." + strconv.Itoa(con) + "." + "alert" - if _, ok := d.GetOk(pre_append); ok { - tmp["alert"], _ = expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverAlert(d, i["alert"], pre_append, sv) - } - - result = append(result, tmp) - - con += 1 - } - - return result, nil -} - -func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDataplan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBack(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverPhoneNumber(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTime(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularSmsNotificationReceiverAlert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTimer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { return nil, nil @@ -1951,47 +2790,47 @@ func expandExtensionControllerExtenderProfileCellularModem1(d *schema.ResourceDa pre_append := "" // complex pre_append = pre + ".0." + "redundant_mode" if _, ok := d.GetOk(pre_append); ok { - result["redundant-mode"], _ = expandExtensionControllerExtenderProfileCellularModem1RedundantMode(d, i["redundant_mode"], pre_append, sv) + result["redundant-mode"], _ = expandExtensionControllerExtenderProfileCellularModem2RedundantMode(d, i["redundant_mode"], pre_append, sv) } pre_append = pre + ".0." + "redundant_intf" if _, ok := d.GetOk(pre_append); ok { - result["redundant-intf"], _ = expandExtensionControllerExtenderProfileCellularModem1RedundantIntf(d, i["redundant_intf"], pre_append, sv) + result["redundant-intf"], _ = expandExtensionControllerExtenderProfileCellularModem2RedundantIntf(d, i["redundant_intf"], pre_append, sv) } pre_append = pre + ".0." + "conn_status" if _, ok := d.GetOk(pre_append); ok { - result["conn-status"], _ = expandExtensionControllerExtenderProfileCellularModem1ConnStatus(d, i["conn_status"], pre_append, sv) + result["conn-status"], _ = expandExtensionControllerExtenderProfileCellularModem2ConnStatus(d, i["conn_status"], pre_append, sv) } pre_append = pre + ".0." + "default_sim" if _, ok := d.GetOk(pre_append); ok { - result["default-sim"], _ = expandExtensionControllerExtenderProfileCellularModem1DefaultSim(d, i["default_sim"], pre_append, sv) + result["default-sim"], _ = expandExtensionControllerExtenderProfileCellularModem2DefaultSim(d, i["default_sim"], pre_append, sv) } pre_append = pre + ".0." + "gps" if _, ok := d.GetOk(pre_append); ok { - result["gps"], _ = expandExtensionControllerExtenderProfileCellularModem1Gps(d, i["gps"], pre_append, sv) + result["gps"], _ = expandExtensionControllerExtenderProfileCellularModem2Gps(d, i["gps"], pre_append, sv) } pre_append = pre + ".0." + "sim1_pin" if _, ok := d.GetOk(pre_append); ok { - result["sim1-pin"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim1Pin(d, i["sim1_pin"], pre_append, sv) + result["sim1-pin"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim1Pin(d, i["sim1_pin"], pre_append, sv) } pre_append = pre + ".0." + "sim2_pin" if _, ok := d.GetOk(pre_append); ok { - result["sim2-pin"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim2Pin(d, i["sim2_pin"], pre_append, sv) + result["sim2-pin"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim2Pin(d, i["sim2_pin"], pre_append, sv) } pre_append = pre + ".0." + "sim1_pin_code" if _, ok := d.GetOk(pre_append); ok { - result["sim1-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim1PinCode(d, i["sim1_pin_code"], pre_append, sv) + result["sim1-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim1PinCode(d, i["sim1_pin_code"], pre_append, sv) } pre_append = pre + ".0." + "sim2_pin_code" if _, ok := d.GetOk(pre_append); ok { - result["sim2-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem1Sim2PinCode(d, i["sim2_pin_code"], pre_append, sv) + result["sim2-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim2PinCode(d, i["sim2_pin_code"], pre_append, sv) } pre_append = pre + ".0." + "preferred_carrier" if _, ok := d.GetOk(pre_append); ok { - result["preferred-carrier"], _ = expandExtensionControllerExtenderProfileCellularModem1PreferredCarrier(d, i["preferred_carrier"], pre_append, sv) + result["preferred-carrier"], _ = expandExtensionControllerExtenderProfileCellularModem2PreferredCarrier(d, i["preferred_carrier"], pre_append, sv) } pre_append = pre + ".0." + "auto_switch" if _, ok := d.GetOk(pre_append); ok { - result["auto-switch"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitch(d, i["auto_switch"], pre_append, sv) + result["auto-switch"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitch(d, i["auto_switch"], pre_append, sv) } else { result["auto-switch"] = make([]string, 0) } @@ -1999,47 +2838,47 @@ func expandExtensionControllerExtenderProfileCellularModem1(d *schema.ResourceDa return result, nil } -func expandExtensionControllerExtenderProfileCellularModem1RedundantMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2RedundantMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1RedundantIntf(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2RedundantIntf(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1ConnStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2ConnStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1DefaultSim(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2DefaultSim(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1Gps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2Gps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1Sim1Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2Sim1Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1Sim2Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2Sim2Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1Sim1PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2Sim1PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1Sim2PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2Sim2PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1PreferredCarrier(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2PreferredCarrier(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { return nil, nil @@ -2051,73 +2890,217 @@ func expandExtensionControllerExtenderProfileCellularModem1AutoSwitch(d *schema. pre_append := "" // complex pre_append = pre + ".0." + "disconnect" if _, ok := d.GetOk(pre_append); ok { - result["disconnect"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnect(d, i["disconnect"], pre_append, sv) + result["disconnect"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnect(d, i["disconnect"], pre_append, sv) } pre_append = pre + ".0." + "disconnect_threshold" if _, ok := d.GetOk(pre_append); ok { - result["disconnect-threshold"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectThreshold(d, i["disconnect_threshold"], pre_append, sv) + result["disconnect-threshold"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectThreshold(d, i["disconnect_threshold"], pre_append, sv) } pre_append = pre + ".0." + "disconnect_period" if _, ok := d.GetOk(pre_append); ok { - result["disconnect-period"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectPeriod(d, i["disconnect_period"], pre_append, sv) + result["disconnect-period"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectPeriod(d, i["disconnect_period"], pre_append, sv) } pre_append = pre + ".0." + "signal" if _, ok := d.GetOk(pre_append); ok { - result["signal"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSignal(d, i["signal"], pre_append, sv) + result["signal"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSignal(d, i["signal"], pre_append, sv) } pre_append = pre + ".0." + "dataplan" if _, ok := d.GetOk(pre_append); ok { - result["dataplan"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDataplan(d, i["dataplan"], pre_append, sv) + result["dataplan"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDataplan(d, i["dataplan"], pre_append, sv) } pre_append = pre + ".0." + "switch_back" if _, ok := d.GetOk(pre_append); ok { - result["switch-back"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBack(d, i["switch_back"], pre_append, sv) + result["switch-back"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBack(d, i["switch_back"], pre_append, sv) } pre_append = pre + ".0." + "switch_back_time" if _, ok := d.GetOk(pre_append); ok { - result["switch-back-time"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTime(d, i["switch_back_time"], pre_append, sv) + result["switch-back-time"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTime(d, i["switch_back_time"], pre_append, sv) } pre_append = pre + ".0." + "switch_back_timer" if _, ok := d.GetOk(pre_append); ok { - result["switch-back-timer"], _ = expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTimer(d, i["switch_back_timer"], pre_append, sv) + result["switch-back-timer"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTimer(d, i["switch_back_timer"], pre_append, sv) + } + + return result, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSignal(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDataplan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBack(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTime(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTimer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileLanExtension(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) + + pre_append := "" // complex + pre_append = pre + ".0." + "link_loadbalance" + if _, ok := d.GetOk(pre_append); ok { + result["link-loadbalance"], _ = expandExtensionControllerExtenderProfileLanExtensionLinkLoadbalance(d, i["link_loadbalance"], pre_append, sv) + } + pre_append = pre + ".0." + "ipsec_tunnel" + if _, ok := d.GetOk(pre_append); ok { + result["ipsec-tunnel"], _ = expandExtensionControllerExtenderProfileLanExtensionIpsecTunnel(d, i["ipsec_tunnel"], pre_append, sv) + } + pre_append = pre + ".0." + "backhaul_interface" + if _, ok := d.GetOk(pre_append); ok { + result["backhaul-interface"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulInterface(d, i["backhaul_interface"], pre_append, sv) + } + pre_append = pre + ".0." + "backhaul_ip" + if _, ok := d.GetOk(pre_append); ok { + result["backhaul-ip"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulIp(d, i["backhaul_ip"], pre_append, sv) + } + pre_append = pre + ".0." + "backhaul" + if _, ok := d.GetOk(pre_append); ok { + result["backhaul"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaul(d, i["backhaul"], pre_append, sv) + } else { + result["backhaul"] = make([]string, 0) + } + + return result, nil +} + +func expandExtensionControllerExtenderProfileLanExtensionLinkLoadbalance(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileLanExtensionIpsecTunnel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileLanExtensionBackhaulInterface(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileLanExtensionBackhaulIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileLanExtensionBackhaul(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "port" + if _, ok := d.GetOk(pre_append); ok { + tmp["port"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulPort(d, i["port"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "role" + if _, ok := d.GetOk(pre_append); ok { + tmp["role"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulRole(d, i["role"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "weight" + if _, ok := d.GetOk(pre_append); ok { + tmp["weight"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulWeight(d, i["weight"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 } return result, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileLanExtensionBackhaulName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileLanExtensionBackhaulPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDisconnectPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileLanExtensionBackhaulRole(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSignal(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileLanExtensionBackhaulWeight(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchDataplan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} +func expandExtensionControllerExtenderProfileWifi(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBack(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} + i := l[0].(map[string]interface{}) + result := make(map[string]interface{}) -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTime(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil + pre_append := "" // complex + pre_append = pre + ".0." + "country" + if _, ok := d.GetOk(pre_append); ok { + result["country"], _ = expandExtensionControllerExtenderProfileWifiCountry(d, i["country"], pre_append, sv) + } + pre_append = pre + ".0." + "radio_1" + if _, ok := d.GetOk(pre_append); ok { + result["radio-1"], _ = expandExtensionControllerExtenderProfileWifiRadio1(d, i["radio_1"], pre_append, sv) + } else { + result["radio-1"] = make([]string, 0) + } + pre_append = pre + ".0." + "radio_2" + if _, ok := d.GetOk(pre_append); ok { + result["radio-2"], _ = expandExtensionControllerExtenderProfileWifiRadio2(d, i["radio_2"], pre_append, sv) + } else { + result["radio-2"] = make([]string, 0) + } + + return result, nil } -func expandExtensionControllerExtenderProfileCellularModem1AutoSwitchSwitchBackTimer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiCountry(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { return nil, nil @@ -2127,97 +3110,165 @@ func expandExtensionControllerExtenderProfileCellularModem2(d *schema.ResourceDa result := make(map[string]interface{}) pre_append := "" // complex - pre_append = pre + ".0." + "redundant_mode" + pre_append = pre + ".0." + "mode" if _, ok := d.GetOk(pre_append); ok { - result["redundant-mode"], _ = expandExtensionControllerExtenderProfileCellularModem2RedundantMode(d, i["redundant_mode"], pre_append, sv) + result["mode"], _ = expandExtensionControllerExtenderProfileWifiRadio1Mode(d, i["mode"], pre_append, sv) } - pre_append = pre + ".0." + "redundant_intf" + pre_append = pre + ".0." + "band" if _, ok := d.GetOk(pre_append); ok { - result["redundant-intf"], _ = expandExtensionControllerExtenderProfileCellularModem2RedundantIntf(d, i["redundant_intf"], pre_append, sv) + result["band"], _ = expandExtensionControllerExtenderProfileWifiRadio1Band(d, i["band"], pre_append, sv) } - pre_append = pre + ".0." + "conn_status" + pre_append = pre + ".0." + "status" if _, ok := d.GetOk(pre_append); ok { - result["conn-status"], _ = expandExtensionControllerExtenderProfileCellularModem2ConnStatus(d, i["conn_status"], pre_append, sv) + result["status"], _ = expandExtensionControllerExtenderProfileWifiRadio1Status(d, i["status"], pre_append, sv) } - pre_append = pre + ".0." + "default_sim" + pre_append = pre + ".0." + "operating_standard" if _, ok := d.GetOk(pre_append); ok { - result["default-sim"], _ = expandExtensionControllerExtenderProfileCellularModem2DefaultSim(d, i["default_sim"], pre_append, sv) + result["operating-standard"], _ = expandExtensionControllerExtenderProfileWifiRadio1OperatingStandard(d, i["operating_standard"], pre_append, sv) } - pre_append = pre + ".0." + "gps" + pre_append = pre + ".0." + "guard_interval" if _, ok := d.GetOk(pre_append); ok { - result["gps"], _ = expandExtensionControllerExtenderProfileCellularModem2Gps(d, i["gps"], pre_append, sv) + result["guard-interval"], _ = expandExtensionControllerExtenderProfileWifiRadio1GuardInterval(d, i["guard_interval"], pre_append, sv) } - pre_append = pre + ".0." + "sim1_pin" + pre_append = pre + ".0." + "channel" if _, ok := d.GetOk(pre_append); ok { - result["sim1-pin"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim1Pin(d, i["sim1_pin"], pre_append, sv) + result["channel"], _ = expandExtensionControllerExtenderProfileWifiRadio1Channel(d, i["channel"], pre_append, sv) } - pre_append = pre + ".0." + "sim2_pin" + pre_append = pre + ".0." + "bandwidth" if _, ok := d.GetOk(pre_append); ok { - result["sim2-pin"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim2Pin(d, i["sim2_pin"], pre_append, sv) + result["bandwidth"], _ = expandExtensionControllerExtenderProfileWifiRadio1Bandwidth(d, i["bandwidth"], pre_append, sv) } - pre_append = pre + ".0." + "sim1_pin_code" + pre_append = pre + ".0." + "power_level" if _, ok := d.GetOk(pre_append); ok { - result["sim1-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim1PinCode(d, i["sim1_pin_code"], pre_append, sv) + result["power-level"], _ = expandExtensionControllerExtenderProfileWifiRadio1PowerLevel(d, i["power_level"], pre_append, sv) } - pre_append = pre + ".0." + "sim2_pin_code" + pre_append = pre + ".0." + "beacon_interval" if _, ok := d.GetOk(pre_append); ok { - result["sim2-pin-code"], _ = expandExtensionControllerExtenderProfileCellularModem2Sim2PinCode(d, i["sim2_pin_code"], pre_append, sv) + result["beacon-interval"], _ = expandExtensionControllerExtenderProfileWifiRadio1BeaconInterval(d, i["beacon_interval"], pre_append, sv) } - pre_append = pre + ".0." + "preferred_carrier" + pre_append = pre + ".0." + "n80211d" if _, ok := d.GetOk(pre_append); ok { - result["preferred-carrier"], _ = expandExtensionControllerExtenderProfileCellularModem2PreferredCarrier(d, i["preferred_carrier"], pre_append, sv) + result["80211d"], _ = expandExtensionControllerExtenderProfileWifiRadio180211D(d, i["n80211d"], pre_append, sv) } - pre_append = pre + ".0." + "auto_switch" + pre_append = pre + ".0." + "max_clients" if _, ok := d.GetOk(pre_append); ok { - result["auto-switch"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitch(d, i["auto_switch"], pre_append, sv) + result["max-clients"], _ = expandExtensionControllerExtenderProfileWifiRadio1MaxClients(d, i["max_clients"], pre_append, sv) + } + pre_append = pre + ".0." + "extension_channel" + if _, ok := d.GetOk(pre_append); ok { + result["extension-channel"], _ = expandExtensionControllerExtenderProfileWifiRadio1ExtensionChannel(d, i["extension_channel"], pre_append, sv) + } + pre_append = pre + ".0." + "bss_color_mode" + if _, ok := d.GetOk(pre_append); ok { + result["bss-color-mode"], _ = expandExtensionControllerExtenderProfileWifiRadio1BssColorMode(d, i["bss_color_mode"], pre_append, sv) + } + pre_append = pre + ".0." + "bss_color" + if _, ok := d.GetOk(pre_append); ok { + result["bss-color"], _ = expandExtensionControllerExtenderProfileWifiRadio1BssColor(d, i["bss_color"], pre_append, sv) + } + pre_append = pre + ".0." + "lan_ext_vap" + if _, ok := d.GetOk(pre_append); ok { + result["lan-ext-vap"], _ = expandExtensionControllerExtenderProfileWifiRadio1LanExtVap(d, i["lan_ext_vap"], pre_append, sv) + } + pre_append = pre + ".0." + "local_vaps" + if _, ok := d.GetOk(pre_append); ok { + result["local-vaps"], _ = expandExtensionControllerExtenderProfileWifiRadio1LocalVaps(d, i["local_vaps"], pre_append, sv) } else { - result["auto-switch"] = make([]string, 0) + result["local-vaps"] = make([]string, 0) } return result, nil } -func expandExtensionControllerExtenderProfileCellularModem2RedundantMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1Mode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2RedundantIntf(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1Band(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2ConnStatus(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1Status(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2DefaultSim(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1OperatingStandard(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2Gps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1GuardInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2Sim1Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1Channel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2Sim2Pin(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1Bandwidth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2Sim1PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1PowerLevel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2Sim2PinCode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1BeaconInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2PreferredCarrier(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio180211D(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio1MaxClients(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio1ExtensionChannel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio1BssColorMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio1BssColor(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio1LanExtVap(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio1LocalVaps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandExtensionControllerExtenderProfileWifiRadio1LocalVapsName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio1LocalVapsName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderProfileWifiRadio2(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { return nil, nil @@ -2227,128 +3278,138 @@ func expandExtensionControllerExtenderProfileCellularModem2AutoSwitch(d *schema. result := make(map[string]interface{}) pre_append := "" // complex - pre_append = pre + ".0." + "disconnect" + pre_append = pre + ".0." + "mode" if _, ok := d.GetOk(pre_append); ok { - result["disconnect"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnect(d, i["disconnect"], pre_append, sv) + result["mode"], _ = expandExtensionControllerExtenderProfileWifiRadio2Mode(d, i["mode"], pre_append, sv) } - pre_append = pre + ".0." + "disconnect_threshold" + pre_append = pre + ".0." + "band" if _, ok := d.GetOk(pre_append); ok { - result["disconnect-threshold"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectThreshold(d, i["disconnect_threshold"], pre_append, sv) + result["band"], _ = expandExtensionControllerExtenderProfileWifiRadio2Band(d, i["band"], pre_append, sv) } - pre_append = pre + ".0." + "disconnect_period" + pre_append = pre + ".0." + "status" if _, ok := d.GetOk(pre_append); ok { - result["disconnect-period"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectPeriod(d, i["disconnect_period"], pre_append, sv) + result["status"], _ = expandExtensionControllerExtenderProfileWifiRadio2Status(d, i["status"], pre_append, sv) } - pre_append = pre + ".0." + "signal" + pre_append = pre + ".0." + "operating_standard" if _, ok := d.GetOk(pre_append); ok { - result["signal"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSignal(d, i["signal"], pre_append, sv) + result["operating-standard"], _ = expandExtensionControllerExtenderProfileWifiRadio2OperatingStandard(d, i["operating_standard"], pre_append, sv) } - pre_append = pre + ".0." + "dataplan" + pre_append = pre + ".0." + "guard_interval" if _, ok := d.GetOk(pre_append); ok { - result["dataplan"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDataplan(d, i["dataplan"], pre_append, sv) + result["guard-interval"], _ = expandExtensionControllerExtenderProfileWifiRadio2GuardInterval(d, i["guard_interval"], pre_append, sv) } - pre_append = pre + ".0." + "switch_back" + pre_append = pre + ".0." + "channel" if _, ok := d.GetOk(pre_append); ok { - result["switch-back"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBack(d, i["switch_back"], pre_append, sv) + result["channel"], _ = expandExtensionControllerExtenderProfileWifiRadio2Channel(d, i["channel"], pre_append, sv) } - pre_append = pre + ".0." + "switch_back_time" + pre_append = pre + ".0." + "bandwidth" if _, ok := d.GetOk(pre_append); ok { - result["switch-back-time"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTime(d, i["switch_back_time"], pre_append, sv) + result["bandwidth"], _ = expandExtensionControllerExtenderProfileWifiRadio2Bandwidth(d, i["bandwidth"], pre_append, sv) } - pre_append = pre + ".0." + "switch_back_timer" + pre_append = pre + ".0." + "power_level" if _, ok := d.GetOk(pre_append); ok { - result["switch-back-timer"], _ = expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTimer(d, i["switch_back_timer"], pre_append, sv) + result["power-level"], _ = expandExtensionControllerExtenderProfileWifiRadio2PowerLevel(d, i["power_level"], pre_append, sv) + } + pre_append = pre + ".0." + "beacon_interval" + if _, ok := d.GetOk(pre_append); ok { + result["beacon-interval"], _ = expandExtensionControllerExtenderProfileWifiRadio2BeaconInterval(d, i["beacon_interval"], pre_append, sv) + } + pre_append = pre + ".0." + "n80211d" + if _, ok := d.GetOk(pre_append); ok { + result["80211d"], _ = expandExtensionControllerExtenderProfileWifiRadio280211D(d, i["n80211d"], pre_append, sv) + } + pre_append = pre + ".0." + "max_clients" + if _, ok := d.GetOk(pre_append); ok { + result["max-clients"], _ = expandExtensionControllerExtenderProfileWifiRadio2MaxClients(d, i["max_clients"], pre_append, sv) + } + pre_append = pre + ".0." + "extension_channel" + if _, ok := d.GetOk(pre_append); ok { + result["extension-channel"], _ = expandExtensionControllerExtenderProfileWifiRadio2ExtensionChannel(d, i["extension_channel"], pre_append, sv) + } + pre_append = pre + ".0." + "bss_color_mode" + if _, ok := d.GetOk(pre_append); ok { + result["bss-color-mode"], _ = expandExtensionControllerExtenderProfileWifiRadio2BssColorMode(d, i["bss_color_mode"], pre_append, sv) + } + pre_append = pre + ".0." + "bss_color" + if _, ok := d.GetOk(pre_append); ok { + result["bss-color"], _ = expandExtensionControllerExtenderProfileWifiRadio2BssColor(d, i["bss_color"], pre_append, sv) + } + pre_append = pre + ".0." + "lan_ext_vap" + if _, ok := d.GetOk(pre_append); ok { + result["lan-ext-vap"], _ = expandExtensionControllerExtenderProfileWifiRadio2LanExtVap(d, i["lan_ext_vap"], pre_append, sv) + } + pre_append = pre + ".0." + "local_vaps" + if _, ok := d.GetOk(pre_append); ok { + result["local-vaps"], _ = expandExtensionControllerExtenderProfileWifiRadio2LocalVaps(d, i["local_vaps"], pre_append, sv) + } else { + result["local-vaps"] = make([]string, 0) } return result, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2Mode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2Band(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDisconnectPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2Status(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSignal(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2OperatingStandard(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchDataplan(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2GuardInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBack(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2Channel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTime(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2Bandwidth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileCellularModem2AutoSwitchSwitchBackTimer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2PowerLevel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileLanExtension(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - l := v.([]interface{}) - if len(l) == 0 || l[0] == nil { - return nil, nil - } - - i := l[0].(map[string]interface{}) - result := make(map[string]interface{}) +func expandExtensionControllerExtenderProfileWifiRadio2BeaconInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} - pre_append := "" // complex - pre_append = pre + ".0." + "link_loadbalance" - if _, ok := d.GetOk(pre_append); ok { - result["link-loadbalance"], _ = expandExtensionControllerExtenderProfileLanExtensionLinkLoadbalance(d, i["link_loadbalance"], pre_append, sv) - } - pre_append = pre + ".0." + "ipsec_tunnel" - if _, ok := d.GetOk(pre_append); ok { - result["ipsec-tunnel"], _ = expandExtensionControllerExtenderProfileLanExtensionIpsecTunnel(d, i["ipsec_tunnel"], pre_append, sv) - } - pre_append = pre + ".0." + "backhaul_interface" - if _, ok := d.GetOk(pre_append); ok { - result["backhaul-interface"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulInterface(d, i["backhaul_interface"], pre_append, sv) - } - pre_append = pre + ".0." + "backhaul_ip" - if _, ok := d.GetOk(pre_append); ok { - result["backhaul-ip"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulIp(d, i["backhaul_ip"], pre_append, sv) - } - pre_append = pre + ".0." + "backhaul" - if _, ok := d.GetOk(pre_append); ok { - result["backhaul"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaul(d, i["backhaul"], pre_append, sv) - } else { - result["backhaul"] = make([]string, 0) - } +func expandExtensionControllerExtenderProfileWifiRadio280211D(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} - return result, nil +func expandExtensionControllerExtenderProfileWifiRadio2MaxClients(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil } -func expandExtensionControllerExtenderProfileLanExtensionLinkLoadbalance(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2ExtensionChannel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileLanExtensionIpsecTunnel(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2BssColorMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileLanExtensionBackhaulInterface(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2BssColor(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileLanExtensionBackhaulIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2LanExtVap(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } -func expandExtensionControllerExtenderProfileLanExtensionBackhaul(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - l := v.([]interface{}) +func expandExtensionControllerExtenderProfileWifiRadio2LocalVaps(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() result := make([]map[string]interface{}, 0, len(l)) if len(l) == 0 || l[0] == nil { @@ -2361,25 +3422,7 @@ func expandExtensionControllerExtenderProfileLanExtensionBackhaul(d *schema.Reso i := r.(map[string]interface{}) pre_append := "" // table - pre_append = pre + "." + strconv.Itoa(con) + "." + "name" - if _, ok := d.GetOk(pre_append); ok { - tmp["name"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulName(d, i["name"], pre_append, sv) - } - - pre_append = pre + "." + strconv.Itoa(con) + "." + "port" - if _, ok := d.GetOk(pre_append); ok { - tmp["port"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulPort(d, i["port"], pre_append, sv) - } - - pre_append = pre + "." + strconv.Itoa(con) + "." + "role" - if _, ok := d.GetOk(pre_append); ok { - tmp["role"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulRole(d, i["role"], pre_append, sv) - } - - pre_append = pre + "." + strconv.Itoa(con) + "." + "weight" - if _, ok := d.GetOk(pre_append); ok { - tmp["weight"], _ = expandExtensionControllerExtenderProfileLanExtensionBackhaulWeight(d, i["weight"], pre_append, sv) - } + tmp["name"], _ = expandExtensionControllerExtenderProfileWifiRadio2LocalVapsName(d, i["name"], pre_append, sv) result = append(result, tmp) @@ -2389,19 +3432,7 @@ func expandExtensionControllerExtenderProfileLanExtensionBackhaul(d *schema.Reso return result, nil } -func expandExtensionControllerExtenderProfileLanExtensionBackhaulName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} - -func expandExtensionControllerExtenderProfileLanExtensionBackhaulPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} - -func expandExtensionControllerExtenderProfileLanExtensionBackhaulRole(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { - return v, nil -} - -func expandExtensionControllerExtenderProfileLanExtensionBackhaulWeight(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { +func expandExtensionControllerExtenderProfileWifiRadio2LocalVapsName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2507,5 +3538,14 @@ func getObjectExtensionControllerExtenderProfile(d *schema.ResourceData, sv stri } } + if v, ok := d.GetOk("wifi"); ok { + t, err := expandExtensionControllerExtenderProfileWifi(d, v, "wifi", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["wifi"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_extensioncontroller_extendervap.go b/fortios/resource_extensioncontroller_extendervap.go new file mode 100644 index 000000000..22bd3a713 --- /dev/null +++ b/fortios/resource_extensioncontroller_extendervap.go @@ -0,0 +1,807 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: FortiExtender wifi vap configuration. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceExtensionControllerExtenderVap() *schema.Resource { + return &schema.Resource{ + Create: resourceExtensionControllerExtenderVapCreate, + Read: resourceExtensionControllerExtenderVapRead, + Update: resourceExtensionControllerExtenderVapUpdate, + Delete: resourceExtensionControllerExtenderVapDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Computed: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + ForceNew: true, + Optional: true, + Computed: true, + }, + "type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ssid": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 32), + Optional: true, + Computed: true, + }, + "max_clients": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 512), + Optional: true, + Computed: true, + }, + "broadcast_ssid": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "security": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "dtim": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 255), + Optional: true, + Computed: true, + }, + "rts_threshold": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(256, 2347), + Optional: true, + Computed: true, + }, + "pmf": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "target_wake_time": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "bss_color_partial": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "mu_mimo": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "passphrase": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 59), + Optional: true, + }, + "sae_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 124), + Optional: true, + }, + "auth_server_address": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "auth_server_port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 65535), + Optional: true, + Computed: true, + }, + "auth_server_secret": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 63), + Optional: true, + Computed: true, + }, + "ip_address": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "start_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "end_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "allowaccess": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + } +} + +func resourceExtensionControllerExtenderVapCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + obj, err := getObjectExtensionControllerExtenderVap(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating ExtensionControllerExtenderVap resource while getting object: %v", err) + } + + o, err := c.CreateExtensionControllerExtenderVap(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating ExtensionControllerExtenderVap resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("ExtensionControllerExtenderVap") + } + + return resourceExtensionControllerExtenderVapRead(d, m) +} + +func resourceExtensionControllerExtenderVapUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + obj, err := getObjectExtensionControllerExtenderVap(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating ExtensionControllerExtenderVap resource while getting object: %v", err) + } + + o, err := c.UpdateExtensionControllerExtenderVap(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating ExtensionControllerExtenderVap resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("ExtensionControllerExtenderVap") + } + + return resourceExtensionControllerExtenderVapRead(d, m) +} + +func resourceExtensionControllerExtenderVapDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteExtensionControllerExtenderVap(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting ExtensionControllerExtenderVap resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceExtensionControllerExtenderVapRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + o, err := c.ReadExtensionControllerExtenderVap(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading ExtensionControllerExtenderVap resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectExtensionControllerExtenderVap(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading ExtensionControllerExtenderVap resource from API: %v", err) + } + return nil +} + +func flattenExtensionControllerExtenderVapName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapSsid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapMaxClients(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapBroadcastSsid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapSecurity(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapDtim(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapRtsThreshold(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapPmf(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapTargetWakeTime(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapBssColorPartial(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapMuMimo(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapPassphrase(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapSaePassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapAuthServerAddress(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapAuthServerPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapAuthServerSecret(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapIpAddress(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapStartIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapEndIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenExtensionControllerExtenderVapAllowaccess(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectExtensionControllerExtenderVap(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + + if err = d.Set("name", flattenExtensionControllerExtenderVapName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("type", flattenExtensionControllerExtenderVapType(o["type"], d, "type", sv)); err != nil { + if !fortiAPIPatch(o["type"]) { + return fmt.Errorf("Error reading type: %v", err) + } + } + + if err = d.Set("ssid", flattenExtensionControllerExtenderVapSsid(o["ssid"], d, "ssid", sv)); err != nil { + if !fortiAPIPatch(o["ssid"]) { + return fmt.Errorf("Error reading ssid: %v", err) + } + } + + if err = d.Set("max_clients", flattenExtensionControllerExtenderVapMaxClients(o["max-clients"], d, "max_clients", sv)); err != nil { + if !fortiAPIPatch(o["max-clients"]) { + return fmt.Errorf("Error reading max_clients: %v", err) + } + } + + if err = d.Set("broadcast_ssid", flattenExtensionControllerExtenderVapBroadcastSsid(o["broadcast-ssid"], d, "broadcast_ssid", sv)); err != nil { + if !fortiAPIPatch(o["broadcast-ssid"]) { + return fmt.Errorf("Error reading broadcast_ssid: %v", err) + } + } + + if err = d.Set("security", flattenExtensionControllerExtenderVapSecurity(o["security"], d, "security", sv)); err != nil { + if !fortiAPIPatch(o["security"]) { + return fmt.Errorf("Error reading security: %v", err) + } + } + + if err = d.Set("dtim", flattenExtensionControllerExtenderVapDtim(o["dtim"], d, "dtim", sv)); err != nil { + if !fortiAPIPatch(o["dtim"]) { + return fmt.Errorf("Error reading dtim: %v", err) + } + } + + if err = d.Set("rts_threshold", flattenExtensionControllerExtenderVapRtsThreshold(o["rts-threshold"], d, "rts_threshold", sv)); err != nil { + if !fortiAPIPatch(o["rts-threshold"]) { + return fmt.Errorf("Error reading rts_threshold: %v", err) + } + } + + if err = d.Set("pmf", flattenExtensionControllerExtenderVapPmf(o["pmf"], d, "pmf", sv)); err != nil { + if !fortiAPIPatch(o["pmf"]) { + return fmt.Errorf("Error reading pmf: %v", err) + } + } + + if err = d.Set("target_wake_time", flattenExtensionControllerExtenderVapTargetWakeTime(o["target-wake-time"], d, "target_wake_time", sv)); err != nil { + if !fortiAPIPatch(o["target-wake-time"]) { + return fmt.Errorf("Error reading target_wake_time: %v", err) + } + } + + if err = d.Set("bss_color_partial", flattenExtensionControllerExtenderVapBssColorPartial(o["bss-color-partial"], d, "bss_color_partial", sv)); err != nil { + if !fortiAPIPatch(o["bss-color-partial"]) { + return fmt.Errorf("Error reading bss_color_partial: %v", err) + } + } + + if err = d.Set("mu_mimo", flattenExtensionControllerExtenderVapMuMimo(o["mu-mimo"], d, "mu_mimo", sv)); err != nil { + if !fortiAPIPatch(o["mu-mimo"]) { + return fmt.Errorf("Error reading mu_mimo: %v", err) + } + } + + if err = d.Set("passphrase", flattenExtensionControllerExtenderVapPassphrase(o["passphrase"], d, "passphrase", sv)); err != nil { + if !fortiAPIPatch(o["passphrase"]) { + return fmt.Errorf("Error reading passphrase: %v", err) + } + } + + if err = d.Set("sae_password", flattenExtensionControllerExtenderVapSaePassword(o["sae-password"], d, "sae_password", sv)); err != nil { + if !fortiAPIPatch(o["sae-password"]) { + return fmt.Errorf("Error reading sae_password: %v", err) + } + } + + if err = d.Set("auth_server_address", flattenExtensionControllerExtenderVapAuthServerAddress(o["auth-server-address"], d, "auth_server_address", sv)); err != nil { + if !fortiAPIPatch(o["auth-server-address"]) { + return fmt.Errorf("Error reading auth_server_address: %v", err) + } + } + + if err = d.Set("auth_server_port", flattenExtensionControllerExtenderVapAuthServerPort(o["auth-server-port"], d, "auth_server_port", sv)); err != nil { + if !fortiAPIPatch(o["auth-server-port"]) { + return fmt.Errorf("Error reading auth_server_port: %v", err) + } + } + + if err = d.Set("auth_server_secret", flattenExtensionControllerExtenderVapAuthServerSecret(o["auth-server-secret"], d, "auth_server_secret", sv)); err != nil { + if !fortiAPIPatch(o["auth-server-secret"]) { + return fmt.Errorf("Error reading auth_server_secret: %v", err) + } + } + + if err = d.Set("ip_address", flattenExtensionControllerExtenderVapIpAddress(o["ip-address"], d, "ip_address", sv)); err != nil { + if !fortiAPIPatch(o["ip-address"]) { + return fmt.Errorf("Error reading ip_address: %v", err) + } + } + + if err = d.Set("start_ip", flattenExtensionControllerExtenderVapStartIp(o["start-ip"], d, "start_ip", sv)); err != nil { + if !fortiAPIPatch(o["start-ip"]) { + return fmt.Errorf("Error reading start_ip: %v", err) + } + } + + if err = d.Set("end_ip", flattenExtensionControllerExtenderVapEndIp(o["end-ip"], d, "end_ip", sv)); err != nil { + if !fortiAPIPatch(o["end-ip"]) { + return fmt.Errorf("Error reading end_ip: %v", err) + } + } + + if err = d.Set("allowaccess", flattenExtensionControllerExtenderVapAllowaccess(o["allowaccess"], d, "allowaccess", sv)); err != nil { + if !fortiAPIPatch(o["allowaccess"]) { + return fmt.Errorf("Error reading allowaccess: %v", err) + } + } + + return nil +} + +func flattenExtensionControllerExtenderVapFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandExtensionControllerExtenderVapName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapSsid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapMaxClients(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapBroadcastSsid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapSecurity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapDtim(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapRtsThreshold(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapPmf(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapTargetWakeTime(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapBssColorPartial(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapMuMimo(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapPassphrase(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapSaePassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapAuthServerAddress(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapAuthServerPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapAuthServerSecret(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapIpAddress(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapStartIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapEndIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandExtensionControllerExtenderVapAllowaccess(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectExtensionControllerExtenderVap(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandExtensionControllerExtenderVapName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("type"); ok { + t, err := expandExtensionControllerExtenderVapType(d, v, "type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["type"] = t + } + } + + if v, ok := d.GetOk("ssid"); ok { + t, err := expandExtensionControllerExtenderVapSsid(d, v, "ssid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssid"] = t + } + } + + if v, ok := d.GetOkExists("max_clients"); ok { + t, err := expandExtensionControllerExtenderVapMaxClients(d, v, "max_clients", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-clients"] = t + } + } + + if v, ok := d.GetOk("broadcast_ssid"); ok { + t, err := expandExtensionControllerExtenderVapBroadcastSsid(d, v, "broadcast_ssid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["broadcast-ssid"] = t + } + } + + if v, ok := d.GetOk("security"); ok { + t, err := expandExtensionControllerExtenderVapSecurity(d, v, "security", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["security"] = t + } + } + + if v, ok := d.GetOk("dtim"); ok { + t, err := expandExtensionControllerExtenderVapDtim(d, v, "dtim", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["dtim"] = t + } + } + + if v, ok := d.GetOk("rts_threshold"); ok { + t, err := expandExtensionControllerExtenderVapRtsThreshold(d, v, "rts_threshold", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rts-threshold"] = t + } + } + + if v, ok := d.GetOk("pmf"); ok { + t, err := expandExtensionControllerExtenderVapPmf(d, v, "pmf", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["pmf"] = t + } + } + + if v, ok := d.GetOk("target_wake_time"); ok { + t, err := expandExtensionControllerExtenderVapTargetWakeTime(d, v, "target_wake_time", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["target-wake-time"] = t + } + } + + if v, ok := d.GetOk("bss_color_partial"); ok { + t, err := expandExtensionControllerExtenderVapBssColorPartial(d, v, "bss_color_partial", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["bss-color-partial"] = t + } + } + + if v, ok := d.GetOk("mu_mimo"); ok { + t, err := expandExtensionControllerExtenderVapMuMimo(d, v, "mu_mimo", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mu-mimo"] = t + } + } + + if v, ok := d.GetOk("passphrase"); ok { + t, err := expandExtensionControllerExtenderVapPassphrase(d, v, "passphrase", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["passphrase"] = t + } + } + + if v, ok := d.GetOk("sae_password"); ok { + t, err := expandExtensionControllerExtenderVapSaePassword(d, v, "sae_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["sae-password"] = t + } + } + + if v, ok := d.GetOk("auth_server_address"); ok { + t, err := expandExtensionControllerExtenderVapAuthServerAddress(d, v, "auth_server_address", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auth-server-address"] = t + } + } + + if v, ok := d.GetOk("auth_server_port"); ok { + t, err := expandExtensionControllerExtenderVapAuthServerPort(d, v, "auth_server_port", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auth-server-port"] = t + } + } + + if v, ok := d.GetOk("auth_server_secret"); ok { + t, err := expandExtensionControllerExtenderVapAuthServerSecret(d, v, "auth_server_secret", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["auth-server-secret"] = t + } + } + + if v, ok := d.GetOk("ip_address"); ok { + t, err := expandExtensionControllerExtenderVapIpAddress(d, v, "ip_address", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ip-address"] = t + } + } + + if v, ok := d.GetOk("start_ip"); ok { + t, err := expandExtensionControllerExtenderVapStartIp(d, v, "start_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["start-ip"] = t + } + } + + if v, ok := d.GetOk("end_ip"); ok { + t, err := expandExtensionControllerExtenderVapEndIp(d, v, "end_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["end-ip"] = t + } + } + + if v, ok := d.GetOk("allowaccess"); ok { + t, err := expandExtensionControllerExtenderVapAllowaccess(d, v, "allowaccess", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["allowaccess"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_firewall_centralsnatmap.go b/fortios/resource_firewall_centralsnatmap.go index 7e871a07e..664456a87 100644 --- a/fortios/resource_firewall_centralsnatmap.go +++ b/fortios/resource_firewall_centralsnatmap.go @@ -169,6 +169,11 @@ func resourceFirewallCentralSnatMap() *schema.Resource { }, }, }, + "port_preserve": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "protocol": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(0, 255), @@ -724,6 +729,10 @@ func flattenFirewallCentralSnatMapNatIppool6Name(v interface{}, d *schema.Resour return v } +func flattenFirewallCentralSnatMapPortPreserve(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallCentralSnatMapProtocol(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -917,6 +926,12 @@ func refreshObjectFirewallCentralSnatMap(d *schema.ResourceData, o map[string]in } } + if err = d.Set("port_preserve", flattenFirewallCentralSnatMapPortPreserve(o["port-preserve"], d, "port_preserve", sv)); err != nil { + if !fortiAPIPatch(o["port-preserve"]) { + return fmt.Errorf("Error reading port_preserve: %v", err) + } + } + if err = d.Set("protocol", flattenFirewallCentralSnatMapProtocol(o["protocol"], d, "protocol", sv)); err != nil { if !fortiAPIPatch(o["protocol"]) { return fmt.Errorf("Error reading protocol: %v", err) @@ -1214,6 +1229,10 @@ func expandFirewallCentralSnatMapNatIppool6Name(d *schema.ResourceData, v interf return v, nil } +func expandFirewallCentralSnatMapPortPreserve(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallCentralSnatMapProtocol(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1357,6 +1376,15 @@ func getObjectFirewallCentralSnatMap(d *schema.ResourceData, sv string) (*map[st } } + if v, ok := d.GetOk("port_preserve"); ok { + t, err := expandFirewallCentralSnatMapPortPreserve(d, v, "port_preserve", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["port-preserve"] = t + } + } + if v, ok := d.GetOkExists("protocol"); ok { t, err := expandFirewallCentralSnatMapProtocol(d, v, "protocol", sv) if err != nil { diff --git a/fortios/resource_firewall_ippool.go b/fortios/resource_firewall_ippool.go index fb1053afb..b2af9a897 100644 --- a/fortios/resource_firewall_ippool.go +++ b/fortios/resource_firewall_ippool.go @@ -100,6 +100,12 @@ func resourceFirewallIppool() *schema.Resource { Optional: true, Computed: true, }, + "pba_interim_log": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(600, 86400), + Optional: true, + Computed: true, + }, "permit_any_host": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -345,6 +351,10 @@ func flattenFirewallIppoolPbaTimeout(v interface{}, d *schema.ResourceData, pre return v } +func flattenFirewallIppoolPbaInterimLog(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallIppoolPermitAnyHost(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -452,6 +462,12 @@ func refreshObjectFirewallIppool(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("pba_interim_log", flattenFirewallIppoolPbaInterimLog(o["pba-interim-log"], d, "pba_interim_log", sv)); err != nil { + if !fortiAPIPatch(o["pba-interim-log"]) { + return fmt.Errorf("Error reading pba_interim_log: %v", err) + } + } + if err = d.Set("permit_any_host", flattenFirewallIppoolPermitAnyHost(o["permit-any-host"], d, "permit_any_host", sv)); err != nil { if !fortiAPIPatch(o["permit-any-host"]) { return fmt.Errorf("Error reading permit_any_host: %v", err) @@ -557,6 +573,10 @@ func expandFirewallIppoolPbaTimeout(d *schema.ResourceData, v interface{}, pre s return v, nil } +func expandFirewallIppoolPbaInterimLog(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallIppoolPermitAnyHost(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -700,6 +720,15 @@ func getObjectFirewallIppool(d *schema.ResourceData, sv string) (*map[string]int } } + if v, ok := d.GetOk("pba_interim_log"); ok { + t, err := expandFirewallIppoolPbaInterimLog(d, v, "pba_interim_log", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["pba-interim-log"] = t + } + } + if v, ok := d.GetOk("permit_any_host"); ok { t, err := expandFirewallIppoolPermitAnyHost(d, v, "permit_any_host", sv) if err != nil { diff --git a/fortios/resource_firewall_localinpolicy.go b/fortios/resource_firewall_localinpolicy.go index 185265310..e1534b4e9 100644 --- a/fortios/resource_firewall_localinpolicy.go +++ b/fortios/resource_firewall_localinpolicy.go @@ -105,6 +105,67 @@ func resourceFirewallLocalInPolicy() *schema.Resource { }, }, }, + "internet_service_src": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "internet_service_src_name": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "internet_service_src_group": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "internet_service_src_custom": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "internet_service_src_custom_group": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, "dstaddr_negate": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -134,6 +195,11 @@ func resourceFirewallLocalInPolicy() *schema.Resource { Optional: true, Computed: true, }, + "internet_service_src_negate": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "schedule": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -465,6 +531,178 @@ func flattenFirewallLocalInPolicyDstaddrName(v interface{}, d *schema.ResourceDa return v } +func flattenFirewallLocalInPolicyInternetServiceSrc(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicyInternetServiceSrcName(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicyInternetServiceSrcNameName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicyInternetServiceSrcNameName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicyInternetServiceSrcGroup(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicyInternetServiceSrcGroupName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicyInternetServiceSrcGroupName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicyInternetServiceSrcCustom(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicyInternetServiceSrcCustomName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicyInternetServiceSrcCustomName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicyInternetServiceSrcCustomGroup(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicyInternetServiceSrcCustomGroupName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicyInternetServiceSrcCustomGroupName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallLocalInPolicyDstaddrNegate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -519,6 +757,10 @@ func flattenFirewallLocalInPolicyServiceNegate(v interface{}, d *schema.Resource return v } +func flattenFirewallLocalInPolicyInternetServiceSrcNegate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallLocalInPolicySchedule(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -626,6 +868,76 @@ func refreshObjectFirewallLocalInPolicy(d *schema.ResourceData, o map[string]int } } + if err = d.Set("internet_service_src", flattenFirewallLocalInPolicyInternetServiceSrc(o["internet-service-src"], d, "internet_service_src", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src"]) { + return fmt.Errorf("Error reading internet_service_src: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("internet_service_src_name", flattenFirewallLocalInPolicyInternetServiceSrcName(o["internet-service-src-name"], d, "internet_service_src_name", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-name"]) { + return fmt.Errorf("Error reading internet_service_src_name: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service_src_name"); ok { + if err = d.Set("internet_service_src_name", flattenFirewallLocalInPolicyInternetServiceSrcName(o["internet-service-src-name"], d, "internet_service_src_name", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-name"]) { + return fmt.Errorf("Error reading internet_service_src_name: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("internet_service_src_group", flattenFirewallLocalInPolicyInternetServiceSrcGroup(o["internet-service-src-group"], d, "internet_service_src_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-group"]) { + return fmt.Errorf("Error reading internet_service_src_group: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service_src_group"); ok { + if err = d.Set("internet_service_src_group", flattenFirewallLocalInPolicyInternetServiceSrcGroup(o["internet-service-src-group"], d, "internet_service_src_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-group"]) { + return fmt.Errorf("Error reading internet_service_src_group: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("internet_service_src_custom", flattenFirewallLocalInPolicyInternetServiceSrcCustom(o["internet-service-src-custom"], d, "internet_service_src_custom", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-custom"]) { + return fmt.Errorf("Error reading internet_service_src_custom: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service_src_custom"); ok { + if err = d.Set("internet_service_src_custom", flattenFirewallLocalInPolicyInternetServiceSrcCustom(o["internet-service-src-custom"], d, "internet_service_src_custom", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-custom"]) { + return fmt.Errorf("Error reading internet_service_src_custom: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("internet_service_src_custom_group", flattenFirewallLocalInPolicyInternetServiceSrcCustomGroup(o["internet-service-src-custom-group"], d, "internet_service_src_custom_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-custom-group"]) { + return fmt.Errorf("Error reading internet_service_src_custom_group: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service_src_custom_group"); ok { + if err = d.Set("internet_service_src_custom_group", flattenFirewallLocalInPolicyInternetServiceSrcCustomGroup(o["internet-service-src-custom-group"], d, "internet_service_src_custom_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-custom-group"]) { + return fmt.Errorf("Error reading internet_service_src_custom_group: %v", err) + } + } + } + } + if err = d.Set("dstaddr_negate", flattenFirewallLocalInPolicyDstaddrNegate(o["dstaddr-negate"], d, "dstaddr_negate", sv)); err != nil { if !fortiAPIPatch(o["dstaddr-negate"]) { return fmt.Errorf("Error reading dstaddr_negate: %v", err) @@ -660,6 +972,12 @@ func refreshObjectFirewallLocalInPolicy(d *schema.ResourceData, o map[string]int } } + if err = d.Set("internet_service_src_negate", flattenFirewallLocalInPolicyInternetServiceSrcNegate(o["internet-service-src-negate"], d, "internet_service_src_negate", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-src-negate"]) { + return fmt.Errorf("Error reading internet_service_src_negate: %v", err) + } + } + if err = d.Set("schedule", flattenFirewallLocalInPolicySchedule(o["schedule"], d, "schedule", sv)); err != nil { if !fortiAPIPatch(o["schedule"]) { return fmt.Errorf("Error reading schedule: %v", err) @@ -797,6 +1115,122 @@ func expandFirewallLocalInPolicyDstaddrName(d *schema.ResourceData, v interface{ return v, nil } +func expandFirewallLocalInPolicyInternetServiceSrc(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicyInternetServiceSrcNameName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcNameName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcGroup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicyInternetServiceSrcGroupName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcGroupName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcCustom(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicyInternetServiceSrcCustomName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcCustomName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcCustomGroup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicyInternetServiceSrcCustomGroupName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicyInternetServiceSrcCustomGroupName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallLocalInPolicyDstaddrNegate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -837,6 +1271,10 @@ func expandFirewallLocalInPolicyServiceNegate(d *schema.ResourceData, v interfac return v, nil } +func expandFirewallLocalInPolicyInternetServiceSrcNegate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallLocalInPolicySchedule(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -948,6 +1386,51 @@ func getObjectFirewallLocalInPolicy(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("internet_service_src"); ok { + t, err := expandFirewallLocalInPolicyInternetServiceSrc(d, v, "internet_service_src", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-src"] = t + } + } + + if v, ok := d.GetOk("internet_service_src_name"); ok || d.HasChange("internet_service_src_name") { + t, err := expandFirewallLocalInPolicyInternetServiceSrcName(d, v, "internet_service_src_name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-src-name"] = t + } + } + + if v, ok := d.GetOk("internet_service_src_group"); ok || d.HasChange("internet_service_src_group") { + t, err := expandFirewallLocalInPolicyInternetServiceSrcGroup(d, v, "internet_service_src_group", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-src-group"] = t + } + } + + if v, ok := d.GetOk("internet_service_src_custom"); ok || d.HasChange("internet_service_src_custom") { + t, err := expandFirewallLocalInPolicyInternetServiceSrcCustom(d, v, "internet_service_src_custom", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-src-custom"] = t + } + } + + if v, ok := d.GetOk("internet_service_src_custom_group"); ok || d.HasChange("internet_service_src_custom_group") { + t, err := expandFirewallLocalInPolicyInternetServiceSrcCustomGroup(d, v, "internet_service_src_custom_group", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-src-custom-group"] = t + } + } + if v, ok := d.GetOk("dstaddr_negate"); ok { t, err := expandFirewallLocalInPolicyDstaddrNegate(d, v, "dstaddr_negate", sv) if err != nil { @@ -984,6 +1467,15 @@ func getObjectFirewallLocalInPolicy(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("internet_service_src_negate"); ok { + t, err := expandFirewallLocalInPolicyInternetServiceSrcNegate(d, v, "internet_service_src_negate", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-src-negate"] = t + } + } + if v, ok := d.GetOk("schedule"); ok { t, err := expandFirewallLocalInPolicySchedule(d, v, "schedule", sv) if err != nil { diff --git a/fortios/resource_firewall_localinpolicy6.go b/fortios/resource_firewall_localinpolicy6.go index 367260927..902bb2d74 100644 --- a/fortios/resource_firewall_localinpolicy6.go +++ b/fortios/resource_firewall_localinpolicy6.go @@ -100,6 +100,67 @@ func resourceFirewallLocalInPolicy6() *schema.Resource { }, }, }, + "internet_service6_src": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "internet_service6_src_name": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "internet_service6_src_group": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "internet_service6_src_custom": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, + "internet_service6_src_custom_group": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + }, + }, + }, "dstaddr_negate": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -129,6 +190,11 @@ func resourceFirewallLocalInPolicy6() *schema.Resource { Optional: true, Computed: true, }, + "internet_service6_src_negate": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "schedule": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), @@ -456,6 +522,178 @@ func flattenFirewallLocalInPolicy6DstaddrName(v interface{}, d *schema.ResourceD return v } +func flattenFirewallLocalInPolicy6InternetService6Src(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicy6InternetService6SrcName(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicy6InternetService6SrcNameName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicy6InternetService6SrcNameName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicy6InternetService6SrcGroup(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicy6InternetService6SrcGroupName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicy6InternetService6SrcGroupName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicy6InternetService6SrcCustom(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicy6InternetService6SrcCustomName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicy6InternetService6SrcCustomName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallLocalInPolicy6InternetService6SrcCustomGroup(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallLocalInPolicy6InternetService6SrcCustomGroupName(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallLocalInPolicy6InternetService6SrcCustomGroupName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallLocalInPolicy6DstaddrNegate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -510,6 +748,10 @@ func flattenFirewallLocalInPolicy6ServiceNegate(v interface{}, d *schema.Resourc return v } +func flattenFirewallLocalInPolicy6InternetService6SrcNegate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallLocalInPolicy6Schedule(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -611,6 +853,76 @@ func refreshObjectFirewallLocalInPolicy6(d *schema.ResourceData, o map[string]in } } + if err = d.Set("internet_service6_src", flattenFirewallLocalInPolicy6InternetService6Src(o["internet-service6-src"], d, "internet_service6_src", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src"]) { + return fmt.Errorf("Error reading internet_service6_src: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("internet_service6_src_name", flattenFirewallLocalInPolicy6InternetService6SrcName(o["internet-service6-src-name"], d, "internet_service6_src_name", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-name"]) { + return fmt.Errorf("Error reading internet_service6_src_name: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service6_src_name"); ok { + if err = d.Set("internet_service6_src_name", flattenFirewallLocalInPolicy6InternetService6SrcName(o["internet-service6-src-name"], d, "internet_service6_src_name", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-name"]) { + return fmt.Errorf("Error reading internet_service6_src_name: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("internet_service6_src_group", flattenFirewallLocalInPolicy6InternetService6SrcGroup(o["internet-service6-src-group"], d, "internet_service6_src_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-group"]) { + return fmt.Errorf("Error reading internet_service6_src_group: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service6_src_group"); ok { + if err = d.Set("internet_service6_src_group", flattenFirewallLocalInPolicy6InternetService6SrcGroup(o["internet-service6-src-group"], d, "internet_service6_src_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-group"]) { + return fmt.Errorf("Error reading internet_service6_src_group: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("internet_service6_src_custom", flattenFirewallLocalInPolicy6InternetService6SrcCustom(o["internet-service6-src-custom"], d, "internet_service6_src_custom", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-custom"]) { + return fmt.Errorf("Error reading internet_service6_src_custom: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service6_src_custom"); ok { + if err = d.Set("internet_service6_src_custom", flattenFirewallLocalInPolicy6InternetService6SrcCustom(o["internet-service6-src-custom"], d, "internet_service6_src_custom", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-custom"]) { + return fmt.Errorf("Error reading internet_service6_src_custom: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("internet_service6_src_custom_group", flattenFirewallLocalInPolicy6InternetService6SrcCustomGroup(o["internet-service6-src-custom-group"], d, "internet_service6_src_custom_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-custom-group"]) { + return fmt.Errorf("Error reading internet_service6_src_custom_group: %v", err) + } + } + } else { + if _, ok := d.GetOk("internet_service6_src_custom_group"); ok { + if err = d.Set("internet_service6_src_custom_group", flattenFirewallLocalInPolicy6InternetService6SrcCustomGroup(o["internet-service6-src-custom-group"], d, "internet_service6_src_custom_group", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-custom-group"]) { + return fmt.Errorf("Error reading internet_service6_src_custom_group: %v", err) + } + } + } + } + if err = d.Set("dstaddr_negate", flattenFirewallLocalInPolicy6DstaddrNegate(o["dstaddr-negate"], d, "dstaddr_negate", sv)); err != nil { if !fortiAPIPatch(o["dstaddr-negate"]) { return fmt.Errorf("Error reading dstaddr_negate: %v", err) @@ -645,6 +957,12 @@ func refreshObjectFirewallLocalInPolicy6(d *schema.ResourceData, o map[string]in } } + if err = d.Set("internet_service6_src_negate", flattenFirewallLocalInPolicy6InternetService6SrcNegate(o["internet-service6-src-negate"], d, "internet_service6_src_negate", sv)); err != nil { + if !fortiAPIPatch(o["internet-service6-src-negate"]) { + return fmt.Errorf("Error reading internet_service6_src_negate: %v", err) + } + } + if err = d.Set("schedule", flattenFirewallLocalInPolicy6Schedule(o["schedule"], d, "schedule", sv)); err != nil { if !fortiAPIPatch(o["schedule"]) { return fmt.Errorf("Error reading schedule: %v", err) @@ -778,6 +1096,122 @@ func expandFirewallLocalInPolicy6DstaddrName(d *schema.ResourceData, v interface return v, nil } +func expandFirewallLocalInPolicy6InternetService6Src(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicy6InternetService6SrcNameName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcNameName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcGroup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicy6InternetService6SrcGroupName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcGroupName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcCustom(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicy6InternetService6SrcCustomName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcCustomName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcCustomGroup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["name"], _ = expandFirewallLocalInPolicy6InternetService6SrcCustomGroupName(d, i["name"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallLocalInPolicy6InternetService6SrcCustomGroupName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallLocalInPolicy6DstaddrNegate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -818,6 +1252,10 @@ func expandFirewallLocalInPolicy6ServiceNegate(d *schema.ResourceData, v interfa return v, nil } +func expandFirewallLocalInPolicy6InternetService6SrcNegate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallLocalInPolicy6Schedule(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -920,6 +1358,51 @@ func getObjectFirewallLocalInPolicy6(d *schema.ResourceData, sv string) (*map[st } } + if v, ok := d.GetOk("internet_service6_src"); ok { + t, err := expandFirewallLocalInPolicy6InternetService6Src(d, v, "internet_service6_src", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service6-src"] = t + } + } + + if v, ok := d.GetOk("internet_service6_src_name"); ok || d.HasChange("internet_service6_src_name") { + t, err := expandFirewallLocalInPolicy6InternetService6SrcName(d, v, "internet_service6_src_name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service6-src-name"] = t + } + } + + if v, ok := d.GetOk("internet_service6_src_group"); ok || d.HasChange("internet_service6_src_group") { + t, err := expandFirewallLocalInPolicy6InternetService6SrcGroup(d, v, "internet_service6_src_group", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service6-src-group"] = t + } + } + + if v, ok := d.GetOk("internet_service6_src_custom"); ok || d.HasChange("internet_service6_src_custom") { + t, err := expandFirewallLocalInPolicy6InternetService6SrcCustom(d, v, "internet_service6_src_custom", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service6-src-custom"] = t + } + } + + if v, ok := d.GetOk("internet_service6_src_custom_group"); ok || d.HasChange("internet_service6_src_custom_group") { + t, err := expandFirewallLocalInPolicy6InternetService6SrcCustomGroup(d, v, "internet_service6_src_custom_group", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service6-src-custom-group"] = t + } + } + if v, ok := d.GetOk("dstaddr_negate"); ok { t, err := expandFirewallLocalInPolicy6DstaddrNegate(d, v, "dstaddr_negate", sv) if err != nil { @@ -956,6 +1439,15 @@ func getObjectFirewallLocalInPolicy6(d *schema.ResourceData, sv string) (*map[st } } + if v, ok := d.GetOk("internet_service6_src_negate"); ok { + t, err := expandFirewallLocalInPolicy6InternetService6SrcNegate(d, v, "internet_service6_src_negate", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service6-src-negate"] = t + } + } + if v, ok := d.GetOk("schedule"); ok { t, err := expandFirewallLocalInPolicy6Schedule(d, v, "schedule", sv) if err != nil { diff --git a/fortios/resource_firewall_ondemandsniffer.go b/fortios/resource_firewall_ondemandsniffer.go new file mode 100644 index 000000000..60c8b78af --- /dev/null +++ b/fortios/resource_firewall_ondemandsniffer.go @@ -0,0 +1,696 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure on-demand packet sniffer. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceFirewallOnDemandSniffer() *schema.Resource { + return &schema.Resource{ + Create: resourceFirewallOnDemandSnifferCreate, + Read: resourceFirewallOnDemandSnifferRead, + Update: resourceFirewallOnDemandSnifferUpdate, + Delete: resourceFirewallOnDemandSnifferDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Computed: true, + }, + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, + "interface": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, + "max_packet_count": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 20000), + Optional: true, + Computed: true, + }, + "hosts": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "host": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + }, + }, + }, + "ports": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "port": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 65536), + Optional: true, + Computed: true, + }, + }, + }, + }, + "protocols": &schema.Schema{ + Type: schema.TypeSet, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "protocol": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 255), + Optional: true, + Computed: true, + }, + }, + }, + }, + "non_ip_packet": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "advanced_filter": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + }, + "dynamic_sort_subtable": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + "get_all_tables": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Default: "false", + }, + }, + } +} + +func resourceFirewallOnDemandSnifferCreate(d *schema.ResourceData, m interface{}) error { + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + obj, err := getObjectFirewallOnDemandSniffer(d, c.Fv) + if err != nil { + return fmt.Errorf("Error creating FirewallOnDemandSniffer resource while getting object: %v", err) + } + + o, err := c.CreateFirewallOnDemandSniffer(obj, vdomparam) + + if err != nil { + return fmt.Errorf("Error creating FirewallOnDemandSniffer resource: %v", err) + } + + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("FirewallOnDemandSniffer") + } + + return resourceFirewallOnDemandSnifferRead(d, m) +} + +func resourceFirewallOnDemandSnifferUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + obj, err := getObjectFirewallOnDemandSniffer(d, c.Fv) + if err != nil { + return fmt.Errorf("Error updating FirewallOnDemandSniffer resource while getting object: %v", err) + } + + o, err := c.UpdateFirewallOnDemandSniffer(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating FirewallOnDemandSniffer resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("FirewallOnDemandSniffer") + } + + return resourceFirewallOnDemandSnifferRead(d, m) +} + +func resourceFirewallOnDemandSnifferDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + err := c.DeleteFirewallOnDemandSniffer(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error deleting FirewallOnDemandSniffer resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceFirewallOnDemandSnifferRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + o, err := c.ReadFirewallOnDemandSniffer(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading FirewallOnDemandSniffer resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectFirewallOnDemandSniffer(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading FirewallOnDemandSniffer resource from API: %v", err) + } + return nil +} + +func flattenFirewallOnDemandSnifferName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferInterface(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferMaxPacketCount(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferHosts(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "host" + if cur_v, ok := i["host"]; ok { + tmp["host"] = flattenFirewallOnDemandSnifferHostsHost(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "host", d) + return result +} + +func flattenFirewallOnDemandSnifferHostsHost(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferPorts(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "port" + if cur_v, ok := i["port"]; ok { + tmp["port"] = flattenFirewallOnDemandSnifferPortsPort(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "port", d) + return result +} + +func flattenFirewallOnDemandSnifferPortsPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferProtocols(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "protocol" + if cur_v, ok := i["protocol"]; ok { + tmp["protocol"] = flattenFirewallOnDemandSnifferProtocolsProtocol(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "protocol", d) + return result +} + +func flattenFirewallOnDemandSnifferProtocolsProtocol(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferNonIpPacket(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallOnDemandSnifferAdvancedFilter(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectFirewallOnDemandSniffer(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + var b_get_all_tables bool + if get_all_tables, ok := d.GetOk("get_all_tables"); ok { + b_get_all_tables = get_all_tables.(string) == "true" + } else { + b_get_all_tables = isImportTable() + } + + if err = d.Set("name", flattenFirewallOnDemandSnifferName(o["name"], d, "name", sv)); err != nil { + if !fortiAPIPatch(o["name"]) { + return fmt.Errorf("Error reading name: %v", err) + } + } + + if err = d.Set("interface", flattenFirewallOnDemandSnifferInterface(o["interface"], d, "interface", sv)); err != nil { + if !fortiAPIPatch(o["interface"]) { + return fmt.Errorf("Error reading interface: %v", err) + } + } + + if err = d.Set("max_packet_count", flattenFirewallOnDemandSnifferMaxPacketCount(o["max-packet-count"], d, "max_packet_count", sv)); err != nil { + if !fortiAPIPatch(o["max-packet-count"]) { + return fmt.Errorf("Error reading max_packet_count: %v", err) + } + } + + if b_get_all_tables { + if err = d.Set("hosts", flattenFirewallOnDemandSnifferHosts(o["hosts"], d, "hosts", sv)); err != nil { + if !fortiAPIPatch(o["hosts"]) { + return fmt.Errorf("Error reading hosts: %v", err) + } + } + } else { + if _, ok := d.GetOk("hosts"); ok { + if err = d.Set("hosts", flattenFirewallOnDemandSnifferHosts(o["hosts"], d, "hosts", sv)); err != nil { + if !fortiAPIPatch(o["hosts"]) { + return fmt.Errorf("Error reading hosts: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("ports", flattenFirewallOnDemandSnifferPorts(o["ports"], d, "ports", sv)); err != nil { + if !fortiAPIPatch(o["ports"]) { + return fmt.Errorf("Error reading ports: %v", err) + } + } + } else { + if _, ok := d.GetOk("ports"); ok { + if err = d.Set("ports", flattenFirewallOnDemandSnifferPorts(o["ports"], d, "ports", sv)); err != nil { + if !fortiAPIPatch(o["ports"]) { + return fmt.Errorf("Error reading ports: %v", err) + } + } + } + } + + if b_get_all_tables { + if err = d.Set("protocols", flattenFirewallOnDemandSnifferProtocols(o["protocols"], d, "protocols", sv)); err != nil { + if !fortiAPIPatch(o["protocols"]) { + return fmt.Errorf("Error reading protocols: %v", err) + } + } + } else { + if _, ok := d.GetOk("protocols"); ok { + if err = d.Set("protocols", flattenFirewallOnDemandSnifferProtocols(o["protocols"], d, "protocols", sv)); err != nil { + if !fortiAPIPatch(o["protocols"]) { + return fmt.Errorf("Error reading protocols: %v", err) + } + } + } + } + + if err = d.Set("non_ip_packet", flattenFirewallOnDemandSnifferNonIpPacket(o["non-ip-packet"], d, "non_ip_packet", sv)); err != nil { + if !fortiAPIPatch(o["non-ip-packet"]) { + return fmt.Errorf("Error reading non_ip_packet: %v", err) + } + } + + if err = d.Set("advanced_filter", flattenFirewallOnDemandSnifferAdvancedFilter(o["advanced-filter"], d, "advanced_filter", sv)); err != nil { + if !fortiAPIPatch(o["advanced-filter"]) { + return fmt.Errorf("Error reading advanced_filter: %v", err) + } + } + + return nil +} + +func flattenFirewallOnDemandSnifferFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandFirewallOnDemandSnifferName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferInterface(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferMaxPacketCount(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferHosts(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["host"], _ = expandFirewallOnDemandSnifferHostsHost(d, i["host"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallOnDemandSnifferHostsHost(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferPorts(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["port"], _ = expandFirewallOnDemandSnifferPortsPort(d, i["port"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallOnDemandSnifferPortsPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferProtocols(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.(*schema.Set).List() + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + tmp["protocol"], _ = expandFirewallOnDemandSnifferProtocolsProtocol(d, i["protocol"], pre_append, sv) + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallOnDemandSnifferProtocolsProtocol(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferNonIpPacket(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallOnDemandSnifferAdvancedFilter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectFirewallOnDemandSniffer(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + t, err := expandFirewallOnDemandSnifferName(d, v, "name", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["name"] = t + } + } + + if v, ok := d.GetOk("interface"); ok { + t, err := expandFirewallOnDemandSnifferInterface(d, v, "interface", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["interface"] = t + } + } + + if v, ok := d.GetOk("max_packet_count"); ok { + t, err := expandFirewallOnDemandSnifferMaxPacketCount(d, v, "max_packet_count", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-packet-count"] = t + } + } + + if v, ok := d.GetOk("hosts"); ok || d.HasChange("hosts") { + t, err := expandFirewallOnDemandSnifferHosts(d, v, "hosts", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["hosts"] = t + } + } + + if v, ok := d.GetOk("ports"); ok || d.HasChange("ports") { + t, err := expandFirewallOnDemandSnifferPorts(d, v, "ports", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ports"] = t + } + } + + if v, ok := d.GetOk("protocols"); ok || d.HasChange("protocols") { + t, err := expandFirewallOnDemandSnifferProtocols(d, v, "protocols", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["protocols"] = t + } + } + + if v, ok := d.GetOk("non_ip_packet"); ok { + t, err := expandFirewallOnDemandSnifferNonIpPacket(d, v, "non_ip_packet", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["non-ip-packet"] = t + } + } + + if v, ok := d.GetOk("advanced_filter"); ok { + t, err := expandFirewallOnDemandSnifferAdvancedFilter(d, v, "advanced_filter", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["advanced-filter"] = t + } + } + + return &obj, nil +} diff --git a/fortios/resource_firewall_policy.go b/fortios/resource_firewall_policy.go index 2303f1bbd..a56e120c9 100644 --- a/fortios/resource_firewall_policy.go +++ b/fortios/resource_firewall_policy.go @@ -994,6 +994,11 @@ func resourceFirewallPolicy() *schema.Resource { Optional: true, Computed: true, }, + "port_preserve": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "ippool": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -3494,6 +3499,10 @@ func flattenFirewallPolicyFixedport(v interface{}, d *schema.ResourceData, pre s return v } +func flattenFirewallPolicyPortPreserve(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallPolicyIppool(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -5288,6 +5297,12 @@ func refreshObjectFirewallPolicy(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("port_preserve", flattenFirewallPolicyPortPreserve(o["port-preserve"], d, "port_preserve", sv)); err != nil { + if !fortiAPIPatch(o["port-preserve"]) { + return fmt.Errorf("Error reading port_preserve: %v", err) + } + } + if err = d.Set("ippool", flattenFirewallPolicyIppool(o["ippool"], d, "ippool", sv)); err != nil { if !fortiAPIPatch(o["ippool"]) { return fmt.Errorf("Error reading ippool: %v", err) @@ -7212,6 +7227,10 @@ func expandFirewallPolicyFixedport(d *schema.ResourceData, v interface{}, pre st return v, nil } +func expandFirewallPolicyPortPreserve(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallPolicyIppool(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8932,6 +8951,15 @@ func getObjectFirewallPolicy(d *schema.ResourceData, sv string) (*map[string]int } } + if v, ok := d.GetOk("port_preserve"); ok { + t, err := expandFirewallPolicyPortPreserve(d, v, "port_preserve", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["port-preserve"] = t + } + } + if v, ok := d.GetOk("ippool"); ok { t, err := expandFirewallPolicyIppool(d, v, "ippool", sv) if err != nil { diff --git a/fortios/resource_firewall_sslsshprofile.go b/fortios/resource_firewall_sslsshprofile.go index c37052c3e..070b9e187 100644 --- a/fortios/resource_firewall_sslsshprofile.go +++ b/fortios/resource_firewall_sslsshprofile.go @@ -128,6 +128,11 @@ func resourceFirewallSslSshProfile() *schema.Resource { Optional: true, Computed: true, }, + "encrypted_client_hello": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "min_allowed_ssl_version": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -233,6 +238,11 @@ func resourceFirewallSslSshProfile() *schema.Resource { Optional: true, Computed: true, }, + "encrypted_client_hello": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "min_allowed_ssl_version": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -795,6 +805,26 @@ func resourceFirewallSslSshProfile() *schema.Resource { }, }, }, + "ech_outer_sni": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, + "sni": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 255), + Optional: true, + Computed: true, + }, + }, + }, + }, "server_cert_mode": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1212,6 +1242,11 @@ func flattenFirewallSslSshProfileSsl(v interface{}, d *schema.ResourceData, pre result["cert_probe_failure"] = flattenFirewallSslSshProfileSslCertProbeFailure(i["cert-probe-failure"], d, pre_append, sv) } + pre_append = pre + ".0." + "encrypted_client_hello" + if _, ok := i["encrypted-client-hello"]; ok { + result["encrypted_client_hello"] = flattenFirewallSslSshProfileSslEncryptedClientHello(i["encrypted-client-hello"], d, pre_append, sv) + } + pre_append = pre + ".0." + "min_allowed_ssl_version" if _, ok := i["min-allowed-ssl-version"]; ok { result["min_allowed_ssl_version"] = flattenFirewallSslSshProfileSslMinAllowedSslVersion(i["min-allowed-ssl-version"], d, pre_append, sv) @@ -1281,6 +1316,10 @@ func flattenFirewallSslSshProfileSslCertProbeFailure(v interface{}, d *schema.Re return v } +func flattenFirewallSslSshProfileSslEncryptedClientHello(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSslSshProfileSslMinAllowedSslVersion(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1384,6 +1423,11 @@ func flattenFirewallSslSshProfileHttps(v interface{}, d *schema.ResourceData, pr result["cert_probe_failure"] = flattenFirewallSslSshProfileHttpsCertProbeFailure(i["cert-probe-failure"], d, pre_append, sv) } + pre_append = pre + ".0." + "encrypted_client_hello" + if _, ok := i["encrypted-client-hello"]; ok { + result["encrypted_client_hello"] = flattenFirewallSslSshProfileHttpsEncryptedClientHello(i["encrypted-client-hello"], d, pre_append, sv) + } + pre_append = pre + ".0." + "min_allowed_ssl_version" if _, ok := i["min-allowed-ssl-version"]; ok { result["min_allowed_ssl_version"] = flattenFirewallSslSshProfileHttpsMinAllowedSslVersion(i["min-allowed-ssl-version"], d, pre_append, sv) @@ -1465,6 +1509,10 @@ func flattenFirewallSslSshProfileHttpsCertProbeFailure(v interface{}, d *schema. return v } +func flattenFirewallSslSshProfileHttpsEncryptedClientHello(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSslSshProfileHttpsMinAllowedSslVersion(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2424,6 +2472,57 @@ func flattenFirewallSslSshProfileSslExemptRegex(v interface{}, d *schema.Resourc return v } +func flattenFirewallSslSshProfileEchOuterSni(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if cur_v, ok := i["name"]; ok { + tmp["name"] = flattenFirewallSslSshProfileEchOuterSniName(cur_v, d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "sni" + if cur_v, ok := i["sni"]; ok { + tmp["sni"] = flattenFirewallSslSshProfileEchOuterSniSni(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "name", d) + return result +} + +func flattenFirewallSslSshProfileEchOuterSniName(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenFirewallSslSshProfileEchOuterSniSni(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallSslSshProfileServerCertMode(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2836,6 +2935,22 @@ func refreshObjectFirewallSslSshProfile(d *schema.ResourceData, o map[string]int } } + if b_get_all_tables { + if err = d.Set("ech_outer_sni", flattenFirewallSslSshProfileEchOuterSni(o["ech-outer-sni"], d, "ech_outer_sni", sv)); err != nil { + if !fortiAPIPatch(o["ech-outer-sni"]) { + return fmt.Errorf("Error reading ech_outer_sni: %v", err) + } + } + } else { + if _, ok := d.GetOk("ech_outer_sni"); ok { + if err = d.Set("ech_outer_sni", flattenFirewallSslSshProfileEchOuterSni(o["ech-outer-sni"], d, "ech_outer_sni", sv)); err != nil { + if !fortiAPIPatch(o["ech-outer-sni"]) { + return fmt.Errorf("Error reading ech_outer_sni: %v", err) + } + } + } + } + if err = d.Set("server_cert_mode", flattenFirewallSslSshProfileServerCertMode(o["server-cert-mode"], d, "server_cert_mode", sv)); err != nil { if !fortiAPIPatch(o["server-cert-mode"]) { return fmt.Errorf("Error reading server_cert_mode: %v", err) @@ -3068,6 +3183,10 @@ func expandFirewallSslSshProfileSsl(d *schema.ResourceData, v interface{}, pre s if _, ok := d.GetOk(pre_append); ok { result["cert-probe-failure"], _ = expandFirewallSslSshProfileSslCertProbeFailure(d, i["cert_probe_failure"], pre_append, sv) } + pre_append = pre + ".0." + "encrypted_client_hello" + if _, ok := d.GetOk(pre_append); ok { + result["encrypted-client-hello"], _ = expandFirewallSslSshProfileSslEncryptedClientHello(d, i["encrypted_client_hello"], pre_append, sv) + } pre_append = pre + ".0." + "min_allowed_ssl_version" if _, ok := d.GetOk(pre_append); ok { result["min-allowed-ssl-version"], _ = expandFirewallSslSshProfileSslMinAllowedSslVersion(d, i["min_allowed_ssl_version"], pre_append, sv) @@ -3136,6 +3255,10 @@ func expandFirewallSslSshProfileSslCertProbeFailure(d *schema.ResourceData, v in return v, nil } +func expandFirewallSslSshProfileSslEncryptedClientHello(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSslSshProfileSslMinAllowedSslVersion(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3222,6 +3345,10 @@ func expandFirewallSslSshProfileHttps(d *schema.ResourceData, v interface{}, pre if _, ok := d.GetOk(pre_append); ok { result["cert-probe-failure"], _ = expandFirewallSslSshProfileHttpsCertProbeFailure(d, i["cert_probe_failure"], pre_append, sv) } + pre_append = pre + ".0." + "encrypted_client_hello" + if _, ok := d.GetOk(pre_append); ok { + result["encrypted-client-hello"], _ = expandFirewallSslSshProfileHttpsEncryptedClientHello(d, i["encrypted_client_hello"], pre_append, sv) + } pre_append = pre + ".0." + "min_allowed_ssl_version" if _, ok := d.GetOk(pre_append); ok { result["min-allowed-ssl-version"], _ = expandFirewallSslSshProfileHttpsMinAllowedSslVersion(d, i["min_allowed_ssl_version"], pre_append, sv) @@ -3302,6 +3429,10 @@ func expandFirewallSslSshProfileHttpsCertProbeFailure(d *schema.ResourceData, v return v, nil } +func expandFirewallSslSshProfileHttpsEncryptedClientHello(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSslSshProfileHttpsMinAllowedSslVersion(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4171,6 +4302,46 @@ func expandFirewallSslSshProfileSslExemptRegex(d *schema.ResourceData, v interfa return v, nil } +func expandFirewallSslSshProfileEchOuterSni(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "name" + if _, ok := d.GetOk(pre_append); ok { + tmp["name"], _ = expandFirewallSslSshProfileEchOuterSniName(d, i["name"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "sni" + if _, ok := d.GetOk(pre_append); ok { + tmp["sni"], _ = expandFirewallSslSshProfileEchOuterSniSni(d, i["sni"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandFirewallSslSshProfileEchOuterSniName(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandFirewallSslSshProfileEchOuterSniSni(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallSslSshProfileServerCertMode(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4521,6 +4692,15 @@ func getObjectFirewallSslSshProfile(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("ech_outer_sni"); ok || d.HasChange("ech_outer_sni") { + t, err := expandFirewallSslSshProfileEchOuterSni(d, v, "ech_outer_sni", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ech-outer-sni"] = t + } + } + if v, ok := d.GetOk("server_cert_mode"); ok { t, err := expandFirewallSslSshProfileServerCertMode(d, v, "server_cert_mode", sv) if err != nil { diff --git a/fortios/resource_firewall_vip.go b/fortios/resource_firewall_vip.go index 68e930f5e..859d30c58 100644 --- a/fortios/resource_firewall_vip.go +++ b/fortios/resource_firewall_vip.go @@ -88,6 +88,11 @@ func resourceFirewallVip() *schema.Resource { }, }, }, + "src_vip_filter": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "service": &schema.Schema{ Type: schema.TypeSet, Optional: true, @@ -1001,6 +1006,10 @@ func flattenFirewallVipSrcFilterRange(v interface{}, d *schema.ResourceData, pre return v } +func flattenFirewallVipSrcVipFilter(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallVipService(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -2028,6 +2037,12 @@ func refreshObjectFirewallVip(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("src_vip_filter", flattenFirewallVipSrcVipFilter(o["src-vip-filter"], d, "src_vip_filter", sv)); err != nil { + if !fortiAPIPatch(o["src-vip-filter"]) { + return fmt.Errorf("Error reading src_vip_filter: %v", err) + } + } + if b_get_all_tables { if err = d.Set("service", flattenFirewallVipService(o["service"], d, "service", sv)); err != nil { if !fortiAPIPatch(o["service"]) { @@ -2748,6 +2763,10 @@ func expandFirewallVipSrcFilterRange(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandFirewallVipSrcVipFilter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallVipService(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.(*schema.Set).List() result := make([]map[string]interface{}, 0, len(l)) @@ -3662,6 +3681,15 @@ func getObjectFirewallVip(d *schema.ResourceData, sv string) (*map[string]interf } } + if v, ok := d.GetOk("src_vip_filter"); ok { + t, err := expandFirewallVipSrcVipFilter(d, v, "src_vip_filter", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["src-vip-filter"] = t + } + } + if v, ok := d.GetOk("service"); ok || d.HasChange("service") { t, err := expandFirewallVipService(d, v, "service", sv) if err != nil { diff --git a/fortios/resource_firewall_vip6.go b/fortios/resource_firewall_vip6.go index cc8cb500f..48566fe0f 100644 --- a/fortios/resource_firewall_vip6.go +++ b/fortios/resource_firewall_vip6.go @@ -77,6 +77,11 @@ func resourceFirewallVip6() *schema.Resource { }, }, }, + "src_vip_filter": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "extip": &schema.Schema{ Type: schema.TypeString, Required: true, @@ -850,6 +855,10 @@ func flattenFirewallVip6SrcFilterRange(v interface{}, d *schema.ResourceData, pr return v } +func flattenFirewallVip6SrcVipFilter(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenFirewallVip6Extip(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1596,6 +1605,12 @@ func refreshObjectFirewallVip6(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("src_vip_filter", flattenFirewallVip6SrcVipFilter(o["src-vip-filter"], d, "src_vip_filter", sv)); err != nil { + if !fortiAPIPatch(o["src-vip-filter"]) { + return fmt.Errorf("Error reading src_vip_filter: %v", err) + } + } + if err = d.Set("extip", flattenFirewallVip6Extip(o["extip"], d, "extip", sv)); err != nil { if !fortiAPIPatch(o["extip"]) { return fmt.Errorf("Error reading extip: %v", err) @@ -2180,6 +2195,10 @@ func expandFirewallVip6SrcFilterRange(d *schema.ResourceData, v interface{}, pre return v, nil } +func expandFirewallVip6SrcVipFilter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandFirewallVip6Extip(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -2874,6 +2893,15 @@ func getObjectFirewallVip6(d *schema.ResourceData, sv string) (*map[string]inter } } + if v, ok := d.GetOk("src_vip_filter"); ok { + t, err := expandFirewallVip6SrcVipFilter(d, v, "src_vip_filter", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["src-vip-filter"] = t + } + } + if v, ok := d.GetOk("extip"); ok { t, err := expandFirewallVip6Extip(d, v, "extip", sv) if err != nil { diff --git a/fortios/resource_router_bgp.go b/fortios/resource_router_bgp.go index 8649be928..95c732a7f 100644 --- a/fortios/resource_router_bgp.go +++ b/fortios/resource_router_bgp.go @@ -1909,6 +1909,12 @@ func resourceRouterBgp() *schema.Resource { Optional: true, Computed: true, }, + "remote_as_filter": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, "local_as": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -5396,6 +5402,11 @@ func flattenRouterBgpNeighborGroup(v interface{}, d *schema.ResourceData, pre st } } + pre_append = pre + "." + strconv.Itoa(con) + "." + "remote_as_filter" + if cur_v, ok := i["remote-as-filter"]; ok { + tmp["remote_as_filter"] = flattenRouterBgpNeighborGroupRemoteAsFilter(cur_v, d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "local_as" if cur_v, ok := i["local-as"]; ok { v := flattenRouterBgpNeighborGroupLocalAs(cur_v, d, pre_append, sv) @@ -6089,6 +6100,10 @@ func flattenRouterBgpNeighborGroupRemoteAs(v interface{}, d *schema.ResourceData return v } +func flattenRouterBgpNeighborGroupRemoteAsFilter(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenRouterBgpNeighborGroupLocalAs(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -10614,6 +10629,11 @@ func expandRouterBgpNeighborGroup(d *schema.ResourceData, v interface{}, pre str } } + pre_append = pre + "." + strconv.Itoa(con) + "." + "remote_as_filter" + if _, ok := d.GetOk(pre_append); ok { + tmp["remote-as-filter"], _ = expandRouterBgpNeighborGroupRemoteAsFilter(d, i["remote_as_filter"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "local_as" if _, ok := d.GetOk(pre_append); ok { @@ -11299,6 +11319,10 @@ func expandRouterBgpNeighborGroupRemoteAs(d *schema.ResourceData, v interface{}, return v, nil } +func expandRouterBgpNeighborGroupRemoteAsFilter(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandRouterBgpNeighborGroupLocalAs(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_switchcontroller_dynamicportpolicy.go b/fortios/resource_switchcontroller_dynamicportpolicy.go index bc0f59102..da73c15e3 100644 --- a/fortios/resource_switchcontroller_dynamicportpolicy.go +++ b/fortios/resource_switchcontroller_dynamicportpolicy.go @@ -82,6 +82,17 @@ func resourceSwitchControllerDynamicPortPolicy() *schema.Resource { Optional: true, Computed: true, }, + "match_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "match_period": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 120), + Optional: true, + Computed: true, + }, "interface_tags": &schema.Schema{ Type: schema.TypeSet, Optional: true, @@ -379,6 +390,16 @@ func flattenSwitchControllerDynamicPortPolicyPolicy(v interface{}, d *schema.Res tmp["category"] = flattenSwitchControllerDynamicPortPolicyPolicyCategory(cur_v, d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_type" + if cur_v, ok := i["match-type"]; ok { + tmp["match_type"] = flattenSwitchControllerDynamicPortPolicyPolicyMatchType(cur_v, d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_period" + if cur_v, ok := i["match-period"]; ok { + tmp["match_period"] = flattenSwitchControllerDynamicPortPolicyPolicyMatchPeriod(cur_v, d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface_tags" if cur_v, ok := i["interface-tags"]; ok { tmp["interface_tags"] = flattenSwitchControllerDynamicPortPolicyPolicyInterfaceTags(cur_v, d, pre_append, sv) @@ -459,6 +480,14 @@ func flattenSwitchControllerDynamicPortPolicyPolicyCategory(v interface{}, d *sc return v } +func flattenSwitchControllerDynamicPortPolicyPolicyMatchType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerDynamicPortPolicyPolicyMatchPeriod(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerDynamicPortPolicyPolicyInterfaceTags(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -639,6 +668,16 @@ func expandSwitchControllerDynamicPortPolicyPolicy(d *schema.ResourceData, v int tmp["category"], _ = expandSwitchControllerDynamicPortPolicyPolicyCategory(d, i["category"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_type" + if _, ok := d.GetOk(pre_append); ok { + tmp["match-type"], _ = expandSwitchControllerDynamicPortPolicyPolicyMatchType(d, i["match_type"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "match_period" + if _, ok := d.GetOk(pre_append); ok { + tmp["match-period"], _ = expandSwitchControllerDynamicPortPolicyPolicyMatchPeriod(d, i["match_period"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "interface_tags" if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { tmp["interface-tags"], _ = expandSwitchControllerDynamicPortPolicyPolicyInterfaceTags(d, i["interface_tags"], pre_append, sv) @@ -720,6 +759,14 @@ func expandSwitchControllerDynamicPortPolicyPolicyCategory(d *schema.ResourceDat return v, nil } +func expandSwitchControllerDynamicPortPolicyPolicyMatchType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerDynamicPortPolicyPolicyMatchPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerDynamicPortPolicyPolicyInterfaceTags(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.(*schema.Set).List() result := make([]map[string]interface{}, 0, len(l)) diff --git a/fortios/resource_switchcontroller_managedswitch.go b/fortios/resource_switchcontroller_managedswitch.go index 48b5ae4e3..ca05d10f2 100644 --- a/fortios/resource_switchcontroller_managedswitch.go +++ b/fortios/resource_switchcontroller_managedswitch.go @@ -916,6 +916,11 @@ func resourceSwitchControllerManagedSwitch() *schema.Resource { Optional: true, Computed: true, }, + "allow_arp_monitor": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "port_selection_criteria": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -978,6 +983,12 @@ func resourceSwitchControllerManagedSwitch() *schema.Resource { }, }, }, + "fallback_port": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, }, }, }, @@ -2701,6 +2712,11 @@ func flattenSwitchControllerManagedSwitchPorts(v interface{}, d *schema.Resource tmp["mac_addr"] = flattenSwitchControllerManagedSwitchPortsMacAddr(cur_v, d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "allow_arp_monitor" + if cur_v, ok := i["allow-arp-monitor"]; ok { + tmp["allow_arp_monitor"] = flattenSwitchControllerManagedSwitchPortsAllowArpMonitor(cur_v, d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "port_selection_criteria" if cur_v, ok := i["port-selection-criteria"]; ok { tmp["port_selection_criteria"] = flattenSwitchControllerManagedSwitchPortsPortSelectionCriteria(cur_v, d, pre_append, sv) @@ -2751,6 +2767,11 @@ func flattenSwitchControllerManagedSwitchPorts(v interface{}, d *schema.Resource tmp["members"] = flattenSwitchControllerManagedSwitchPortsMembers(cur_v, d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "fallback_port" + if cur_v, ok := i["fallback-port"]; ok { + tmp["fallback_port"] = flattenSwitchControllerManagedSwitchPortsFallbackPort(cur_v, d, pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -3428,6 +3449,10 @@ func flattenSwitchControllerManagedSwitchPortsMacAddr(v interface{}, d *schema.R return v } +func flattenSwitchControllerManagedSwitchPortsAllowArpMonitor(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerManagedSwitchPortsPortSelectionCriteria(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3506,6 +3531,10 @@ func flattenSwitchControllerManagedSwitchPortsMembersMemberName(v interface{}, d return v } +func flattenSwitchControllerManagedSwitchPortsFallbackPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSwitchControllerManagedSwitchIpSourceGuard(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -6444,6 +6473,11 @@ func expandSwitchControllerManagedSwitchPorts(d *schema.ResourceData, v interfac tmp["mac-addr"], _ = expandSwitchControllerManagedSwitchPortsMacAddr(d, i["mac_addr"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "allow_arp_monitor" + if _, ok := d.GetOk(pre_append); ok { + tmp["allow-arp-monitor"], _ = expandSwitchControllerManagedSwitchPortsAllowArpMonitor(d, i["allow_arp_monitor"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "port_selection_criteria" if _, ok := d.GetOk(pre_append); ok { tmp["port-selection-criteria"], _ = expandSwitchControllerManagedSwitchPortsPortSelectionCriteria(d, i["port_selection_criteria"], pre_append, sv) @@ -6496,6 +6530,11 @@ func expandSwitchControllerManagedSwitchPorts(d *schema.ResourceData, v interfac tmp["members"] = make([]string, 0) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "fallback_port" + if _, ok := d.GetOk(pre_append); ok { + tmp["fallback-port"], _ = expandSwitchControllerManagedSwitchPortsFallbackPort(d, i["fallback_port"], pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -7077,6 +7116,10 @@ func expandSwitchControllerManagedSwitchPortsMacAddr(d *schema.ResourceData, v i return v, nil } +func expandSwitchControllerManagedSwitchPortsAllowArpMonitor(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerManagedSwitchPortsPortSelectionCriteria(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -7141,6 +7184,10 @@ func expandSwitchControllerManagedSwitchPortsMembersMemberName(d *schema.Resourc return v, nil } +func expandSwitchControllerManagedSwitchPortsFallbackPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSwitchControllerManagedSwitchIpSourceGuard(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) diff --git a/fortios/resource_switchcontrollersecuritypolicy_8021X.go b/fortios/resource_switchcontrollersecuritypolicy_8021X.go index 57de449a1..ce332be7d 100644 --- a/fortios/resource_switchcontrollersecuritypolicy_8021X.go +++ b/fortios/resource_switchcontrollersecuritypolicy_8021X.go @@ -154,6 +154,22 @@ func resourceSwitchControllerSecurityPolicy8021X() *schema.Resource { Optional: true, Computed: true, }, + "authserver_timeout_tagged": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "authserver_timeout_tagged_vlanid": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + Optional: true, + Computed: true, + }, + "dacl": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -437,6 +453,18 @@ func flattenSwitchControllerSecurityPolicy8021XAuthserverTimeoutVlanid(v interfa return v } +func flattenSwitchControllerSecurityPolicy8021XAuthserverTimeoutTagged(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerSecurityPolicy8021XAuthserverTimeoutTaggedVlanid(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSwitchControllerSecurityPolicy8021XDacl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectSwitchControllerSecurityPolicy8021X(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -576,6 +604,24 @@ func refreshObjectSwitchControllerSecurityPolicy8021X(d *schema.ResourceData, o } } + if err = d.Set("authserver_timeout_tagged", flattenSwitchControllerSecurityPolicy8021XAuthserverTimeoutTagged(o["authserver-timeout-tagged"], d, "authserver_timeout_tagged", sv)); err != nil { + if !fortiAPIPatch(o["authserver-timeout-tagged"]) { + return fmt.Errorf("Error reading authserver_timeout_tagged: %v", err) + } + } + + if err = d.Set("authserver_timeout_tagged_vlanid", flattenSwitchControllerSecurityPolicy8021XAuthserverTimeoutTaggedVlanid(o["authserver-timeout-tagged-vlanid"], d, "authserver_timeout_tagged_vlanid", sv)); err != nil { + if !fortiAPIPatch(o["authserver-timeout-tagged-vlanid"]) { + return fmt.Errorf("Error reading authserver_timeout_tagged_vlanid: %v", err) + } + } + + if err = d.Set("dacl", flattenSwitchControllerSecurityPolicy8021XDacl(o["dacl"], d, "dacl", sv)); err != nil { + if !fortiAPIPatch(o["dacl"]) { + return fmt.Errorf("Error reading dacl: %v", err) + } + } + return nil } @@ -689,6 +735,18 @@ func expandSwitchControllerSecurityPolicy8021XAuthserverTimeoutVlanid(d *schema. return v, nil } +func expandSwitchControllerSecurityPolicy8021XAuthserverTimeoutTagged(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerSecurityPolicy8021XAuthserverTimeoutTaggedVlanid(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSwitchControllerSecurityPolicy8021XDacl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectSwitchControllerSecurityPolicy8021X(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -872,5 +930,32 @@ func getObjectSwitchControllerSecurityPolicy8021X(d *schema.ResourceData, sv str } } + if v, ok := d.GetOk("authserver_timeout_tagged"); ok { + t, err := expandSwitchControllerSecurityPolicy8021XAuthserverTimeoutTagged(d, v, "authserver_timeout_tagged", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["authserver-timeout-tagged"] = t + } + } + + if v, ok := d.GetOk("authserver_timeout_tagged_vlanid"); ok { + t, err := expandSwitchControllerSecurityPolicy8021XAuthserverTimeoutTaggedVlanid(d, v, "authserver_timeout_tagged_vlanid", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["authserver-timeout-tagged-vlanid"] = t + } + } + + if v, ok := d.GetOk("dacl"); ok { + t, err := expandSwitchControllerSecurityPolicy8021XDacl(d, v, "dacl", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["dacl"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_system_accprofile.go b/fortios/resource_system_accprofile.go index 8a4a1c90a..33d8a42b1 100644 --- a/fortios/resource_system_accprofile.go +++ b/fortios/resource_system_accprofile.go @@ -254,6 +254,11 @@ func resourceSystemAccprofile() *schema.Resource { Optional: true, Computed: true, }, + "dlp": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "data_leak_prevention": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -814,6 +819,11 @@ func flattenSystemAccprofileUtmgrpPermission(v interface{}, d *schema.ResourceDa result["emailfilter"] = flattenSystemAccprofileUtmgrpPermissionEmailfilter(i["emailfilter"], d, pre_append, sv) } + pre_append = pre + ".0." + "dlp" + if _, ok := i["dlp"]; ok { + result["dlp"] = flattenSystemAccprofileUtmgrpPermissionDlp(i["dlp"], d, pre_append, sv) + } + pre_append = pre + ".0." + "data_leak_prevention" if _, ok := i["data-leak-prevention"]; ok { result["data_leak_prevention"] = flattenSystemAccprofileUtmgrpPermissionDataLeakPrevention(i["data-leak-prevention"], d, pre_append, sv) @@ -899,6 +909,10 @@ func flattenSystemAccprofileUtmgrpPermissionEmailfilter(v interface{}, d *schema return v } +func flattenSystemAccprofileUtmgrpPermissionDlp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemAccprofileUtmgrpPermissionDataLeakPrevention(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1499,6 +1513,10 @@ func expandSystemAccprofileUtmgrpPermission(d *schema.ResourceData, v interface{ if _, ok := d.GetOk(pre_append); ok { result["emailfilter"], _ = expandSystemAccprofileUtmgrpPermissionEmailfilter(d, i["emailfilter"], pre_append, sv) } + pre_append = pre + ".0." + "dlp" + if _, ok := d.GetOk(pre_append); ok { + result["dlp"], _ = expandSystemAccprofileUtmgrpPermissionDlp(d, i["dlp"], pre_append, sv) + } pre_append = pre + ".0." + "data_leak_prevention" if _, ok := d.GetOk(pre_append); ok { result["data-leak-prevention"], _ = expandSystemAccprofileUtmgrpPermissionDataLeakPrevention(d, i["data_leak_prevention"], pre_append, sv) @@ -1571,6 +1589,10 @@ func expandSystemAccprofileUtmgrpPermissionEmailfilter(d *schema.ResourceData, v return v, nil } +func expandSystemAccprofileUtmgrpPermissionDlp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemAccprofileUtmgrpPermissionDataLeakPrevention(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_system_automationstitch.go b/fortios/resource_system_automationstitch.go index 33b18ee8d..a36125713 100644 --- a/fortios/resource_system_automationstitch.go +++ b/fortios/resource_system_automationstitch.go @@ -482,35 +482,39 @@ func refreshObjectSystemAutomationStitch(d *schema.ResourceData, o map[string]in } } - if b_get_all_tables { - if err = d.Set("actions", flattenSystemAutomationStitchActions(o["actions"], d, "actions", sv)); err != nil { - if !fortiAPIPatch(o["actions"]) { - return fmt.Errorf("Error reading actions: %v", err) - } - } - } else { - if _, ok := d.GetOk("actions"); ok { + if _, ok := o["actions"].([]interface{}); ok { + if b_get_all_tables { if err = d.Set("actions", flattenSystemAutomationStitchActions(o["actions"], d, "actions", sv)); err != nil { if !fortiAPIPatch(o["actions"]) { return fmt.Errorf("Error reading actions: %v", err) } } + } else { + if _, ok := d.GetOk("actions"); ok { + if err = d.Set("actions", flattenSystemAutomationStitchActions(o["actions"], d, "actions", sv)); err != nil { + if !fortiAPIPatch(o["actions"]) { + return fmt.Errorf("Error reading actions: %v", err) + } + } + } } } - if b_get_all_tables { - if err = d.Set("action", flattenSystemAutomationStitchAction(o["action"], d, "action", sv)); err != nil { - if !fortiAPIPatch(o["action"]) { - return fmt.Errorf("Error reading action: %v", err) - } - } - } else { - if _, ok := d.GetOk("action"); ok { + if _, ok := o["action"].([]interface{}); ok { + if b_get_all_tables { if err = d.Set("action", flattenSystemAutomationStitchAction(o["action"], d, "action", sv)); err != nil { if !fortiAPIPatch(o["action"]) { return fmt.Errorf("Error reading action: %v", err) } } + } else { + if _, ok := d.GetOk("action"); ok { + if err = d.Set("action", flattenSystemAutomationStitchAction(o["action"], d, "action", sv)); err != nil { + if !fortiAPIPatch(o["action"]) { + return fmt.Errorf("Error reading action: %v", err) + } + } + } } } @@ -709,20 +713,40 @@ func getObjectSystemAutomationStitch(d *schema.ResourceData, sv string) (*map[st } if v, ok := d.GetOk("actions"); ok || d.HasChange("actions") { - t, err := expandSystemAutomationStitchActions(d, v, "actions", sv) - if err != nil { - return &obj, err - } else if t != nil { - obj["actions"] = t + new_version_map := map[string][]string{ + ">=": []string{"7.0.1"}, + } + if versionMatch, err := checkVersionMatch(sv, new_version_map); !versionMatch { + if _, ok := d.GetOk("action"); !ok && !d.HasChange("action") { + err := fmt.Errorf("Argument 'actions' %s.", err) + return nil, err + } + } else { + t, err := expandSystemAutomationStitchActions(d, v, "actions", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["actions"] = t + } } } if v, ok := d.GetOk("action"); ok || d.HasChange("action") { - t, err := expandSystemAutomationStitchAction(d, v, "action", sv) - if err != nil { - return &obj, err - } else if t != nil { - obj["action"] = t + new_version_map := map[string][]string{ + "<=": []string{"7.0.0"}, + } + if versionMatch, err := checkVersionMatch(sv, new_version_map); !versionMatch { + if _, ok := d.GetOk("actions"); !ok && !d.HasChange("actions") { + err := fmt.Errorf("Argument 'action' %s.", err) + return nil, err + } + } else { + t, err := expandSystemAutomationStitchAction(d, v, "action", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["action"] = t + } } } diff --git a/fortios/resource_system_global.go b/fortios/resource_system_global.go index 3772b3178..43f6e1826 100644 --- a/fortios/resource_system_global.go +++ b/fortios/resource_system_global.go @@ -867,6 +867,12 @@ func resourceSystemGlobal() *schema.Resource { Optional: true, Computed: true, }, + "dhcp_lease_backup_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(10, 3600), + Optional: true, + Computed: true, + }, "wifi_ca_certificate": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 79), @@ -1383,19 +1389,19 @@ func resourceSystemGlobal() *schema.Resource { }, "user_device_store_max_devices": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(10455, 240381), + ValidateFunc: validation.IntBetween(10451, 240381), Optional: true, Computed: true, }, "user_device_store_max_users": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(10455, 240381), + ValidateFunc: validation.IntBetween(10451, 240381), Optional: true, Computed: true, }, "user_device_store_max_unified_mem": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(20910899, 1682668748), + ValidateFunc: validation.IntBetween(20903936, 1682668748), Optional: true, Computed: true, }, @@ -2334,6 +2340,10 @@ func flattenSystemGlobalWifiCertificate(v interface{}, d *schema.ResourceData, p return v } +func flattenSystemGlobalDhcpLeaseBackupInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemGlobalWifiCaCertificate(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3850,6 +3860,12 @@ func refreshObjectSystemGlobal(d *schema.ResourceData, o map[string]interface{}, } } + if err = d.Set("dhcp_lease_backup_interval", flattenSystemGlobalDhcpLeaseBackupInterval(o["dhcp-lease-backup-interval"], d, "dhcp_lease_backup_interval", sv)); err != nil { + if !fortiAPIPatch(o["dhcp-lease-backup-interval"]) { + return fmt.Errorf("Error reading dhcp_lease_backup_interval: %v", err) + } + } + if err = d.Set("wifi_ca_certificate", flattenSystemGlobalWifiCaCertificate(o["wifi-ca-certificate"], d, "wifi_ca_certificate", sv)); err != nil { if !fortiAPIPatch(o["wifi-ca-certificate"]) { return fmt.Errorf("Error reading wifi_ca_certificate: %v", err) @@ -5277,6 +5293,10 @@ func expandSystemGlobalWifiCertificate(d *schema.ResourceData, v interface{}, pr return v, nil } +func expandSystemGlobalDhcpLeaseBackupInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemGlobalWifiCaCertificate(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -7865,6 +7885,19 @@ func getObjectSystemGlobal(d *schema.ResourceData, setArgNil bool, sv string) (* } } + if v, ok := d.GetOk("dhcp_lease_backup_interval"); ok { + if setArgNil { + obj["dhcp-lease-backup-interval"] = nil + } else { + t, err := expandSystemGlobalDhcpLeaseBackupInterval(d, v, "dhcp_lease_backup_interval", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["dhcp-lease-backup-interval"] = t + } + } + } + if v, ok := d.GetOk("wifi_ca_certificate"); ok { if setArgNil { obj["wifi-ca-certificate"] = nil diff --git a/fortios/resource_system_interface.go b/fortios/resource_system_interface.go index 4e6b70c99..bf306586e 100644 --- a/fortios/resource_system_interface.go +++ b/fortios/resource_system_interface.go @@ -171,6 +171,11 @@ func resourceSystemInterface() *schema.Resource { Optional: true, Computed: true, }, + "dhcp_relay_allow_no_end_option": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dhcp_relay_type": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -2278,6 +2283,10 @@ func flattenSystemInterfaceDhcpRelayRequestAllServer(v interface{}, d *schema.Re return v } +func flattenSystemInterfaceDhcpRelayAllowNoEndOption(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemInterfaceDhcpRelayType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4792,6 +4801,12 @@ func refreshObjectSystemInterface(d *schema.ResourceData, o map[string]interface } } + if err = d.Set("dhcp_relay_allow_no_end_option", flattenSystemInterfaceDhcpRelayAllowNoEndOption(o["dhcp-relay-allow-no-end-option"], d, "dhcp_relay_allow_no_end_option", sv)); err != nil { + if !fortiAPIPatch(o["dhcp-relay-allow-no-end-option"]) { + return fmt.Errorf("Error reading dhcp_relay_allow_no_end_option: %v", err) + } + } + if err = d.Set("dhcp_relay_type", flattenSystemInterfaceDhcpRelayType(o["dhcp-relay-type"], d, "dhcp_relay_type", sv)); err != nil { if !fortiAPIPatch(o["dhcp-relay-type"]) { return fmt.Errorf("Error reading dhcp_relay_type: %v", err) @@ -6266,6 +6281,10 @@ func expandSystemInterfaceDhcpRelayRequestAllServer(d *schema.ResourceData, v in return v, nil } +func expandSystemInterfaceDhcpRelayAllowNoEndOption(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemInterfaceDhcpRelayType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8570,6 +8589,15 @@ func getObjectSystemInterface(d *schema.ResourceData, sv string) (*map[string]in } } + if v, ok := d.GetOk("dhcp_relay_allow_no_end_option"); ok { + t, err := expandSystemInterfaceDhcpRelayAllowNoEndOption(d, v, "dhcp_relay_allow_no_end_option", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["dhcp-relay-allow-no-end-option"] = t + } + } + if v, ok := d.GetOk("dhcp_relay_type"); ok { t, err := expandSystemInterfaceDhcpRelayType(d, v, "dhcp_relay_type", sv) if err != nil { diff --git a/fortios/resource_system_ipam.go b/fortios/resource_system_ipam.go index c20ec98c7..0868a2bc7 100644 --- a/fortios/resource_system_ipam.go +++ b/fortios/resource_system_ipam.go @@ -93,6 +93,24 @@ func resourceSystemIpam() *schema.Resource { Optional: true, Computed: true, }, + "exclude": &schema.Schema{ + Type: schema.TypeList, + Optional: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "exclude_subnet": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + }, + }, }, }, }, @@ -368,6 +386,11 @@ func flattenSystemIpamPools(v interface{}, d *schema.ResourceData, pre string, s tmp["subnet"] = flattenSystemIpamPoolsSubnet(cur_v, d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "exclude" + if cur_v, ok := i["exclude"]; ok { + tmp["exclude"] = flattenSystemIpamPoolsExclude(cur_v, d, pre_append, sv) + } + result = append(result, tmp) con += 1 @@ -396,6 +419,64 @@ func flattenSystemIpamPoolsSubnet(v interface{}, d *schema.ResourceData, pre str return v } +func flattenSystemIpamPoolsExclude(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { + if v == nil { + return nil + } + + if _, ok := v.([]interface{}); !ok { + log.Printf("[DEBUG] Argument %v is not type of []interface{}.", pre) + return nil + } + + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil + } + + result := make([]map[string]interface{}, 0, len(l)) + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if cur_v, ok := i["ID"]; ok { + tmp["id"] = flattenSystemIpamPoolsExcludeId(cur_v, d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "exclude_subnet" + if cur_v, ok := i["exclude-subnet"]; ok { + tmp["exclude_subnet"] = flattenSystemIpamPoolsExcludeExcludeSubnet(cur_v, d, pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + dynamic_sort_subtable(result, "id", d) + return result +} + +func flattenSystemIpamPoolsExcludeId(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemIpamPoolsExcludeExcludeSubnet(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + if v1, ok := d.GetOkExists(pre); ok && v != nil { + if s, ok := v1.(string); ok { + v = validateConvIPMask2CIDR(s, v.(string)) + return v + } + } + + return v +} + func flattenSystemIpamRules(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -772,6 +853,13 @@ func expandSystemIpamPools(d *schema.ResourceData, v interface{}, pre string, sv tmp["subnet"], _ = expandSystemIpamPoolsSubnet(d, i["subnet"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "exclude" + if _, ok := d.GetOk(pre_append); ok || d.HasChange(pre_append) { + tmp["exclude"], _ = expandSystemIpamPoolsExclude(d, i["exclude"], pre_append, sv) + } else { + tmp["exclude"] = make([]string, 0) + } + result = append(result, tmp) con += 1 @@ -792,6 +880,46 @@ func expandSystemIpamPoolsSubnet(d *schema.ResourceData, v interface{}, pre stri return v, nil } +func expandSystemIpamPoolsExclude(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + l := v.([]interface{}) + result := make([]map[string]interface{}, 0, len(l)) + + if len(l) == 0 || l[0] == nil { + return result, nil + } + + con := 0 + for _, r := range l { + tmp := make(map[string]interface{}) + i := r.(map[string]interface{}) + pre_append := "" // table + + pre_append = pre + "." + strconv.Itoa(con) + "." + "id" + if _, ok := d.GetOk(pre_append); ok { + tmp["ID"], _ = expandSystemIpamPoolsExcludeId(d, i["id"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "exclude_subnet" + if _, ok := d.GetOk(pre_append); ok { + tmp["exclude-subnet"], _ = expandSystemIpamPoolsExcludeExcludeSubnet(d, i["exclude_subnet"], pre_append, sv) + } + + result = append(result, tmp) + + con += 1 + } + + return result, nil +} + +func expandSystemIpamPoolsExcludeId(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemIpamPoolsExcludeExcludeSubnet(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemIpamRules(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) diff --git a/fortios/resource_system_ntp.go b/fortios/resource_system_ntp.go index d6ae480c6..f6f6c6e8c 100644 --- a/fortios/resource_system_ntp.go +++ b/fortios/resource_system_ntp.go @@ -78,6 +78,11 @@ func resourceSystemNtp() *schema.Resource { Optional: true, Computed: true, }, + "key_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "key": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 59), @@ -342,6 +347,11 @@ func flattenSystemNtpNtpserver(v interface{}, d *schema.ResourceData, pre string tmp["authentication"] = flattenSystemNtpNtpserverAuthentication(cur_v, d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key_type" + if cur_v, ok := i["key-type"]; ok { + tmp["key_type"] = flattenSystemNtpNtpserverKeyType(cur_v, d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key" if cur_v, ok := i["key"]; ok { tmp["key"] = flattenSystemNtpNtpserverKey(cur_v, d, pre_append, sv) @@ -396,6 +406,10 @@ func flattenSystemNtpNtpserverAuthentication(v interface{}, d *schema.ResourceDa return v } +func flattenSystemNtpNtpserverKeyType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenSystemNtpNtpserverKey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -636,6 +650,11 @@ func expandSystemNtpNtpserver(d *schema.ResourceData, v interface{}, pre string, tmp["authentication"], _ = expandSystemNtpNtpserverAuthentication(d, i["authentication"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key_type" + if _, ok := d.GetOk(pre_append); ok { + tmp["key-type"], _ = expandSystemNtpNtpserverKeyType(d, i["key_type"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key" if _, ok := d.GetOk(pre_append); ok { tmp["key"], _ = expandSystemNtpNtpserverKey(d, i["key"], pre_append, sv) @@ -685,6 +704,10 @@ func expandSystemNtpNtpserverAuthentication(d *schema.ResourceData, v interface{ return v, nil } +func expandSystemNtpNtpserverKeyType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandSystemNtpNtpserverKey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } diff --git a/fortios/resource_system_sdwan.go b/fortios/resource_system_sdwan.go index d7ceb7d25..c48b5ccbc 100644 --- a/fortios/resource_system_sdwan.go +++ b/fortios/resource_system_sdwan.go @@ -2050,6 +2050,11 @@ func flattenSystemSdwanHealthCheckSystemDns(v interface{}, d *schema.ResourceDat } func flattenSystemSdwanHealthCheckServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + if temp_v, ok := v.(string); ok { + temp_v = strings.ReplaceAll(temp_v, "\"", "") + var rst_v interface{} = temp_v + return rst_v + } return v } diff --git a/fortios/resource_system_settings.go b/fortios/resource_system_settings.go index 414b233a0..363157393 100644 --- a/fortios/resource_system_settings.go +++ b/fortios/resource_system_settings.go @@ -833,6 +833,11 @@ func resourceSystemSettings() *schema.Resource { Optional: true, Computed: true, }, + "internet_service_app_ctrl_size": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1615,6 +1620,10 @@ func flattenSystemSettingsInternetServiceDatabaseCache(v interface{}, d *schema. return v } +func flattenSystemSettingsInternetServiceAppCtrlSize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectSystemSettings(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -2558,6 +2567,12 @@ func refreshObjectSystemSettings(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("internet_service_app_ctrl_size", flattenSystemSettingsInternetServiceAppCtrlSize(o["internet-service-app-ctrl-size"], d, "internet_service_app_ctrl_size", sv)); err != nil { + if !fortiAPIPatch(o["internet-service-app-ctrl-size"]) { + return fmt.Errorf("Error reading internet_service_app_ctrl_size: %v", err) + } + } + return nil } @@ -3207,6 +3222,10 @@ func expandSystemSettingsInternetServiceDatabaseCache(d *schema.ResourceData, v return v, nil } +func expandSystemSettingsInternetServiceAppCtrlSize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectSystemSettings(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -5212,5 +5231,18 @@ func getObjectSystemSettings(d *schema.ResourceData, setArgNil bool, sv string) } } + if v, ok := d.GetOkExists("internet_service_app_ctrl_size"); ok { + if setArgNil { + obj["internet-service-app-ctrl-size"] = nil + } else { + t, err := expandSystemSettingsInternetServiceAppCtrlSize(d, v, "internet_service_app_ctrl_size", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["internet-service-app-ctrl-size"] = t + } + } + } + return &obj, nil } diff --git a/fortios/resource_system_sshconfig.go b/fortios/resource_system_sshconfig.go new file mode 100644 index 000000000..499cc0204 --- /dev/null +++ b/fortios/resource_system_sshconfig.go @@ -0,0 +1,397 @@ +// Copyright 2020 Fortinet, Inc. All rights reserved. +// Author: Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu) +// Documentation: +// Frank Shen (@frankshen01), Hongbin Lu (@fgtdev-hblu), +// Xing Li (@lix-fortinet), Yue Wang (@yuew-ftnt), Yuffie Zhu (@yuffiezhu) + +// Description: Configure SSH config. + +package fortios + +import ( + "fmt" + "log" + "strconv" + "strings" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +func resourceSystemSshConfig() *schema.Resource { + return &schema.Resource{ + Create: resourceSystemSshConfigUpdate, + Read: resourceSystemSshConfigRead, + Update: resourceSystemSshConfigUpdate, + Delete: resourceSystemSshConfigDelete, + + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + + Schema: map[string]*schema.Schema{ + "vdomparam": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Computed: true, + }, + "ssh_kex_algo": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ssh_enc_algo": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ssh_mac_algo": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ssh_hsk_algo": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ssh_hsk_override": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "ssh_hsk_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 128), + Optional: true, + }, + "ssh_hsk": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + }, + } +} + +func resourceSystemSshConfigUpdate(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + obj, err := getObjectSystemSshConfig(d, false, c.Fv) + if err != nil { + return fmt.Errorf("Error updating SystemSshConfig resource while getting object: %v", err) + } + + o, err := c.UpdateSystemSshConfig(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error updating SystemSshConfig resource: %v", err) + } + + log.Printf(strconv.Itoa(c.Retries)) + if o["mkey"] != nil && o["mkey"] != "" { + d.SetId(o["mkey"].(string)) + } else { + d.SetId("SystemSshConfig") + } + + return resourceSystemSshConfigRead(d, m) +} + +func resourceSystemSshConfigDelete(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + c := m.(*FortiClient).Client + c.Retries = 1 + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } + + obj, err := getObjectSystemSshConfig(d, true, c.Fv) + + if err != nil { + return fmt.Errorf("Error updating SystemSshConfig resource while getting object: %v", err) + } + + _, err = c.UpdateSystemSshConfig(obj, mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error clearing SystemSshConfig resource: %v", err) + } + + d.SetId("") + + return nil +} + +func resourceSystemSshConfigRead(d *schema.ResourceData, m interface{}) error { + mkey := d.Id() + + c := m.(*FortiClient).Client + c.Retries = 1 + + if c.Fv == "" { + err := c.UpdateDeviceVersion() + if err != nil { + return fmt.Errorf("[Warning] Can not update device version: %v", err) + } + } + + vdomparam := "" + + if v, ok := d.GetOk("vdomparam"); ok { + if s, ok := v.(string); ok { + vdomparam = s + } + } else if c.Config.Auth.Vdom != "" { + d.Set("vdomparam", c.Config.Auth.Vdom) + vdomparam = c.Config.Auth.Vdom + } + + o, err := c.ReadSystemSshConfig(mkey, vdomparam) + if err != nil { + return fmt.Errorf("Error reading SystemSshConfig resource: %v", err) + } + + if o == nil { + log.Printf("[WARN] resource (%s) not found, removing from state", d.Id()) + d.SetId("") + return nil + } + + err = refreshObjectSystemSshConfig(d, o, c.Fv) + if err != nil { + return fmt.Errorf("Error reading SystemSshConfig resource from API: %v", err) + } + return nil +} + +func flattenSystemSshConfigSshKexAlgo(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSshConfigSshEncAlgo(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSshConfigSshMacAlgo(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSshConfigSshHskAlgo(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSshConfigSshHskOverride(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSshConfigSshHskPassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenSystemSshConfigSshHsk(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func refreshObjectSystemSshConfig(d *schema.ResourceData, o map[string]interface{}, sv string) error { + var err error + + if err = d.Set("ssh_kex_algo", flattenSystemSshConfigSshKexAlgo(o["ssh-kex-algo"], d, "ssh_kex_algo", sv)); err != nil { + if !fortiAPIPatch(o["ssh-kex-algo"]) { + return fmt.Errorf("Error reading ssh_kex_algo: %v", err) + } + } + + if err = d.Set("ssh_enc_algo", flattenSystemSshConfigSshEncAlgo(o["ssh-enc-algo"], d, "ssh_enc_algo", sv)); err != nil { + if !fortiAPIPatch(o["ssh-enc-algo"]) { + return fmt.Errorf("Error reading ssh_enc_algo: %v", err) + } + } + + if err = d.Set("ssh_mac_algo", flattenSystemSshConfigSshMacAlgo(o["ssh-mac-algo"], d, "ssh_mac_algo", sv)); err != nil { + if !fortiAPIPatch(o["ssh-mac-algo"]) { + return fmt.Errorf("Error reading ssh_mac_algo: %v", err) + } + } + + if err = d.Set("ssh_hsk_algo", flattenSystemSshConfigSshHskAlgo(o["ssh-hsk-algo"], d, "ssh_hsk_algo", sv)); err != nil { + if !fortiAPIPatch(o["ssh-hsk-algo"]) { + return fmt.Errorf("Error reading ssh_hsk_algo: %v", err) + } + } + + if err = d.Set("ssh_hsk_override", flattenSystemSshConfigSshHskOverride(o["ssh-hsk-override"], d, "ssh_hsk_override", sv)); err != nil { + if !fortiAPIPatch(o["ssh-hsk-override"]) { + return fmt.Errorf("Error reading ssh_hsk_override: %v", err) + } + } + + if err = d.Set("ssh_hsk_password", flattenSystemSshConfigSshHskPassword(o["ssh-hsk-password"], d, "ssh_hsk_password", sv)); err != nil { + if !fortiAPIPatch(o["ssh-hsk-password"]) { + return fmt.Errorf("Error reading ssh_hsk_password: %v", err) + } + } + + if err = d.Set("ssh_hsk", flattenSystemSshConfigSshHsk(o["ssh-hsk"], d, "ssh_hsk", sv)); err != nil { + if !fortiAPIPatch(o["ssh-hsk"]) { + return fmt.Errorf("Error reading ssh_hsk: %v", err) + } + } + + return nil +} + +func flattenSystemSshConfigFortiTestDebug(d *schema.ResourceData, fosdebugsn int, fosdebugbeg int, fosdebugend int) { + log.Printf(strconv.Itoa(fosdebugsn)) + e := validation.IntBetween(fosdebugbeg, fosdebugend) + log.Printf("ER List: %v, %v", strings.Split("FortiOS Ver", " "), e) +} + +func expandSystemSshConfigSshKexAlgo(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSshConfigSshEncAlgo(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSshConfigSshMacAlgo(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSshConfigSshHskAlgo(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSshConfigSshHskOverride(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSshConfigSshHskPassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandSystemSshConfigSshHsk(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func getObjectSystemSshConfig(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { + obj := make(map[string]interface{}) + + if v, ok := d.GetOk("ssh_kex_algo"); ok { + if setArgNil { + obj["ssh-kex-algo"] = nil + } else { + t, err := expandSystemSshConfigSshKexAlgo(d, v, "ssh_kex_algo", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-kex-algo"] = t + } + } + } + + if v, ok := d.GetOk("ssh_enc_algo"); ok { + if setArgNil { + obj["ssh-enc-algo"] = nil + } else { + t, err := expandSystemSshConfigSshEncAlgo(d, v, "ssh_enc_algo", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-enc-algo"] = t + } + } + } + + if v, ok := d.GetOk("ssh_mac_algo"); ok { + if setArgNil { + obj["ssh-mac-algo"] = nil + } else { + t, err := expandSystemSshConfigSshMacAlgo(d, v, "ssh_mac_algo", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-mac-algo"] = t + } + } + } + + if v, ok := d.GetOk("ssh_hsk_algo"); ok { + if setArgNil { + obj["ssh-hsk-algo"] = nil + } else { + t, err := expandSystemSshConfigSshHskAlgo(d, v, "ssh_hsk_algo", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-hsk-algo"] = t + } + } + } + + if v, ok := d.GetOk("ssh_hsk_override"); ok { + if setArgNil { + obj["ssh-hsk-override"] = nil + } else { + t, err := expandSystemSshConfigSshHskOverride(d, v, "ssh_hsk_override", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-hsk-override"] = t + } + } + } + + if v, ok := d.GetOk("ssh_hsk_password"); ok { + if setArgNil { + obj["ssh-hsk-password"] = nil + } else { + t, err := expandSystemSshConfigSshHskPassword(d, v, "ssh_hsk_password", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-hsk-password"] = t + } + } + } + + if v, ok := d.GetOk("ssh_hsk"); ok { + if setArgNil { + obj["ssh-hsk"] = nil + } else { + t, err := expandSystemSshConfigSshHsk(d, v, "ssh_hsk", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ssh-hsk"] = t + } + } + } + + return &obj, nil +} diff --git a/fortios/resource_user_fortitoken.go b/fortios/resource_user_fortitoken.go index 7c9c7659d..775b9c024 100644 --- a/fortios/resource_user_fortitoken.go +++ b/fortios/resource_user_fortitoken.go @@ -50,7 +50,7 @@ func resourceUserFortitoken() *schema.Resource { }, "seed": &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.StringLenBetween(0, 200), + ValidateFunc: validation.StringLenBetween(0, 208), Optional: true, Computed: true, }, diff --git a/fortios/resource_user_ldap.go b/fortios/resource_user_ldap.go index fc5427268..826a99fa2 100644 --- a/fortios/resource_user_ldap.go +++ b/fortios/resource_user_ldap.go @@ -59,6 +59,12 @@ func resourceUserLdap() *schema.Resource { Optional: true, Computed: true, }, + "status_ttl": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 600), + Optional: true, + Computed: true, + }, "server_identity_check": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -426,6 +432,10 @@ func flattenUserLdapTertiaryServer(v interface{}, d *schema.ResourceData, pre st return v } +func flattenUserLdapStatusTtl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserLdapServerIdentityCheck(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -597,6 +607,12 @@ func refreshObjectUserLdap(d *schema.ResourceData, o map[string]interface{}, sv } } + if err = d.Set("status_ttl", flattenUserLdapStatusTtl(o["status-ttl"], d, "status_ttl", sv)); err != nil { + if !fortiAPIPatch(o["status-ttl"]) { + return fmt.Errorf("Error reading status_ttl: %v", err) + } + } + if err = d.Set("server_identity_check", flattenUserLdapServerIdentityCheck(o["server-identity-check"], d, "server_identity_check", sv)); err != nil { if !fortiAPIPatch(o["server-identity-check"]) { return fmt.Errorf("Error reading server_identity_check: %v", err) @@ -832,6 +848,10 @@ func expandUserLdapTertiaryServer(d *schema.ResourceData, v interface{}, pre str return v, nil } +func expandUserLdapStatusTtl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserLdapServerIdentityCheck(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1015,6 +1035,15 @@ func getObjectUserLdap(d *schema.ResourceData, sv string) (*map[string]interface } } + if v, ok := d.GetOkExists("status_ttl"); ok { + t, err := expandUserLdapStatusTtl(d, v, "status_ttl", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["status-ttl"] = t + } + } + if v, ok := d.GetOk("server_identity_check"); ok { t, err := expandUserLdapServerIdentityCheck(d, v, "server_identity_check", sv) if err != nil { diff --git a/fortios/resource_user_nacpolicy.go b/fortios/resource_user_nacpolicy.go index 0e318eac0..b102f7252 100644 --- a/fortios/resource_user_nacpolicy.go +++ b/fortios/resource_user_nacpolicy.go @@ -59,6 +59,17 @@ func resourceUserNacPolicy() *schema.Resource { Optional: true, Computed: true, }, + "match_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "match_period": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 120), + Optional: true, + Computed: true, + }, "mac": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -130,6 +141,12 @@ func resourceUserNacPolicy() *schema.Resource { Optional: true, Computed: true, }, + "fortivoice_tag": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 79), + Optional: true, + Computed: true, + }, "severity": &schema.Schema{ Type: schema.TypeSet, Optional: true, @@ -388,6 +405,14 @@ func flattenUserNacPolicyStatus(v interface{}, d *schema.ResourceData, pre strin return v } +func flattenUserNacPolicyMatchType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenUserNacPolicyMatchPeriod(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserNacPolicyMac(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -436,6 +461,10 @@ func flattenUserNacPolicyEmsTag(v interface{}, d *schema.ResourceData, pre strin return v } +func flattenUserNacPolicyFortivoiceTag(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserNacPolicySeverity(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -619,6 +648,18 @@ func refreshObjectUserNacPolicy(d *schema.ResourceData, o map[string]interface{} } } + if err = d.Set("match_type", flattenUserNacPolicyMatchType(o["match-type"], d, "match_type", sv)); err != nil { + if !fortiAPIPatch(o["match-type"]) { + return fmt.Errorf("Error reading match_type: %v", err) + } + } + + if err = d.Set("match_period", flattenUserNacPolicyMatchPeriod(o["match-period"], d, "match_period", sv)); err != nil { + if !fortiAPIPatch(o["match-period"]) { + return fmt.Errorf("Error reading match_period: %v", err) + } + } + if err = d.Set("mac", flattenUserNacPolicyMac(o["mac"], d, "mac", sv)); err != nil { if !fortiAPIPatch(o["mac"]) { return fmt.Errorf("Error reading mac: %v", err) @@ -691,6 +732,12 @@ func refreshObjectUserNacPolicy(d *schema.ResourceData, o map[string]interface{} } } + if err = d.Set("fortivoice_tag", flattenUserNacPolicyFortivoiceTag(o["fortivoice-tag"], d, "fortivoice_tag", sv)); err != nil { + if !fortiAPIPatch(o["fortivoice-tag"]) { + return fmt.Errorf("Error reading fortivoice_tag: %v", err) + } + } + if b_get_all_tables { if err = d.Set("severity", flattenUserNacPolicySeverity(o["severity"], d, "severity", sv)); err != nil { if !fortiAPIPatch(o["severity"]) { @@ -800,6 +847,14 @@ func expandUserNacPolicyStatus(d *schema.ResourceData, v interface{}, pre string return v, nil } +func expandUserNacPolicyMatchType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandUserNacPolicyMatchPeriod(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserNacPolicyMac(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -848,6 +903,10 @@ func expandUserNacPolicyEmsTag(d *schema.ResourceData, v interface{}, pre string return v, nil } +func expandUserNacPolicyFortivoiceTag(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserNacPolicySeverity(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.(*schema.Set).List() result := make([]map[string]interface{}, 0, len(l)) @@ -995,6 +1054,24 @@ func getObjectUserNacPolicy(d *schema.ResourceData, sv string) (*map[string]inte } } + if v, ok := d.GetOk("match_type"); ok { + t, err := expandUserNacPolicyMatchType(d, v, "match_type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["match-type"] = t + } + } + + if v, ok := d.GetOkExists("match_period"); ok { + t, err := expandUserNacPolicyMatchPeriod(d, v, "match_period", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["match-period"] = t + } + } + if v, ok := d.GetOk("mac"); ok { t, err := expandUserNacPolicyMac(d, v, "mac", sv) if err != nil { @@ -1103,6 +1180,15 @@ func getObjectUserNacPolicy(d *schema.ResourceData, sv string) (*map[string]inte } } + if v, ok := d.GetOk("fortivoice_tag"); ok { + t, err := expandUserNacPolicyFortivoiceTag(d, v, "fortivoice_tag", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fortivoice-tag"] = t + } + } + if v, ok := d.GetOk("severity"); ok || d.HasChange("severity") { t, err := expandUserNacPolicySeverity(d, v, "severity", sv) if err != nil { diff --git a/fortios/resource_user_tacacs.go b/fortios/resource_user_tacacs.go index cf8f32433..0719bed19 100644 --- a/fortios/resource_user_tacacs.go +++ b/fortios/resource_user_tacacs.go @@ -85,6 +85,12 @@ func resourceUserTacacs() *schema.Resource { Optional: true, Sensitive: true, }, + "status_ttl": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(0, 600), + Optional: true, + Computed: true, + }, "authen_type": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -299,6 +305,10 @@ func flattenUserTacacsTertiaryKey(v interface{}, d *schema.ResourceData, pre str return v } +func flattenUserTacacsStatusTtl(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenUserTacacsAuthenType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -352,6 +362,12 @@ func refreshObjectUserTacacs(d *schema.ResourceData, o map[string]interface{}, s } } + if err = d.Set("status_ttl", flattenUserTacacsStatusTtl(o["status-ttl"], d, "status_ttl", sv)); err != nil { + if !fortiAPIPatch(o["status-ttl"]) { + return fmt.Errorf("Error reading status_ttl: %v", err) + } + } + if err = d.Set("authen_type", flattenUserTacacsAuthenType(o["authen-type"], d, "authen_type", sv)); err != nil { if !fortiAPIPatch(o["authen-type"]) { return fmt.Errorf("Error reading authen_type: %v", err) @@ -423,6 +439,10 @@ func expandUserTacacsTertiaryKey(d *schema.ResourceData, v interface{}, pre stri return v, nil } +func expandUserTacacsStatusTtl(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandUserTacacsAuthenType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -518,6 +538,15 @@ func getObjectUserTacacs(d *schema.ResourceData, sv string) (*map[string]interfa } } + if v, ok := d.GetOkExists("status_ttl"); ok { + t, err := expandUserTacacsStatusTtl(d, v, "status_ttl", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["status-ttl"] = t + } + } + if v, ok := d.GetOk("authen_type"); ok { t, err := expandUserTacacsAuthenType(d, v, "authen_type", sv) if err != nil { diff --git a/fortios/resource_vpncertificate_ca.go b/fortios/resource_vpncertificate_ca.go index 17d513534..5e3591212 100644 --- a/fortios/resource_vpncertificate_ca.go +++ b/fortios/resource_vpncertificate_ca.go @@ -105,6 +105,11 @@ func resourceVpnCertificateCa() *schema.Resource { Optional: true, Computed: true, }, + "fabric_ca": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "last_updated": &schema.Schema{ Type: schema.TypeInt, Optional: true, @@ -317,6 +322,10 @@ func flattenVpnCertificateCaObsolete(v interface{}, d *schema.ResourceData, pre return v } +func flattenVpnCertificateCaFabricCa(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnCertificateCaLastUpdated(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -396,6 +405,12 @@ func refreshObjectVpnCertificateCa(d *schema.ResourceData, o map[string]interfac } } + if err = d.Set("fabric_ca", flattenVpnCertificateCaFabricCa(o["fabric-ca"], d, "fabric_ca", sv)); err != nil { + if !fortiAPIPatch(o["fabric-ca"]) { + return fmt.Errorf("Error reading fabric_ca: %v", err) + } + } + if err = d.Set("last_updated", flattenVpnCertificateCaLastUpdated(o["last-updated"], d, "last_updated", sv)); err != nil { if !fortiAPIPatch(o["last-updated"]) { return fmt.Errorf("Error reading last_updated: %v", err) @@ -463,6 +478,10 @@ func expandVpnCertificateCaObsolete(d *schema.ResourceData, v interface{}, pre s return v, nil } +func expandVpnCertificateCaFabricCa(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnCertificateCaLastUpdated(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -587,6 +606,15 @@ func getObjectVpnCertificateCa(d *schema.ResourceData, sv string) (*map[string]i } } + if v, ok := d.GetOk("fabric_ca"); ok { + t, err := expandVpnCertificateCaFabricCa(d, v, "fabric_ca", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["fabric-ca"] = t + } + } + if v, ok := d.GetOkExists("last_updated"); ok { t, err := expandVpnCertificateCaLastUpdated(d, v, "last_updated", sv) if err != nil { diff --git a/fortios/resource_vpnipsec_phase1.go b/fortios/resource_vpnipsec_phase1.go index 8af02b28a..38aa92203 100644 --- a/fortios/resource_vpnipsec_phase1.go +++ b/fortios/resource_vpnipsec_phase1.go @@ -657,6 +657,17 @@ func resourceVpnIpsecPhase1() *schema.Resource { Optional: true, Computed: true, }, + "client_resume": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "client_resume_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(120, 172800), + Optional: true, + Computed: true, + }, "rekey": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -830,6 +841,68 @@ func resourceVpnIpsecPhase1() *schema.Resource { Optional: true, Computed: true, }, + "remote_gw_match": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw_subnet": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw_start_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw_end_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw_country": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 2), + Optional: true, + Computed: true, + }, + "remote_gw6_match": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw6_subnet": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw6_start_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw6_end_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "remote_gw6_country": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 2), + Optional: true, + Computed: true, + }, + "cert_peer_username_validation": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "cert_peer_username_strip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1645,6 +1718,14 @@ func flattenVpnIpsecPhase1AzureAdAutoconnect(v interface{}, d *schema.ResourceDa return v } +func flattenVpnIpsecPhase1ClientResume(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1ClientResumeInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnIpsecPhase1Rekey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1773,6 +1854,61 @@ func flattenVpnIpsecPhase1FallbackTcpThreshold(v interface{}, d *schema.Resource return v } +func flattenVpnIpsecPhase1RemoteGwMatch(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGwSubnet(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + if v1, ok := d.GetOkExists(pre); ok && v != nil { + if s, ok := v1.(string); ok { + v = validateConvIPMask2CIDR(s, v.(string)) + return v + } + } + + return v +} + +func flattenVpnIpsecPhase1RemoteGwStartIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGwEndIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGwCountry(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGw6Match(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGw6Subnet(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGw6StartIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGw6EndIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1RemoteGw6Country(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1CertPeerUsernameValidation(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1CertPeerUsernameStrip(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectVpnIpsecPhase1(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -2438,6 +2574,18 @@ func refreshObjectVpnIpsecPhase1(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("client_resume", flattenVpnIpsecPhase1ClientResume(o["client-resume"], d, "client_resume", sv)); err != nil { + if !fortiAPIPatch(o["client-resume"]) { + return fmt.Errorf("Error reading client_resume: %v", err) + } + } + + if err = d.Set("client_resume_interval", flattenVpnIpsecPhase1ClientResumeInterval(o["client-resume-interval"], d, "client_resume_interval", sv)); err != nil { + if !fortiAPIPatch(o["client-resume-interval"]) { + return fmt.Errorf("Error reading client_resume_interval: %v", err) + } + } + if err = d.Set("rekey", flattenVpnIpsecPhase1Rekey(o["rekey"], d, "rekey", sv)); err != nil { if !fortiAPIPatch(o["rekey"]) { return fmt.Errorf("Error reading rekey: %v", err) @@ -2634,6 +2782,78 @@ func refreshObjectVpnIpsecPhase1(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("remote_gw_match", flattenVpnIpsecPhase1RemoteGwMatch(o["remote-gw-match"], d, "remote_gw_match", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw-match"]) { + return fmt.Errorf("Error reading remote_gw_match: %v", err) + } + } + + if err = d.Set("remote_gw_subnet", flattenVpnIpsecPhase1RemoteGwSubnet(o["remote-gw-subnet"], d, "remote_gw_subnet", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw-subnet"]) { + return fmt.Errorf("Error reading remote_gw_subnet: %v", err) + } + } + + if err = d.Set("remote_gw_start_ip", flattenVpnIpsecPhase1RemoteGwStartIp(o["remote-gw-start-ip"], d, "remote_gw_start_ip", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw-start-ip"]) { + return fmt.Errorf("Error reading remote_gw_start_ip: %v", err) + } + } + + if err = d.Set("remote_gw_end_ip", flattenVpnIpsecPhase1RemoteGwEndIp(o["remote-gw-end-ip"], d, "remote_gw_end_ip", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw-end-ip"]) { + return fmt.Errorf("Error reading remote_gw_end_ip: %v", err) + } + } + + if err = d.Set("remote_gw_country", flattenVpnIpsecPhase1RemoteGwCountry(o["remote-gw-country"], d, "remote_gw_country", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw-country"]) { + return fmt.Errorf("Error reading remote_gw_country: %v", err) + } + } + + if err = d.Set("remote_gw6_match", flattenVpnIpsecPhase1RemoteGw6Match(o["remote-gw6-match"], d, "remote_gw6_match", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw6-match"]) { + return fmt.Errorf("Error reading remote_gw6_match: %v", err) + } + } + + if err = d.Set("remote_gw6_subnet", flattenVpnIpsecPhase1RemoteGw6Subnet(o["remote-gw6-subnet"], d, "remote_gw6_subnet", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw6-subnet"]) { + return fmt.Errorf("Error reading remote_gw6_subnet: %v", err) + } + } + + if err = d.Set("remote_gw6_start_ip", flattenVpnIpsecPhase1RemoteGw6StartIp(o["remote-gw6-start-ip"], d, "remote_gw6_start_ip", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw6-start-ip"]) { + return fmt.Errorf("Error reading remote_gw6_start_ip: %v", err) + } + } + + if err = d.Set("remote_gw6_end_ip", flattenVpnIpsecPhase1RemoteGw6EndIp(o["remote-gw6-end-ip"], d, "remote_gw6_end_ip", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw6-end-ip"]) { + return fmt.Errorf("Error reading remote_gw6_end_ip: %v", err) + } + } + + if err = d.Set("remote_gw6_country", flattenVpnIpsecPhase1RemoteGw6Country(o["remote-gw6-country"], d, "remote_gw6_country", sv)); err != nil { + if !fortiAPIPatch(o["remote-gw6-country"]) { + return fmt.Errorf("Error reading remote_gw6_country: %v", err) + } + } + + if err = d.Set("cert_peer_username_validation", flattenVpnIpsecPhase1CertPeerUsernameValidation(o["cert-peer-username-validation"], d, "cert_peer_username_validation", sv)); err != nil { + if !fortiAPIPatch(o["cert-peer-username-validation"]) { + return fmt.Errorf("Error reading cert_peer_username_validation: %v", err) + } + } + + if err = d.Set("cert_peer_username_strip", flattenVpnIpsecPhase1CertPeerUsernameStrip(o["cert-peer-username-strip"], d, "cert_peer_username_strip", sv)); err != nil { + if !fortiAPIPatch(o["cert-peer-username-strip"]) { + return fmt.Errorf("Error reading cert_peer_username_strip: %v", err) + } + } + return nil } @@ -3229,6 +3449,14 @@ func expandVpnIpsecPhase1AzureAdAutoconnect(d *schema.ResourceData, v interface{ return v, nil } +func expandVpnIpsecPhase1ClientResume(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1ClientResumeInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnIpsecPhase1Rekey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3357,6 +3585,54 @@ func expandVpnIpsecPhase1FallbackTcpThreshold(d *schema.ResourceData, v interfac return v, nil } +func expandVpnIpsecPhase1RemoteGwMatch(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGwSubnet(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGwStartIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGwEndIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGwCountry(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGw6Match(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGw6Subnet(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGw6StartIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGw6EndIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1RemoteGw6Country(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1CertPeerUsernameValidation(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1CertPeerUsernameStrip(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectVpnIpsecPhase1(d *schema.ResourceData, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -4314,6 +4590,24 @@ func getObjectVpnIpsecPhase1(d *schema.ResourceData, sv string) (*map[string]int } } + if v, ok := d.GetOk("client_resume"); ok { + t, err := expandVpnIpsecPhase1ClientResume(d, v, "client_resume", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["client-resume"] = t + } + } + + if v, ok := d.GetOk("client_resume_interval"); ok { + t, err := expandVpnIpsecPhase1ClientResumeInterval(d, v, "client_resume_interval", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["client-resume-interval"] = t + } + } + if v, ok := d.GetOk("rekey"); ok { t, err := expandVpnIpsecPhase1Rekey(d, v, "rekey", sv) if err != nil { @@ -4622,5 +4916,113 @@ func getObjectVpnIpsecPhase1(d *schema.ResourceData, sv string) (*map[string]int } } + if v, ok := d.GetOk("remote_gw_match"); ok { + t, err := expandVpnIpsecPhase1RemoteGwMatch(d, v, "remote_gw_match", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw-match"] = t + } + } + + if v, ok := d.GetOk("remote_gw_subnet"); ok { + t, err := expandVpnIpsecPhase1RemoteGwSubnet(d, v, "remote_gw_subnet", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw-subnet"] = t + } + } + + if v, ok := d.GetOk("remote_gw_start_ip"); ok { + t, err := expandVpnIpsecPhase1RemoteGwStartIp(d, v, "remote_gw_start_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw-start-ip"] = t + } + } + + if v, ok := d.GetOk("remote_gw_end_ip"); ok { + t, err := expandVpnIpsecPhase1RemoteGwEndIp(d, v, "remote_gw_end_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw-end-ip"] = t + } + } + + if v, ok := d.GetOk("remote_gw_country"); ok { + t, err := expandVpnIpsecPhase1RemoteGwCountry(d, v, "remote_gw_country", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw-country"] = t + } + } + + if v, ok := d.GetOk("remote_gw6_match"); ok { + t, err := expandVpnIpsecPhase1RemoteGw6Match(d, v, "remote_gw6_match", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw6-match"] = t + } + } + + if v, ok := d.GetOk("remote_gw6_subnet"); ok { + t, err := expandVpnIpsecPhase1RemoteGw6Subnet(d, v, "remote_gw6_subnet", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw6-subnet"] = t + } + } + + if v, ok := d.GetOk("remote_gw6_start_ip"); ok { + t, err := expandVpnIpsecPhase1RemoteGw6StartIp(d, v, "remote_gw6_start_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw6-start-ip"] = t + } + } + + if v, ok := d.GetOk("remote_gw6_end_ip"); ok { + t, err := expandVpnIpsecPhase1RemoteGw6EndIp(d, v, "remote_gw6_end_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw6-end-ip"] = t + } + } + + if v, ok := d.GetOk("remote_gw6_country"); ok { + t, err := expandVpnIpsecPhase1RemoteGw6Country(d, v, "remote_gw6_country", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["remote-gw6-country"] = t + } + } + + if v, ok := d.GetOk("cert_peer_username_validation"); ok { + t, err := expandVpnIpsecPhase1CertPeerUsernameValidation(d, v, "cert_peer_username_validation", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cert-peer-username-validation"] = t + } + } + + if v, ok := d.GetOk("cert_peer_username_strip"); ok { + t, err := expandVpnIpsecPhase1CertPeerUsernameStrip(d, v, "cert_peer_username_strip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cert-peer-username-strip"] = t + } + } + return &obj, nil } diff --git a/fortios/resource_vpnipsec_phase1interface.go b/fortios/resource_vpnipsec_phase1interface.go index a6ce067f1..878418e18 100644 --- a/fortios/resource_vpnipsec_phase1interface.go +++ b/fortios/resource_vpnipsec_phase1interface.go @@ -836,6 +836,17 @@ func resourceVpnIpsecPhase1Interface() *schema.Resource { Optional: true, Computed: true, }, + "client_resume": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "client_resume_interval": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(120, 172800), + Optional: true, + Computed: true, + }, "rekey": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1029,6 +1040,16 @@ func resourceVpnIpsecPhase1Interface() *schema.Resource { Optional: true, Computed: true, }, + "cert_peer_username_validation": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "cert_peer_username_strip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "cert_trust_store": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -2016,6 +2037,14 @@ func flattenVpnIpsecPhase1InterfaceAzureAdAutoconnect(v interface{}, d *schema.R return v } +func flattenVpnIpsecPhase1InterfaceClientResume(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1InterfaceClientResumeInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnIpsecPhase1InterfaceRekey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2167,6 +2196,14 @@ func flattenVpnIpsecPhase1InterfaceRemoteGw6Country(v interface{}, d *schema.Res return v } +func flattenVpnIpsecPhase1InterfaceCertPeerUsernameValidation(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenVpnIpsecPhase1InterfaceCertPeerUsernameStrip(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenVpnIpsecPhase1InterfaceCertTrustStore(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3099,6 +3136,18 @@ func refreshObjectVpnIpsecPhase1Interface(d *schema.ResourceData, o map[string]i } } + if err = d.Set("client_resume", flattenVpnIpsecPhase1InterfaceClientResume(o["client-resume"], d, "client_resume", sv)); err != nil { + if !fortiAPIPatch(o["client-resume"]) { + return fmt.Errorf("Error reading client_resume: %v", err) + } + } + + if err = d.Set("client_resume_interval", flattenVpnIpsecPhase1InterfaceClientResumeInterval(o["client-resume-interval"], d, "client_resume_interval", sv)); err != nil { + if !fortiAPIPatch(o["client-resume-interval"]) { + return fmt.Errorf("Error reading client_resume_interval: %v", err) + } + } + if err = d.Set("rekey", flattenVpnIpsecPhase1InterfaceRekey(o["rekey"], d, "rekey", sv)); err != nil { if !fortiAPIPatch(o["rekey"]) { return fmt.Errorf("Error reading rekey: %v", err) @@ -3319,6 +3368,18 @@ func refreshObjectVpnIpsecPhase1Interface(d *schema.ResourceData, o map[string]i } } + if err = d.Set("cert_peer_username_validation", flattenVpnIpsecPhase1InterfaceCertPeerUsernameValidation(o["cert-peer-username-validation"], d, "cert_peer_username_validation", sv)); err != nil { + if !fortiAPIPatch(o["cert-peer-username-validation"]) { + return fmt.Errorf("Error reading cert_peer_username_validation: %v", err) + } + } + + if err = d.Set("cert_peer_username_strip", flattenVpnIpsecPhase1InterfaceCertPeerUsernameStrip(o["cert-peer-username-strip"], d, "cert_peer_username_strip", sv)); err != nil { + if !fortiAPIPatch(o["cert-peer-username-strip"]) { + return fmt.Errorf("Error reading cert_peer_username_strip: %v", err) + } + } + if err = d.Set("cert_trust_store", flattenVpnIpsecPhase1InterfaceCertTrustStore(o["cert-trust-store"], d, "cert_trust_store", sv)); err != nil { if !fortiAPIPatch(o["cert-trust-store"]) { return fmt.Errorf("Error reading cert_trust_store: %v", err) @@ -4090,6 +4151,14 @@ func expandVpnIpsecPhase1InterfaceAzureAdAutoconnect(d *schema.ResourceData, v i return v, nil } +func expandVpnIpsecPhase1InterfaceClientResume(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1InterfaceClientResumeInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnIpsecPhase1InterfaceRekey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4234,6 +4303,14 @@ func expandVpnIpsecPhase1InterfaceRemoteGw6Country(d *schema.ResourceData, v int return v, nil } +func expandVpnIpsecPhase1InterfaceCertPeerUsernameValidation(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandVpnIpsecPhase1InterfaceCertPeerUsernameStrip(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandVpnIpsecPhase1InterfaceCertTrustStore(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -5548,6 +5625,24 @@ func getObjectVpnIpsecPhase1Interface(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("client_resume"); ok { + t, err := expandVpnIpsecPhase1InterfaceClientResume(d, v, "client_resume", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["client-resume"] = t + } + } + + if v, ok := d.GetOk("client_resume_interval"); ok { + t, err := expandVpnIpsecPhase1InterfaceClientResumeInterval(d, v, "client_resume_interval", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["client-resume-interval"] = t + } + } + if v, ok := d.GetOk("rekey"); ok { t, err := expandVpnIpsecPhase1InterfaceRekey(d, v, "rekey", sv) if err != nil { @@ -5892,6 +5987,24 @@ func getObjectVpnIpsecPhase1Interface(d *schema.ResourceData, sv string) (*map[s } } + if v, ok := d.GetOk("cert_peer_username_validation"); ok { + t, err := expandVpnIpsecPhase1InterfaceCertPeerUsernameValidation(d, v, "cert_peer_username_validation", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cert-peer-username-validation"] = t + } + } + + if v, ok := d.GetOk("cert_peer_username_strip"); ok { + t, err := expandVpnIpsecPhase1InterfaceCertPeerUsernameStrip(d, v, "cert_peer_username_strip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["cert-peer-username-strip"] = t + } + } + if v, ok := d.GetOk("cert_trust_store"); ok { t, err := expandVpnIpsecPhase1InterfaceCertTrustStore(d, v, "cert_trust_store", sv) if err != nil { diff --git a/fortios/resource_vpnssl_settings.go b/fortios/resource_vpnssl_settings.go index 0eb833362..0158d95b2 100644 --- a/fortios/resource_vpnssl_settings.go +++ b/fortios/resource_vpnssl_settings.go @@ -542,7 +542,7 @@ func resourceVpnSslSettings() *schema.Resource { }, "tunnel_user_session_timeout": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(1, 255), + ValidateFunc: validation.IntBetween(1, 86400), Optional: true, Computed: true, }, diff --git a/fortios/resource_webproxy_explicit.go b/fortios/resource_webproxy_explicit.go index 0bce52d55..5f608e57e 100644 --- a/fortios/resource_webproxy_explicit.go +++ b/fortios/resource_webproxy_explicit.go @@ -85,6 +85,21 @@ func resourceWebProxyExplicit() *schema.Resource { }, }, }, + "client_cert": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "user_agent_detect": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "empty_cert_action": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "ssl_dh_bits": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -477,6 +492,18 @@ func flattenWebProxyExplicitSecureWebProxyCertName(v interface{}, d *schema.Reso return v } +func flattenWebProxyExplicitClientCert(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWebProxyExplicitUserAgentDetect(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWebProxyExplicitEmptyCertAction(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWebProxyExplicitSslDhBits(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -855,6 +882,24 @@ func refreshObjectWebProxyExplicit(d *schema.ResourceData, o map[string]interfac } } + if err = d.Set("client_cert", flattenWebProxyExplicitClientCert(o["client-cert"], d, "client_cert", sv)); err != nil { + if !fortiAPIPatch(o["client-cert"]) { + return fmt.Errorf("Error reading client_cert: %v", err) + } + } + + if err = d.Set("user_agent_detect", flattenWebProxyExplicitUserAgentDetect(o["user-agent-detect"], d, "user_agent_detect", sv)); err != nil { + if !fortiAPIPatch(o["user-agent-detect"]) { + return fmt.Errorf("Error reading user_agent_detect: %v", err) + } + } + + if err = d.Set("empty_cert_action", flattenWebProxyExplicitEmptyCertAction(o["empty-cert-action"], d, "empty_cert_action", sv)); err != nil { + if !fortiAPIPatch(o["empty-cert-action"]) { + return fmt.Errorf("Error reading empty_cert_action: %v", err) + } + } + if err = d.Set("ssl_dh_bits", flattenWebProxyExplicitSslDhBits(o["ssl-dh-bits"], d, "ssl_dh_bits", sv)); err != nil { if !fortiAPIPatch(o["ssl-dh-bits"]) { return fmt.Errorf("Error reading ssl_dh_bits: %v", err) @@ -1074,6 +1119,18 @@ func expandWebProxyExplicitSecureWebProxyCertName(d *schema.ResourceData, v inte return v, nil } +func expandWebProxyExplicitClientCert(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWebProxyExplicitUserAgentDetect(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWebProxyExplicitEmptyCertAction(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWebProxyExplicitSslDhBits(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -1445,6 +1502,45 @@ func getObjectWebProxyExplicit(d *schema.ResourceData, setArgNil bool, sv string } } + if v, ok := d.GetOk("client_cert"); ok { + if setArgNil { + obj["client-cert"] = nil + } else { + t, err := expandWebProxyExplicitClientCert(d, v, "client_cert", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["client-cert"] = t + } + } + } + + if v, ok := d.GetOk("user_agent_detect"); ok { + if setArgNil { + obj["user-agent-detect"] = nil + } else { + t, err := expandWebProxyExplicitUserAgentDetect(d, v, "user_agent_detect", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["user-agent-detect"] = t + } + } + } + + if v, ok := d.GetOk("empty_cert_action"); ok { + if setArgNil { + obj["empty-cert-action"] = nil + } else { + t, err := expandWebProxyExplicitEmptyCertAction(d, v, "empty_cert_action", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["empty-cert-action"] = t + } + } + } + if v, ok := d.GetOk("ssl_dh_bits"); ok { if setArgNil { obj["ssl-dh-bits"] = nil diff --git a/fortios/resource_webproxy_global.go b/fortios/resource_webproxy_global.go index 7d57871db..01cf6d1cf 100644 --- a/fortios/resource_webproxy_global.go +++ b/fortios/resource_webproxy_global.go @@ -118,6 +118,11 @@ func resourceWebProxyGlobal() *schema.Resource { Optional: true, Computed: true, }, + "always_learn_client_ip": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "learn_client_ip_from_header": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -181,6 +186,11 @@ func resourceWebProxyGlobal() *schema.Resource { Optional: true, Computed: true, }, + "proxy_transparent_cert_inspection": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "dynamic_sort_subtable": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -369,6 +379,10 @@ func flattenWebProxyGlobalLearnClientIp(v interface{}, d *schema.ResourceData, p return v } +func flattenWebProxyGlobalAlwaysLearnClientIp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWebProxyGlobalLearnClientIpFromHeader(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -481,6 +495,10 @@ func flattenWebProxyGlobalLogAppId(v interface{}, d *schema.ResourceData, pre st return v } +func flattenWebProxyGlobalProxyTransparentCertInspection(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectWebProxyGlobal(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error var b_get_all_tables bool @@ -580,6 +598,12 @@ func refreshObjectWebProxyGlobal(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("always_learn_client_ip", flattenWebProxyGlobalAlwaysLearnClientIp(o["always-learn-client-ip"], d, "always_learn_client_ip", sv)); err != nil { + if !fortiAPIPatch(o["always-learn-client-ip"]) { + return fmt.Errorf("Error reading always_learn_client_ip: %v", err) + } + } + if err = d.Set("learn_client_ip_from_header", flattenWebProxyGlobalLearnClientIpFromHeader(o["learn-client-ip-from-header"], d, "learn_client_ip_from_header", sv)); err != nil { if !fortiAPIPatch(o["learn-client-ip-from-header"]) { return fmt.Errorf("Error reading learn_client_ip_from_header: %v", err) @@ -654,6 +678,12 @@ func refreshObjectWebProxyGlobal(d *schema.ResourceData, o map[string]interface{ } } + if err = d.Set("proxy_transparent_cert_inspection", flattenWebProxyGlobalProxyTransparentCertInspection(o["proxy-transparent-cert-inspection"], d, "proxy_transparent_cert_inspection", sv)); err != nil { + if !fortiAPIPatch(o["proxy-transparent-cert-inspection"]) { + return fmt.Errorf("Error reading proxy_transparent_cert_inspection: %v", err) + } + } + return nil } @@ -723,6 +753,10 @@ func expandWebProxyGlobalLearnClientIp(d *schema.ResourceData, v interface{}, pr return v, nil } +func expandWebProxyGlobalAlwaysLearnClientIp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWebProxyGlobalLearnClientIpFromHeader(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -807,6 +841,10 @@ func expandWebProxyGlobalLogAppId(d *schema.ResourceData, v interface{}, pre str return v, nil } +func expandWebProxyGlobalProxyTransparentCertInspection(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectWebProxyGlobal(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -1005,6 +1043,19 @@ func getObjectWebProxyGlobal(d *schema.ResourceData, setArgNil bool, sv string) } } + if v, ok := d.GetOk("always_learn_client_ip"); ok { + if setArgNil { + obj["always-learn-client-ip"] = nil + } else { + t, err := expandWebProxyGlobalAlwaysLearnClientIp(d, v, "always_learn_client_ip", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["always-learn-client-ip"] = t + } + } + } + if v, ok := d.GetOk("learn_client_ip_from_header"); ok { if setArgNil { obj["learn-client-ip-from-header"] = nil @@ -1122,5 +1173,18 @@ func getObjectWebProxyGlobal(d *schema.ResourceData, setArgNil bool, sv string) } } + if v, ok := d.GetOk("proxy_transparent_cert_inspection"); ok { + if setArgNil { + obj["proxy-transparent-cert-inspection"] = nil + } else { + t, err := expandWebProxyGlobalProxyTransparentCertInspection(d, v, "proxy_transparent_cert_inspection", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["proxy-transparent-cert-inspection"] = t + } + } + } + return &obj, nil } diff --git a/fortios/resource_wirelesscontroller_global.go b/fortios/resource_wirelesscontroller_global.go index a85638cd3..08c5ef2f3 100644 --- a/fortios/resource_wirelesscontroller_global.go +++ b/fortios/resource_wirelesscontroller_global.go @@ -162,6 +162,38 @@ func resourceWirelessControllerGlobal() *schema.Resource { Optional: true, Computed: true, }, + "max_sta_cap": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "max_sta_cap_wtp": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 8), + Optional: true, + Computed: true, + }, + "max_rogue_ap": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "max_rogue_ap_wtp": &schema.Schema{ + Type: schema.TypeInt, + ValidateFunc: validation.IntBetween(1, 16), + Optional: true, + Computed: true, + }, + "max_rogue_sta": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "max_ble_device": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "dfs_lab_test": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -377,6 +409,30 @@ func flattenWirelessControllerGlobalApLogServerPort(v interface{}, d *schema.Res return v } +func flattenWirelessControllerGlobalMaxStaCap(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerGlobalMaxStaCapWtp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerGlobalMaxRogueAp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerGlobalMaxRogueApWtp(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerGlobalMaxRogueSta(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerGlobalMaxBleDevice(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerGlobalDfsLabTest(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -522,6 +578,42 @@ func refreshObjectWirelessControllerGlobal(d *schema.ResourceData, o map[string] } } + if err = d.Set("max_sta_cap", flattenWirelessControllerGlobalMaxStaCap(o["max-sta-cap"], d, "max_sta_cap", sv)); err != nil { + if !fortiAPIPatch(o["max-sta-cap"]) { + return fmt.Errorf("Error reading max_sta_cap: %v", err) + } + } + + if err = d.Set("max_sta_cap_wtp", flattenWirelessControllerGlobalMaxStaCapWtp(o["max-sta-cap-wtp"], d, "max_sta_cap_wtp", sv)); err != nil { + if !fortiAPIPatch(o["max-sta-cap-wtp"]) { + return fmt.Errorf("Error reading max_sta_cap_wtp: %v", err) + } + } + + if err = d.Set("max_rogue_ap", flattenWirelessControllerGlobalMaxRogueAp(o["max-rogue-ap"], d, "max_rogue_ap", sv)); err != nil { + if !fortiAPIPatch(o["max-rogue-ap"]) { + return fmt.Errorf("Error reading max_rogue_ap: %v", err) + } + } + + if err = d.Set("max_rogue_ap_wtp", flattenWirelessControllerGlobalMaxRogueApWtp(o["max-rogue-ap-wtp"], d, "max_rogue_ap_wtp", sv)); err != nil { + if !fortiAPIPatch(o["max-rogue-ap-wtp"]) { + return fmt.Errorf("Error reading max_rogue_ap_wtp: %v", err) + } + } + + if err = d.Set("max_rogue_sta", flattenWirelessControllerGlobalMaxRogueSta(o["max-rogue-sta"], d, "max_rogue_sta", sv)); err != nil { + if !fortiAPIPatch(o["max-rogue-sta"]) { + return fmt.Errorf("Error reading max_rogue_sta: %v", err) + } + } + + if err = d.Set("max_ble_device", flattenWirelessControllerGlobalMaxBleDevice(o["max-ble-device"], d, "max_ble_device", sv)); err != nil { + if !fortiAPIPatch(o["max-ble-device"]) { + return fmt.Errorf("Error reading max_ble_device: %v", err) + } + } + if err = d.Set("dfs_lab_test", flattenWirelessControllerGlobalDfsLabTest(o["dfs-lab-test"], d, "dfs_lab_test", sv)); err != nil { if !fortiAPIPatch(o["dfs-lab-test"]) { return fmt.Errorf("Error reading dfs_lab_test: %v", err) @@ -629,6 +721,30 @@ func expandWirelessControllerGlobalApLogServerPort(d *schema.ResourceData, v int return v, nil } +func expandWirelessControllerGlobalMaxStaCap(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerGlobalMaxStaCapWtp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerGlobalMaxRogueAp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerGlobalMaxRogueApWtp(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerGlobalMaxRogueSta(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerGlobalMaxBleDevice(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerGlobalDfsLabTest(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -935,6 +1051,84 @@ func getObjectWirelessControllerGlobal(d *schema.ResourceData, setArgNil bool, s } } + if v, ok := d.GetOkExists("max_sta_cap"); ok { + if setArgNil { + obj["max-sta-cap"] = nil + } else { + t, err := expandWirelessControllerGlobalMaxStaCap(d, v, "max_sta_cap", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-sta-cap"] = t + } + } + } + + if v, ok := d.GetOk("max_sta_cap_wtp"); ok { + if setArgNil { + obj["max-sta-cap-wtp"] = nil + } else { + t, err := expandWirelessControllerGlobalMaxStaCapWtp(d, v, "max_sta_cap_wtp", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-sta-cap-wtp"] = t + } + } + } + + if v, ok := d.GetOkExists("max_rogue_ap"); ok { + if setArgNil { + obj["max-rogue-ap"] = nil + } else { + t, err := expandWirelessControllerGlobalMaxRogueAp(d, v, "max_rogue_ap", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-rogue-ap"] = t + } + } + } + + if v, ok := d.GetOk("max_rogue_ap_wtp"); ok { + if setArgNil { + obj["max-rogue-ap-wtp"] = nil + } else { + t, err := expandWirelessControllerGlobalMaxRogueApWtp(d, v, "max_rogue_ap_wtp", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-rogue-ap-wtp"] = t + } + } + } + + if v, ok := d.GetOkExists("max_rogue_sta"); ok { + if setArgNil { + obj["max-rogue-sta"] = nil + } else { + t, err := expandWirelessControllerGlobalMaxRogueSta(d, v, "max_rogue_sta", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-rogue-sta"] = t + } + } + } + + if v, ok := d.GetOkExists("max_ble_device"); ok { + if setArgNil { + obj["max-ble-device"] = nil + } else { + t, err := expandWirelessControllerGlobalMaxBleDevice(d, v, "max_ble_device", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["max-ble-device"] = t + } + } + } + if v, ok := d.GetOk("dfs_lab_test"); ok { if setArgNil { obj["dfs-lab-test"] = nil diff --git a/fortios/resource_wirelesscontroller_log.go b/fortios/resource_wirelesscontroller_log.go index 6198f5c2e..c9c178ac6 100644 --- a/fortios/resource_wirelesscontroller_log.go +++ b/fortios/resource_wirelesscontroller_log.go @@ -96,6 +96,11 @@ func resourceWirelessControllerLog() *schema.Resource { Optional: true, Computed: true, }, + "wtp_fips_event_log": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, }, } } @@ -262,6 +267,10 @@ func flattenWirelessControllerLogWtpEventLog(v interface{}, d *schema.ResourceDa return v } +func flattenWirelessControllerLogWtpFipsEventLog(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func refreshObjectWirelessControllerLog(d *schema.ResourceData, o map[string]interface{}, sv string) error { var err error @@ -337,6 +346,12 @@ func refreshObjectWirelessControllerLog(d *schema.ResourceData, o map[string]int } } + if err = d.Set("wtp_fips_event_log", flattenWirelessControllerLogWtpFipsEventLog(o["wtp-fips-event-log"], d, "wtp_fips_event_log", sv)); err != nil { + if !fortiAPIPatch(o["wtp-fips-event-log"]) { + return fmt.Errorf("Error reading wtp_fips_event_log: %v", err) + } + } + return nil } @@ -394,6 +409,10 @@ func expandWirelessControllerLogWtpEventLog(d *schema.ResourceData, v interface{ return v, nil } +func expandWirelessControllerLogWtpFipsEventLog(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func getObjectWirelessControllerLog(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) { obj := make(map[string]interface{}) @@ -553,5 +572,18 @@ func getObjectWirelessControllerLog(d *schema.ResourceData, setArgNil bool, sv s } } + if v, ok := d.GetOk("wtp_fips_event_log"); ok { + if setArgNil { + obj["wtp-fips-event-log"] = nil + } else { + t, err := expandWirelessControllerLogWtpFipsEventLog(d, v, "wtp_fips_event_log", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["wtp-fips-event-log"] = t + } + } + } + return &obj, nil } diff --git a/fortios/resource_wirelesscontroller_mpskprofile.go b/fortios/resource_wirelesscontroller_mpskprofile.go index 1818591e0..63944a020 100644 --- a/fortios/resource_wirelesscontroller_mpskprofile.go +++ b/fortios/resource_wirelesscontroller_mpskprofile.go @@ -49,6 +49,22 @@ func resourceWirelessControllerMpskProfile() *schema.Resource { Optional: true, Computed: true, }, + "mpsk_external_server_auth": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "mpsk_external_server": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 35), + Optional: true, + Computed: true, + }, + "mpsk_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "mpsk_group": &schema.Schema{ Type: schema.TypeList, Optional: true, @@ -82,6 +98,11 @@ func resourceWirelessControllerMpskProfile() *schema.Resource { Optional: true, Computed: true, }, + "key_type": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "mac": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -93,6 +114,22 @@ func resourceWirelessControllerMpskProfile() *schema.Resource { Optional: true, Sensitive: true, }, + "sae_password": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 128), + Optional: true, + }, + "sae_pk": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, + "sae_private_key": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 359), + Optional: true, + Computed: true, + }, "concurrent_client_limit_type": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -302,6 +339,18 @@ func flattenWirelessControllerMpskProfileMpskConcurrentClients(v interface{}, d return v } +func flattenWirelessControllerMpskProfileMpskExternalServerAuth(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerMpskProfileMpskExternalServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerMpskProfileMpskType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerMpskProfileMpskGroup(v interface{}, d *schema.ResourceData, pre string, sv string) []map[string]interface{} { if v == nil { return nil @@ -396,6 +445,11 @@ func flattenWirelessControllerMpskProfileMpskGroupMpskKey(v interface{}, d *sche tmp["name"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeyName(cur_v, d, pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key_type" + if cur_v, ok := i["key-type"]; ok { + tmp["key_type"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeyKeyType(cur_v, d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "mac" if cur_v, ok := i["mac"]; ok { tmp["mac"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeyMac(cur_v, d, pre_append, sv) @@ -410,6 +464,21 @@ func flattenWirelessControllerMpskProfileMpskGroupMpskKey(v interface{}, d *sche } } + pre_append = pre + "." + strconv.Itoa(con) + "." + "sae_password" + if cur_v, ok := i["sae-password"]; ok { + tmp["sae_password"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeySaePassword(cur_v, d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "sae_pk" + if cur_v, ok := i["sae-pk"]; ok { + tmp["sae_pk"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeySaePk(cur_v, d, pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "sae_private_key" + if cur_v, ok := i["sae-private-key"]; ok { + tmp["sae_private_key"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeySaePrivateKey(cur_v, d, pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "concurrent_client_limit_type" if cur_v, ok := i["concurrent-client-limit-type"]; ok { tmp["concurrent_client_limit_type"] = flattenWirelessControllerMpskProfileMpskGroupMpskKeyConcurrentClientLimitType(cur_v, d, pre_append, sv) @@ -443,6 +512,10 @@ func flattenWirelessControllerMpskProfileMpskGroupMpskKeyName(v interface{}, d * return v } +func flattenWirelessControllerMpskProfileMpskGroupMpskKeyKeyType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerMpskProfileMpskGroupMpskKeyMac(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -451,6 +524,18 @@ func flattenWirelessControllerMpskProfileMpskGroupMpskKeyPassphrase(v interface{ return v } +func flattenWirelessControllerMpskProfileMpskGroupMpskKeySaePassword(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerMpskProfileMpskGroupMpskKeySaePk(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerMpskProfileMpskGroupMpskKeySaePrivateKey(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerMpskProfileMpskGroupMpskKeyConcurrentClientLimitType(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -526,6 +611,24 @@ func refreshObjectWirelessControllerMpskProfile(d *schema.ResourceData, o map[st } } + if err = d.Set("mpsk_external_server_auth", flattenWirelessControllerMpskProfileMpskExternalServerAuth(o["mpsk-external-server-auth"], d, "mpsk_external_server_auth", sv)); err != nil { + if !fortiAPIPatch(o["mpsk-external-server-auth"]) { + return fmt.Errorf("Error reading mpsk_external_server_auth: %v", err) + } + } + + if err = d.Set("mpsk_external_server", flattenWirelessControllerMpskProfileMpskExternalServer(o["mpsk-external-server"], d, "mpsk_external_server", sv)); err != nil { + if !fortiAPIPatch(o["mpsk-external-server"]) { + return fmt.Errorf("Error reading mpsk_external_server: %v", err) + } + } + + if err = d.Set("mpsk_type", flattenWirelessControllerMpskProfileMpskType(o["mpsk-type"], d, "mpsk_type", sv)); err != nil { + if !fortiAPIPatch(o["mpsk-type"]) { + return fmt.Errorf("Error reading mpsk_type: %v", err) + } + } + if b_get_all_tables { if err = d.Set("mpsk_group", flattenWirelessControllerMpskProfileMpskGroup(o["mpsk-group"], d, "mpsk_group", sv)); err != nil { if !fortiAPIPatch(o["mpsk-group"]) { @@ -559,6 +662,18 @@ func expandWirelessControllerMpskProfileMpskConcurrentClients(d *schema.Resource return v, nil } +func expandWirelessControllerMpskProfileMpskExternalServerAuth(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerMpskProfileMpskExternalServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerMpskProfileMpskType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerMpskProfileMpskGroup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { l := v.([]interface{}) result := make([]map[string]interface{}, 0, len(l)) @@ -634,6 +749,11 @@ func expandWirelessControllerMpskProfileMpskGroupMpskKey(d *schema.ResourceData, tmp["name"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeyName(d, i["name"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "key_type" + if _, ok := d.GetOk(pre_append); ok { + tmp["key-type"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeyKeyType(d, i["key_type"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "mac" if _, ok := d.GetOk(pre_append); ok { tmp["mac"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeyMac(d, i["mac"], pre_append, sv) @@ -644,6 +764,21 @@ func expandWirelessControllerMpskProfileMpskGroupMpskKey(d *schema.ResourceData, tmp["passphrase"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeyPassphrase(d, i["passphrase"], pre_append, sv) } + pre_append = pre + "." + strconv.Itoa(con) + "." + "sae_password" + if _, ok := d.GetOk(pre_append); ok { + tmp["sae-password"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeySaePassword(d, i["sae_password"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "sae_pk" + if _, ok := d.GetOk(pre_append); ok { + tmp["sae-pk"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeySaePk(d, i["sae_pk"], pre_append, sv) + } + + pre_append = pre + "." + strconv.Itoa(con) + "." + "sae_private_key" + if _, ok := d.GetOk(pre_append); ok { + tmp["sae-private-key"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeySaePrivateKey(d, i["sae_private_key"], pre_append, sv) + } + pre_append = pre + "." + strconv.Itoa(con) + "." + "concurrent_client_limit_type" if _, ok := d.GetOk(pre_append); ok { tmp["concurrent-client-limit-type"], _ = expandWirelessControllerMpskProfileMpskGroupMpskKeyConcurrentClientLimitType(d, i["concurrent_client_limit_type"], pre_append, sv) @@ -678,6 +813,10 @@ func expandWirelessControllerMpskProfileMpskGroupMpskKeyName(d *schema.ResourceD return v, nil } +func expandWirelessControllerMpskProfileMpskGroupMpskKeyKeyType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerMpskProfileMpskGroupMpskKeyMac(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -686,6 +825,18 @@ func expandWirelessControllerMpskProfileMpskGroupMpskKeyPassphrase(d *schema.Res return v, nil } +func expandWirelessControllerMpskProfileMpskGroupMpskKeySaePassword(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerMpskProfileMpskGroupMpskKeySaePk(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerMpskProfileMpskGroupMpskKeySaePrivateKey(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerMpskProfileMpskGroupMpskKeyConcurrentClientLimitType(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -747,6 +898,33 @@ func getObjectWirelessControllerMpskProfile(d *schema.ResourceData, sv string) ( } } + if v, ok := d.GetOk("mpsk_external_server_auth"); ok { + t, err := expandWirelessControllerMpskProfileMpskExternalServerAuth(d, v, "mpsk_external_server_auth", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mpsk-external-server-auth"] = t + } + } + + if v, ok := d.GetOk("mpsk_external_server"); ok { + t, err := expandWirelessControllerMpskProfileMpskExternalServer(d, v, "mpsk_external_server", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mpsk-external-server"] = t + } + } + + if v, ok := d.GetOk("mpsk_type"); ok { + t, err := expandWirelessControllerMpskProfileMpskType(d, v, "mpsk_type", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["mpsk-type"] = t + } + } + if v, ok := d.GetOk("mpsk_group"); ok || d.HasChange("mpsk_group") { t, err := expandWirelessControllerMpskProfileMpskGroup(d, v, "mpsk_group", sv) if err != nil { diff --git a/fortios/resource_wirelesscontroller_timers.go b/fortios/resource_wirelesscontroller_timers.go index 4cde18b77..0a6a27a58 100644 --- a/fortios/resource_wirelesscontroller_timers.go +++ b/fortios/resource_wirelesscontroller_timers.go @@ -84,11 +84,26 @@ func resourceWirelessControllerTimers() *schema.Resource { Optional: true, Computed: true, }, + "sta_cap_cleanup": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "rogue_ap_cleanup": &schema.Schema{ Type: schema.TypeInt, Optional: true, Computed: true, }, + "rogue_sta_cleanup": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, + "ble_device_cleanup": &schema.Schema{ + Type: schema.TypeInt, + Optional: true, + Computed: true, + }, "darrp_optimize": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(0, 86400), @@ -340,10 +355,22 @@ func flattenWirelessControllerTimersFakeApLog(v interface{}, d *schema.ResourceD return v } +func flattenWirelessControllerTimersStaCapCleanup(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerTimersRogueApCleanup(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } +func flattenWirelessControllerTimersRogueStaCleanup(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerTimersBleDeviceCleanup(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerTimersDarrpOptimize(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -495,12 +522,30 @@ func refreshObjectWirelessControllerTimers(d *schema.ResourceData, o map[string] } } + if err = d.Set("sta_cap_cleanup", flattenWirelessControllerTimersStaCapCleanup(o["sta-cap-cleanup"], d, "sta_cap_cleanup", sv)); err != nil { + if !fortiAPIPatch(o["sta-cap-cleanup"]) { + return fmt.Errorf("Error reading sta_cap_cleanup: %v", err) + } + } + if err = d.Set("rogue_ap_cleanup", flattenWirelessControllerTimersRogueApCleanup(o["rogue-ap-cleanup"], d, "rogue_ap_cleanup", sv)); err != nil { if !fortiAPIPatch(o["rogue-ap-cleanup"]) { return fmt.Errorf("Error reading rogue_ap_cleanup: %v", err) } } + if err = d.Set("rogue_sta_cleanup", flattenWirelessControllerTimersRogueStaCleanup(o["rogue-sta-cleanup"], d, "rogue_sta_cleanup", sv)); err != nil { + if !fortiAPIPatch(o["rogue-sta-cleanup"]) { + return fmt.Errorf("Error reading rogue_sta_cleanup: %v", err) + } + } + + if err = d.Set("ble_device_cleanup", flattenWirelessControllerTimersBleDeviceCleanup(o["ble-device-cleanup"], d, "ble_device_cleanup", sv)); err != nil { + if !fortiAPIPatch(o["ble-device-cleanup"]) { + return fmt.Errorf("Error reading ble_device_cleanup: %v", err) + } + } + if err = d.Set("darrp_optimize", flattenWirelessControllerTimersDarrpOptimize(o["darrp-optimize"], d, "darrp_optimize", sv)); err != nil { if !fortiAPIPatch(o["darrp-optimize"]) { return fmt.Errorf("Error reading darrp_optimize: %v", err) @@ -636,10 +681,22 @@ func expandWirelessControllerTimersFakeApLog(d *schema.ResourceData, v interface return v, nil } +func expandWirelessControllerTimersStaCapCleanup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerTimersRogueApCleanup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } +func expandWirelessControllerTimersRogueStaCleanup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerTimersBleDeviceCleanup(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerTimersDarrpOptimize(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -830,6 +887,19 @@ func getObjectWirelessControllerTimers(d *schema.ResourceData, setArgNil bool, s } } + if v, ok := d.GetOkExists("sta_cap_cleanup"); ok { + if setArgNil { + obj["sta-cap-cleanup"] = nil + } else { + t, err := expandWirelessControllerTimersStaCapCleanup(d, v, "sta_cap_cleanup", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["sta-cap-cleanup"] = t + } + } + } + if v, ok := d.GetOkExists("rogue_ap_cleanup"); ok { if setArgNil { obj["rogue-ap-cleanup"] = nil @@ -843,6 +913,32 @@ func getObjectWirelessControllerTimers(d *schema.ResourceData, setArgNil bool, s } } + if v, ok := d.GetOkExists("rogue_sta_cleanup"); ok { + if setArgNil { + obj["rogue-sta-cleanup"] = nil + } else { + t, err := expandWirelessControllerTimersRogueStaCleanup(d, v, "rogue_sta_cleanup", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rogue-sta-cleanup"] = t + } + } + } + + if v, ok := d.GetOkExists("ble_device_cleanup"); ok { + if setArgNil { + obj["ble-device-cleanup"] = nil + } else { + t, err := expandWirelessControllerTimersBleDeviceCleanup(d, v, "ble_device_cleanup", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["ble-device-cleanup"] = t + } + } + } + if v, ok := d.GetOkExists("darrp_optimize"); ok { if setArgNil { obj["darrp-optimize"] = nil diff --git a/fortios/resource_wirelesscontroller_vap.go b/fortios/resource_wirelesscontroller_vap.go index 5004358cc..e0770e63d 100644 --- a/fortios/resource_wirelesscontroller_vap.go +++ b/fortios/resource_wirelesscontroller_vap.go @@ -111,6 +111,11 @@ func resourceWirelessControllerVap() *schema.Resource { Optional: true, Computed: true, }, + "beacon_protection": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "okc": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -360,12 +365,22 @@ func resourceWirelessControllerVap() *schema.Resource { Optional: true, Computed: true, }, + "akm24_only": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "radius_server": &schema.Schema{ Type: schema.TypeString, ValidateFunc: validation.StringLenBetween(0, 35), Optional: true, Computed: true, }, + "nas_filter_rule": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "acct_interim_interval": &schema.Schema{ Type: schema.TypeInt, ValidateFunc: validation.IntBetween(60, 86400), @@ -656,6 +671,11 @@ func resourceWirelessControllerVap() *schema.Resource { Optional: true, Computed: true, }, + "captive_portal": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "captive_portal_fw_accounting": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -855,7 +875,7 @@ func resourceWirelessControllerVap() *schema.Resource { }, "ptk_rekey_intv": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(1800, 864000), + ValidateFunc: validation.IntBetween(600, 864000), Optional: true, Computed: true, }, @@ -866,7 +886,7 @@ func resourceWirelessControllerVap() *schema.Resource { }, "gtk_rekey_intv": &schema.Schema{ Type: schema.TypeInt, - ValidateFunc: validation.IntBetween(1800, 864000), + ValidateFunc: validation.IntBetween(600, 864000), Optional: true, Computed: true, }, @@ -960,6 +980,24 @@ func resourceWirelessControllerVap() *schema.Resource { Optional: true, Computed: true, }, + "rates_11be_mcs_map": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + Optional: true, + Computed: true, + }, + "rates_11be_mcs_map_160": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + Optional: true, + Computed: true, + }, + "rates_11be_mcs_map_320": &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringLenBetween(0, 15), + Optional: true, + Computed: true, + }, "rates_11ac_ss12": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1366,6 +1404,10 @@ func flattenWirelessControllerVapPmfSaQueryRetryTimeout(v interface{}, d *schema return v } +func flattenWirelessControllerVapBeaconProtection(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerVapOkc(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1584,10 +1626,18 @@ func flattenWirelessControllerVapSaePrivateKey(v interface{}, d *schema.Resource return v } +func flattenWirelessControllerVapAkm24Only(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerVapRadiusServer(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } +func flattenWirelessControllerVapNasFilterRule(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerVapAcctInterimInterval(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -1977,6 +2027,10 @@ func flattenWirelessControllerVapDynamicVlan(v interface{}, d *schema.ResourceDa return v } +func flattenWirelessControllerVapCaptivePortal(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerVapCaptivePortalFwAccounting(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2271,6 +2325,18 @@ func flattenWirelessControllerVapRates11AxMcsMap(v interface{}, d *schema.Resour return v } +func flattenWirelessControllerVapRates11BeMcsMap(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerVapRates11BeMcsMap160(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + +func flattenWirelessControllerVapRates11BeMcsMap320(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerVapRates11AcSs12(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -2544,6 +2610,12 @@ func refreshObjectWirelessControllerVap(d *schema.ResourceData, o map[string]int } } + if err = d.Set("beacon_protection", flattenWirelessControllerVapBeaconProtection(o["beacon-protection"], d, "beacon_protection", sv)); err != nil { + if !fortiAPIPatch(o["beacon-protection"]) { + return fmt.Errorf("Error reading beacon_protection: %v", err) + } + } + if err = d.Set("okc", flattenWirelessControllerVapOkc(o["okc"], d, "okc", sv)); err != nil { if !fortiAPIPatch(o["okc"]) { return fmt.Errorf("Error reading okc: %v", err) @@ -2806,12 +2878,24 @@ func refreshObjectWirelessControllerVap(d *schema.ResourceData, o map[string]int } } + if err = d.Set("akm24_only", flattenWirelessControllerVapAkm24Only(o["akm24-only"], d, "akm24_only", sv)); err != nil { + if !fortiAPIPatch(o["akm24-only"]) { + return fmt.Errorf("Error reading akm24_only: %v", err) + } + } + if err = d.Set("radius_server", flattenWirelessControllerVapRadiusServer(o["radius-server"], d, "radius_server", sv)); err != nil { if !fortiAPIPatch(o["radius-server"]) { return fmt.Errorf("Error reading radius_server: %v", err) } } + if err = d.Set("nas_filter_rule", flattenWirelessControllerVapNasFilterRule(o["nas-filter-rule"], d, "nas_filter_rule", sv)); err != nil { + if !fortiAPIPatch(o["nas-filter-rule"]) { + return fmt.Errorf("Error reading nas_filter_rule: %v", err) + } + } + if err = d.Set("acct_interim_interval", flattenWirelessControllerVapAcctInterimInterval(o["acct-interim-interval"], d, "acct_interim_interval", sv)); err != nil { if !fortiAPIPatch(o["acct-interim-interval"]) { return fmt.Errorf("Error reading acct_interim_interval: %v", err) @@ -3113,6 +3197,12 @@ func refreshObjectWirelessControllerVap(d *schema.ResourceData, o map[string]int } } + if err = d.Set("captive_portal", flattenWirelessControllerVapCaptivePortal(o["captive-portal"], d, "captive_portal", sv)); err != nil { + if !fortiAPIPatch(o["captive-portal"]) { + return fmt.Errorf("Error reading captive_portal: %v", err) + } + } + if err = d.Set("captive_portal_fw_accounting", flattenWirelessControllerVapCaptivePortalFwAccounting(o["captive-portal-fw-accounting"], d, "captive_portal_fw_accounting", sv)); err != nil { if !fortiAPIPatch(o["captive-portal-fw-accounting"]) { return fmt.Errorf("Error reading captive_portal_fw_accounting: %v", err) @@ -3421,6 +3511,24 @@ func refreshObjectWirelessControllerVap(d *schema.ResourceData, o map[string]int } } + if err = d.Set("rates_11be_mcs_map", flattenWirelessControllerVapRates11BeMcsMap(o["rates-11be-mcs-map"], d, "rates_11be_mcs_map", sv)); err != nil { + if !fortiAPIPatch(o["rates-11be-mcs-map"]) { + return fmt.Errorf("Error reading rates_11be_mcs_map: %v", err) + } + } + + if err = d.Set("rates_11be_mcs_map_160", flattenWirelessControllerVapRates11BeMcsMap160(o["rates-11be-mcs-map-160"], d, "rates_11be_mcs_map_160", sv)); err != nil { + if !fortiAPIPatch(o["rates-11be-mcs-map-160"]) { + return fmt.Errorf("Error reading rates_11be_mcs_map_160: %v", err) + } + } + + if err = d.Set("rates_11be_mcs_map_320", flattenWirelessControllerVapRates11BeMcsMap320(o["rates-11be-mcs-map-320"], d, "rates_11be_mcs_map_320", sv)); err != nil { + if !fortiAPIPatch(o["rates-11be-mcs-map-320"]) { + return fmt.Errorf("Error reading rates_11be_mcs_map_320: %v", err) + } + } + if err = d.Set("rates_11ac_ss12", flattenWirelessControllerVapRates11AcSs12(o["rates-11ac-ss12"], d, "rates_11ac_ss12", sv)); err != nil { if !fortiAPIPatch(o["rates-11ac-ss12"]) { return fmt.Errorf("Error reading rates_11ac_ss12: %v", err) @@ -3682,6 +3790,10 @@ func expandWirelessControllerVapPmfSaQueryRetryTimeout(d *schema.ResourceData, v return v, nil } +func expandWirelessControllerVapBeaconProtection(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerVapOkc(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -3886,10 +3998,18 @@ func expandWirelessControllerVapSaePrivateKey(d *schema.ResourceData, v interfac return v, nil } +func expandWirelessControllerVapAkm24Only(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerVapRadiusServer(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } +func expandWirelessControllerVapNasFilterRule(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerVapAcctInterimInterval(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4221,6 +4341,10 @@ func expandWirelessControllerVapDynamicVlan(d *schema.ResourceData, v interface{ return v, nil } +func expandWirelessControllerVapCaptivePortal(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerVapCaptivePortalFwAccounting(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4493,6 +4617,18 @@ func expandWirelessControllerVapRates11AxMcsMap(d *schema.ResourceData, v interf return v, nil } +func expandWirelessControllerVapRates11BeMcsMap(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerVapRates11BeMcsMap160(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + +func expandWirelessControllerVapRates11BeMcsMap320(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerVapRates11AcSs12(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -4791,6 +4927,15 @@ func getObjectWirelessControllerVap(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("beacon_protection"); ok { + t, err := expandWirelessControllerVapBeaconProtection(d, v, "beacon_protection", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["beacon-protection"] = t + } + } + if v, ok := d.GetOk("okc"); ok { t, err := expandWirelessControllerVapOkc(d, v, "okc", sv) if err != nil { @@ -5196,6 +5341,15 @@ func getObjectWirelessControllerVap(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("akm24_only"); ok { + t, err := expandWirelessControllerVapAkm24Only(d, v, "akm24_only", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["akm24-only"] = t + } + } + if v, ok := d.GetOk("radius_server"); ok { t, err := expandWirelessControllerVapRadiusServer(d, v, "radius_server", sv) if err != nil { @@ -5205,6 +5359,15 @@ func getObjectWirelessControllerVap(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("nas_filter_rule"); ok { + t, err := expandWirelessControllerVapNasFilterRule(d, v, "nas_filter_rule", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["nas-filter-rule"] = t + } + } + if v, ok := d.GetOk("acct_interim_interval"); ok { t, err := expandWirelessControllerVapAcctInterimInterval(d, v, "acct_interim_interval", sv) if err != nil { @@ -5565,6 +5728,15 @@ func getObjectWirelessControllerVap(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("captive_portal"); ok { + t, err := expandWirelessControllerVapCaptivePortal(d, v, "captive_portal", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["captive-portal"] = t + } + } + if v, ok := d.GetOk("captive_portal_fw_accounting"); ok { t, err := expandWirelessControllerVapCaptivePortalFwAccounting(d, v, "captive_portal_fw_accounting", sv) if err != nil { @@ -6015,6 +6187,33 @@ func getObjectWirelessControllerVap(d *schema.ResourceData, sv string) (*map[str } } + if v, ok := d.GetOk("rates_11be_mcs_map"); ok { + t, err := expandWirelessControllerVapRates11BeMcsMap(d, v, "rates_11be_mcs_map", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rates-11be-mcs-map"] = t + } + } + + if v, ok := d.GetOk("rates_11be_mcs_map_160"); ok { + t, err := expandWirelessControllerVapRates11BeMcsMap160(d, v, "rates_11be_mcs_map_160", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rates-11be-mcs-map-160"] = t + } + } + + if v, ok := d.GetOk("rates_11be_mcs_map_320"); ok { + t, err := expandWirelessControllerVapRates11BeMcsMap320(d, v, "rates_11be_mcs_map_320", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["rates-11be-mcs-map-320"] = t + } + } + if v, ok := d.GetOk("rates_11ac_ss12"); ok { t, err := expandWirelessControllerVapRates11AcSs12(d, v, "rates_11ac_ss12", sv) if err != nil { diff --git a/fortios/resource_wirelesscontroller_wtpprofile.go b/fortios/resource_wirelesscontroller_wtpprofile.go index d9bd59640..5bb73440a 100644 --- a/fortios/resource_wirelesscontroller_wtpprofile.go +++ b/fortios/resource_wirelesscontroller_wtpprofile.go @@ -376,6 +376,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "usb_port": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "frequency_handoff": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -485,6 +490,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "channel_bonding_ext": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "optional_antenna": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -684,7 +694,7 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { }, "sam_ca_certificate": &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.StringLenBetween(0, 35), + ValidateFunc: validation.StringLenBetween(0, 79), Optional: true, Computed: true, }, @@ -942,6 +952,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "channel_bonding_ext": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "optional_antenna": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1141,7 +1156,7 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { }, "sam_ca_certificate": &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.StringLenBetween(0, 35), + ValidateFunc: validation.StringLenBetween(0, 79), Optional: true, Computed: true, }, @@ -1393,6 +1408,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "channel_bonding_ext": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "optional_antenna": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -1592,7 +1612,7 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { }, "sam_ca_certificate": &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.StringLenBetween(0, 35), + ValidateFunc: validation.StringLenBetween(0, 79), Optional: true, Computed: true, }, @@ -1844,6 +1864,11 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { Optional: true, Computed: true, }, + "channel_bonding_ext": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + Computed: true, + }, "optional_antenna": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -2043,7 +2068,7 @@ func resourceWirelessControllerWtpProfile() *schema.Resource { }, "sam_ca_certificate": &schema.Schema{ Type: schema.TypeString, - ValidateFunc: validation.StringLenBetween(0, 35), + ValidateFunc: validation.StringLenBetween(0, 79), Optional: true, Computed: true, }, @@ -3186,6 +3211,10 @@ func flattenWirelessControllerWtpProfilePoeMode(v interface{}, d *schema.Resourc return v } +func flattenWirelessControllerWtpProfileUsbPort(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileFrequencyHandoff(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -3293,6 +3322,11 @@ func flattenWirelessControllerWtpProfileRadio1(v interface{}, d *schema.Resource result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio1ChannelBonding(i["channel-bonding"], d, pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := i["channel-bonding-ext"]; ok { + result["channel_bonding_ext"] = flattenWirelessControllerWtpProfileRadio1ChannelBondingExt(i["channel-bonding-ext"], d, pre_append, sv) + } + pre_append = pre + ".0." + "optional_antenna" if _, ok := i["optional-antenna"]; ok { result["optional_antenna"] = flattenWirelessControllerWtpProfileRadio1OptionalAntenna(i["optional-antenna"], d, pre_append, sv) @@ -3679,6 +3713,10 @@ func flattenWirelessControllerWtpProfileRadio1ChannelBonding(v interface{}, d *s return v } +func flattenWirelessControllerWtpProfileRadio1ChannelBondingExt(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio1OptionalAntenna(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4102,6 +4140,11 @@ func flattenWirelessControllerWtpProfileRadio2(v interface{}, d *schema.Resource result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio2ChannelBonding(i["channel-bonding"], d, pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := i["channel-bonding-ext"]; ok { + result["channel_bonding_ext"] = flattenWirelessControllerWtpProfileRadio2ChannelBondingExt(i["channel-bonding-ext"], d, pre_append, sv) + } + pre_append = pre + ".0." + "optional_antenna" if _, ok := i["optional-antenna"]; ok { result["optional_antenna"] = flattenWirelessControllerWtpProfileRadio2OptionalAntenna(i["optional-antenna"], d, pre_append, sv) @@ -4488,6 +4531,10 @@ func flattenWirelessControllerWtpProfileRadio2ChannelBonding(v interface{}, d *s return v } +func flattenWirelessControllerWtpProfileRadio2ChannelBondingExt(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio2OptionalAntenna(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -4906,6 +4953,11 @@ func flattenWirelessControllerWtpProfileRadio3(v interface{}, d *schema.Resource result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio3ChannelBonding(i["channel-bonding"], d, pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := i["channel-bonding-ext"]; ok { + result["channel_bonding_ext"] = flattenWirelessControllerWtpProfileRadio3ChannelBondingExt(i["channel-bonding-ext"], d, pre_append, sv) + } + pre_append = pre + ".0." + "optional_antenna" if _, ok := i["optional-antenna"]; ok { result["optional_antenna"] = flattenWirelessControllerWtpProfileRadio3OptionalAntenna(i["optional-antenna"], d, pre_append, sv) @@ -5288,6 +5340,10 @@ func flattenWirelessControllerWtpProfileRadio3ChannelBonding(v interface{}, d *s return v } +func flattenWirelessControllerWtpProfileRadio3ChannelBondingExt(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio3OptionalAntenna(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -5706,6 +5762,11 @@ func flattenWirelessControllerWtpProfileRadio4(v interface{}, d *schema.Resource result["channel_bonding"] = flattenWirelessControllerWtpProfileRadio4ChannelBonding(i["channel-bonding"], d, pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := i["channel-bonding-ext"]; ok { + result["channel_bonding_ext"] = flattenWirelessControllerWtpProfileRadio4ChannelBondingExt(i["channel-bonding-ext"], d, pre_append, sv) + } + pre_append = pre + ".0." + "optional_antenna" if _, ok := i["optional-antenna"]; ok { result["optional_antenna"] = flattenWirelessControllerWtpProfileRadio4OptionalAntenna(i["optional-antenna"], d, pre_append, sv) @@ -6088,6 +6149,10 @@ func flattenWirelessControllerWtpProfileRadio4ChannelBonding(v interface{}, d *s return v } +func flattenWirelessControllerWtpProfileRadio4ChannelBondingExt(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { + return v +} + func flattenWirelessControllerWtpProfileRadio4OptionalAntenna(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} { return v } @@ -7155,6 +7220,12 @@ func refreshObjectWirelessControllerWtpProfile(d *schema.ResourceData, o map[str } } + if err = d.Set("usb_port", flattenWirelessControllerWtpProfileUsbPort(o["usb-port"], d, "usb_port", sv)); err != nil { + if !fortiAPIPatch(o["usb-port"]) { + return fmt.Errorf("Error reading usb_port: %v", err) + } + } + if err = d.Set("frequency_handoff", flattenWirelessControllerWtpProfileFrequencyHandoff(o["frequency-handoff"], d, "frequency_handoff", sv)); err != nil { if !fortiAPIPatch(o["frequency-handoff"]) { return fmt.Errorf("Error reading frequency_handoff: %v", err) @@ -7754,6 +7825,10 @@ func expandWirelessControllerWtpProfilePoeMode(d *schema.ResourceData, v interfa return v, nil } +func expandWirelessControllerWtpProfileUsbPort(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileFrequencyHandoff(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -7844,6 +7919,10 @@ func expandWirelessControllerWtpProfileRadio1(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio1ChannelBonding(d, i["channel_bonding"], pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := d.GetOk(pre_append); ok { + result["channel-bonding-ext"], _ = expandWirelessControllerWtpProfileRadio1ChannelBondingExt(d, i["channel_bonding_ext"], pre_append, sv) + } pre_append = pre + ".0." + "optional_antenna" if _, ok := d.GetOk(pre_append); ok { result["optional-antenna"], _ = expandWirelessControllerWtpProfileRadio1OptionalAntenna(d, i["optional_antenna"], pre_append, sv) @@ -8172,6 +8251,10 @@ func expandWirelessControllerWtpProfileRadio1ChannelBonding(d *schema.ResourceDa return v, nil } +func expandWirelessControllerWtpProfileRadio1ChannelBondingExt(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio1OptionalAntenna(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -8550,6 +8633,10 @@ func expandWirelessControllerWtpProfileRadio2(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio2ChannelBonding(d, i["channel_bonding"], pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := d.GetOk(pre_append); ok { + result["channel-bonding-ext"], _ = expandWirelessControllerWtpProfileRadio2ChannelBondingExt(d, i["channel_bonding_ext"], pre_append, sv) + } pre_append = pre + ".0." + "optional_antenna" if _, ok := d.GetOk(pre_append); ok { result["optional-antenna"], _ = expandWirelessControllerWtpProfileRadio2OptionalAntenna(d, i["optional_antenna"], pre_append, sv) @@ -8878,6 +8965,10 @@ func expandWirelessControllerWtpProfileRadio2ChannelBonding(d *schema.ResourceDa return v, nil } +func expandWirelessControllerWtpProfileRadio2ChannelBondingExt(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio2OptionalAntenna(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -9252,6 +9343,10 @@ func expandWirelessControllerWtpProfileRadio3(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio3ChannelBonding(d, i["channel_bonding"], pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := d.GetOk(pre_append); ok { + result["channel-bonding-ext"], _ = expandWirelessControllerWtpProfileRadio3ChannelBondingExt(d, i["channel_bonding_ext"], pre_append, sv) + } pre_append = pre + ".0." + "optional_antenna" if _, ok := d.GetOk(pre_append); ok { result["optional-antenna"], _ = expandWirelessControllerWtpProfileRadio3OptionalAntenna(d, i["optional_antenna"], pre_append, sv) @@ -9576,6 +9671,10 @@ func expandWirelessControllerWtpProfileRadio3ChannelBonding(d *schema.ResourceDa return v, nil } +func expandWirelessControllerWtpProfileRadio3ChannelBondingExt(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio3OptionalAntenna(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -9950,6 +10049,10 @@ func expandWirelessControllerWtpProfileRadio4(d *schema.ResourceData, v interfac if _, ok := d.GetOk(pre_append); ok { result["channel-bonding"], _ = expandWirelessControllerWtpProfileRadio4ChannelBonding(d, i["channel_bonding"], pre_append, sv) } + pre_append = pre + ".0." + "channel_bonding_ext" + if _, ok := d.GetOk(pre_append); ok { + result["channel-bonding-ext"], _ = expandWirelessControllerWtpProfileRadio4ChannelBondingExt(d, i["channel_bonding_ext"], pre_append, sv) + } pre_append = pre + ".0." + "optional_antenna" if _, ok := d.GetOk(pre_append); ok { result["optional-antenna"], _ = expandWirelessControllerWtpProfileRadio4OptionalAntenna(d, i["optional_antenna"], pre_append, sv) @@ -10274,6 +10377,10 @@ func expandWirelessControllerWtpProfileRadio4ChannelBonding(d *schema.ResourceDa return v, nil } +func expandWirelessControllerWtpProfileRadio4ChannelBondingExt(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { + return v, nil +} + func expandWirelessControllerWtpProfileRadio4OptionalAntenna(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) { return v, nil } @@ -11309,6 +11416,15 @@ func getObjectWirelessControllerWtpProfile(d *schema.ResourceData, sv string) (* } } + if v, ok := d.GetOk("usb_port"); ok { + t, err := expandWirelessControllerWtpProfileUsbPort(d, v, "usb_port", sv) + if err != nil { + return &obj, err + } else if t != nil { + obj["usb-port"] = t + } + } + if v, ok := d.GetOk("frequency_handoff"); ok { t, err := expandWirelessControllerWtpProfileFrequencyHandoff(d, v, "frequency_handoff", sv) if err != nil { diff --git a/go.mod b/go.mod index 19b517940..d6cab6429 100644 --- a/go.mod +++ b/go.mod @@ -6,16 +6,16 @@ require ( github.com/fortinetdev/forti-sdk-go v1.9.2 github.com/google/uuid v1.6.0 github.com/hashicorp/go-version v1.6.0 - github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 ) require ( - github.com/ProtonMail/go-crypto v1.1.0-alpha.0 // indirect + github.com/ProtonMail/go-crypto v1.1.0-alpha.2 // indirect github.com/agext/levenshtein v1.2.2 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/fatih/color v1.16.0 // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect @@ -25,12 +25,12 @@ require ( github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.6.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/hc-install v0.6.3 // indirect - github.com/hashicorp/hcl/v2 v2.19.1 // indirect + github.com/hashicorp/hc-install v0.6.4 // indirect + github.com/hashicorp/hcl/v2 v2.20.1 // indirect github.com/hashicorp/logutils v1.0.0 // indirect - github.com/hashicorp/terraform-exec v0.20.0 // indirect - github.com/hashicorp/terraform-json v0.21.0 // indirect - github.com/hashicorp/terraform-plugin-go v0.22.0 // indirect + github.com/hashicorp/terraform-exec v0.21.0 // indirect + github.com/hashicorp/terraform-json v0.22.1 // indirect + github.com/hashicorp/terraform-plugin-go v0.23.0 // indirect github.com/hashicorp/terraform-plugin-log v0.9.0 // indirect github.com/hashicorp/terraform-registry-address v0.2.3 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect @@ -46,14 +46,15 @@ require ( github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect - github.com/zclconf/go-cty v1.14.2 // indirect - golang.org/x/crypto v0.19.0 // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.19.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/text v0.14.0 // indirect + github.com/zclconf/go-cty v1.14.4 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/mod v0.16.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect + golang.org/x/tools v0.13.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/grpc v1.61.1 // indirect - google.golang.org/protobuf v1.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect + google.golang.org/grpc v1.63.2 // indirect + google.golang.org/protobuf v1.34.0 // indirect ) diff --git a/go.sum b/go.sum index 63e89e9f2..680a2560d 100644 --- a/go.sum +++ b/go.sum @@ -2,8 +2,8 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v1.1.0-alpha.0 h1:nHGfwXmFvJrSR9xu8qL7BkO4DqTHXE9N5vPhgY2I+j0= -github.com/ProtonMail/go-crypto v1.1.0-alpha.0/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.0-alpha.2 h1:bkyFVUP+ROOARdgCiJzNQo2V2kiB97LyUpzH9P6Hrlg= +github.com/ProtonMail/go-crypto v1.1.0-alpha.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= @@ -29,8 +29,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= -github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= +github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= +github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -38,8 +38,8 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4er github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -66,22 +66,22 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/hc-install v0.6.3 h1:yE/r1yJvWbtrJ0STwScgEnCanb0U9v7zp0Gbkmcoxqs= -github.com/hashicorp/hc-install v0.6.3/go.mod h1:KamGdbodYzlufbWh4r9NRo8y6GLHWZP2GBtdnms1Ln0= -github.com/hashicorp/hcl/v2 v2.19.1 h1://i05Jqznmb2EXqa39Nsvyan2o5XyMowW5fnCKW5RPI= -github.com/hashicorp/hcl/v2 v2.19.1/go.mod h1:ThLC89FV4p9MPW804KVbe/cEXoQ8NZEh+JtMeeGErHE= +github.com/hashicorp/hc-install v0.6.4 h1:QLqlM56/+SIIGvGcfFiwMY3z5WGXT066suo/v9Km8e0= +github.com/hashicorp/hc-install v0.6.4/go.mod h1:05LWLy8TD842OtgcfBbOT0WMoInBMUSHjmDx10zuBIA= +github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= +github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= -github.com/hashicorp/terraform-exec v0.20.0 h1:DIZnPsqzPGuUnq6cH8jWcPunBfY+C+M8JyYF3vpnuEo= -github.com/hashicorp/terraform-exec v0.20.0/go.mod h1:ckKGkJWbsNqFKV1itgMnE0hY9IYf1HoiekpuN0eWoDw= -github.com/hashicorp/terraform-json v0.21.0 h1:9NQxbLNqPbEMze+S6+YluEdXgJmhQykRyRNd+zTI05U= -github.com/hashicorp/terraform-json v0.21.0/go.mod h1:qdeBs11ovMzo5puhrRibdD6d2Dq6TyE/28JiU4tIQxk= -github.com/hashicorp/terraform-plugin-go v0.22.0 h1:1OS1Jk5mO0f5hrziWJGXXIxBrMe2j/B8E+DVGw43Xmc= -github.com/hashicorp/terraform-plugin-go v0.22.0/go.mod h1:mPULV91VKss7sik6KFEcEu7HuTogMLLO/EvWCuFkRVE= +github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ= +github.com/hashicorp/terraform-exec v0.21.0/go.mod h1:1PPeMYou+KDUSSeRE9szMZ/oHf4fYUmB923Wzbq1ICg= +github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= +github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= +github.com/hashicorp/terraform-plugin-go v0.23.0 h1:AALVuU1gD1kPb48aPQUjug9Ir/125t+AAurhqphJ2Co= +github.com/hashicorp/terraform-plugin-go v0.23.0/go.mod h1:1E3Cr9h2vMlahWMbsSEcNrOCxovCZhOOIXjFHbjc/lQ= github.com/hashicorp/terraform-plugin-log v0.9.0 h1:i7hOA+vdAItN1/7UrfBqBwvYPQ9TFvymaRGZED3FCV0= github.com/hashicorp/terraform-plugin-log v0.9.0/go.mod h1:rKL8egZQ/eXSyDqzLUuwUYLVdlYeamldAHSxjUFADow= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0 h1:qHprzXy/As0rxedphECBEQAh3R4yp6pKksKHcqZx5G8= -github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0/go.mod h1:H+8tjs9TjV2w57QFVSMBQacf8k/E1XwLXGCARgViC6A= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 h1:kJiWGx2kiQVo97Y5IOGR4EMcZ8DtMswHhUuFibsCQQE= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0/go.mod h1:sl/UoabMc37HA6ICVMmGO+/0wofkVIRxf+BMb/dnoIg= github.com/hashicorp/terraform-registry-address v0.2.3 h1:2TAiKJ1A3MAkZlH1YI/aTVcLZRu7JseiXNRHbOAyoTI= github.com/hashicorp/terraform-registry-address v0.2.3/go.mod h1:lFHA76T8jfQteVfT7caREqguFrW3c4MFSPhZB7HHgUM= github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S52uzrw4x0jKQ= @@ -99,8 +99,6 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= -github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -126,10 +124,10 @@ github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= -github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= -github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= +github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= +github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= @@ -143,24 +141,28 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI= -github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= +github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= +golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -173,19 +175,19 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -196,14 +198,14 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= -google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de h1:cZGRis4/ot9uVm639a+rHCUaG0JJHEsdyzSQTMX+suY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= +google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= +google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= +google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/sdk/sdkcore/sdkfos.go b/sdk/sdkcore/sdkfos.go index 64b7ccb1d..ba23c03df 100644 --- a/sdk/sdkcore/sdkfos.go +++ b/sdk/sdkcore/sdkfos.go @@ -3135,6 +3135,60 @@ func (c *FortiSDKClient) ReadExtensionControllerDataplan(mkey string, vdomparam return } +// CreateExtensionControllerExtenderVap API operation for FortiOS creates a new Extender Vap. +// Returns the index value of the Extender Vap and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the extension-controller - extender-vap chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateExtensionControllerExtenderVap(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/extension-controller/extender-vap" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateExtensionControllerExtenderVap API operation for FortiOS updates the specified Extender Vap. +// Returns the index value of the Extender Vap and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the extension-controller - extender-vap chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateExtensionControllerExtenderVap(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/extension-controller/extender-vap" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteExtensionControllerExtenderVap API operation for FortiOS deletes the specified Extender Vap. +// Returns error for service API and SDK errors. +// See the extension-controller - extender-vap chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteExtensionControllerExtenderVap(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/extension-controller/extender-vap" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadExtensionControllerExtenderVap API operation for FortiOS gets the Extender Vap +// with the specified index value. +// Returns the requested Extender Vap value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the extension-controller - extender-vap chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadExtensionControllerExtenderVap(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/extension-controller/extender-vap" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateExtensionControllerExtender API operation for FortiOS creates a new Extender. // Returns the index value of the Extender and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -5867,6 +5921,60 @@ func (c *FortiSDKClient) ReadFirewallMulticastPolicy(mkey string, vdomparam stri return } +// CreateFirewallOnDemandSniffer API operation for FortiOS creates a new On Demand Sniffer. +// Returns the index value of the On Demand Sniffer and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the firewall - on-demand-sniffer chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) CreateFirewallOnDemandSniffer(params *map[string]interface{}, vdomparam string) (output map[string]interface{}, err error) { + + HTTPMethod := "POST" + path := "/api/v2/cmdb/firewall/on-demand-sniffer" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// UpdateFirewallOnDemandSniffer API operation for FortiOS updates the specified On Demand Sniffer. +// Returns the index value of the On Demand Sniffer and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the firewall - on-demand-sniffer chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateFirewallOnDemandSniffer(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/firewall/on-demand-sniffer" + path += "/" + escapeURLString(mkey) + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteFirewallOnDemandSniffer API operation for FortiOS deletes the specified On Demand Sniffer. +// Returns error for service API and SDK errors. +// See the firewall - on-demand-sniffer chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteFirewallOnDemandSniffer(mkey string, vdomparam string) (err error) { + HTTPMethod := "DELETE" + path := "/api/v2/cmdb/firewall/on-demand-sniffer" + path += "/" + escapeURLString(mkey) + + err = delete(c, HTTPMethod, path, vdomparam) + return +} + +// ReadFirewallOnDemandSniffer API operation for FortiOS gets the On Demand Sniffer +// with the specified index value. +// Returns the requested On Demand Sniffer value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the firewall - on-demand-sniffer chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadFirewallOnDemandSniffer(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/firewall/on-demand-sniffer" + path += "/" + escapeURLString(mkey) + + mapTmp, err = read(c, HTTPMethod, path, false, vdomparam) + return +} + // CreateFirewallMulticastPolicy6 API operation for FortiOS creates a new Multicast Policy6. // Returns the index value of the Multicast Policy6 and execution result when the request executes successfully. // Returns error for service API and SDK errors. @@ -19963,6 +20071,41 @@ func (c *FortiSDKClient) ReadSystemSpeedTestSchedule(mkey string, vdomparam stri return } +// UpdateSystemSshConfig API operation for FortiOS updates the specified Ssh Config. +// Returns the index value of the Ssh Config and execution result when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - ssh-config chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) UpdateSystemSshConfig(params *map[string]interface{}, mkey string, vdomparam string) (output map[string]interface{}, err error) { + HTTPMethod := "PUT" + path := "/api/v2/cmdb/system/ssh-config" + output = make(map[string]interface{}) + + err = createUpdate(c, HTTPMethod, path, params, output, vdomparam) + return +} + +// DeleteSystemSshConfig API operation for FortiOS deletes the specified Ssh Config. +// Returns error for service API and SDK errors. +// See the system - ssh-config chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) DeleteSystemSshConfig(mkey string, vdomparam string) (err error) { + + //No unset API for system - ssh-config + return +} + +// ReadSystemSshConfig API operation for FortiOS gets the Ssh Config +// with the specified index value. +// Returns the requested Ssh Config value when the request executes successfully. +// Returns error for service API and SDK errors. +// See the system - ssh-config chapter in the FortiOS Handbook - CLI Reference. +func (c *FortiSDKClient) ReadSystemSshConfig(mkey string, vdomparam string) (mapTmp map[string]interface{}, err error) { + HTTPMethod := "GET" + path := "/api/v2/cmdb/system/ssh-config" + + mapTmp, err = read(c, HTTPMethod, path, true, vdomparam) + return +} + // CreateSystemSpeedTestServer API operation for FortiOS creates a new Speed Test Server. // Returns the index value of the Speed Test Server and execution result when the request executes successfully. // Returns error for service API and SDK errors. diff --git a/website/docs/d/fortios_firewall_centralsnatmap.html.markdown b/website/docs/d/fortios_firewall_centralsnatmap.html.markdown index 8c223ca1e..bdc5a43a3 100644 --- a/website/docs/d/fortios_firewall_centralsnatmap.html.markdown +++ b/website/docs/d/fortios_firewall_centralsnatmap.html.markdown @@ -31,6 +31,7 @@ The following attributes are exported: * `dstintf` - Destination interface name from available interfaces. The structure of `dstintf` block is documented below. * `nat_ippool` - Name of the IP pools to be used to translate addresses from available IP Pools. The structure of `nat_ippool` block is documented below. * `nat_ippool6` - IPv6 pools to be used for source NAT. The structure of `nat_ippool6` block is documented below. +* `port_preserve` - Enable/disable preservation of the original source port from source NAT if it has not been used. * `protocol` - Integer value for the protocol type (0 - 255). * `orig_port` - Original TCP port (0 to 65535). * `nat_port` - Translated port or port range (0 to 65535). diff --git a/website/docs/d/fortios_firewall_policy.html.markdown b/website/docs/d/fortios_firewall_policy.html.markdown index 52f49e93f..b6beb063f 100644 --- a/website/docs/d/fortios_firewall_policy.html.markdown +++ b/website/docs/d/fortios_firewall_policy.html.markdown @@ -145,6 +145,7 @@ The following attributes are exported: * `permit_any_host` - Accept UDP packets from any host. * `permit_stun_host` - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. * `fixedport` - Enable to prevent source NAT from changing a session's source port. +* `port_preserve` - Enable/disable preservation of the original source port from source NAT if it has not been used. * `ippool` - Enable to use IP Pools for source NAT. * `poolname` - IP Pool names. The structure of `poolname` block is documented below. * `poolname6` - IPv6 pool names. The structure of `poolname6` block is documented below. diff --git a/website/docs/d/fortios_router_bgp.html.markdown b/website/docs/d/fortios_router_bgp.html.markdown index f7cf06a0f..816969eb3 100644 --- a/website/docs/d/fortios_router_bgp.html.markdown +++ b/website/docs/d/fortios_router_bgp.html.markdown @@ -406,6 +406,7 @@ The `neighbor_group` block contains: * `prefix_list_out_vpnv4` - Outbound filter for VPNv4 updates to this neighbor. * `prefix_list_out_vpnv6` - Outbound filter for VPNv6 updates to this neighbor. * `remote_as` - AS number of neighbor. +* `remote_as_filter` - BGP filter for remote AS. * `local_as` - Local AS number of neighbor. * `local_as_no_prepend` - Do not prepend local-as to incoming updates. * `local_as_replace_as` - Replace real AS with local-as in outgoing updates. diff --git a/website/docs/d/fortios_system_accprofile.html.markdown b/website/docs/d/fortios_system_accprofile.html.markdown index 44ecd5490..a55478bcb 100644 --- a/website/docs/d/fortios_system_accprofile.html.markdown +++ b/website/docs/d/fortios_system_accprofile.html.markdown @@ -83,6 +83,7 @@ The `utmgrp_permission` block contains: * `ips` - IPS profiles and settings. * `webfilter` - Web Filter profiles and settings. * `emailfilter` - AntiSpam filter and settings. +* `dlp` - DLP profiles and settings. * `data_leak_prevention` - DLP profiles and settings. * `spamfilter` - AntiSpam filter and settings. * `data_loss_prevention` - DLP profiles and settings. diff --git a/website/docs/d/fortios_system_global.html.markdown b/website/docs/d/fortios_system_global.html.markdown index 3f256b26c..a0be8af01 100644 --- a/website/docs/d/fortios_system_global.html.markdown +++ b/website/docs/d/fortios_system_global.html.markdown @@ -187,6 +187,7 @@ The following attributes are exported: * `user_server_cert` - Certificate to use for https user authentication. * `admin_https_pki_required` - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. * `wifi_certificate` - Certificate to use for WiFi authentication. +* `dhcp_lease_backup_interval` - DHCP leases backup interval in seconds (10 - 3600, default = 60). * `wifi_ca_certificate` - CA certificate that verifies the WiFi certificate. * `auth_http_port` - User authentication HTTP port. (1 - 65535, default = 80). * `auth_https_port` - User authentication HTTPS port. (1 - 65535, default = 443). diff --git a/website/docs/d/fortios_system_interface.html.markdown b/website/docs/d/fortios_system_interface.html.markdown index 80250c270..826bde2f8 100644 --- a/website/docs/d/fortios_system_interface.html.markdown +++ b/website/docs/d/fortios_system_interface.html.markdown @@ -50,6 +50,7 @@ The following attributes are exported: * `dhcp_relay_circuit_id` - DHCP relay circuit ID. * `dhcp_relay_link_selection` - DHCP relay link selection. * `dhcp_relay_request_all_server` - Enable/disable sending DHCP request to all servers. +* `dhcp_relay_allow_no_end_option` - Enable/disable relaying DHCP messages with no end option. * `dhcp_relay_type` - DHCP relay type (regular or IPsec). * `dhcp_smart_relay` - Enable/disable DHCP smart relay. * `dhcp_relay_agent_option` - Enable/disable DHCP relay agent option. diff --git a/website/docs/d/fortios_system_ntp.html.markdown b/website/docs/d/fortios_system_ntp.html.markdown index 75c5f9a65..d381edc26 100644 --- a/website/docs/d/fortios_system_ntp.html.markdown +++ b/website/docs/d/fortios_system_ntp.html.markdown @@ -38,6 +38,7 @@ The `ntpserver` block contains: * `server` - IP address or hostname of the NTP Server. * `ntpv3` - Enable to use NTPv3 instead of NTPv4. * `authentication` - Enable/disable MD5/SHA1 authentication. +* `key_type` - Select NTP authentication type. * `key` - Key for MD5/SHA1 authentication. * `key_id` - Key ID for authentication. * `ip_type` - Choose to connect to IPv4 or/and IPv6 NTP server. diff --git a/website/docs/r/fortios_authentication_rule.html.markdown b/website/docs/r/fortios_authentication_rule.html.markdown index 97efe7d9e..a992bf0ad 100644 --- a/website/docs/r/fortios_authentication_rule.html.markdown +++ b/website/docs/r/fortios_authentication_rule.html.markdown @@ -40,6 +40,7 @@ The following arguments are supported: * `web_auth_cookie` - Enable/disable Web authentication cookies (default = disable). Valid values: `enable`, `disable`. * `cors_stateful` - Enable/disable allowance of CORS access (default = disable). Valid values: `enable`, `disable`. * `cors_depth` - Depth to allow CORS access (default = 3). +* `cert_auth_cookie` - Enable/disable to use device certificate as authentication cookie (default = enable). Valid values: `enable`, `disable`. * `transaction_based` - Enable/disable transaction based authentication (default = disable). Valid values: `enable`, `disable`. * `web_portal` - Enable/disable web portal for proxy transparent policy (default = enable). Valid values: `enable`, `disable`. * `comments` - Comment. diff --git a/website/docs/r/fortios_casb_profile.html.markdown b/website/docs/r/fortios_casb_profile.html.markdown index b62548878..7a1192b8c 100644 --- a/website/docs/r/fortios_casb_profile.html.markdown +++ b/website/docs/r/fortios_casb_profile.html.markdown @@ -14,6 +14,7 @@ Configure CASB profile. Applies to FortiOS Version `>= 7.4.1`. The following arguments are supported: * `name` - CASB profile name. +* `comment` - Comment. * `saas_application` - CASB profile SaaS application. The structure of `saas_application` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. diff --git a/website/docs/r/fortios_certificate_ca.html.markdown b/website/docs/r/fortios_certificate_ca.html.markdown index 15e2a8b2f..83e5ceee4 100644 --- a/website/docs/r/fortios_certificate_ca.html.markdown +++ b/website/docs/r/fortios_certificate_ca.html.markdown @@ -26,6 +26,7 @@ The following arguments are supported: * `source_ip` - Source IP address for communications to the SCEP server. * `ca_identifier` - CA identifier of the SCEP server. * `obsolete` - Enable/disable this CA as obsoleted. Valid values: `disable`, `enable`. +* `fabric_ca` - Enable/disable synchronization of CA across Security Fabric. Valid values: `disable`, `enable`. * `last_updated` - Time at which CA was last updated. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_dnsfilter_profile.html.markdown b/website/docs/r/fortios_dnsfilter_profile.html.markdown index 4f0fd26e7..c4b58d44c 100644 --- a/website/docs/r/fortios_dnsfilter_profile.html.markdown +++ b/website/docs/r/fortios_dnsfilter_profile.html.markdown @@ -72,10 +72,11 @@ The following arguments are supported: * `redirect_portal6` - IPv6 address of the SDNS redirect portal. * `block_botnet` - Enable/disable blocking botnet C&C DNS lookups. Valid values: `disable`, `enable`. * `safe_search` - Enable/disable Google, Bing, and YouTube safe search. Valid values: `disable`, `enable`. -* `youtube_restrict` - Set safe search for YouTube restriction level. Valid values: `strict`, `moderate`. +* `youtube_restrict` - Set safe search for YouTube restriction level. * `external_ip_blocklist` - One or more external IP block lists. The structure of `external_ip_blocklist` block is documented below. * `dns_translation` - DNS translation settings. The structure of `dns_translation` block is documented below. * `transparent_dns_database` - Transparent DNS database zones. The structure of `transparent_dns_database` block is documented below. +* `strip_ech` - Enable/disable removal of the encrypted client hello service parameter from supporting DNS RRs. Valid values: `disable`, `enable`. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_endpointcontrol_fctems.html.markdown b/website/docs/r/fortios_endpointcontrol_fctems.html.markdown index 80f315025..234830ba0 100644 --- a/website/docs/r/fortios_endpointcontrol_fctems.html.markdown +++ b/website/docs/r/fortios_endpointcontrol_fctems.html.markdown @@ -21,6 +21,7 @@ The following arguments are supported: * `serial_number` - FortiClient EMS Serial Number. * `tenant_id` - EMS Tenant ID. * `fortinetone_cloud_authentication` - Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account. Valid values: `enable`, `disable`. +* `cloud_authentication_access_key` - FortiClient EMS Cloud multitenancy access key * `https_port` - FortiClient EMS HTTPS access port number. (1 - 65535, default: 443). * `admin_username` - FortiClient EMS admin username. * `admin_password` - FortiClient EMS admin password. diff --git a/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown b/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown index a8782f191..9a23f3c98 100644 --- a/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown +++ b/website/docs/r/fortios_endpointcontrol_fctemsoverride.html.markdown @@ -18,6 +18,7 @@ The following arguments are supported: * `name` - FortiClient Enterprise Management Server (EMS) name. * `dirty_reason` - Dirty Reason for FortiClient EMS. Valid values: `none`, `mismatched-ems-sn`. * `fortinetone_cloud_authentication` - Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account. Valid values: `enable`, `disable`. +* `cloud_authentication_access_key` - FortiClient EMS Cloud multitenancy access key * `server` - FortiClient EMS FQDN or IPv4 address. * `https_port` - FortiClient EMS HTTPS access port number. (1 - 65535, default: 443). * `serial_number` - EMS Serial Number. diff --git a/website/docs/r/fortios_endpointcontrol_settings.html.markdown b/website/docs/r/fortios_endpointcontrol_settings.html.markdown index 18c88e54f..9b770dc54 100644 --- a/website/docs/r/fortios_endpointcontrol_settings.html.markdown +++ b/website/docs/r/fortios_endpointcontrol_settings.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_endpointcontrol_settings -Configure endpoint control settings. Applies to FortiOS Version `6.2.0,6.2.4,6.2.6,7.4.0,7.4.1,7.4.2,7.4.3`. +Configure endpoint control settings. Applies to FortiOS Version `6.2.0,6.2.4,6.2.6,7.4.0,7.4.1,7.4.2,7.4.3,7.4.4`. ## Example Usage diff --git a/website/docs/r/fortios_extensioncontroller_extenderprofile.html.markdown b/website/docs/r/fortios_extensioncontroller_extenderprofile.html.markdown index 57ac225e5..cc97ffaac 100644 --- a/website/docs/r/fortios_extensioncontroller_extenderprofile.html.markdown +++ b/website/docs/r/fortios_extensioncontroller_extenderprofile.html.markdown @@ -15,7 +15,7 @@ The following arguments are supported: * `name` - FortiExtender profile name. * `fosid` - ID. -* `model` - Model. Valid values: `FX201E`, `FX211E`, `FX200F`, `FXA11F`, `FXE11F`, `FXA21F`, `FXE21F`, `FXA22F`, `FXE22F`, `FX212F`, `FX311F`, `FX312F`, `FX511F`, `FVG21F`, `FVA21F`, `FVG22F`, `FVA22F`, `FX04DA`. +* `model` - Model. * `extension` - Extension option. Valid values: `wan-extension`, `lan-extension`. * `allowaccess` - Control management access to the managed extender. Separate entries with a space. Valid values: `ping`, `telnet`, `http`, `https`, `ssh`, `snmp`. * `login_password_change` - Change or reset the administrator password of a managed extender (yes, default, or no, default = no). Valid values: `yes`, `default`, `no`. @@ -24,6 +24,7 @@ The following arguments are supported: * `bandwidth_limit` - FortiExtender LAN extension bandwidth limit (Mbps). * `cellular` - FortiExtender cellular configuration. The structure of `cellular` block is documented below. * `lan_extension` - FortiExtender lan extension configuration. The structure of `lan_extension` block is documented below. +* `wifi` - FortiExtender wifi configuration. The structure of `wifi` block is documented below. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. @@ -133,6 +134,58 @@ The `backhaul` block supports: * `role` - FortiExtender uplink port. Valid values: `primary`, `secondary`. * `weight` - WRR weight parameter. +The `wifi` block supports: + +* `country` - Country in which this FEX will operate (default = NA). Valid values: `--`, `AF`, `AL`, `DZ`, `AS`, `AO`, `AR`, `AM`, `AU`, `AT`, `AZ`, `BS`, `BH`, `BD`, `BB`, `BY`, `BE`, `BZ`, `BJ`, `BM`, `BT`, `BO`, `BA`, `BW`, `BR`, `BN`, `BG`, `BF`, `KH`, `CM`, `KY`, `CF`, `TD`, `CL`, `CN`, `CX`, `CO`, `CG`, `CD`, `CR`, `HR`, `CY`, `CZ`, `DK`, `DJ`, `DM`, `DO`, `EC`, `EG`, `SV`, `ET`, `EE`, `GF`, `PF`, `FO`, `FJ`, `FI`, `FR`, `GA`, `GE`, `GM`, `DE`, `GH`, `GI`, `GR`, `GL`, `GD`, `GP`, `GU`, `GT`, `GY`, `HT`, `HN`, `HK`, `HU`, `IS`, `IN`, `ID`, `IQ`, `IE`, `IM`, `IL`, `IT`, `CI`, `JM`, `JO`, `KZ`, `KE`, `KR`, `KW`, `LA`, `LV`, `LB`, `LS`, `LR`, `LY`, `LI`, `LT`, `LU`, `MO`, `MK`, `MG`, `MW`, `MY`, `MV`, `ML`, `MT`, `MH`, `MQ`, `MR`, `MU`, `YT`, `MX`, `FM`, `MD`, `MC`, `MN`, `MA`, `MZ`, `MM`, `NA`, `NP`, `NL`, `AN`, `AW`, `NZ`, `NI`, `NE`, `NG`, `NO`, `MP`, `OM`, `PK`, `PW`, `PA`, `PG`, `PY`, `PE`, `PH`, `PL`, `PT`, `PR`, `QA`, `RE`, `RO`, `RU`, `RW`, `BL`, `KN`, `LC`, `MF`, `PM`, `VC`, `SA`, `SN`, `RS`, `ME`, `SL`, `SG`, `SK`, `SI`, `SO`, `ZA`, `ES`, `LK`, `SR`, `SZ`, `SE`, `CH`, `TW`, `TZ`, `TH`, `TG`, `TT`, `TN`, `TR`, `TM`, `AE`, `TC`, `UG`, `UA`, `GB`, `US`, `PS`, `UY`, `UZ`, `VU`, `VE`, `VN`, `VI`, `WF`, `YE`, `ZM`, `ZW`, `JP`, `CA`. +* `radio_1` - Radio-1 config for Wi-Fi 2.4GHz The structure of `radio_1` block is documented below. +* `radio_2` - Radio-2 config for Wi-Fi 5GHz The structure of `radio_2` block is documented below. + +The `radio_1` block supports: + +* `mode` - Wi-Fi radio mode AP(LAN mode) / Client(WAN mode). Valid values: `AP`, `Client`. +* `band` - Wi-Fi band selection 2.4GHz / 5GHz. Valid values: `2.4GHz`. +* `status` - Enable/disable Wi-Fi radio. Valid values: `disable`, `enable`. +* `operating_standard` - Wi-Fi operating standard. Valid values: `auto`, `11A-N-AC-AX`, `11A-N-AC`, `11A-N`, `11A`, `11N-AC-AX`, `11AC-AX`, `11AC`, `11N-AC`, `11B-G-N-AX`, `11B-G-N`, `11B-G`, `11B`, `11G-N-AX`, `11N-AX`, `11AX`, `11G-N`, `11N`, `11G`. +* `guard_interval` - Wi-Fi guard interval. Valid values: `auto`, `400ns`, `800ns`. +* `channel` - Wi-Fi channels. Valid values: `CH1`, `CH2`, `CH3`, `CH4`, `CH5`, `CH6`, `CH7`, `CH8`, `CH9`, `CH10`, `CH11`. +* `bandwidth` - Wi-Fi channel bandwidth. Valid values: `auto`, `20MHz`, `40MHz`, `80MHz`. +* `power_level` - Wi-Fi power level in percent (0 - 100, 0 = auto, default = 100). +* `beacon_interval` - Wi-Fi beacon interval in miliseconds (100 - 3500, default = 100). +* `n80211d` - Enable/disable Wi-Fi 802.11d. Valid values: `disable`, `enable`. +* `max_clients` - Maximum number of Wi-Fi radio clients (0 - 512, 0 = unlimited, default = 0). +* `extension_channel` - Wi-Fi extension channel. Valid values: `auto`, `higher`, `lower`. +* `bss_color_mode` - Wi-Fi 802.11AX BSS color mode. Valid values: `auto`, `static`. +* `bss_color` - Wi-Fi 802.11AX BSS color value (0 - 63, 0 = disable, default = 0). +* `lan_ext_vap` - Wi-Fi LAN-Extention VAP. Select only one VAP. +* `local_vaps` - Wi-Fi local VAP. Select up to three VAPs. The structure of `local_vaps` block is documented below. + +The `local_vaps` block supports: + +* `name` - Wi-Fi local VAP name. + +The `radio_2` block supports: + +* `mode` - Wi-Fi radio mode AP(LAN mode) / Client(WAN mode). Valid values: `AP`, `Client`. +* `band` - Wi-Fi band selection 2.4GHz / 5GHz. Valid values: `5GHz`. +* `status` - Enable/disable Wi-Fi radio. Valid values: `disable`, `enable`. +* `operating_standard` - Wi-Fi operating standard. Valid values: `auto`, `11A-N-AC-AX`, `11A-N-AC`, `11A-N`, `11A`, `11N-AC-AX`, `11AC-AX`, `11AC`, `11N-AC`, `11B-G-N-AX`, `11B-G-N`, `11B-G`, `11B`, `11G-N-AX`, `11N-AX`, `11AX`, `11G-N`, `11N`, `11G`. +* `guard_interval` - Wi-Fi guard interval. Valid values: `auto`, `400ns`, `800ns`. +* `channel` - Wi-Fi channels. Valid values: `CH36`, `CH40`, `CH44`, `CH48`, `CH52`, `CH56`, `CH60`, `CH64`, `CH100`, `CH104`, `CH108`, `CH112`, `CH116`, `CH120`, `CH124`, `CH128`, `CH132`, `CH136`, `CH140`, `CH144`, `CH149`, `CH153`, `CH157`, `CH161`, `CH165`. +* `bandwidth` - Wi-Fi channel bandwidth. Valid values: `auto`, `20MHz`, `40MHz`, `80MHz`. +* `power_level` - Wi-Fi power level in percent (0 - 100, 0 = auto, default = 100). +* `beacon_interval` - Wi-Fi beacon interval in miliseconds (100 - 3500, default = 100). +* `n80211d` - Enable/disable Wi-Fi 802.11d. Valid values: `disable`, `enable`. +* `max_clients` - Maximum number of Wi-Fi radio clients (0 - 512, 0 = unlimited, default = 0). +* `extension_channel` - Wi-Fi extension channel. Valid values: `auto`, `higher`, `lower`. +* `bss_color_mode` - Wi-Fi 802.11AX BSS color mode. Valid values: `auto`, `static`. +* `bss_color` - Wi-Fi 802.11AX BSS color value (0 - 63, 0 = disable, default = 0). +* `lan_ext_vap` - Wi-Fi LAN-Extention VAP. Select only one VAP. +* `local_vaps` - Wi-Fi local VAP. Select up to three VAPs. The structure of `local_vaps` block is documented below. + +The `local_vaps` block supports: + +* `name` - Wi-Fi local VAP name. + ## Attribute Reference diff --git a/website/docs/r/fortios_extensioncontroller_extendervap.html.markdown b/website/docs/r/fortios_extensioncontroller_extendervap.html.markdown new file mode 100644 index 000000000..1f8c1a555 --- /dev/null +++ b/website/docs/r/fortios_extensioncontroller_extendervap.html.markdown @@ -0,0 +1,55 @@ +--- +subcategory: "FortiGate Extension-Controller" +layout: "fortios" +page_title: "FortiOS: fortios_extensioncontroller_extendervap" +description: |- + FortiExtender wifi vap configuration. +--- + +# fortios_extensioncontroller_extendervap +FortiExtender wifi vap configuration. Applies to FortiOS Version `>= 7.4.4`. + +## Argument Reference + +The following arguments are supported: + +* `name` - Wi-Fi VAP name. +* `type` - Wi-Fi VAP type local-vap / lan-extension-vap. Valid values: `local-vap`, `lan-ext-vap`. +* `ssid` - Wi-Fi SSID. +* `max_clients` - Wi-Fi max clients (0 - 512), default = 0 (no limit) +* `broadcast_ssid` - Wi-Fi broadcast SSID enable / disable. Valid values: `disable`, `enable`. +* `security` - Wi-Fi security. Valid values: `OPEN`, `WPA2-Personal`, `WPA-WPA2-Personal`, `WPA3-SAE`, `WPA3-SAE-Transition`, `WPA2-Enterprise`, `WPA3-Enterprise-only`, `WPA3-Enterprise-transition`, `WPA3-Enterprise-192-bit`. +* `dtim` - Wi-Fi DTIM (1 - 255) default = 1. +* `rts_threshold` - Wi-Fi RTS Threshold (256 - 2347), default = 2347 (RTS/CTS disabled). +* `pmf` - Wi-Fi pmf enable/disable, default = disable. Valid values: `disabled`, `optional`, `required`. +* `target_wake_time` - Wi-Fi 802.11AX target wake time enable / disable, default = enable. Valid values: `disable`, `enable`. +* `bss_color_partial` - Wi-Fi 802.11AX bss color partial enable / disable, default = enable. Valid values: `disable`, `enable`. +* `mu_mimo` - Wi-Fi multi-user MIMO enable / disable, default = enable. Valid values: `disable`, `enable`. +* `passphrase` - Wi-Fi passphrase. +* `sae_password` - Wi-Fi SAE Password. +* `auth_server_address` - Wi-Fi Authentication Server Address (IPv4 format). +* `auth_server_port` - Wi-Fi Authentication Server Port. +* `auth_server_secret` - Wi-Fi Authentication Server Secret. +* `ip_address` - Extender ip address. +* `start_ip` - Start ip address. +* `end_ip` - End ip address. +* `allowaccess` - Control management access to the managed extender. Separate entries with a space. Valid values: `ping`, `telnet`, `http`, `https`, `ssh`, `snmp`. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +ExtensionController ExtenderVap can be imported using any of these accepted formats: +``` +$ terraform import fortios_extensioncontroller_extendervap.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_extensioncontroller_extendervap.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_firewall_centralsnatmap.html.markdown b/website/docs/r/fortios_firewall_centralsnatmap.html.markdown index f4cced135..16dc49f52 100644 --- a/website/docs/r/fortios_firewall_centralsnatmap.html.markdown +++ b/website/docs/r/fortios_firewall_centralsnatmap.html.markdown @@ -54,6 +54,7 @@ The following arguments are supported: * `dstintf` - (Required) Destination interface name from available interfaces. The structure of `dstintf` block is documented below. * `nat_ippool` - Name of the IP pools to be used to translate addresses from available IP Pools. The structure of `nat_ippool` block is documented below. * `nat_ippool6` - IPv6 pools to be used for source NAT. The structure of `nat_ippool6` block is documented below. +* `port_preserve` - Enable/disable preservation of the original source port from source NAT if it has not been used. Valid values: `enable`, `disable`. * `protocol` - (Required) Integer value for the protocol type (0 - 255). * `orig_port` - (Required) Original TCP port (1 to 65535, 0 means any port). * `nat_port` - Translated port or port range (0 to 65535, 0 means any port). diff --git a/website/docs/r/fortios_firewall_internetserviceappend.html.markdown b/website/docs/r/fortios_firewall_internetserviceappend.html.markdown index 18bb3dedb..bc93a7b98 100644 --- a/website/docs/r/fortios_firewall_internetserviceappend.html.markdown +++ b/website/docs/r/fortios_firewall_internetserviceappend.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_firewall_internetserviceappend -Configure additional port mappings for Internet Services. Applies to FortiOS Version `6.2.4,6.2.6,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,6.4.15,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.0.13,7.0.14,7.0.15,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4,7.2.6,7.2.7,7.2.8,7.4.0,7.4.1,7.4.2,7.4.3`. +Configure additional port mappings for Internet Services. Applies to FortiOS Version `6.2.4,6.2.6,6.4.1,6.4.2,6.4.10,6.4.11,6.4.12,6.4.13,6.4.14,6.4.15,7.0.0,7.0.1,7.0.2,7.0.3,7.0.4,7.0.5,7.0.6,7.0.7,7.0.8,7.0.9,7.0.10,7.0.11,7.0.12,7.0.13,7.0.14,7.0.15,7.2.0,7.2.1,7.2.2,7.2.3,7.2.4,7.2.6,7.2.7,7.2.8,7.4.0,7.4.1,7.4.2,7.4.3,7.4.4`. ## Argument Reference diff --git a/website/docs/r/fortios_firewall_ippool.html.markdown b/website/docs/r/fortios_firewall_ippool.html.markdown index cc2cb4297..5714fe68e 100644 --- a/website/docs/r/fortios_firewall_ippool.html.markdown +++ b/website/docs/r/fortios_firewall_ippool.html.markdown @@ -43,6 +43,7 @@ The following arguments are supported: * `port_per_user` - Number of port for each user (32 - 60416, default = 0, which is auto). * `num_blocks_per_user` - Number of addresses blocks that can be used by a user (1 to 128, default = 8). * `pba_timeout` - Port block allocation timeout (seconds). +* `pba_interim_log` - Port block allocation interim logging interval (600 - 86400 seconds, default = 0 which disables interim logging). * `permit_any_host` - Enable/disable full cone NAT. Valid values: `disable`, `enable`. * `arp_reply` - Enable/disable replying to ARP requests when an IP Pool is added to a policy (default = enable). Valid values: `disable`, `enable`. * `arp_intf` - Select an interface from available options that will reply to ARP requests. (If blank, any is selected). diff --git a/website/docs/r/fortios_firewall_localinpolicy.html.markdown b/website/docs/r/fortios_firewall_localinpolicy.html.markdown index 50f9ffdf7..6a9c3dd6a 100644 --- a/website/docs/r/fortios_firewall_localinpolicy.html.markdown +++ b/website/docs/r/fortios_firewall_localinpolicy.html.markdown @@ -46,10 +46,16 @@ The following arguments are supported: * `srcaddr` - (Required) Source address object from available options. The structure of `srcaddr` block is documented below. * `srcaddr_negate` - When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`. * `dstaddr` - (Required) Destination address object from available options. The structure of `dstaddr` block is documented below. +* `internet_service_src` - Enable/disable use of Internet Services in source for this local-in policy. If enabled, source address is not used. Valid values: `enable`, `disable`. +* `internet_service_src_name` - Internet Service source name. The structure of `internet_service_src_name` block is documented below. +* `internet_service_src_group` - Internet Service source group name. The structure of `internet_service_src_group` block is documented below. +* `internet_service_src_custom` - Custom Internet Service source name. The structure of `internet_service_src_custom` block is documented below. +* `internet_service_src_custom_group` - Custom Internet Service source group name. The structure of `internet_service_src_custom_group` block is documented below. * `dstaddr_negate` - When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`. * `action` - Action performed on traffic matching the policy (default = deny). Valid values: `accept`, `deny`. * `service` - Service object from available options. The structure of `service` block is documented below. * `service_negate` - When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`. +* `internet_service_src_negate` - When enabled internet-service-src specifies what the service must NOT be. Valid values: `enable`, `disable`. * `schedule` - (Required) Schedule object from available options. * `status` - Enable/disable this local-in policy. Valid values: `enable`, `disable`. * `virtual_patch` - Enable/disable virtual patching. Valid values: `enable`, `disable`. @@ -70,6 +76,22 @@ The `dstaddr` block supports: * `name` - Address name. +The `internet_service_src_name` block supports: + +* `name` - Internet Service name. + +The `internet_service_src_group` block supports: + +* `name` - Internet Service group name. + +The `internet_service_src_custom` block supports: + +* `name` - Custom Internet Service name. + +The `internet_service_src_custom_group` block supports: + +* `name` - Custom Internet Service group name. + The `service` block supports: * `name` - Service name. diff --git a/website/docs/r/fortios_firewall_localinpolicy6.html.markdown b/website/docs/r/fortios_firewall_localinpolicy6.html.markdown index 9cbb5d491..9f5b36b57 100644 --- a/website/docs/r/fortios_firewall_localinpolicy6.html.markdown +++ b/website/docs/r/fortios_firewall_localinpolicy6.html.markdown @@ -44,10 +44,16 @@ The following arguments are supported: * `srcaddr` - (Required) Source address object from available options. The structure of `srcaddr` block is documented below. * `srcaddr_negate` - When enabled srcaddr specifies what the source address must NOT be. Valid values: `enable`, `disable`. * `dstaddr` - (Required) Destination address object from available options. The structure of `dstaddr` block is documented below. +* `internet_service6_src` - Enable/disable use of IPv6 Internet Services in source for this local-in policy.If enabled, source address is not used. Valid values: `enable`, `disable`. +* `internet_service6_src_name` - IPv6 Internet Service source name. The structure of `internet_service6_src_name` block is documented below. +* `internet_service6_src_group` - Internet Service6 source group name. The structure of `internet_service6_src_group` block is documented below. +* `internet_service6_src_custom` - Custom IPv6 Internet Service source name. The structure of `internet_service6_src_custom` block is documented below. +* `internet_service6_src_custom_group` - Custom Internet Service6 source group name. The structure of `internet_service6_src_custom_group` block is documented below. * `dstaddr_negate` - When enabled dstaddr specifies what the destination address must NOT be. Valid values: `enable`, `disable`. * `action` - Action performed on traffic matching the policy (default = deny). Valid values: `accept`, `deny`. * `service` - (Required) Service object from available options. Separate names with a space. The structure of `service` block is documented below. * `service_negate` - When enabled service specifies what the service must NOT be. Valid values: `enable`, `disable`. +* `internet_service6_src_negate` - When enabled internet-service6-src specifies what the service must NOT be. Valid values: `enable`, `disable`. * `schedule` - (Required) Schedule object from available options. * `status` - Enable/disable this local-in policy. Valid values: `enable`, `disable`. * `virtual_patch` - Enable/disable the virtual patching feature. Valid values: `enable`, `disable`. @@ -68,6 +74,22 @@ The `dstaddr` block supports: * `name` - Address name. +The `internet_service6_src_name` block supports: + +* `name` - Internet Service name. + +The `internet_service6_src_group` block supports: + +* `name` - Internet Service group name. + +The `internet_service6_src_custom` block supports: + +* `name` - Custom Internet Service name. + +The `internet_service6_src_custom_group` block supports: + +* `name` - Custom Internet Service6 group name. + The `service` block supports: * `name` - Service name. diff --git a/website/docs/r/fortios_firewall_ondemandsniffer.html.markdown b/website/docs/r/fortios_firewall_ondemandsniffer.html.markdown new file mode 100644 index 000000000..b598fb436 --- /dev/null +++ b/website/docs/r/fortios_firewall_ondemandsniffer.html.markdown @@ -0,0 +1,56 @@ +--- +subcategory: "FortiGate Firewall" +layout: "fortios" +page_title: "FortiOS: fortios_firewall_ondemandsniffer" +description: |- + Configure on-demand packet sniffer. +--- + +# fortios_firewall_ondemandsniffer +Configure on-demand packet sniffer. Applies to FortiOS Version `>= 7.4.4`. + +## Argument Reference + +The following arguments are supported: + +* `name` - On-demand packet sniffer name. +* `interface` - Interface name that on-demand packet sniffer will take place. +* `max_packet_count` - Maximum number of packets to capture per on-demand packet sniffer. +* `hosts` - IPv4 or IPv6 hosts to filter in this traffic sniffer. The structure of `hosts` block is documented below. +* `ports` - Ports to filter for in this traffic sniffer. The structure of `ports` block is documented below. +* `protocols` - Protocols to filter in this traffic sniffer. The structure of `protocols` block is documented below. +* `non_ip_packet` - Include non-IP packets. Valid values: `enable`, `disable`. +* `advanced_filter` - Advanced freeform filter that will be used over existing filter settings if set. Can only be used by super admin. +* `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. +* `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + +The `hosts` block supports: + +* `host` - IPv4 or IPv6 host. + +The `ports` block supports: + +* `port` - Port to filter in this traffic sniffer. + +The `protocols` block supports: + +* `protocol` - Integer value for the protocol type as defined by IANA (0 - 255). + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource with format {{name}}. + +## Import + +Firewall OnDemandSniffer can be imported using any of these accepted formats: +``` +$ terraform import fortios_firewall_ondemandsniffer.labelname {{name}} + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_firewall_ondemandsniffer.labelname {{name}} +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_firewall_policy.html.markdown b/website/docs/r/fortios_firewall_policy.html.markdown index 50270e230..ecd091e4f 100644 --- a/website/docs/r/fortios_firewall_policy.html.markdown +++ b/website/docs/r/fortios_firewall_policy.html.markdown @@ -216,6 +216,7 @@ The following arguments are supported: * `permit_any_host` - Accept UDP packets from any host. Valid values: `enable`, `disable`. * `permit_stun_host` - Accept UDP packets from any Session Traversal Utilities for NAT (STUN) host. Valid values: `enable`, `disable`. * `fixedport` - Enable to prevent source NAT from changing a session's source port. Valid values: `enable`, `disable`. +* `port_preserve` - Enable/disable preservation of the original source port from source NAT if it has not been used. Valid values: `enable`, `disable`. * `ippool` - Enable to use IP Pools for source NAT. Valid values: `enable`, `disable`. * `poolname` - IP Pool names. The structure of `poolname` block is documented below. * `poolname6` - IPv6 pool names. The structure of `poolname6` block is documented below. diff --git a/website/docs/r/fortios_firewall_sslsshprofile.html.markdown b/website/docs/r/fortios_firewall_sslsshprofile.html.markdown index aa2fbc77c..cfd77c61d 100644 --- a/website/docs/r/fortios_firewall_sslsshprofile.html.markdown +++ b/website/docs/r/fortios_firewall_sslsshprofile.html.markdown @@ -70,6 +70,7 @@ The following arguments are supported: * `whitelist` - Enable/disable exempting servers by FortiGuard whitelist. Valid values: `enable`, `disable`. * `block_blacklisted_certificates` - Enable/disable blocking SSL-based botnet communication by FortiGuard certificate blacklist. Valid values: `disable`, `enable`. * `ssl_exempt` - Servers to exempt from SSL inspection. The structure of `ssl_exempt` block is documented below. +* `ech_outer_sni` - ClientHelloOuter SNIs to be blocked. The structure of `ech_outer_sni` block is documented below. * `server_cert_mode` - Re-sign or replace the server's certificate. Valid values: `re-sign`, `replace`. * `use_ssl_server` - Enable/disable the use of SSL server table for SSL offloading. Valid values: `disable`, `enable`. * `caname` - CA certificate used by SSL Inspection. @@ -108,6 +109,7 @@ The `ssl` block supports: * `cert_validation_failure` - Action based on certificate validation failure. Valid values: `allow`, `block`, `ignore`. * `sni_server_cert_check` - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: `enable`, `strict`, `disable`. * `cert_probe_failure` - Action based on certificate probe failure. Valid values: `allow`, `block`. +* `encrypted_client_hello` - Block/allow session based on existence of encrypted-client-hello. Valid values: `allow`, `block`. * `min_allowed_ssl_version` - Minimum SSL version to be allowed. Valid values: `ssl-3.0`, `tls-1.0`, `tls-1.1`, `tls-1.2`, `tls-1.3`. The `https` block supports: @@ -130,6 +132,7 @@ The `https` block supports: * `cert_validation_failure` - Action based on certificate validation failure. Valid values: `allow`, `block`, `ignore`. * `sni_server_cert_check` - Check the SNI in the client hello message with the CN or SAN fields in the returned server certificate. Valid values: `enable`, `strict`, `disable`. * `cert_probe_failure` - Action based on certificate probe failure. Valid values: `allow`, `block`. +* `encrypted_client_hello` - Block/allow session based on existence of encrypted-client-hello. Valid values: `allow`, `block`. * `min_allowed_ssl_version` - Minimum SSL version to be allowed. Valid values: `ssl-3.0`, `tls-1.0`, `tls-1.1`, `tls-1.2`, `tls-1.3`. The `ftps` block supports: @@ -245,6 +248,11 @@ The `ssl_exempt` block supports: * `wildcard_fqdn` - Exempt servers by wildcard FQDN. * `regex` - Exempt servers by regular expression. +The `ech_outer_sni` block supports: + +* `name` - ClientHelloOuter SNI name. +* `sni` - ClientHelloOuter SNI to be blocked. + The `ssl_server` block supports: * `id` - SSL server ID. diff --git a/website/docs/r/fortios_firewall_vip.html.markdown b/website/docs/r/fortios_firewall_vip.html.markdown index aaa990a85..bfb73ed46 100644 --- a/website/docs/r/fortios_firewall_vip.html.markdown +++ b/website/docs/r/fortios_firewall_vip.html.markdown @@ -85,6 +85,7 @@ The following arguments are supported: * `dns_mapping_ttl` - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0). * `ldb_method` - Method used to distribute sessions to real servers. Valid values: `static`, `round-robin`, `weighted`, `least-session`, `least-rtt`, `first-alive`, `http-host`. * `src_filter` - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces. The structure of `src_filter` block is documented below. +* `src_vip_filter` - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: `disable`, `enable`. * `service` - Service name. The structure of `service` block is documented below. * `extip` - IP address or address range on the external interface that you want to map to an address or address range on the destination network. * `extaddr` - External FQDN address name. The structure of `extaddr` block is documented below. diff --git a/website/docs/r/fortios_firewall_vip6.html.markdown b/website/docs/r/fortios_firewall_vip6.html.markdown index 075b607c2..adf4fcb7a 100644 --- a/website/docs/r/fortios_firewall_vip6.html.markdown +++ b/website/docs/r/fortios_firewall_vip6.html.markdown @@ -76,6 +76,7 @@ The following arguments are supported: * `comment` - Comment. * `type` - Configure a static NAT or server load balance VIP. * `src_filter` - Source IP6 filter (x:x:x:x:x:x:x:x/x). Separate addresses with spaces. The structure of `src_filter` block is documented below. +* `src_vip_filter` - Enable/disable use of 'src-filter' to match destinations for the reverse SNAT rule. Valid values: `disable`, `enable`. * `extip` - (Required) IP address or address range on the external interface that you want to map to an address or address range on the destination network. * `mappedip` - (Required) Mapped IP address range in the format startIP-endIP. * `nat_source_vip` - Enable to perform SNAT on traffic from mappedip to the extip for all egress interfaces. Valid values: `disable`, `enable`. diff --git a/website/docs/r/fortios_router_bgp.html.markdown b/website/docs/r/fortios_router_bgp.html.markdown index 6a0aee760..cd6ea783a 100644 --- a/website/docs/r/fortios_router_bgp.html.markdown +++ b/website/docs/r/fortios_router_bgp.html.markdown @@ -477,6 +477,7 @@ The `neighbor_group` block supports: * `prefix_list_out_vpnv4` - Outbound filter for VPNv4 updates to this neighbor. * `prefix_list_out_vpnv6` - Outbound filter for VPNv6 updates to this neighbor. * `remote_as` - AS number of neighbor. +* `remote_as_filter` - BGP filter for remote AS. * `local_as` - Local AS number of neighbor. * `local_as_no_prepend` - Do not prepend local-as to incoming updates. Valid values: `enable`, `disable`. * `local_as_replace_as` - Replace real AS with local-as in outgoing updates. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_rule_fmwp.html.markdown b/website/docs/r/fortios_rule_fmwp.html.markdown index 33abfae26..c61053b9f 100644 --- a/website/docs/r/fortios_rule_fmwp.html.markdown +++ b/website/docs/r/fortios_rule_fmwp.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_rule_fmwp -Show FMWP signatures. Applies to FortiOS Version `7.2.8,7.4.2,7.4.3`. +Show FMWP signatures. Applies to FortiOS Version `7.2.8,7.4.2,7.4.3,7.4.4`. ## Argument Reference diff --git a/website/docs/r/fortios_switchcontroller_dynamicportpolicy.html.markdown b/website/docs/r/fortios_switchcontroller_dynamicportpolicy.html.markdown index f561d7615..e7a91dc1b 100644 --- a/website/docs/r/fortios_switchcontroller_dynamicportpolicy.html.markdown +++ b/website/docs/r/fortios_switchcontroller_dynamicportpolicy.html.markdown @@ -27,6 +27,8 @@ The `policy` block supports: * `description` - Description for the policy. * `status` - Enable/disable policy. Valid values: `enable`, `disable`. * `category` - Category of Dynamic port policy. Valid values: `device`, `interface-tag`. +* `match_type` - Match and retain the devices based on the type. Valid values: `dynamic`, `override`. +* `match_period` - Number of days the matched devices will be retained (0 - 120, 0 = always retain). * `interface_tags` - Policy matching the FortiSwitch interface object tags. The structure of `interface_tags` block is documented below. * `mac` - Policy matching MAC address. * `hw_vendor` - Match policy based on hardware vendor. diff --git a/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown b/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown index ab85af8de..02fafd84f 100644 --- a/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown +++ b/website/docs/r/fortios_switchcontroller_managedswitch.html.markdown @@ -193,6 +193,7 @@ The `ports` block supports: * `lldp_profile` - LLDP port TLV profile. * `export_to` - Export managed-switch port to a tenant VDOM. * `mac_addr` - Port/Trunk MAC. +* `allow_arp_monitor` - Enable/Disable allow ARP monitor. Valid values: `disable`, `enable`. * `port_selection_criteria` - Algorithm for aggregate port selection. Valid values: `src-mac`, `dst-mac`, `src-dst-mac`, `src-ip`, `dst-ip`, `src-dst-ip`. * `description` - Description for port. * `lacp_speed` - end Link Aggregation Control Protocol (LACP) messages every 30 seconds (slow) or every second (fast). Valid values: `slow`, `fast`. @@ -203,6 +204,7 @@ The `ports` block supports: * `min_bundle` - Minimum size of LAG bundle (1 - 24, default = 1) * `max_bundle` - Maximum size of LAG bundle (1 - 24, default = 24) * `members` - Aggregated LAG bundle interfaces. The structure of `members` block is documented below. +* `fallback_port` - LACP fallback port. The `allowed_vlans` block supports: diff --git a/website/docs/r/fortios_switchcontroller_system.html.markdown b/website/docs/r/fortios_switchcontroller_system.html.markdown index 02d4a79ba..826a58874 100644 --- a/website/docs/r/fortios_switchcontroller_system.html.markdown +++ b/website/docs/r/fortios_switchcontroller_system.html.markdown @@ -14,14 +14,14 @@ Configure system-wide switch controller settings. The following arguments are supported: * `parallel_process_override` - Enable/disable parallel process override. Valid values: `disable`, `enable`. -* `parallel_process` - Maximum number of parallel processes. +* `parallel_process` - Maximum number of parallel processes (1 - 300, default = 1). * `data_sync_interval` - Time interval between collection of switch data (30 - 1800 sec, default = 60, 0 = disable). * `iot_weight_threshold` - MAC entry's confidence value. Value is re-queried when below this value (default = 1, 0 = disable). -* `iot_scan_interval` - IoT scan interval (default = 60 mins, 0 = disable). On FortiOS versions 6.4.0-6.4.1: 2 - 4294967295 mins. On FortiOS versions >= 6.4.2: 2 - 10080 mins. -* `iot_holdoff` - MAC entry's creation time. Time must be greater than this value for an entry to be created (0 - 10080 mins, default = 5 mins). -* `iot_mac_idle` - MAC entry's idle time. MAC entry is removed after this value (0 - 10080 mins, default = 1440 mins). -* `nac_periodic_interval` - Periodic time interval to run NAC engine (5 - 60 sec, default = 15). -* `dynamic_periodic_interval` - Periodic time interval to run Dynamic port policy engine (5 - 60 sec, default = 15). +* `iot_scan_interval` - IoT scan interval (2 - 4294967295 mins, default = 60 mins, 0 = disable). +* `iot_holdoff` - MAC entry's creation time. Time must be greater than this value for an entry to be created (default = 5 mins). +* `iot_mac_idle` - MAC entry's idle time. MAC entry is removed after this value (default = 1440 mins). +* `nac_periodic_interval` - Periodic time interval to run NAC engine. On FortiOS versions 7.0.0-7.4.3: 5 - 60 sec, default = 15. On FortiOS versions >= 7.4.4: 5 - 180 sec, default = 60. +* `dynamic_periodic_interval` - Periodic time interval to run Dynamic port policy engine. On FortiOS versions 7.0.1-7.4.3: 5 - 60 sec, default = 15. On FortiOS versions >= 7.4.4: 5 - 180 sec, default = 60. * `tunnel_mode` - Compatible/strict tunnel mode. * `caputp_echo_interval` - Echo interval for the caputp echo requests from swtp. * `caputp_max_retransmit` - Maximum retransmission count for the caputp tunnel packets. diff --git a/website/docs/r/fortios_switchcontrollersecuritypolicy_8021X.html.markdown b/website/docs/r/fortios_switchcontrollersecuritypolicy_8021X.html.markdown index 972d275b4..57cdd56bd 100644 --- a/website/docs/r/fortios_switchcontrollersecuritypolicy_8021X.html.markdown +++ b/website/docs/r/fortios_switchcontrollersecuritypolicy_8021X.html.markdown @@ -56,6 +56,9 @@ The following arguments are supported: * `authserver_timeout_period` - Authentication server timeout period (3 - 15 sec, default = 3). * `authserver_timeout_vlan` - Enable/disable the authentication server timeout VLAN to allow limited access when RADIUS is unavailable. Valid values: `disable`, `enable`. * `authserver_timeout_vlanid` - Authentication server timeout VLAN name. +* `authserver_timeout_tagged` - Configure timeout option for the tagged VLAN which allows limited access when the authentication server is unavailable. Valid values: `disable`, `lldp-voice`, `static`. +* `authserver_timeout_tagged_vlanid` - Tagged VLAN name for which the timeout option is applied to (only one VLAN ID). +* `dacl` - Enable/disable dynamic access control list on this interface. Valid values: `disable`, `enable`. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_accprofile.html.markdown b/website/docs/r/fortios_system_accprofile.html.markdown index 914818ecc..243bd4976 100644 --- a/website/docs/r/fortios_system_accprofile.html.markdown +++ b/website/docs/r/fortios_system_accprofile.html.markdown @@ -141,6 +141,7 @@ The `utmgrp_permission` block supports: * `ips` - IPS profiles and settings. Valid values: `none`, `read`, `read-write`. * `webfilter` - Web Filter profiles and settings. Valid values: `none`, `read`, `read-write`. * `emailfilter` - AntiSpam filter and settings. Valid values: `none`, `read`, `read-write`. +* `dlp` - DLP profiles and settings. Valid values: `none`, `read`, `read-write`. * `data_leak_prevention` - DLP profiles and settings. Valid values: `none`, `read`, `read-write`. * `spamfilter` - AntiSpam filter and settings. Valid values: `none`, `read`, `read-write`. * `data_loss_prevention` - DLP profiles and settings. Valid values: `none`, `read`, `read-write`. diff --git a/website/docs/r/fortios_system_ftmpush.html.markdown b/website/docs/r/fortios_system_ftmpush.html.markdown index cd7637bb2..58f3a0639 100644 --- a/website/docs/r/fortios_system_ftmpush.html.markdown +++ b/website/docs/r/fortios_system_ftmpush.html.markdown @@ -25,7 +25,7 @@ The following arguments are supported: * `proxy` - Enable/disable communication to the proxy server in FortiGuard configuration. Valid values: `enable`, `disable`. * `server_port` - Port to communicate with FortiToken Mobile push services server (1 - 65535, default = 4433). -* `server_cert` - Name of the server certificate to be used for SSL (default = Fortinet_Factory). +* `server_cert` - Name of the server certificate to be used for SSL. On FortiOS versions 6.4.0-7.4.3: default = Fortinet_Factory. * `server_ip` - IPv4 address of FortiToken Mobile push services server (format: xxx.xxx.xxx.xxx). * `server` - IPv4 address or domain name of FortiToken Mobile push services server. * `status` - Enable/disable the use of FortiToken Mobile push services. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_system_global.html.markdown b/website/docs/r/fortios_system_global.html.markdown index 1eaf659fb..24a484143 100644 --- a/website/docs/r/fortios_system_global.html.markdown +++ b/website/docs/r/fortios_system_global.html.markdown @@ -181,6 +181,7 @@ The following arguments are supported: * `user_server_cert` - Certificate to use for https user authentication. * `admin_https_pki_required` - Enable/disable admin login method. Enable to force administrators to provide a valid certificate to log in if PKI is enabled. Disable to allow administrators to log in with a certificate or password. Valid values: `enable`, `disable`. * `wifi_certificate` - Certificate to use for WiFi authentication. +* `dhcp_lease_backup_interval` - DHCP leases backup interval in seconds (10 - 3600, default = 60). * `wifi_ca_certificate` - CA certificate that verifies the WiFi certificate. * `auth_http_port` - User authentication HTTP port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 80. On FortiOS versions >= 6.4.0: default = 1000. * `auth_https_port` - User authentication HTTPS port. (1 - 65535). On FortiOS versions 6.2.0-6.2.6: default = 443. On FortiOS versions >= 6.4.0: default = 1003. diff --git a/website/docs/r/fortios_system_interface.html.markdown b/website/docs/r/fortios_system_interface.html.markdown index 7a42271bb..4df0d8c6c 100644 --- a/website/docs/r/fortios_system_interface.html.markdown +++ b/website/docs/r/fortios_system_interface.html.markdown @@ -54,6 +54,7 @@ The following arguments are supported: * `dhcp_relay_circuit_id` - DHCP relay circuit ID. * `dhcp_relay_link_selection` - DHCP relay link selection. * `dhcp_relay_request_all_server` - Enable/disable sending DHCP request to all servers. Valid values: `disable`, `enable`. +* `dhcp_relay_allow_no_end_option` - Enable/disable relaying DHCP messages with no end option. Valid values: `disable`, `enable`. * `dhcp_relay_type` - DHCP relay type (regular or IPsec). Valid values: `regular`, `ipsec`. * `dhcp_smart_relay` - Enable/disable DHCP smart relay. Valid values: `disable`, `enable`. * `dhcp_relay_agent_option` - Enable/disable DHCP relay agent option. Valid values: `enable`, `disable`. @@ -241,7 +242,7 @@ The following arguments are supported: * `switch_controller_dhcp_snooping_verify_mac` - Switch controller DHCP snooping verify MAC. Valid values: `enable`, `disable`. * `switch_controller_dhcp_snooping_option82` - Switch controller DHCP snooping option82. Valid values: `enable`, `disable`. * `dhcp_snooping_server_list` - Configure DHCP server access list. The structure of `dhcp_snooping_server_list` block is documented below. -* `switch_controller_arp_inspection` - Enable/disable FortiSwitch ARP inspection. Valid values: `enable`, `disable`. +* `switch_controller_arp_inspection` - Enable/disable FortiSwitch ARP inspection. * `switch_controller_learning_limit` - Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). * `switch_controller_nac` - Integrated NAC settings for managed FortiSwitch. * `switch_controller_dynamic` - Integrated FortiLink settings for managed FortiSwitch. diff --git a/website/docs/r/fortios_system_ipam.html.markdown b/website/docs/r/fortios_system_ipam.html.markdown index fe84e737a..9ab91c15f 100644 --- a/website/docs/r/fortios_system_ipam.html.markdown +++ b/website/docs/r/fortios_system_ipam.html.markdown @@ -32,6 +32,12 @@ The `pools` block supports: * `name` - IPAM pool name. * `description` - Description. * `subnet` - Configure IPAM pool subnet, Class A - Class B subnet. +* `exclude` - Configure pool exclude subnets. The structure of `exclude` block is documented below. + +The `exclude` block supports: + +* `id` - Exclude ID. +* `exclude_subnet` - Configure subnet to exclude from the IPAM pool. The `rules` block supports: diff --git a/website/docs/r/fortios_system_ntp.html.markdown b/website/docs/r/fortios_system_ntp.html.markdown index 588e01446..77f030cc5 100644 --- a/website/docs/r/fortios_system_ntp.html.markdown +++ b/website/docs/r/fortios_system_ntp.html.markdown @@ -34,7 +34,7 @@ The following arguments are supported: * `source_ip6` - Source IPv6 address for communication to the NTP server. * `server_mode` - Enable/disable FortiGate NTP Server Mode. Your FortiGate becomes an NTP server for other devices on your network. The FortiGate relays NTP requests to its configured NTP server. Valid values: `enable`, `disable`. * `authentication` - Enable/disable authentication. Valid values: `enable`, `disable`. -* `key_type` - Key type for authentication (MD5, SHA1). Valid values: `MD5`, `SHA1`. +* `key_type` - Key type for authentication. On FortiOS versions 6.2.4-7.4.3: MD5, SHA1. On FortiOS versions >= 7.4.4: MD5, SHA1, SHA256. * `key` - Key for authentication. * `key_id` - Key ID for authentication. * `interface` - FortiGate interface(s) with NTP server mode enabled. Devices on your network can contact these interfaces for NTP services. The structure of `interface` block is documented below. @@ -47,8 +47,9 @@ The `ntpserver` block supports: * `id` - NTP server ID. * `server` - IP address or hostname of the NTP Server. * `ntpv3` - Enable to use NTPv3 instead of NTPv4. Valid values: `enable`, `disable`. -* `authentication` - Enable/disable MD5(NTPv3)/SHA1(NTPv4) authentication. Valid values: `enable`, `disable`. -* `key` - Key for MD5(NTPv3)/SHA1(NTPv4) authentication. +* `authentication` - Enable/disable MD5/SHA1 authentication. Valid values: `enable`, `disable`. +* `key_type` - Select NTP authentication type. Valid values: `MD5`, `SHA1`, `SHA256`. +* `key` - Key for authentication. On FortiOS versions 6.2.0: MD5(NTPv3)/SHA1(NTPv4). On FortiOS versions >= 7.4.4: MD5(NTPv3)/SHA1(NTPv4)/SHA256(NTPv4). * `key_id` - Key ID for authentication. * `ip_type` - Choose to connect to IPv4 or/and IPv6 NTP server. Valid values: `IPv6`, `IPv4`, `Both`. * `interface_select_method` - Specify how to select outgoing interface to reach server. Valid values: `auto`, `sdwan`, `specify`. diff --git a/website/docs/r/fortios_system_settings.html.markdown b/website/docs/r/fortios_system_settings.html.markdown index ae59366d4..5a22ae1f8 100644 --- a/website/docs/r/fortios_system_settings.html.markdown +++ b/website/docs/r/fortios_system_settings.html.markdown @@ -179,6 +179,7 @@ The following arguments are supported: * `default_policy_expiry_days` - Default policy expiry in days (0 - 365 days, default = 30). * `gui_enforce_change_summary` - Enforce change summaries for select tables in the GUI. Valid values: `disable`, `require`, `optional`. * `internet_service_database_cache` - Enable/disable Internet Service database caching. Valid values: `disable`, `enable`. +* `internet_service_app_ctrl_size` - Maximum number of tuple entries (protocol, port, IP address, application ID) stored by the FortiGate unit (0 - 4294967295, default = 32768). A smaller value limits the FortiGate unit from learning about internet applications. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_system_speedtestsetting.html.markdown b/website/docs/r/fortios_system_speedtestsetting.html.markdown index 5f63b7553..2facf9e99 100644 --- a/website/docs/r/fortios_system_speedtestsetting.html.markdown +++ b/website/docs/r/fortios_system_speedtestsetting.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_system_speedtestsetting -Configure speed test setting. Applies to FortiOS Version `7.2.6,7.2.7,7.2.8,7.4.1,7.4.2,7.4.3`. +Configure speed test setting. Applies to FortiOS Version `7.2.6,7.2.7,7.2.8,7.4.1,7.4.2,7.4.3,7.4.4`. ## Argument Reference diff --git a/website/docs/r/fortios_system_sshconfig.html.markdown b/website/docs/r/fortios_system_sshconfig.html.markdown new file mode 100644 index 000000000..e79bcb1cd --- /dev/null +++ b/website/docs/r/fortios_system_sshconfig.html.markdown @@ -0,0 +1,41 @@ +--- +subcategory: "FortiGate System" +layout: "fortios" +page_title: "FortiOS: fortios_system_sshconfig" +description: |- + Configure SSH config. +--- + +# fortios_system_sshconfig +Configure SSH config. Applies to FortiOS Version `>= 7.4.4`. + +## Argument Reference + +The following arguments are supported: + +* `ssh_kex_algo` - Select one or more SSH kex algorithms. Valid values: `diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1`, `diffie-hellman-group14-sha256`, `diffie-hellman-group16-sha512`, `diffie-hellman-group18-sha512`, `diffie-hellman-group-exchange-sha1`, `diffie-hellman-group-exchange-sha256`, `curve25519-sha256@libssh.org`, `ecdh-sha2-nistp256`, `ecdh-sha2-nistp384`, `ecdh-sha2-nistp521`. +* `ssh_enc_algo` - Select one or more SSH ciphers. Valid values: `chacha20-poly1305@openssh.com`, `aes128-ctr`, `aes192-ctr`, `aes256-ctr`, `arcfour256`, `arcfour128`, `aes128-cbc`, `3des-cbc`, `blowfish-cbc`, `cast128-cbc`, `aes192-cbc`, `aes256-cbc`, `arcfour`, `rijndael-cbc@lysator.liu.se`, `aes128-gcm@openssh.com`, `aes256-gcm@openssh.com`. +* `ssh_mac_algo` - Select one or more SSH MAC algorithms. Valid values: `hmac-md5`, `hmac-md5-etm@openssh.com`, `hmac-md5-96`, `hmac-md5-96-etm@openssh.com`, `hmac-sha1`, `hmac-sha1-etm@openssh.com`, `hmac-sha2-256`, `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512`, `hmac-sha2-512-etm@openssh.com`, `hmac-ripemd160`, `hmac-ripemd160@openssh.com`, `hmac-ripemd160-etm@openssh.com`, `umac-64@openssh.com`, `umac-128@openssh.com`, `umac-64-etm@openssh.com`, `umac-128-etm@openssh.com`. +* `ssh_hsk_algo` - Select one or more SSH hostkey algorithms. Valid values: `ssh-rsa`, `ecdsa-sha2-nistp521`, `ecdsa-sha2-nistp384`, `ecdsa-sha2-nistp256`, `rsa-sha2-256`, `rsa-sha2-512`, `ssh-ed25519`. +* `ssh_hsk_override` - Enable/disable SSH host key override in SSH daemon. Valid values: `disable`, `enable`. +* `ssh_hsk_password` - Password for ssh-hostkey. +* `ssh_hsk` - Config SSH host key. +* `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. + + +## Attribute Reference + +In addition to all the above arguments, the following attributes are exported: +* `id` - an identifier for the resource. + +## Import + +System SshConfig can be imported using any of these accepted formats: +``` +$ terraform import fortios_system_sshconfig.labelname SystemSshConfig + +If you do not want to import arguments of block: +$ export "FORTIOS_IMPORT_TABLE"="false" +$ terraform import fortios_system_sshconfig.labelname SystemSshConfig +$ unset "FORTIOS_IMPORT_TABLE" +``` diff --git a/website/docs/r/fortios_user_externalidentityprovider.html.markdown b/website/docs/r/fortios_user_externalidentityprovider.html.markdown index e936e1b74..7361de597 100644 --- a/website/docs/r/fortios_user_externalidentityprovider.html.markdown +++ b/website/docs/r/fortios_user_externalidentityprovider.html.markdown @@ -7,7 +7,7 @@ description: |- --- # fortios_user_externalidentityprovider -Configure external identity provider. Applies to FortiOS Version `7.2.8,7.4.2,7.4.3`. +Configure external identity provider. Applies to FortiOS Version `7.2.8,7.4.2,7.4.3,7.4.4`. ## Argument Reference diff --git a/website/docs/r/fortios_user_ldap.html.markdown b/website/docs/r/fortios_user_ldap.html.markdown index 5f92329ce..75fe051bf 100644 --- a/website/docs/r/fortios_user_ldap.html.markdown +++ b/website/docs/r/fortios_user_ldap.html.markdown @@ -41,6 +41,7 @@ The following arguments are supported: * `server` - (Required) LDAP server CN domain name or IP. * `secondary_server` - Secondary LDAP server CN domain name or IP. * `tertiary_server` - Tertiary LDAP server CN domain name or IP. +* `status_ttl` - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300). * `server_identity_check` - Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). Valid values: `enable`, `disable`. * `source_ip` - Source IP for communications to LDAP server. * `source_port` - Source port to be used for communication with the LDAP server. @@ -65,7 +66,7 @@ The following arguments are supported: * `password_renewal` - Enable/disable online password renewal. Valid values: `enable`, `disable`. * `member_attr` - Name of attribute from which to get group membership. * `account_key_processing` - Account key processing operation, either keep or strip domain string of UPN in the token. Valid values: `same`, `strip`. -* `account_key_cert_field` - Define subject identity field in certificate for user access right checking. Valid values: `othername`, `rfc822name`, `dnsname`. +* `account_key_cert_field` - Define subject identity field in certificate for user access right checking. * `account_key_upn_san` - Define SAN in certificate for user principle name matching. Valid values: `othername`, `rfc822name`, `dnsname`. * `account_key_filter` - Account key filter, using the UPN as the search filter. * `search_type` - Search type. Valid values: `recursive`. diff --git a/website/docs/r/fortios_user_nacpolicy.html.markdown b/website/docs/r/fortios_user_nacpolicy.html.markdown index 3ca2a40ca..708092d30 100644 --- a/website/docs/r/fortios_user_nacpolicy.html.markdown +++ b/website/docs/r/fortios_user_nacpolicy.html.markdown @@ -17,6 +17,8 @@ The following arguments are supported: * `description` - Description for the NAC policy matching pattern. * `category` - Category of NAC policy. * `status` - Enable/disable NAC policy. Valid values: `enable`, `disable`. +* `match_type` - Match and retain the devices based on the type. Valid values: `dynamic`, `override`. +* `match_period` - Number of days the matched devices will be retained (0 - always retain) * `mac` - NAC policy matching MAC address. * `hw_vendor` - NAC policy matching hardware vendor. * `type` - NAC policy matching type. @@ -29,6 +31,7 @@ The following arguments are supported: * `src` - NAC policy matching source. * `user_group` - NAC policy matching user group. * `ems_tag` - NAC policy matching EMS tag. +* `fortivoice_tag` - NAC policy matching FortiVoice tag. * `severity` - NAC policy matching devices vulnerability severity lists. The structure of `severity` block is documented below. * `switch_fortilink` - FortiLink interface for which this NAC policy belongs to. * `switch_group` - List of managed FortiSwitch groups on which NAC policy can be applied. The structure of `switch_group` block is documented below. diff --git a/website/docs/r/fortios_user_radius.html.markdown b/website/docs/r/fortios_user_radius.html.markdown index 92bf522c8..c9dd57379 100644 --- a/website/docs/r/fortios_user_radius.html.markdown +++ b/website/docs/r/fortios_user_radius.html.markdown @@ -88,7 +88,7 @@ The following arguments are supported: * `client_cert` - Client certificate to use under TLS. * `server_identity_check` - Enable/disable RADIUS server identity check (verify server domain name/IP address against the server certificate). Valid values: `enable`, `disable`. * `account_key_processing` - Account key processing operation. The FortiGate will keep either the whole domain or strip the domain from the subject identity. Valid values: `same`, `strip`. -* `account_key_cert_field` - Define subject identity field in certificate for user access right checking. Valid values: `othername`, `rfc822name`, `dnsname`. +* `account_key_cert_field` - Define subject identity field in certificate for user access right checking. * `rsso` - Enable/disable RADIUS based single sign on feature. Valid values: `enable`, `disable`. * `rsso_radius_server_port` - UDP port to listen on for RADIUS Start and Stop records. * `rsso_radius_response` - Enable/disable sending RADIUS response packets after receiving Start and Stop records. Valid values: `enable`, `disable`. diff --git a/website/docs/r/fortios_user_tacacs.html.markdown b/website/docs/r/fortios_user_tacacs.html.markdown index a9c0a24cf..68c3a3f56 100644 --- a/website/docs/r/fortios_user_tacacs.html.markdown +++ b/website/docs/r/fortios_user_tacacs.html.markdown @@ -33,6 +33,7 @@ The following arguments are supported: * `key` - Key to access the primary server. * `secondary_key` - Key to access the secondary server. * `tertiary_key` - Key to access the tertiary server. +* `status_ttl` - Time for which server reachability is cached so that when a server is unreachable, it will not be retried for at least this period of time (0 = cache disabled, default = 300). * `authen_type` - Allowed authentication protocols/methods. Valid values: `mschap`, `chap`, `pap`, `ascii`, `auto`. * `authorization` - Enable/disable TACACS+ authorization. Valid values: `enable`, `disable`. * `source_ip` - source IP for communications to TACACS+ server. diff --git a/website/docs/r/fortios_vpncertificate_ca.html.markdown b/website/docs/r/fortios_vpncertificate_ca.html.markdown index 6d01a5f30..fdbbeeac0 100644 --- a/website/docs/r/fortios_vpncertificate_ca.html.markdown +++ b/website/docs/r/fortios_vpncertificate_ca.html.markdown @@ -26,6 +26,7 @@ The following arguments are supported: * `source_ip` - Source IP address for communications to the SCEP server. * `ca_identifier` - CA identifier of the SCEP server. * `obsolete` - Enable/disable this CA as obsoleted. Valid values: `disable`, `enable`. +* `fabric_ca` - Enable/disable synchronization of CA across Security Fabric. Valid values: `disable`, `enable`. * `last_updated` - Time at which CA was last updated. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_vpnipsec_phase1.html.markdown b/website/docs/r/fortios_vpnipsec_phase1.html.markdown index ae352d360..3a92aaeda 100644 --- a/website/docs/r/fortios_vpnipsec_phase1.html.markdown +++ b/website/docs/r/fortios_vpnipsec_phase1.html.markdown @@ -198,6 +198,8 @@ The following arguments are supported: * `fragmentation_mtu` - IKE fragmentation MTU (500 - 16000). * `childless_ike` - Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: `enable`, `disable`. * `azure_ad_autoconnect` - Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: `enable`, `disable`. +* `client_resume` - Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: `enable`, `disable`. +* `client_resume_interval` - Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800). * `rekey` - Enable/disable phase1 rekey. Valid values: `enable`, `disable`. * `digital_signature_auth` - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: `enable`, `disable`. * `signature_hash_alg` - Digital Signature Authentication hash algorithms. Valid values: `sha1`, `sha2-256`, `sha2-384`, `sha2-512`. @@ -230,6 +232,18 @@ The following arguments are supported: * `transport` - Set IKE transport protocol. Valid values: `udp`, `udp-fallback-tcp`, `tcp`. * `fortinet_esp` - Enable/disable Fortinet ESP encapsulaton. Valid values: `enable`, `disable`. * `fallback_tcp_threshold` - Timeout in seconds before falling back IKE/IPsec traffic to tcp. +* `remote_gw_match` - Set type of IPv4 remote gateway address matching. Valid values: `any`, `ipmask`, `iprange`, `geography`. +* `remote_gw_subnet` - IPv4 address and subnet mask. +* `remote_gw_start_ip` - First IPv4 address in the range. +* `remote_gw_end_ip` - Last IPv4 address in the range. +* `remote_gw_country` - IPv4 addresses associated to a specific country. +* `remote_gw6_match` - Set type of IPv6 remote gateway address matching. Valid values: `any`, `ipprefix`, `iprange`, `geography`. +* `remote_gw6_subnet` - IPv6 address and prefix. +* `remote_gw6_start_ip` - First IPv6 address in the range. +* `remote_gw6_end_ip` - Last IPv6 address in the range. +* `remote_gw6_country` - IPv6 addresses associated to a specific country. +* `cert_peer_username_validation` - Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: `none`, `othername`, `rfc822name`, `cn`. +* `cert_peer_username_strip` - Enable/disable domain stripping on certificate identity. Valid values: `disable`, `enable`. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown b/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown index c7c8ab9d7..d2bd2fbcc 100644 --- a/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown +++ b/website/docs/r/fortios_vpnipsec_phase1interface.html.markdown @@ -258,6 +258,8 @@ The following arguments are supported: * `fragmentation_mtu` - IKE fragmentation MTU (500 - 16000). * `childless_ike` - Enable/disable childless IKEv2 initiation (RFC 6023). Valid values: `enable`, `disable`. * `azure_ad_autoconnect` - Enable/disable Azure AD Auto-Connect for FortiClient. Valid values: `enable`, `disable`. +* `client_resume` - Enable/disable resumption of offline FortiClient sessions. When a FortiClient enabled laptop is closed or enters sleep/hibernate mode, enabling this feature allows FortiClient to keep the tunnel during this period, and allows users to immediately resume using the IPsec tunnel when the device wakes up. Valid values: `enable`, `disable`. +* `client_resume_interval` - Maximum time in seconds during which a VPN client may resume using a tunnel after a client PC has entered sleep mode or temporarily lost its network connection (120 - 172800, default = 1800). * `rekey` - Enable/disable phase1 rekey. Valid values: `enable`, `disable`. * `digital_signature_auth` - Enable/disable IKEv2 Digital Signature Authentication (RFC 7427). Valid values: `enable`, `disable`. * `signature_hash_alg` - Digital Signature Authentication hash algorithms. Valid values: `sha1`, `sha2-256`, `sha2-384`, `sha2-512`. @@ -294,6 +296,8 @@ The following arguments are supported: * `remote_gw6_start_ip` - First IPv6 address in the range. * `remote_gw6_end_ip` - Last IPv6 address in the range. * `remote_gw6_country` - IPv6 addresses associated to a specific country. +* `cert_peer_username_validation` - Enable/disable cross validation of peer username and the identity in the peer's certificate. Valid values: `none`, `othername`, `rfc822name`, `cn`. +* `cert_peer_username_strip` - Enable/disable domain stripping on certificate identity. Valid values: `disable`, `enable`. * `cert_trust_store` - CA certificate trust store. Valid values: `local`, `ems`. * `qkd` - Enable/disable use of Quantum Key Distribution (QKD) server. Valid values: `disable`, `allow`, `require`. * `qkd_profile` - Quantum Key Distribution (QKD) server profile. diff --git a/website/docs/r/fortios_vpnssl_settings.html.markdown b/website/docs/r/fortios_vpnssl_settings.html.markdown index d33bbc198..64f35c86c 100644 --- a/website/docs/r/fortios_vpnssl_settings.html.markdown +++ b/website/docs/r/fortios_vpnssl_settings.html.markdown @@ -90,7 +90,7 @@ The following arguments are supported: * `http_request_body_timeout` - SSL-VPN session is disconnected if an HTTP request body is not received within this time (1 - 60 sec, default = 20). * `auth_session_check_source_ip` - Enable/disable checking of source IP for authentication session. Valid values: `enable`, `disable`. * `tunnel_connect_without_reauth` - Enable/disable tunnel connection without re-authorization if previous connection dropped. Valid values: `enable`, `disable`. -* `tunnel_user_session_timeout` - Time out value to clean up user session after tunnel connection is dropped (1 - 255 sec, default=30). +* `tunnel_user_session_timeout` - Number of seconds after which user sessions are cleaned up after tunnel connection is dropped (default = 30). On FortiOS versions 6.2.0-7.4.3: 1 - 255 sec. On FortiOS versions >= 7.4.4: 1 - 86400 sec. * `hsts_include_subdomains` - Add HSTS includeSubDomains response header. Valid values: `enable`, `disable`. * `transform_backward_slashes` - Transform backward slashes to forward slashes in URLs. Valid values: `enable`, `disable`. * `encode_2f_sequence` - Encode \2F sequence to forward slash in URLs. Valid values: `enable`, `disable`. @@ -98,7 +98,7 @@ The following arguments are supported: * `client_sigalgs` - Set signature algorithms related to client authentication. Affects TLS version <= 1.2 only. Valid values: `no-rsa-pss`, `all`. * `dual_stack_mode` - Tunnel mode: enable parallel IPv4 and IPv6 tunnel. Web mode: support IPv4 and IPv6 bookmarks in the portal. Valid values: `enable`, `disable`. * `tunnel_addr_assigned_method` - Method used for assigning address for tunnel. Valid values: `first-available`, `round-robin`. -* `saml_redirect_port` - SAML local redirect port in the machine running FortiClient (0 - 65535). 0 is to disable redirection on FGT side. +* `saml_redirect_port` - SAML local redirect port in the machine running FCT (0 - 65535). 0 is to disable redirection on FGT side. * `web_mode_snat` - Enable/disable use of IP pools defined in firewall policy while using web-mode. Valid values: `enable`, `disable`. * `ztna_trusted_client` - Enable/disable verification of device certificate for SSLVPN ZTNA session. Valid values: `enable`, `disable`. * `server_hostname` - Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection. diff --git a/website/docs/r/fortios_webproxy_explicit.html.markdown b/website/docs/r/fortios_webproxy_explicit.html.markdown index 9c9c3c522..8c9bb2eef 100644 --- a/website/docs/r/fortios_webproxy_explicit.html.markdown +++ b/website/docs/r/fortios_webproxy_explicit.html.markdown @@ -21,6 +21,9 @@ The following arguments are supported: * `http_connection_mode` - HTTP connection mode (default = static). Valid values: `static`, `multiplex`, `serverpool`. * `https_incoming_port` - Accept incoming HTTPS requests on one or more ports (0 - 65535, default = 0, use the same as HTTP). * `secure_web_proxy_cert` - Name of certificates for secure web proxy. The structure of `secure_web_proxy_cert` block is documented below. +* `client_cert` - Enable/disable to request client certificate. Valid values: `disable`, `enable`. +* `user_agent_detect` - Enable/disable to detect device type by HTTP user-agent if no client certificate provided. Valid values: `disable`, `enable`. +* `empty_cert_action` - Action of an empty client certificate. Valid values: `accept`, `block`, `accept-unmanageable`. * `ssl_dh_bits` - Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048). Valid values: `768`, `1024`, `1536`, `2048`. * `ftp_incoming_port` - Accept incoming FTP-over-HTTP requests on one or more ports (0 - 65535, default = 0; use the same as HTTP). * `socks_incoming_port` - Accept incoming SOCKS proxy requests on one or more ports (0 - 65535, default = 0; use the same as HTTP). @@ -30,7 +33,7 @@ The following arguments are supported: * `incoming_ip6` - Restrict the explicit web proxy to only accept sessions from this IPv6 address. An interface must have this IPv6 address. * `outgoing_ip6` - Outgoing HTTP requests will leave this IPv6. Multiple interfaces can be specified. Interfaces must have these IPv6 addresses. * `strict_guest` - Enable/disable strict guest user checking by the explicit web proxy. Valid values: `enable`, `disable`. -* `pref_dns_result` - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server (default = ipv4). Valid values: `ipv4`, `ipv6`. +* `pref_dns_result` - Prefer resolving addresses using the configured IPv4 or IPv6 DNS server (default = ipv4). * `unknown_http_version` - Either reject unknown HTTP traffic as malformed or handle unknown HTTP traffic as best as the proxy server can. * `realm` - Authentication realm used to identify the explicit web proxy (maximum of 63 characters). * `sec_default_action` - Accept or deny explicit web proxy sessions when no web proxy firewall policy exists. Valid values: `accept`, `deny`. diff --git a/website/docs/r/fortios_webproxy_global.html.markdown b/website/docs/r/fortios_webproxy_global.html.markdown index 9da7f61b2..b6c83d4aa 100644 --- a/website/docs/r/fortios_webproxy_global.html.markdown +++ b/website/docs/r/fortios_webproxy_global.html.markdown @@ -48,6 +48,7 @@ The following arguments are supported: * `max_waf_body_cache_length` - Maximum length of HTTP messages processed by Web Application Firewall (WAF) (10 - 1024 Kbytes, default = 32). * `webproxy_profile` - Name of the web proxy profile to apply when explicit proxy traffic is allowed by default and traffic is accepted that does not match an explicit proxy policy. * `learn_client_ip` - Enable/disable learning the client's IP address from headers. Valid values: `enable`, `disable`. +* `always_learn_client_ip` - Enable/disable learning the client's IP address from headers for every request. Valid values: `enable`, `disable`. * `learn_client_ip_from_header` - Learn client IP address from the specified headers. Valid values: `true-client-ip`, `x-real-ip`, `x-forwarded-for`. * `learn_client_ip_srcaddr` - Source address name (srcaddr or srcaddr6 must be set). The structure of `learn_client_ip_srcaddr` block is documented below. * `learn_client_ip_srcaddr6` - IPv6 Source address name (srcaddr or srcaddr6 must be set). The structure of `learn_client_ip_srcaddr6` block is documented below. @@ -57,6 +58,7 @@ The following arguments are supported: * `log_policy_pending` - Enable/disable logging sessions that are pending on policy matching. Valid values: `enable`, `disable`. * `log_forward_server` - Enable/disable forward server name logging in forward traffic log. Valid values: `enable`, `disable`. * `log_app_id` - Enable/disable always log application type in traffic log. Valid values: `enable`, `disable`. +* `proxy_transparent_cert_inspection` - Enable/disable transparent proxy certificate inspection. Valid values: `enable`, `disable`. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_wirelesscontroller_arrpprofile.html.markdown b/website/docs/r/fortios_wirelesscontroller_arrpprofile.html.markdown index e2049ffad..21dca7d67 100644 --- a/website/docs/r/fortios_wirelesscontroller_arrpprofile.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_arrpprofile.html.markdown @@ -33,7 +33,7 @@ The following arguments are supported: * `include_weather_channel` - Enable/disable use of weather channel in DARRP channel selection phase 1 (default = disable). * `include_dfs_channel` - Enable/disable use of DFS channel in DARRP channel selection phase 1 (default = disable). * `override_darrp_optimize` - Enable to override setting darrp-optimize and darrp-optimize-schedules (default = disable). Valid values: `enable`, `disable`. -* `darrp_optimize` - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 86400, 0 = disable). +* `darrp_optimize` - Time for running Distributed Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 86400, 0 = disable). * `darrp_optimize_schedules` - Firewall schedules for DARRP running time. DARRP will run periodically based on darrp-optimize within the schedules. Separate multiple schedule names with a space. The structure of `darrp_optimize_schedules` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. diff --git a/website/docs/r/fortios_wirelesscontroller_global.html.markdown b/website/docs/r/fortios_wirelesscontroller_global.html.markdown index 0cf050a42..d1d2b02f1 100644 --- a/website/docs/r/fortios_wirelesscontroller_global.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_global.html.markdown @@ -58,6 +58,12 @@ The following arguments are supported: * `ap_log_server` - Enable/disable configuring FortiGate to redirect wireless event log messages or FortiAPs to send UTM log messages to a syslog server (default = disable). Valid values: `enable`, `disable`. * `ap_log_server_ip` - IP address that APs or FortiAPs send log messages to. * `ap_log_server_port` - Port that APs or FortiAPs send log messages to. +* `max_sta_cap` - Maximum number of station cap stored on the controller (default = 0). +* `max_sta_cap_wtp` - Maximum number of station cap's wtp info stored on the controller (1 - 16, default = 8). +* `max_rogue_ap` - Maximum number of rogue APs stored on the controller (default = 0). +* `max_rogue_ap_wtp` - Maximum number of rogue AP's wtp info stored on the controller (1 - 16, default = 16). +* `max_rogue_sta` - Maximum number of rogue stations stored on the controller (default = 0). +* `max_ble_device` - Maximum number of BLE devices stored on the controller (default = 0). * `dfs_lab_test` - Enable/disable DFS certificate lab test mode. Valid values: `enable`, `disable`. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_wirelesscontroller_log.html.markdown b/website/docs/r/fortios_wirelesscontroller_log.html.markdown index 822149774..008927b0f 100644 --- a/website/docs/r/fortios_wirelesscontroller_log.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_log.html.markdown @@ -25,6 +25,7 @@ The following arguments are supported: * `sta_locate_log` - Lowest severity level to log station locate message. Valid values: `emergency`, `alert`, `critical`, `error`, `warning`, `notification`, `information`, `debug`. * `wids_log` - Lowest severity level to log WIDS message. Valid values: `emergency`, `alert`, `critical`, `error`, `warning`, `notification`, `information`, `debug`. * `wtp_event_log` - Lowest severity level to log WTP event message. Valid values: `emergency`, `alert`, `critical`, `error`, `warning`, `notification`, `information`, `debug`. +* `wtp_fips_event_log` - Lowest severity level to log FAP fips event message. Valid values: `emergency`, `alert`, `critical`, `error`, `warning`, `notification`, `information`, `debug`. * `vdomparam` - Specifies the vdom to which the resource will be applied when the FortiGate unit is running in VDOM mode. Only one vdom can be specified. If you want to inherit the vdom configuration of the provider, please do not set this parameter. diff --git a/website/docs/r/fortios_wirelesscontroller_mpskprofile.html.markdown b/website/docs/r/fortios_wirelesscontroller_mpskprofile.html.markdown index 7ee6b4c16..053aaf7f6 100644 --- a/website/docs/r/fortios_wirelesscontroller_mpskprofile.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_mpskprofile.html.markdown @@ -15,6 +15,9 @@ The following arguments are supported: * `name` - MPSK profile name. * `mpsk_concurrent_clients` - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation). +* `mpsk_external_server_auth` - Enable/Disable MPSK external server authentication (default = disable). Valid values: `enable`, `disable`. +* `mpsk_external_server` - RADIUS server to be used to authenticate MPSK users. +* `mpsk_type` - Select the security type of keys for this profile. Valid values: `wpa2-personal`, `wpa3-sae`, `wpa3-sae-transition`. * `mpsk_group` - List of multiple PSK groups. The structure of `mpsk_group` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. @@ -30,8 +33,12 @@ The `mpsk_group` block supports: The `mpsk_key` block supports: * `name` - Pre-shared key name. +* `key_type` - Select the type of the key. Valid values: `wpa2-personal`, `wpa3-sae`. * `mac` - MAC address. * `passphrase` - WPA Pre-shared key. +* `sae_password` - WPA3 SAE password. +* `sae_pk` - Enable/disable WPA3 SAE-PK (default = disable). Valid values: `enable`, `disable`. +* `sae_private_key` - Private key used for WPA3 SAE-PK authentication. * `concurrent_client_limit_type` - MPSK client limit type options. Valid values: `default`, `unlimited`, `specified`. * `concurrent_clients` - Number of clients that can connect using this pre-shared key (1 - 65535, default is 256). * `comment` - Comment. diff --git a/website/docs/r/fortios_wirelesscontroller_setting.html.markdown b/website/docs/r/fortios_wirelesscontroller_setting.html.markdown index 22d13f77f..fdb24452d 100644 --- a/website/docs/r/fortios_wirelesscontroller_setting.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_setting.html.markdown @@ -26,7 +26,7 @@ The following arguments are supported: * `device_idle` - Upper limit of idle time of device for identification in minutes (0 - 14400, default = 1440). * `firmware_provision_on_authorization` - Enable/disable automatic provisioning of latest firmware on authorization. Valid values: `enable`, `disable`. * `rolling_wtp_upgrade` - Enable/disable rolling WTP upgrade (default = disable). Valid values: `enable`, `disable`. -* `darrp_optimize` - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 86400, 0 = disable). +* `darrp_optimize` - Time for running Distributed Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 86400, 0 = disable). * `darrp_optimize_schedules` - Firewall schedules for DARRP running time. DARRP will run periodically based on darrp-optimize within the schedules. Separate multiple schedule names with a space. The structure of `darrp_optimize_schedules` block is documented below. * `dynamic_sort_subtable` - Sort sub-tables, please do not set this parameter when configuring static sub-tables. Options: [ false, true, natural, alphabetical ]. false: Default value, do not sort tables; true/natural: sort tables in natural order. For example: [ a10, a2 ] --> [ a2, a10 ]; alphabetical: sort tables in alphabetical order. For example: [ a10, a2 ] --> [ a10, a2 ]. * `get_all_tables` - Get all sub-tables including unconfigured tables. Do not set this variable to true if you configure sub-table in another resource, otherwise, conflicts and overwrite will occur. Options: [ false, true ]. false: Default value, do not get unconfigured tables; true: get all tables including unconfigured tables. @@ -35,7 +35,7 @@ The following arguments are supported: The `offending_ssid` block supports: * `id` - ID. -* `ssid_pattern` - Define offending SSID pattern (case insensitive). For example, word, word*, *word, wo*rd. +* `ssid_pattern` - Define offending SSID pattern (case insensitive), eg: word, word*, *word, wo*rd. * `action` - Actions taken for detected offending SSID. Valid values: `log`, `suppress`. The `darrp_optimize_schedules` block supports: diff --git a/website/docs/r/fortios_wirelesscontroller_timers.html.markdown b/website/docs/r/fortios_wirelesscontroller_timers.html.markdown index c8f461e5f..49d8ab640 100644 --- a/website/docs/r/fortios_wirelesscontroller_timers.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_timers.html.markdown @@ -21,7 +21,10 @@ The following arguments are supported: * `auth_timeout` - Time after which a client is considered failed in RADIUS authentication and times out (5 - 30 sec, default = 5). * `rogue_ap_log` - Time between logging rogue AP messages if periodic rogue AP logging is configured (0 - 1440 min, default = 0). * `fake_ap_log` - Time between recording logs about fake APs if periodic fake AP logging is configured (0 - 1440 min, default = 1). +* `sta_cap_cleanup` - Time period in minutes to keep station capability data after it is gone (default = 0). * `rogue_ap_cleanup` - Time period in minutes to keep rogue AP after it is gone (default = 0). +* `rogue_sta_cleanup` - Time period in minutes to keep rogue station after it is gone (default = 0). +* `ble_device_cleanup` - Time period in minutes to keep BLE device after it is gone (default = 60). * `darrp_optimize` - Time for running Dynamic Automatic Radio Resource Provisioning (DARRP) optimizations (0 - 86400 sec, default = 1800). * `darrp_day` - Weekday on which to run DARRP optimization. Valid values: `sunday`, `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`. * `darrp_time` - Time at which DARRP optimizations run (you can add up to 8 times). The structure of `darrp_time` block is documented below. diff --git a/website/docs/r/fortios_wirelesscontroller_vap.html.markdown b/website/docs/r/fortios_wirelesscontroller_vap.html.markdown index 777988b99..8af241d0b 100644 --- a/website/docs/r/fortios_wirelesscontroller_vap.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_vap.html.markdown @@ -19,7 +19,7 @@ The following arguments are supported: * `mesh_backhaul` - Enable/disable using this VAP as a WiFi mesh backhaul (default = disable). This entry is only available when security is set to a WPA type or open. Valid values: `enable`, `disable`. * `atf_weight` - Airtime weight in percentage (default = 20). * `max_clients` - Maximum number of clients that can connect simultaneously to the VAP (default = 0, meaning no limitation). -* `max_clients_ap` - Maximum number of clients that can connect simultaneously to the VAP per AP radio (default = 0, meaning no limitation). +* `max_clients_ap` - Maximum number of clients that can connect simultaneously to each radio (default = 0, meaning no limitation). * `ssid` - IEEE 802.11 service set identifier (SSID) for the wireless interface. Users who wish to use the wireless network must configure their computers to access this SSID name. * `broadcast_ssid` - Enable/disable broadcasting the SSID (default = enable). Valid values: `enable`, `disable`. * `security_obsolete_option` - Enable/disable obsolete security options. Valid values: `enable`, `disable`. @@ -27,6 +27,7 @@ The following arguments are supported: * `pmf` - Protected Management Frames (PMF) support (default = disable). Valid values: `disable`, `enable`, `optional`. * `pmf_assoc_comeback_timeout` - Protected Management Frames (PMF) comeback maximum timeout (1-20 sec). * `pmf_sa_query_retry_timeout` - Protected Management Frames (PMF) SA query retry timeout interval (1 - 5 100s of msec). +* `beacon_protection` - Enable/disable beacon protection support (default = disable). Valid values: `disable`, `enable`. * `okc` - Enable/disable Opportunistic Key Caching (OKC) (default = enable). Valid values: `disable`, `enable`. * `mbo` - Enable/disable Multiband Operation (default = disable). Valid values: `disable`, `enable`. * `gas_comeback_delay` - GAS comeback delay (0 or 100 - 10000 milliseconds, default = 500). @@ -44,7 +45,7 @@ The following arguments are supported: * `owe_groups` - OWE-Groups. Valid values: `19`, `20`, `21`. * `owe_transition` - Enable/disable OWE transition mode support. Valid values: `disable`, `enable`. * `owe_transition_ssid` - OWE transition mode peer SSID. -* `additional_akms` - Additional AKMs. Valid values: `akm6`. +* `additional_akms` - Additional AKMs. * `eapol_key_retries` - Enable/disable retransmission of EAPOL-Key frames (message 3/4 and group message 1/2) (default = enable). Valid values: `disable`, `enable`. * `tkip_counter_measure` - Enable/disable TKIP counter measure. Valid values: `enable`, `disable`. * `external_web` - URL of external authentication web server. @@ -60,19 +61,21 @@ The following arguments are supported: * `radius_mac_auth_server` - RADIUS-based MAC authentication server. * `radius_mac_auth_block_interval` - Don't send RADIUS MAC auth request again if the client has been rejected within specific interval (0 or 30 - 864000 seconds, default = 0, 0 to disable blocking). * `radius_mac_mpsk_auth` - Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication (default = disable). Valid values: `enable`, `disable`. -* `radius_mac_mpsk_timeout` - RADIUS MAC MPSK cache timeout interval (default = 86400, 0 to disable caching). On FortiOS versions 7.0.2-7.0.8, 7.2.0: 1800 - 864000. On FortiOS versions 7.0.9-7.0.15, >= 7.2.1: 0 or 300 - 864000. +* `radius_mac_mpsk_timeout` - RADIUS MAC MPSK cache timeout interval (1800 - 864000, default = 86400). * `radius_mac_auth_usergroups` - Selective user groups that are permitted for RADIUS mac authentication. The structure of `radius_mac_auth_usergroups` block is documented below. * `auth` - Authentication protocol. * `encrypt` - Encryption protocol to use (only available when security is set to a WPA type). Valid values: `TKIP`, `AES`, `TKIP-AES`. * `keyindex` - WEP key index (1 - 4). * `key` - WEP Key. -* `passphrase` - WPA pre-shared key (PSK) to be used to authenticate WiFi users. +* `passphrase` - WPA pre-shard key (PSK) to be used to authenticate WiFi users. * `sae_password` - WPA3 SAE password to be used to authenticate WiFi users. * `sae_h2e_only` - Use hash-to-element-only mechanism for PWE derivation (default = disable). Valid values: `enable`, `disable`. * `sae_hnp_only` - Use hunting-and-pecking-only mechanism for PWE derivation (default = disable). Valid values: `enable`, `disable`. * `sae_pk` - Enable/disable WPA3 SAE-PK (default = disable). Valid values: `enable`, `disable`. * `sae_private_key` - Private key used for WPA3 SAE-PK authentication. +* `akm24_only` - WPA3 SAE using group-dependent hash only (default = disable). Valid values: `disable`, `enable`. * `radius_server` - RADIUS server to be used to authenticate WiFi users. +* `nas_filter_rule` - Enable/disable NAS filter rule support (default = disable). Valid values: `enable`, `disable`. * `acct_interim_interval` - WiFi RADIUS accounting interim interval (60 - 86400 sec, default = 0). * `local_standalone` - Enable/disable AP local standalone (default = disable). Valid values: `enable`, `disable`. * `local_standalone_nat` - Enable/disable AP local standalone NAT mode. Valid values: `enable`, `disable`. @@ -102,8 +105,8 @@ The following arguments are supported: * `port_macauth_reauth_timeout` - LAN port MAC authentication re-authentication timeout value (default = 7200 sec). * `bss_color_partial` - Enable/disable 802.11ax partial BSS color (default = enable). Valid values: `enable`, `disable`. * `mpsk_profile` - MPSK profile name. -* `mpsk` - Enable/disable multiple PSK authentication. Valid values: `enable`, `disable`. -* `mpsk_concurrent_clients` - Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication (0 - 65535, default = 0, meaning no limitation). +* `mpsk` - Enable/disable multiple pre-shared keys (PSKs.) Valid values: `enable`, `disable`. +* `mpsk_concurrent_clients` - Number of pre-shared keys (PSKs) to allow if multiple pre-shared keys are enabled. * `mpsk_key` - Pre-shared keys that can be used to connect to this virtual access point. The structure of `mpsk_key` block is documented below. * `split_tunneling` - Enable/disable split tunneling (default = disable). Valid values: `enable`, `disable`. * `nac` - Enable/disable network access control. Valid values: `enable`, `disable`. @@ -111,6 +114,7 @@ The following arguments are supported: * `vlanid` - Optional VLAN ID. * `vlan_auto` - Enable/disable automatic management of SSID VLAN interface. Valid values: `enable`, `disable`. * `dynamic_vlan` - Enable/disable dynamic VLAN assignment. Valid values: `enable`, `disable`. +* `captive_portal` - Enable/disable captive portal. Valid values: `enable`, `disable`. * `captive_portal_fw_accounting` - Enable/disable RADIUS accounting for captive portal firewall authentication session. Valid values: `enable`, `disable`. * `captive_portal_radius_server` - Captive portal RADIUS server domain name or IP address. * `captive_portal_radius_secret` - Secret key to access the RADIUS server. @@ -142,9 +146,9 @@ The following arguments are supported: * `dhcp_option82_circuit_id_insertion` - Enable/disable DHCP option 82 circuit-id insert (default = disable). * `dhcp_option82_remote_id_insertion` - Enable/disable DHCP option 82 remote-id insert (default = disable). Valid values: `style-1`, `disable`. * `ptk_rekey` - Enable/disable PTK rekey for WPA-Enterprise security. Valid values: `enable`, `disable`. -* `ptk_rekey_intv` - PTK rekey interval (1800 - 864000 sec, default = 86400). +* `ptk_rekey_intv` - PTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec. * `gtk_rekey` - Enable/disable GTK rekey for WPA security. Valid values: `enable`, `disable`. -* `gtk_rekey_intv` - GTK rekey interval (1800 - 864000 sec, default = 86400). +* `gtk_rekey_intv` - GTK rekey interval (default = 86400). On FortiOS versions 6.2.0-7.4.3: 1800 - 864000 sec. On FortiOS versions >= 7.4.4: 600 - 864000 sec. * `eap_reauth` - Enable/disable EAP re-authentication for WPA-Enterprise security. Valid values: `enable`, `disable`. * `eap_reauth_intv` - EAP re-authentication interval (1800 - 864000 sec, default = 86400). * `roaming_acct_interim_update` - Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Valid values: `enable`, `disable`. @@ -161,6 +165,9 @@ The following arguments are supported: * `rates_11n_ss34` - Allowed data rates for 802.11n with 3 or 4 spatial streams. Valid values: `mcs16/3`, `mcs17/3`, `mcs18/3`, `mcs19/3`, `mcs20/3`, `mcs21/3`, `mcs22/3`, `mcs23/3`, `mcs24/4`, `mcs25/4`, `mcs26/4`, `mcs27/4`, `mcs28/4`, `mcs29/4`, `mcs30/4`, `mcs31/4`. * `rates_11ac_mcs_map` - Comma separated list of max supported VHT MCS for spatial streams 1 through 8. * `rates_11ax_mcs_map` - Comma separated list of max supported HE MCS for spatial streams 1 through 8. +* `rates_11be_mcs_map` - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth. +* `rates_11be_mcs_map_160` - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth. +* `rates_11be_mcs_map_320` - Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth. * `rates_11ac_ss12` - Allowed data rates for 802.11ac with 1 or 2 spatial streams. Valid values: `mcs0/1`, `mcs1/1`, `mcs2/1`, `mcs3/1`, `mcs4/1`, `mcs5/1`, `mcs6/1`, `mcs7/1`, `mcs8/1`, `mcs9/1`, `mcs10/1`, `mcs11/1`, `mcs0/2`, `mcs1/2`, `mcs2/2`, `mcs3/2`, `mcs4/2`, `mcs5/2`, `mcs6/2`, `mcs7/2`, `mcs8/2`, `mcs9/2`, `mcs10/2`, `mcs11/2`. * `rates_11ac_ss34` - Allowed data rates for 802.11ac with 3 or 4 spatial streams. Valid values: `mcs0/3`, `mcs1/3`, `mcs2/3`, `mcs3/3`, `mcs4/3`, `mcs5/3`, `mcs6/3`, `mcs7/3`, `mcs8/3`, `mcs9/3`, `mcs10/3`, `mcs11/3`, `mcs0/4`, `mcs1/4`, `mcs2/4`, `mcs3/4`, `mcs4/4`, `mcs5/4`, `mcs6/4`, `mcs7/4`, `mcs8/4`, `mcs9/4`, `mcs10/4`, `mcs11/4`. * `rates_11ax_ss12` - Allowed data rates for 802.11ax with 1 or 2 spatial streams. Valid values: `mcs0/1`, `mcs1/1`, `mcs2/1`, `mcs3/1`, `mcs4/1`, `mcs5/1`, `mcs6/1`, `mcs7/1`, `mcs8/1`, `mcs9/1`, `mcs10/1`, `mcs11/1`, `mcs0/2`, `mcs1/2`, `mcs2/2`, `mcs3/2`, `mcs4/2`, `mcs5/2`, `mcs6/2`, `mcs7/2`, `mcs8/2`, `mcs9/2`, `mcs10/2`, `mcs11/2`. @@ -230,7 +237,7 @@ The `mpsk_schedules` block supports: The `vlan_name` block supports: * `name` - VLAN name. -* `vlan_id` - VLAN IDs. On FortiOS versions >= 7.4.1: maximum 8 VLAN IDs. +* `vlan_id` - VLAN ID. The `vlan_pool` block supports: diff --git a/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown b/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown index 78dd36b25..655a331fb 100644 --- a/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown +++ b/website/docs/r/fortios_wirelesscontroller_wtpprofile.html.markdown @@ -45,6 +45,7 @@ The following arguments are supported: * `login_passwd` - Set the managed WTP, FortiAP, or AP's administrator password. * `lldp` - Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP. On FortiOS versions 6.2.0: default = disable. On FortiOS versions >= 6.2.4: default = enable. Valid values: `enable`, `disable`. * `poe_mode` - Set the WTP, FortiAP, or AP's PoE mode. +* `usb_port` - Enable/disable USB port of the WTP (default = enable). Valid values: `enable`, `disable`. * `frequency_handoff` - Enable/disable frequency handoff of clients to other channels (default = disable). Valid values: `enable`, `disable`. * `ap_handoff` - Enable/disable AP handoff of clients to other APs (default = disable). Valid values: `enable`, `disable`. * `radio_1` - Configuration options for radio 1. The structure of `radio_1` block is documented below. @@ -129,6 +130,7 @@ The `radio_1` block supports: * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. * `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. * `channel_bonding` - Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. +* `channel_bonding_ext` - Channel bandwidth extension: 320 MHz-1 and 320 MHz-2 (default = 320 MHz-2). Valid values: `320MHz-1`, `320MHz-2`. * `optional_antenna` - Optional antenna used on FAP (default = none). * `optional_antenna_gain` - Optional antenna gain in dBi (0 to 20, default = 0). * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference. On FortiOS versions 6.2.0: default = disable. On FortiOS versions >= 6.2.4: default = enable. Valid values: `enable`, `disable`. @@ -220,6 +222,7 @@ The `radio_2` block supports: * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. * `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. * `channel_bonding` - Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. +* `channel_bonding_ext` - Channel bandwidth extension: 320 MHz-1 and 320 MHz-2 (default = 320 MHz-2). Valid values: `320MHz-1`, `320MHz-2`. * `optional_antenna` - Optional antenna used on FAP (default = none). * `optional_antenna_gain` - Optional antenna gain in dBi (0 to 20, default = 0). * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference. On FortiOS versions 6.2.0: default = disable. On FortiOS versions >= 6.2.4: default = enable. Valid values: `enable`, `disable`. @@ -309,7 +312,8 @@ The `radio_3` block supports: * `bss_color_mode` - BSS color mode for this 11ax radio (default = auto). Valid values: `auto`, `static`. * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. * `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. -* `channel_bonding` - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Valid values: `160MHz`, `80MHz`, `40MHz`, `20MHz`. +* `channel_bonding` - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. +* `channel_bonding_ext` - Channel bandwidth extension: 320 MHz-1 and 320 MHz-2 (default = 320 MHz-2). Valid values: `320MHz-1`, `320MHz-2`. * `optional_antenna` - Optional antenna used on FAP (default = none). * `optional_antenna_gain` - Optional antenna gain in dBi (0 to 20, default = 0). * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Valid values: `enable`, `disable`. @@ -399,7 +403,8 @@ The `radio_4` block supports: * `bss_color_mode` - BSS color mode for this 11ax radio (default = auto). Valid values: `auto`, `static`. * `short_guard_interval` - Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Valid values: `enable`, `disable`. * `mimo_mode` - Configure radio MIMO mode (default = default). Valid values: `default`, `1x1`, `2x2`, `3x3`, `4x4`, `8x8`. -* `channel_bonding` - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Valid values: `160MHz`, `80MHz`, `40MHz`, `20MHz`. +* `channel_bonding` - Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. +* `channel_bonding_ext` - Channel bandwidth extension: 320 MHz-1 and 320 MHz-2 (default = 320 MHz-2). Valid values: `320MHz-1`, `320MHz-2`. * `optional_antenna` - Optional antenna used on FAP (default = none). * `optional_antenna_gain` - Optional antenna gain in dBi (0 to 20, default = 0). * `auto_power_level` - Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Valid values: `enable`, `disable`.