From 2fb4ef8086f5a679aeb85944602d67467e9e83fd Mon Sep 17 00:00:00 2001 From: tzarski0 <92273798+tzarski0@users.noreply.github.com> Date: Wed, 11 Dec 2024 23:14:47 +0100 Subject: [PATCH 1/9] UX2.0 Features Part 3 (#75) - add support for sdwan_other_ucse_feature resource - add support for sdwan_transport_management_vpn_feature - add support for sdwan_transport_management_vpn_interface_ethernet_feature - separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" for better readability --- CHANGELOG.md | 6 +- README.md | 3 + defaults/sdwan.yaml | 13 + sdwan_features_cli.tf | 11 + sdwan_features_other.tf | 65 ++++ sdwan_features_service.tf | 108 ++++++ sdwan_features.tf => sdwan_features_system.tf | 340 ------------------ sdwan_features_transport.tf | 320 +++++++++++++++++ 8 files changed, 524 insertions(+), 342 deletions(-) create mode 100644 sdwan_features_cli.tf create mode 100644 sdwan_features_other.tf create mode 100644 sdwan_features_service.tf rename sdwan_features.tf => sdwan_features_system.tf (66%) create mode 100644 sdwan_features_transport.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b6152e..65630b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,5 @@ ## 0.1.1 (unreleased) -- rename "sdwan_profile_parcels.tf" to "sdwan_features.tf" - provide default value for name if not explicitly set for sdwan_system_basic_feature, sdwan_system_omp_feature, sdwan_system_performance_monitoring_feature, sdwan_system_security_feature, sdwan_system_snmp_feature and sdwan_transport_wan_vpn_feature - simplify default feature name from "profile_name-feature_name" to "feature_name" - add support for sdwan_policy_object_feature_profile resource @@ -18,11 +17,14 @@ - fix issue where sdwan_custom_control_topology_policy_definition always shows diff when match_criterias or actions are not configured in data model - fix issue where sdwan_traffic_data_policy_definition always shows diff when match_criterias or actions are not configured in data model - fix issue where sdwan_application_aware_routing_policy_definition always shows diff when match_criterias or actions are not configured in data model -- add defaults for UX 2.0 feature names - fix issue where certain parameters were required by sdwan_cflowd_policy_definition resource, but are optional in the UI - fix issue where authentication_type_variable was not configurable with sdwan_cisco_security_feature_template - in sdwan_cflowd_policy_definition, fix export_spreading to be optional - add gateway parameter to ipv6_static_routes of sdwan_transport_wan_vpn_feature +- add support for sdwan_other_ucse_feature resource +- add support for sdwan_transport_management_vpn_feature +- add support for sdwan_transport_management_vpn_interface_ethernet_feature +- separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" ## 0.1.0 diff --git a/README.md b/README.md index 7ce5a28..828f164 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,7 @@ module "sdwan" { | [sdwan_mirror_policy_object.mirror_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/mirror_policy_object) | resource | | [sdwan_other_feature_profile.other_feature_profile](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_feature_profile) | resource | | [sdwan_other_thousandeyes_feature.other_thousandeyes_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_thousandeyes_feature) | resource | +| [sdwan_other_ucse_feature.other_ucse_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_ucse_feature) | resource | | [sdwan_policer_policy_object.policer_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policer_policy_object) | resource | | [sdwan_policy_object_class_map.policy_object_class_map](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policy_object_class_map) | resource | | [sdwan_policy_object_data_ipv4_prefix_list.policy_object_data_ipv4_prefix_list](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policy_object_data_ipv4_prefix_list) | resource | @@ -172,6 +173,8 @@ module "sdwan" { | [sdwan_transport_feature_profile.transport_feature_profile](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_feature_profile) | resource | | [sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_ipv6_tracker_feature) | resource | | [sdwan_transport_ipv6_tracker_group_feature.transport_ipv6_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_ipv6_tracker_group_feature) | resource | +| [sdwan_transport_management_vpn_feature.transport_management_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_management_vpn_feature) | resource | +| [sdwan_transport_management_vpn_interface_ethernet_feature.transport_management_vpn_interface_ethernet_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_management_vpn_interface_ethernet_feature) | resource | | [sdwan_transport_tracker_feature.transport_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_feature) | resource | | [sdwan_transport_tracker_group_feature.transport_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_group_feature) | resource | | [sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_feature) | resource | diff --git a/defaults/sdwan.yaml b/defaults/sdwan.yaml index 37e6427..4c711d7 100644 --- a/defaults/sdwan.yaml +++ b/defaults/sdwan.yaml @@ -355,5 +355,18 @@ defaults: snmp: name: snmp transport_profiles: + management_vpn: + name: management_vpn + ethernet_interfaces: + ipv4_configuration_type: static + ipv6_configuration_type: none + ipv4_static_routes: + gateway: nextHop + ipv6_static_routes: + gateway: nextHop wan_vpn: name: wan_vpn + ipv4_static_routes: + gateway: nextHop + ipv6_static_routes: + gateway: nextHop diff --git a/sdwan_features_cli.tf b/sdwan_features_cli.tf new file mode 100644 index 0000000..a86a582 --- /dev/null +++ b/sdwan_features_cli.tf @@ -0,0 +1,11 @@ +resource "sdwan_cli_config_feature" "cli_config_feature" { + for_each = { + for cli in try(local.feature_profiles.cli_profiles, {}) : + "${cli.name}-config" => cli + if try(cli.config, null) != null + } + name = try(each.value.config.name, local.defaults.sdwan.feature_profiles.cli_profiles.config.name) + description = try(each.value.config.description, "") + feature_profile_id = sdwan_cli_feature_profile.cli_feature_profile[each.value.name].id + cli_configuration = each.value.config.cli_configuration +} diff --git a/sdwan_features_other.tf b/sdwan_features_other.tf new file mode 100644 index 0000000..10ed19e --- /dev/null +++ b/sdwan_features_other.tf @@ -0,0 +1,65 @@ +resource "sdwan_other_thousandeyes_feature" "other_thousandeyes_feature" { + for_each = { + for other in try(local.feature_profiles.other_profiles, {}) : + "${other.name}-thousandeyes" => other + if try(other.thousandeyes, null) != null + } + name = try(each.value.thousandeyes.name, local.defaults.sdwan.feature_profiles.other_profiles.thousandeyes.name) + description = try(each.value.thousandeyes.description, "") + feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id + virtual_application = [{ + account_group_token = try(each.value.thousandeyes.account_group_token, null) + account_group_token_variable = try("{{${each.value.thousandeyes.account_group_token_variable}}}", null) + agent_default_gateway = try(each.value.thousandeyes.agent_default_gateway, null) + agent_default_gateway_variable = try("{{${each.value.thousandeyes.agent_default_gateway_variable}}}", null) + hostname = try(each.value.thousandeyes.hostname, null) + hostname_variable = try("{{${each.value.thousandeyes.hostname_variable}}}", null) + management_ip = try(each.value.thousandeyes.management_ip, null) + management_ip_variable = try("{{${each.value.thousandeyes.management_ip_variable}}}", null) + management_subnet_mask = try(each.value.thousandeyes.management_subnet_mask, null) + management_subnet_mask_variable = try("{{${each.value.thousandeyes.management_subnet_mask_variable}}}", null) + name_server_ip = try(each.value.thousandeyes.name_server_ip, null) + name_server_ip_variable = try("{{${each.value.thousandeyes.name_server_ip_variable}}}", null) + pac_url = try(each.value.thousandeyes.pac_proxy_url, null) + pac_url_variable = try("{{${each.value.thousandeyes.pac_proxy_url_variable}}}", null) + proxy_host = try(each.value.thousandeyes.static_proxy_host, null) + proxy_host_variable = try("{{${each.value.thousandeyes.static_proxy_host_variable}}}", null) + proxy_port = try(each.value.thousandeyes.static_proxy_port, null) + proxy_port_variable = try("{{${each.value.thousandeyes.static_proxy_port_variable}}}", null) + proxy_type = try(each.value.thousandeyes.proxy_type, null) + vpn = try(each.value.thousandeyes.vpn_id, null) + vpn_variable = try("{{${each.value.thousandeyes.vpn_id_variable}}}", null) + }] +} + +resource "sdwan_other_ucse_feature" "other_ucse_feature" { + for_each = { + for other in try(local.feature_profiles.other_profiles, {}) : + "${other.name}-ucse" => other + if try(other.ucse, null) != null + } + name = try(each.value.ucse.name, local.defaults.sdwan.feature_profiles.other_profiles.ucse.name) + description = try(each.value.ucse.description, "") + feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id + access_port_dedicated = try(each.value.ucse.cimc_access_port_dedicated, null) + access_port_shared_failover_type = try(each.value.ucse.cimc_access_port_shared_failover_type, null) + access_port_shared_type = try(each.value.ucse.cimc_access_port_shared_type, null) + assign_priority = try(each.value.ucse.cimc_assign_priority, null) + assign_priority_variable = try("{{${each.value.ucse.cimc_assign_priority_variable}}}", null) + bay = each.value.ucse.bay + default_gateway = try(each.value.ucse.cimc_default_gateway, null) + default_gateway_variable = try("{{${each.value.ucse.cimc_default_gateway_variable}}}", null) + interfaces = try(length(each.value.ucse.interfaces) == 0, true) ? null : [for i in each.value.ucse.interfaces : { + interface_name = try(i.interface_name, null) + interface_name_variable = try("{{${i.interface_name_variable}}}", null) + ipv4_address = try(i.ipv4_address, null) + ipv4_address_variable = try("{{${i.ipv4_address_variable}}}", null) + ucse_interface_vpn = try(i.vpn_id, null) + ucse_interface_vpn_variable = try("{{${i.vpn_id_variable}}}", null) + }] + ipv4_address = try(each.value.ucse.cimc_ipv4_address, null) + ipv4_address_variable = try("{{${each.value.ucse.cimc_ipv4_address_variable}}}", null) + slot = each.value.ucse.slot + vlan_id = try(each.value.ucse.cimc_vlan_id, null) + vlan_id_variable = try("{{${each.value.ucse.cimc_vlan_id_variable}}}", null) +} diff --git a/sdwan_features_service.tf b/sdwan_features_service.tf new file mode 100644 index 0000000..f3f05bf --- /dev/null +++ b/sdwan_features_service.tf @@ -0,0 +1,108 @@ +resource "sdwan_service_tracker_group_feature" "service_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "ipv4_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_service_tracker_feature.service_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_service_tracker_feature" "service_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "ipv4_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_url_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = "static-route" + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + port = try(each.value.tracker.endpoint_port, null) + port_variable = try("{{${each.value.tracker.endpoint_port_variable}}}", null) + protocol = try(each.value.tracker.endpoint_protocol, null) + protocol_variable = try("{{${each.value.tracker.endpoint_protocol_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = "endpoint" +} + +resource "sdwan_service_object_tracker_group_feature" "service_object_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "object_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + object_tracker_id = try(each.value.tracker.id, null) + object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) + reachable = try(each.value.tracker.tracker_boolean, null) + reachable_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + object_tracker_id = sdwan_service_object_tracker_feature.service_object_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_service_object_tracker_feature" "service_object_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "object_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + object_tracker_type = each.value.tracker.type + interface = try(each.value.tracker.interface_name, null) + interface_variable = try("{{${each.value.tracker.interface_name_variable}}}", null) + object_tracker_id = try(each.value.tracker.id, null) + object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) + route_ip = try(each.value.tracker.route_ip, null) + route_ip_variable = try("{{${each.value.tracker.route_ip_variable}}}", null) + route_mask = try(each.value.tracker.route_mask, null) + route_mask_variable = try("{{${each.value.tracker.route_mask_variable}}}", null) + vpn = try(each.value.tracker.vpn_id, null) + vpn_variable = try("{{${each.value.tracker.vpn_id_variable}}}", null) +} diff --git a/sdwan_features.tf b/sdwan_features_system.tf similarity index 66% rename from sdwan_features.tf rename to sdwan_features_system.tf index c54c198..9c70ebc 100644 --- a/sdwan_features.tf +++ b/sdwan_features_system.tf @@ -1,158 +1,3 @@ -resource "sdwan_cli_config_feature" "cli_config_feature" { - for_each = { - for cli in try(local.feature_profiles.cli_profiles, {}) : - "${cli.name}-config" => cli - if try(cli.config, null) != null - } - name = try(each.value.config.name, local.defaults.sdwan.feature_profiles.cli_profiles.config.name) - description = try(each.value.config.description, "") - feature_profile_id = sdwan_cli_feature_profile.cli_feature_profile[each.value.name].id - cli_configuration = each.value.config.cli_configuration -} - -resource "sdwan_other_thousandeyes_feature" "other_thousandeyes_feature" { - for_each = { - for other in try(local.feature_profiles.other_profiles, {}) : - "${other.name}-thousandeyes" => other - if try(other.thousandeyes, null) != null - } - name = try(each.value.thousandeyes.name, local.defaults.sdwan.feature_profiles.other_profiles.thousandeyes.name) - description = try(each.value.thousandeyes.description, "") - feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id - virtual_application = [{ - account_group_token = try(each.value.thousandeyes.account_group_token, null) - account_group_token_variable = try("{{${each.value.thousandeyes.account_group_token_variable}}}", null) - agent_default_gateway = try(each.value.thousandeyes.agent_default_gateway, null) - agent_default_gateway_variable = try("{{${each.value.thousandeyes.agent_default_gateway_variable}}}", null) - hostname = try(each.value.thousandeyes.hostname, null) - hostname_variable = try("{{${each.value.thousandeyes.hostname_variable}}}", null) - management_ip = try(each.value.thousandeyes.management_ip, null) - management_ip_variable = try("{{${each.value.thousandeyes.management_ip_variable}}}", null) - management_subnet_mask = try(each.value.thousandeyes.management_subnet_mask, null) - management_subnet_mask_variable = try("{{${each.value.thousandeyes.management_subnet_mask_variable}}}", null) - name_server_ip = try(each.value.thousandeyes.name_server_ip, null) - name_server_ip_variable = try("{{${each.value.thousandeyes.name_server_ip_variable}}}", null) - pac_url = try(each.value.thousandeyes.pac_proxy_url, null) - pac_url_variable = try("{{${each.value.thousandeyes.pac_proxy_url_variable}}}", null) - proxy_host = try(each.value.thousandeyes.static_proxy_host, null) - proxy_host_variable = try("{{${each.value.thousandeyes.static_proxy_host_variable}}}", null) - proxy_port = try(each.value.thousandeyes.static_proxy_port, null) - proxy_port_variable = try("{{${each.value.thousandeyes.static_proxy_port_variable}}}", null) - proxy_type = try(each.value.thousandeyes.proxy_type, null) - vpn = try(each.value.thousandeyes.vpn_id, null) - vpn_variable = try("{{${each.value.thousandeyes.vpn_id_variable}}}", null) - }] -} - -resource "sdwan_service_tracker_group_feature" "service_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "ipv4_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_service_tracker_feature.service_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_service_tracker_feature" "service_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "ipv4_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_url_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = "static-route" - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - port = try(each.value.tracker.endpoint_port, null) - port_variable = try("{{${each.value.tracker.endpoint_port_variable}}}", null) - protocol = try(each.value.tracker.endpoint_protocol, null) - protocol_variable = try("{{${each.value.tracker.endpoint_protocol_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = "endpoint" -} - -resource "sdwan_service_object_tracker_group_feature" "service_object_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "object_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - object_tracker_id = try(each.value.tracker.id, null) - object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) - reachable = try(each.value.tracker.tracker_boolean, null) - reachable_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - object_tracker_id = sdwan_service_object_tracker_feature.service_object_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_service_object_tracker_feature" "service_object_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "object_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - object_tracker_type = each.value.tracker.type - interface = try(each.value.tracker.interface_name, null) - interface_variable = try("{{${each.value.tracker.interface_name_variable}}}", null) - object_tracker_id = try(each.value.tracker.id, null) - object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) - route_ip = try(each.value.tracker.route_ip, null) - route_ip_variable = try("{{${each.value.tracker.route_ip_variable}}}", null) - route_mask = try(each.value.tracker.route_mask, null) - route_mask_variable = try("{{${each.value.tracker.route_mask_variable}}}", null) - vpn = try(each.value.tracker.vpn_id, null) - vpn_variable = try("{{${each.value.tracker.vpn_id_variable}}}", null) -} - resource "sdwan_system_aaa_feature" "system_aaa_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : @@ -745,188 +590,3 @@ resource "sdwan_system_snmp_feature" "system_snmp_feature" { }] }] } - -resource "sdwan_transport_tracker_group_feature" "transport_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv4_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_transport_tracker_feature" "transport_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv4_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) - endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) - endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) - endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = try(each.value.tracker.tracker_type, null) - tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) -} - -resource "sdwan_transport_ipv6_tracker_group_feature" "transport_ipv6_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv6_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${t}"].id - }] - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) -} - -resource "sdwan_transport_ipv6_tracker_feature" "transport_ipv6_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv6_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) - endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) - endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) - endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = try(each.value.tracker.tracker_type, null) - tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) -} - -resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { - for_each = { - for transport in try(local.feature_profiles.transport_profiles, {}) : - "${transport.name}-wan_vpn" => transport - if lookup(transport, "wan_vpn", null) != null - } - name = try(each.value.wan_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.name) - description = try(each.value.wan_vpn.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id - enhance_ecmp_keying = try(each.value.wan_vpn.enhance_ecmp_keying, null) - enhance_ecmp_keying_variable = try("{{${each.value.wan_vpn.enhance_ecmp_keying_variable}}}", null) - ipv4_static_routes = try(length(each.value.wan_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv4_static_routes : { - administrative_distance = try(route.administrative_distance, null) - administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) - gateway = try(route.gateway, "nextHop") - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) - }] - network_address = try(route.network_address, null) - network_address_variable = try("{{${route.network_address_variable}}}", null) - subnet_mask = try(route.subnet_mask, null) - subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) - }] - ipv6_static_routes = try(length(each.value.wan_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv6_static_routes : { - nat = try(route.nat, null) - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) - }] - gateway = try(route.gateway, "nextHop") - null0 = try(route.gateway, "nextHop") == "null0" ? true : null - prefix = try(route.prefix, null) - prefix_variable = try("{{${route.prefix_variable}}}", null) - }] - nat_64_v4_pools = try(length(each.value.wan_vpn.nat_64_v4_pools) == 0, true) ? null : [for pool in each.value.wan_vpn.nat_64_v4_pools : { - nat64_v4_pool_name = try(pool.name, null) - nat64_v4_pool_name_variable = try("{{${pool.name_variable}}}", null) - nat64_v4_pool_overload = try(pool.overload, null) - nat64_v4_pool_overload_variable = try("{{${pool.overload_variable}}}", null) - nat64_v4_pool_range_end = try(pool.range_end, null) - nat64_v4_pool_range_end_variable = try("{{${pool.range_end_variable}}}", null) - nat64_v4_pool_range_start = try(pool.range_start, null) - nat64_v4_pool_range_start_variable = try("{{${pool.range_start_variable}}}", null) - }] - new_host_mappings = try(length(each.value.wan_vpn.host_mappings) == 0, true) ? null : [for host in each.value.wan_vpn.host_mappings : { - host_name = try(host.hostname, null) - host_name_variable = try("{{${host.hostname_variable}}}", null) - list_of_ip_addresses = try(host.ips, null) - list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) - }] - primary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_primary_dns_address, null) - primary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_primary_dns_address_variable}}}", null) - primary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_primary_dns_address, null) - primary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_primary_dns_address_variable}}}", null) - secondary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_secondary_dns_address, null) - secondary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_secondary_dns_address_variable}}}", null) - secondary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_secondary_dns_address, null) - secondary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_secondary_dns_address_variable}}}", null) - services = try(length(each.value.wan_vpn.services) == 0, true) ? null : [for service in each.value.wan_vpn.services : { - service_type = service - }] - vpn = 0 -} diff --git a/sdwan_features_transport.tf b/sdwan_features_transport.tf new file mode 100644 index 0000000..5f8d533 --- /dev/null +++ b/sdwan_features_transport.tf @@ -0,0 +1,320 @@ +resource "sdwan_transport_tracker_group_feature" "transport_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv4_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_transport_tracker_feature" "transport_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv4_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) + endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) + endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) + endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = try(each.value.tracker.tracker_type, null) + tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) +} + +resource "sdwan_transport_ipv6_tracker_group_feature" "transport_ipv6_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv6_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${t}"].id + }] + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) +} + +resource "sdwan_transport_ipv6_tracker_feature" "transport_ipv6_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv6_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) + endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) + endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) + endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = try(each.value.tracker.tracker_type, null) + tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) +} + +resource "sdwan_transport_management_vpn_feature" "transport_management_vpn_feature" { + for_each = { + for transport in try(local.feature_profiles.transport_profiles, {}) : + "${transport.name}-management_vpn" => transport + if try(transport.management_vpn, null) != null + } + name = try(each.value.management_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.name) + description = try(each.value.management_vpn.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id + ipv4_static_routes = try(length(each.value.management_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.management_vpn.ipv4_static_routes : { + administrative_distance = try(route.administrative_distance, null) + administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv4_static_routes.gateway) + network_address = try(route.network_address, null) + network_address_variable = try("{{${route.network_address_variable}}}", null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administative_distance_variable}}}", null) + }] + subnet_mask = try(route.subnet_mask, null) + subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) + }] + ipv6_static_routes = try(length(each.value.management_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.management_vpn.ipv6_static_routes : { + nat = try(route.nat, null) + nat_variable = try("{{${route.nat_variable}}}", null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administative_distance_variable}}}", null) + }] + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes.gateway) + null0 = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes.gateway) == "null0" ? true : null + prefix = try(route.prefix, null) + prefix_variable = try("{{${route.prefix_variable}}}", null) + }] + new_host_mappings = try(length(each.value.management_vpn.host_mappings) == 0, true) ? null : [for host in each.value.management_vpn.host_mappings : { + host_name = try(host.hostname, null) + host_name_variable = try("{{${host.hostname_variable}}}", null) + list_of_ip_addresses = try(host.ips, null) + list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) + }] + primary_dns_address_ipv4 = try(each.value.management_vpn.ipv4_primary_dns_address, null) + primary_dns_address_ipv4_variable = try("{{${each.value.management_vpn.ipv4_primary_dns_address_variable}}}", null) + primary_dns_address_ipv6 = try(each.value.management_vpn.ipv6_primary_dns_address, null) + primary_dns_address_ipv6_variable = try("{{${each.value.management_vpn.ipv6_primary_dns_address_variable}}}", null) + secondary_dns_address_ipv4 = try(each.value.management_vpn.ipv4_secondary_dns_address, null) + secondary_dns_address_ipv4_variable = try("{{${each.value.management_vpn.ipv4_secondary_dns_address_variable}}}", null) + secondary_dns_address_ipv6 = try(each.value.management_vpn.ipv6_secondary_dns_address, null) + secondary_dns_address_ipv6_variable = try("{{${each.value.management_vpn.ipv6_secondary_dns_address_variable}}}", null) + vpn_description = try(each.value.management_vpn.vpn_description, null) + vpn_description_variable = try("{{${each.value.management_vpn.vpn_description_variable}}}", null) +} + +resource "sdwan_transport_management_vpn_interface_ethernet_feature" "transport_management_vpn_interface_ethernet_feature" { + for_each = { + for interface_item in flatten([ + for profile in local.feature_profiles.transport_profiles : [ + for management_vpn in [profile.management_vpn] : [ + for interface in management_vpn.ethernet_interfaces : { + profile = profile + management_vpn = management_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-management_vpn-${interface_item.interface.name}" => interface_item + } + name = each.value.interface.name + description = try(each.value.interface.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_management_vpn_feature_id = sdwan_transport_management_vpn_feature.transport_management_vpn_feature["${each.value.profile.name}-management_vpn"].id + arp_entries = try(length(each.value.interface.arp_entries) == 0, true) ? null : [for arp in each.value.interface.arp_entries : { + ip_address = try(arp.ip_address, null) + ip_address_variable = try("{{${arp.ip_address_variable}}}", null) + mac_address = try(arp.mac_address, null) + mac_address_variable = try("{{${arp.mac_address_variable}}}", null) + }] + arp_timeout = try(each.value.interface.arp_timeout, null) + arp_timeout_variable = try("{{${each.value.interface.arp_timeout_variable}}}", null) + autonegotiate = try(each.value.interface.autonegotiate, null) + autonegotiate_variable = try("{{${each.value.interface.autonegotiate_variable}}}", null) + duplex = try(each.value.interface.duplex, null) + duplex_variable = try("{{${each.value.interface.duplex_variable}}}", null) + enable_dhcpv6 = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv6_configuration_type) == "dynamic" ? true : null + icmp_redirect_disable = try(each.value.interface.icmp_redirect_disable, null) + icmp_redirect_disable_variable = try("{{${each.value.interface.icmp_redirect_disable_variable}}}", null) + interface_description = try(each.value.interface.interface_description, null) + interface_description_variable = try("{{${each.value.interface.interface_description_variable}}}", null) + interface_mtu = try(each.value.interface.interface_mtu, null) + interface_mtu_variable = try("{{${each.value.interface.interface_mtu_variable}}}", null) + interface_name = try(each.value.interface.interface_name, null) + interface_name_variable = try("{{${each.value.interface.interface_name_variable}}}", null) + ip_directed_broadcast = try(each.value.interface.ip_directed_broadcast, null) + ip_directed_broadcast_variable = try("{{${each.value.interface.ip_directed_broadcast_variable}}}", null) + ip_mtu = try(each.value.interface.ip_mtu, null) + ip_mtu_variable = try("{{${each.value.interface.ip_mtu_variable}}}", null) + ipv4_auto_detect_bandwidth = try(each.value.interface.auto_detect_bandwidth, null) + ipv4_auto_detect_bandwidth_variable = try("{{${each.value.interface.auto_detect_bandwidth_variable}}}", null) + ipv4_address = try(each.value.interface.ipv4_address, null) + ipv4_address_variable = try("{{${each.value.interface.ipv4_address_variable}}}", null) + ipv4_configuration_type = try(each.value.interface.ipv4_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv4_configuration_type) + ipv4_dhcp_distance = try(each.value.interface.ipv4_dhcp_distance, null) + ipv4_dhcp_distance_variable = try("{{${each.value.interface.ipv4_dhcp_distance_variable}}}", null) + ipv4_dhcp_helper = try(each.value.interface.ipv4_dhcp_helpers, null) + ipv4_dhcp_helper_variable = try("{{${each.value.interface.ipv4_dhcp_helper_variable}}}", null) + ipv4_iperf_server = try(each.value.interface.iperf_server, null) + ipv4_iperf_server_variable = try("{{${each.value.interface.iperf_server_variable}}}", null) + ipv4_secondary_addresses = try(length(each.value.interface.ipv4_secondary_addresses) == 0, true) ? null : [for a in each.value.interface.ipv4_secondary_addresses : { + address = try(a.address, null) + address_variable = try("{{${a.address_variable}}}", null) + subnet_mask = try(a.subnet_mask, null) + subnet_mask_variable = try("{{${a.subnet_mask_variable}}}", null) + }] + ipv4_subnet_mask = try(each.value.interface.ipv4_subnet_mask, null) + ipv4_subnet_mask_variable = try("{{${each.value.interface.ipv4_subnet_mask_variable}}}", null) + ipv6_address = try(each.value.interface.ipv6_address, null) + ipv6_address_variable = try("{{${each.value.interface.ipv6_address_variable}}}", null) + ipv6_configuration_type = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv6_configuration_type) + load_interval = try(each.value.interface.load_interval, null) + load_interval_variable = try("{{${each.value.interface.load_interval_variable}}}", null) + mac_address = try(each.value.interface.mac_address, null) + mac_address_variable = try("{{${each.value.interface.mac_address_variable}}}", null) + media_type = try(each.value.interface.media_type, null) + media_type_variable = try("{{${each.value.interface.media_type_variable}}}", null) + shutdown = try(each.value.interface.shutdown, null) + shutdown_variable = try("{{${each.value.interface.shutdown_variable}}}", null) + speed = try(each.value.interface.speed, null) + speed_variable = try("{{${each.value.interface.speed_variable}}}", null) + tcp_mss = try(each.value.interface.tcp_mss, null) + tcp_mss_variable = try("{{${each.value.interface.tcp_mss_variable}}}", null) +} + +resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { + for_each = { + for transport in try(local.feature_profiles.transport_profiles, {}) : + "${transport.name}-wan_vpn" => transport + if lookup(transport, "wan_vpn", null) != null + } + name = try(each.value.wan_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.name) + description = try(each.value.wan_vpn.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id + enhance_ecmp_keying = try(each.value.wan_vpn.enhance_ecmp_keying, null) + enhance_ecmp_keying_variable = try("{{${each.value.wan_vpn.enhance_ecmp_keying_variable}}}", null) + ipv4_static_routes = try(length(each.value.wan_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv4_static_routes : { + administrative_distance = try(route.administrative_distance, null) + administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv4_static_routes.gateway) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) + }] + network_address = try(route.network_address, null) + network_address_variable = try("{{${route.network_address_variable}}}", null) + subnet_mask = try(route.subnet_mask, null) + subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) + }] + ipv6_static_routes = try(length(each.value.wan_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv6_static_routes : { + nat = try(route.nat, null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) + }] + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes.gateway) + null0 = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes.gateway) == "null0" ? true : null + prefix = try(route.prefix, null) + prefix_variable = try("{{${route.prefix_variable}}}", null) + }] + nat_64_v4_pools = try(length(each.value.wan_vpn.nat_64_v4_pools) == 0, true) ? null : [for pool in each.value.wan_vpn.nat_64_v4_pools : { + nat64_v4_pool_name = try(pool.name, null) + nat64_v4_pool_name_variable = try("{{${pool.name_variable}}}", null) + nat64_v4_pool_overload = try(pool.overload, null) + nat64_v4_pool_overload_variable = try("{{${pool.overload_variable}}}", null) + nat64_v4_pool_range_end = try(pool.range_end, null) + nat64_v4_pool_range_end_variable = try("{{${pool.range_end_variable}}}", null) + nat64_v4_pool_range_start = try(pool.range_start, null) + nat64_v4_pool_range_start_variable = try("{{${pool.range_start_variable}}}", null) + }] + new_host_mappings = try(length(each.value.wan_vpn.host_mappings) == 0, true) ? null : [for host in each.value.wan_vpn.host_mappings : { + host_name = try(host.hostname, null) + host_name_variable = try("{{${host.hostname_variable}}}", null) + list_of_ip_addresses = try(host.ips, null) + list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) + }] + primary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_primary_dns_address, null) + primary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_primary_dns_address_variable}}}", null) + primary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_primary_dns_address, null) + primary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_primary_dns_address_variable}}}", null) + secondary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_secondary_dns_address, null) + secondary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_secondary_dns_address_variable}}}", null) + secondary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_secondary_dns_address, null) + secondary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_secondary_dns_address_variable}}}", null) + services = try(length(each.value.wan_vpn.services) == 0, true) ? null : [for service in each.value.wan_vpn.services : { + service_type = service + }] + vpn = 0 +} From e2d226a21476fe7a671f6724ffe09ca6b7d5e6ff Mon Sep 17 00:00:00 2001 From: netascode-gen Date: Wed, 11 Dec 2024 22:16:38 +0000 Subject: [PATCH 2/9] Nac sdwan updates --- defaults/sdwan.yaml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/defaults/sdwan.yaml b/defaults/sdwan.yaml index 4c711d7..37e6427 100644 --- a/defaults/sdwan.yaml +++ b/defaults/sdwan.yaml @@ -355,18 +355,5 @@ defaults: snmp: name: snmp transport_profiles: - management_vpn: - name: management_vpn - ethernet_interfaces: - ipv4_configuration_type: static - ipv6_configuration_type: none - ipv4_static_routes: - gateway: nextHop - ipv6_static_routes: - gateway: nextHop wan_vpn: name: wan_vpn - ipv4_static_routes: - gateway: nextHop - ipv6_static_routes: - gateway: nextHop From aff37d074620b5f43875c77971964b242df0916a Mon Sep 17 00:00:00 2001 From: tzarski0 <92273798+tzarski0@users.noreply.github.com> Date: Wed, 11 Dec 2024 23:24:32 +0100 Subject: [PATCH 3/9] Revert "UX2.0 Features Part 3 (#75)" This reverts commit 2fb4ef8086f5a679aeb85944602d67467e9e83fd. --- CHANGELOG.md | 6 +- README.md | 3 - sdwan_features_system.tf => sdwan_features.tf | 340 ++++++++++++++++++ sdwan_features_cli.tf | 11 - sdwan_features_other.tf | 65 ---- sdwan_features_service.tf | 108 ------ sdwan_features_transport.tf | 320 ----------------- 7 files changed, 342 insertions(+), 511 deletions(-) rename sdwan_features_system.tf => sdwan_features.tf (66%) delete mode 100644 sdwan_features_cli.tf delete mode 100644 sdwan_features_other.tf delete mode 100644 sdwan_features_service.tf delete mode 100644 sdwan_features_transport.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 65630b0..6b6152e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ## 0.1.1 (unreleased) +- rename "sdwan_profile_parcels.tf" to "sdwan_features.tf" - provide default value for name if not explicitly set for sdwan_system_basic_feature, sdwan_system_omp_feature, sdwan_system_performance_monitoring_feature, sdwan_system_security_feature, sdwan_system_snmp_feature and sdwan_transport_wan_vpn_feature - simplify default feature name from "profile_name-feature_name" to "feature_name" - add support for sdwan_policy_object_feature_profile resource @@ -17,14 +18,11 @@ - fix issue where sdwan_custom_control_topology_policy_definition always shows diff when match_criterias or actions are not configured in data model - fix issue where sdwan_traffic_data_policy_definition always shows diff when match_criterias or actions are not configured in data model - fix issue where sdwan_application_aware_routing_policy_definition always shows diff when match_criterias or actions are not configured in data model +- add defaults for UX 2.0 feature names - fix issue where certain parameters were required by sdwan_cflowd_policy_definition resource, but are optional in the UI - fix issue where authentication_type_variable was not configurable with sdwan_cisco_security_feature_template - in sdwan_cflowd_policy_definition, fix export_spreading to be optional - add gateway parameter to ipv6_static_routes of sdwan_transport_wan_vpn_feature -- add support for sdwan_other_ucse_feature resource -- add support for sdwan_transport_management_vpn_feature -- add support for sdwan_transport_management_vpn_interface_ethernet_feature -- separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" ## 0.1.0 diff --git a/README.md b/README.md index 828f164..7ce5a28 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,6 @@ module "sdwan" { | [sdwan_mirror_policy_object.mirror_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/mirror_policy_object) | resource | | [sdwan_other_feature_profile.other_feature_profile](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_feature_profile) | resource | | [sdwan_other_thousandeyes_feature.other_thousandeyes_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_thousandeyes_feature) | resource | -| [sdwan_other_ucse_feature.other_ucse_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_ucse_feature) | resource | | [sdwan_policer_policy_object.policer_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policer_policy_object) | resource | | [sdwan_policy_object_class_map.policy_object_class_map](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policy_object_class_map) | resource | | [sdwan_policy_object_data_ipv4_prefix_list.policy_object_data_ipv4_prefix_list](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policy_object_data_ipv4_prefix_list) | resource | @@ -173,8 +172,6 @@ module "sdwan" { | [sdwan_transport_feature_profile.transport_feature_profile](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_feature_profile) | resource | | [sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_ipv6_tracker_feature) | resource | | [sdwan_transport_ipv6_tracker_group_feature.transport_ipv6_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_ipv6_tracker_group_feature) | resource | -| [sdwan_transport_management_vpn_feature.transport_management_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_management_vpn_feature) | resource | -| [sdwan_transport_management_vpn_interface_ethernet_feature.transport_management_vpn_interface_ethernet_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_management_vpn_interface_ethernet_feature) | resource | | [sdwan_transport_tracker_feature.transport_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_feature) | resource | | [sdwan_transport_tracker_group_feature.transport_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_group_feature) | resource | | [sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_feature) | resource | diff --git a/sdwan_features_system.tf b/sdwan_features.tf similarity index 66% rename from sdwan_features_system.tf rename to sdwan_features.tf index 9c70ebc..c54c198 100644 --- a/sdwan_features_system.tf +++ b/sdwan_features.tf @@ -1,3 +1,158 @@ +resource "sdwan_cli_config_feature" "cli_config_feature" { + for_each = { + for cli in try(local.feature_profiles.cli_profiles, {}) : + "${cli.name}-config" => cli + if try(cli.config, null) != null + } + name = try(each.value.config.name, local.defaults.sdwan.feature_profiles.cli_profiles.config.name) + description = try(each.value.config.description, "") + feature_profile_id = sdwan_cli_feature_profile.cli_feature_profile[each.value.name].id + cli_configuration = each.value.config.cli_configuration +} + +resource "sdwan_other_thousandeyes_feature" "other_thousandeyes_feature" { + for_each = { + for other in try(local.feature_profiles.other_profiles, {}) : + "${other.name}-thousandeyes" => other + if try(other.thousandeyes, null) != null + } + name = try(each.value.thousandeyes.name, local.defaults.sdwan.feature_profiles.other_profiles.thousandeyes.name) + description = try(each.value.thousandeyes.description, "") + feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id + virtual_application = [{ + account_group_token = try(each.value.thousandeyes.account_group_token, null) + account_group_token_variable = try("{{${each.value.thousandeyes.account_group_token_variable}}}", null) + agent_default_gateway = try(each.value.thousandeyes.agent_default_gateway, null) + agent_default_gateway_variable = try("{{${each.value.thousandeyes.agent_default_gateway_variable}}}", null) + hostname = try(each.value.thousandeyes.hostname, null) + hostname_variable = try("{{${each.value.thousandeyes.hostname_variable}}}", null) + management_ip = try(each.value.thousandeyes.management_ip, null) + management_ip_variable = try("{{${each.value.thousandeyes.management_ip_variable}}}", null) + management_subnet_mask = try(each.value.thousandeyes.management_subnet_mask, null) + management_subnet_mask_variable = try("{{${each.value.thousandeyes.management_subnet_mask_variable}}}", null) + name_server_ip = try(each.value.thousandeyes.name_server_ip, null) + name_server_ip_variable = try("{{${each.value.thousandeyes.name_server_ip_variable}}}", null) + pac_url = try(each.value.thousandeyes.pac_proxy_url, null) + pac_url_variable = try("{{${each.value.thousandeyes.pac_proxy_url_variable}}}", null) + proxy_host = try(each.value.thousandeyes.static_proxy_host, null) + proxy_host_variable = try("{{${each.value.thousandeyes.static_proxy_host_variable}}}", null) + proxy_port = try(each.value.thousandeyes.static_proxy_port, null) + proxy_port_variable = try("{{${each.value.thousandeyes.static_proxy_port_variable}}}", null) + proxy_type = try(each.value.thousandeyes.proxy_type, null) + vpn = try(each.value.thousandeyes.vpn_id, null) + vpn_variable = try("{{${each.value.thousandeyes.vpn_id_variable}}}", null) + }] +} + +resource "sdwan_service_tracker_group_feature" "service_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "ipv4_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_service_tracker_feature.service_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_service_tracker_feature" "service_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "ipv4_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_url_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = "static-route" + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + port = try(each.value.tracker.endpoint_port, null) + port_variable = try("{{${each.value.tracker.endpoint_port_variable}}}", null) + protocol = try(each.value.tracker.endpoint_protocol, null) + protocol_variable = try("{{${each.value.tracker.endpoint_protocol_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = "endpoint" +} + +resource "sdwan_service_object_tracker_group_feature" "service_object_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "object_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + object_tracker_id = try(each.value.tracker.id, null) + object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) + reachable = try(each.value.tracker.tracker_boolean, null) + reachable_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + object_tracker_id = sdwan_service_object_tracker_feature.service_object_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_service_object_tracker_feature" "service_object_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "service_profiles", []) : [ + for tracker in lookup(profile, "object_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + object_tracker_type = each.value.tracker.type + interface = try(each.value.tracker.interface_name, null) + interface_variable = try("{{${each.value.tracker.interface_name_variable}}}", null) + object_tracker_id = try(each.value.tracker.id, null) + object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) + route_ip = try(each.value.tracker.route_ip, null) + route_ip_variable = try("{{${each.value.tracker.route_ip_variable}}}", null) + route_mask = try(each.value.tracker.route_mask, null) + route_mask_variable = try("{{${each.value.tracker.route_mask_variable}}}", null) + vpn = try(each.value.tracker.vpn_id, null) + vpn_variable = try("{{${each.value.tracker.vpn_id_variable}}}", null) +} + resource "sdwan_system_aaa_feature" "system_aaa_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : @@ -590,3 +745,188 @@ resource "sdwan_system_snmp_feature" "system_snmp_feature" { }] }] } + +resource "sdwan_transport_tracker_group_feature" "transport_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv4_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_transport_tracker_feature" "transport_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv4_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) + endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) + endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) + endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = try(each.value.tracker.tracker_type, null) + tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) +} + +resource "sdwan_transport_ipv6_tracker_group_feature" "transport_ipv6_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv6_tracker_groups", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${t}"].id + }] + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) +} + +resource "sdwan_transport_ipv6_tracker_feature" "transport_ipv6_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ + for tracker in lookup(profile, "ipv6_trackers", []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) + endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) + endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) + endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = try(each.value.tracker.tracker_type, null) + tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) +} + +resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { + for_each = { + for transport in try(local.feature_profiles.transport_profiles, {}) : + "${transport.name}-wan_vpn" => transport + if lookup(transport, "wan_vpn", null) != null + } + name = try(each.value.wan_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.name) + description = try(each.value.wan_vpn.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id + enhance_ecmp_keying = try(each.value.wan_vpn.enhance_ecmp_keying, null) + enhance_ecmp_keying_variable = try("{{${each.value.wan_vpn.enhance_ecmp_keying_variable}}}", null) + ipv4_static_routes = try(length(each.value.wan_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv4_static_routes : { + administrative_distance = try(route.administrative_distance, null) + administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) + gateway = try(route.gateway, "nextHop") + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) + }] + network_address = try(route.network_address, null) + network_address_variable = try("{{${route.network_address_variable}}}", null) + subnet_mask = try(route.subnet_mask, null) + subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) + }] + ipv6_static_routes = try(length(each.value.wan_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv6_static_routes : { + nat = try(route.nat, null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) + }] + gateway = try(route.gateway, "nextHop") + null0 = try(route.gateway, "nextHop") == "null0" ? true : null + prefix = try(route.prefix, null) + prefix_variable = try("{{${route.prefix_variable}}}", null) + }] + nat_64_v4_pools = try(length(each.value.wan_vpn.nat_64_v4_pools) == 0, true) ? null : [for pool in each.value.wan_vpn.nat_64_v4_pools : { + nat64_v4_pool_name = try(pool.name, null) + nat64_v4_pool_name_variable = try("{{${pool.name_variable}}}", null) + nat64_v4_pool_overload = try(pool.overload, null) + nat64_v4_pool_overload_variable = try("{{${pool.overload_variable}}}", null) + nat64_v4_pool_range_end = try(pool.range_end, null) + nat64_v4_pool_range_end_variable = try("{{${pool.range_end_variable}}}", null) + nat64_v4_pool_range_start = try(pool.range_start, null) + nat64_v4_pool_range_start_variable = try("{{${pool.range_start_variable}}}", null) + }] + new_host_mappings = try(length(each.value.wan_vpn.host_mappings) == 0, true) ? null : [for host in each.value.wan_vpn.host_mappings : { + host_name = try(host.hostname, null) + host_name_variable = try("{{${host.hostname_variable}}}", null) + list_of_ip_addresses = try(host.ips, null) + list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) + }] + primary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_primary_dns_address, null) + primary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_primary_dns_address_variable}}}", null) + primary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_primary_dns_address, null) + primary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_primary_dns_address_variable}}}", null) + secondary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_secondary_dns_address, null) + secondary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_secondary_dns_address_variable}}}", null) + secondary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_secondary_dns_address, null) + secondary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_secondary_dns_address_variable}}}", null) + services = try(length(each.value.wan_vpn.services) == 0, true) ? null : [for service in each.value.wan_vpn.services : { + service_type = service + }] + vpn = 0 +} diff --git a/sdwan_features_cli.tf b/sdwan_features_cli.tf deleted file mode 100644 index a86a582..0000000 --- a/sdwan_features_cli.tf +++ /dev/null @@ -1,11 +0,0 @@ -resource "sdwan_cli_config_feature" "cli_config_feature" { - for_each = { - for cli in try(local.feature_profiles.cli_profiles, {}) : - "${cli.name}-config" => cli - if try(cli.config, null) != null - } - name = try(each.value.config.name, local.defaults.sdwan.feature_profiles.cli_profiles.config.name) - description = try(each.value.config.description, "") - feature_profile_id = sdwan_cli_feature_profile.cli_feature_profile[each.value.name].id - cli_configuration = each.value.config.cli_configuration -} diff --git a/sdwan_features_other.tf b/sdwan_features_other.tf deleted file mode 100644 index 10ed19e..0000000 --- a/sdwan_features_other.tf +++ /dev/null @@ -1,65 +0,0 @@ -resource "sdwan_other_thousandeyes_feature" "other_thousandeyes_feature" { - for_each = { - for other in try(local.feature_profiles.other_profiles, {}) : - "${other.name}-thousandeyes" => other - if try(other.thousandeyes, null) != null - } - name = try(each.value.thousandeyes.name, local.defaults.sdwan.feature_profiles.other_profiles.thousandeyes.name) - description = try(each.value.thousandeyes.description, "") - feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id - virtual_application = [{ - account_group_token = try(each.value.thousandeyes.account_group_token, null) - account_group_token_variable = try("{{${each.value.thousandeyes.account_group_token_variable}}}", null) - agent_default_gateway = try(each.value.thousandeyes.agent_default_gateway, null) - agent_default_gateway_variable = try("{{${each.value.thousandeyes.agent_default_gateway_variable}}}", null) - hostname = try(each.value.thousandeyes.hostname, null) - hostname_variable = try("{{${each.value.thousandeyes.hostname_variable}}}", null) - management_ip = try(each.value.thousandeyes.management_ip, null) - management_ip_variable = try("{{${each.value.thousandeyes.management_ip_variable}}}", null) - management_subnet_mask = try(each.value.thousandeyes.management_subnet_mask, null) - management_subnet_mask_variable = try("{{${each.value.thousandeyes.management_subnet_mask_variable}}}", null) - name_server_ip = try(each.value.thousandeyes.name_server_ip, null) - name_server_ip_variable = try("{{${each.value.thousandeyes.name_server_ip_variable}}}", null) - pac_url = try(each.value.thousandeyes.pac_proxy_url, null) - pac_url_variable = try("{{${each.value.thousandeyes.pac_proxy_url_variable}}}", null) - proxy_host = try(each.value.thousandeyes.static_proxy_host, null) - proxy_host_variable = try("{{${each.value.thousandeyes.static_proxy_host_variable}}}", null) - proxy_port = try(each.value.thousandeyes.static_proxy_port, null) - proxy_port_variable = try("{{${each.value.thousandeyes.static_proxy_port_variable}}}", null) - proxy_type = try(each.value.thousandeyes.proxy_type, null) - vpn = try(each.value.thousandeyes.vpn_id, null) - vpn_variable = try("{{${each.value.thousandeyes.vpn_id_variable}}}", null) - }] -} - -resource "sdwan_other_ucse_feature" "other_ucse_feature" { - for_each = { - for other in try(local.feature_profiles.other_profiles, {}) : - "${other.name}-ucse" => other - if try(other.ucse, null) != null - } - name = try(each.value.ucse.name, local.defaults.sdwan.feature_profiles.other_profiles.ucse.name) - description = try(each.value.ucse.description, "") - feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id - access_port_dedicated = try(each.value.ucse.cimc_access_port_dedicated, null) - access_port_shared_failover_type = try(each.value.ucse.cimc_access_port_shared_failover_type, null) - access_port_shared_type = try(each.value.ucse.cimc_access_port_shared_type, null) - assign_priority = try(each.value.ucse.cimc_assign_priority, null) - assign_priority_variable = try("{{${each.value.ucse.cimc_assign_priority_variable}}}", null) - bay = each.value.ucse.bay - default_gateway = try(each.value.ucse.cimc_default_gateway, null) - default_gateway_variable = try("{{${each.value.ucse.cimc_default_gateway_variable}}}", null) - interfaces = try(length(each.value.ucse.interfaces) == 0, true) ? null : [for i in each.value.ucse.interfaces : { - interface_name = try(i.interface_name, null) - interface_name_variable = try("{{${i.interface_name_variable}}}", null) - ipv4_address = try(i.ipv4_address, null) - ipv4_address_variable = try("{{${i.ipv4_address_variable}}}", null) - ucse_interface_vpn = try(i.vpn_id, null) - ucse_interface_vpn_variable = try("{{${i.vpn_id_variable}}}", null) - }] - ipv4_address = try(each.value.ucse.cimc_ipv4_address, null) - ipv4_address_variable = try("{{${each.value.ucse.cimc_ipv4_address_variable}}}", null) - slot = each.value.ucse.slot - vlan_id = try(each.value.ucse.cimc_vlan_id, null) - vlan_id_variable = try("{{${each.value.ucse.cimc_vlan_id_variable}}}", null) -} diff --git a/sdwan_features_service.tf b/sdwan_features_service.tf deleted file mode 100644 index f3f05bf..0000000 --- a/sdwan_features_service.tf +++ /dev/null @@ -1,108 +0,0 @@ -resource "sdwan_service_tracker_group_feature" "service_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "ipv4_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_service_tracker_feature.service_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_service_tracker_feature" "service_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "ipv4_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_url_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = "static-route" - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - port = try(each.value.tracker.endpoint_port, null) - port_variable = try("{{${each.value.tracker.endpoint_port_variable}}}", null) - protocol = try(each.value.tracker.endpoint_protocol, null) - protocol_variable = try("{{${each.value.tracker.endpoint_protocol_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = "endpoint" -} - -resource "sdwan_service_object_tracker_group_feature" "service_object_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "object_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - object_tracker_id = try(each.value.tracker.id, null) - object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) - reachable = try(each.value.tracker.tracker_boolean, null) - reachable_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - object_tracker_id = sdwan_service_object_tracker_feature.service_object_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_service_object_tracker_feature" "service_object_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "object_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - object_tracker_type = each.value.tracker.type - interface = try(each.value.tracker.interface_name, null) - interface_variable = try("{{${each.value.tracker.interface_name_variable}}}", null) - object_tracker_id = try(each.value.tracker.id, null) - object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) - route_ip = try(each.value.tracker.route_ip, null) - route_ip_variable = try("{{${each.value.tracker.route_ip_variable}}}", null) - route_mask = try(each.value.tracker.route_mask, null) - route_mask_variable = try("{{${each.value.tracker.route_mask_variable}}}", null) - vpn = try(each.value.tracker.vpn_id, null) - vpn_variable = try("{{${each.value.tracker.vpn_id_variable}}}", null) -} diff --git a/sdwan_features_transport.tf b/sdwan_features_transport.tf deleted file mode 100644 index 5f8d533..0000000 --- a/sdwan_features_transport.tf +++ /dev/null @@ -1,320 +0,0 @@ -resource "sdwan_transport_tracker_group_feature" "transport_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv4_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_transport_tracker_feature" "transport_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv4_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) - endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) - endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) - endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = try(each.value.tracker.tracker_type, null) - tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) -} - -resource "sdwan_transport_ipv6_tracker_group_feature" "transport_ipv6_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv6_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${t}"].id - }] - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) -} - -resource "sdwan_transport_ipv6_tracker_feature" "transport_ipv6_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv6_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) - endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) - endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) - endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = try(each.value.tracker.tracker_type, null) - tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) -} - -resource "sdwan_transport_management_vpn_feature" "transport_management_vpn_feature" { - for_each = { - for transport in try(local.feature_profiles.transport_profiles, {}) : - "${transport.name}-management_vpn" => transport - if try(transport.management_vpn, null) != null - } - name = try(each.value.management_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.name) - description = try(each.value.management_vpn.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id - ipv4_static_routes = try(length(each.value.management_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.management_vpn.ipv4_static_routes : { - administrative_distance = try(route.administrative_distance, null) - administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) - gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv4_static_routes.gateway) - network_address = try(route.network_address, null) - network_address_variable = try("{{${route.network_address_variable}}}", null) - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administative_distance_variable}}}", null) - }] - subnet_mask = try(route.subnet_mask, null) - subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) - }] - ipv6_static_routes = try(length(each.value.management_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.management_vpn.ipv6_static_routes : { - nat = try(route.nat, null) - nat_variable = try("{{${route.nat_variable}}}", null) - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administative_distance_variable}}}", null) - }] - gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes.gateway) - null0 = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes.gateway) == "null0" ? true : null - prefix = try(route.prefix, null) - prefix_variable = try("{{${route.prefix_variable}}}", null) - }] - new_host_mappings = try(length(each.value.management_vpn.host_mappings) == 0, true) ? null : [for host in each.value.management_vpn.host_mappings : { - host_name = try(host.hostname, null) - host_name_variable = try("{{${host.hostname_variable}}}", null) - list_of_ip_addresses = try(host.ips, null) - list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) - }] - primary_dns_address_ipv4 = try(each.value.management_vpn.ipv4_primary_dns_address, null) - primary_dns_address_ipv4_variable = try("{{${each.value.management_vpn.ipv4_primary_dns_address_variable}}}", null) - primary_dns_address_ipv6 = try(each.value.management_vpn.ipv6_primary_dns_address, null) - primary_dns_address_ipv6_variable = try("{{${each.value.management_vpn.ipv6_primary_dns_address_variable}}}", null) - secondary_dns_address_ipv4 = try(each.value.management_vpn.ipv4_secondary_dns_address, null) - secondary_dns_address_ipv4_variable = try("{{${each.value.management_vpn.ipv4_secondary_dns_address_variable}}}", null) - secondary_dns_address_ipv6 = try(each.value.management_vpn.ipv6_secondary_dns_address, null) - secondary_dns_address_ipv6_variable = try("{{${each.value.management_vpn.ipv6_secondary_dns_address_variable}}}", null) - vpn_description = try(each.value.management_vpn.vpn_description, null) - vpn_description_variable = try("{{${each.value.management_vpn.vpn_description_variable}}}", null) -} - -resource "sdwan_transport_management_vpn_interface_ethernet_feature" "transport_management_vpn_interface_ethernet_feature" { - for_each = { - for interface_item in flatten([ - for profile in local.feature_profiles.transport_profiles : [ - for management_vpn in [profile.management_vpn] : [ - for interface in management_vpn.ethernet_interfaces : { - profile = profile - management_vpn = management_vpn - interface = interface - } - ] - ] - ]) - : "${interface_item.profile.name}-management_vpn-${interface_item.interface.name}" => interface_item - } - name = each.value.interface.name - description = try(each.value.interface.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - transport_management_vpn_feature_id = sdwan_transport_management_vpn_feature.transport_management_vpn_feature["${each.value.profile.name}-management_vpn"].id - arp_entries = try(length(each.value.interface.arp_entries) == 0, true) ? null : [for arp in each.value.interface.arp_entries : { - ip_address = try(arp.ip_address, null) - ip_address_variable = try("{{${arp.ip_address_variable}}}", null) - mac_address = try(arp.mac_address, null) - mac_address_variable = try("{{${arp.mac_address_variable}}}", null) - }] - arp_timeout = try(each.value.interface.arp_timeout, null) - arp_timeout_variable = try("{{${each.value.interface.arp_timeout_variable}}}", null) - autonegotiate = try(each.value.interface.autonegotiate, null) - autonegotiate_variable = try("{{${each.value.interface.autonegotiate_variable}}}", null) - duplex = try(each.value.interface.duplex, null) - duplex_variable = try("{{${each.value.interface.duplex_variable}}}", null) - enable_dhcpv6 = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv6_configuration_type) == "dynamic" ? true : null - icmp_redirect_disable = try(each.value.interface.icmp_redirect_disable, null) - icmp_redirect_disable_variable = try("{{${each.value.interface.icmp_redirect_disable_variable}}}", null) - interface_description = try(each.value.interface.interface_description, null) - interface_description_variable = try("{{${each.value.interface.interface_description_variable}}}", null) - interface_mtu = try(each.value.interface.interface_mtu, null) - interface_mtu_variable = try("{{${each.value.interface.interface_mtu_variable}}}", null) - interface_name = try(each.value.interface.interface_name, null) - interface_name_variable = try("{{${each.value.interface.interface_name_variable}}}", null) - ip_directed_broadcast = try(each.value.interface.ip_directed_broadcast, null) - ip_directed_broadcast_variable = try("{{${each.value.interface.ip_directed_broadcast_variable}}}", null) - ip_mtu = try(each.value.interface.ip_mtu, null) - ip_mtu_variable = try("{{${each.value.interface.ip_mtu_variable}}}", null) - ipv4_auto_detect_bandwidth = try(each.value.interface.auto_detect_bandwidth, null) - ipv4_auto_detect_bandwidth_variable = try("{{${each.value.interface.auto_detect_bandwidth_variable}}}", null) - ipv4_address = try(each.value.interface.ipv4_address, null) - ipv4_address_variable = try("{{${each.value.interface.ipv4_address_variable}}}", null) - ipv4_configuration_type = try(each.value.interface.ipv4_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv4_configuration_type) - ipv4_dhcp_distance = try(each.value.interface.ipv4_dhcp_distance, null) - ipv4_dhcp_distance_variable = try("{{${each.value.interface.ipv4_dhcp_distance_variable}}}", null) - ipv4_dhcp_helper = try(each.value.interface.ipv4_dhcp_helpers, null) - ipv4_dhcp_helper_variable = try("{{${each.value.interface.ipv4_dhcp_helper_variable}}}", null) - ipv4_iperf_server = try(each.value.interface.iperf_server, null) - ipv4_iperf_server_variable = try("{{${each.value.interface.iperf_server_variable}}}", null) - ipv4_secondary_addresses = try(length(each.value.interface.ipv4_secondary_addresses) == 0, true) ? null : [for a in each.value.interface.ipv4_secondary_addresses : { - address = try(a.address, null) - address_variable = try("{{${a.address_variable}}}", null) - subnet_mask = try(a.subnet_mask, null) - subnet_mask_variable = try("{{${a.subnet_mask_variable}}}", null) - }] - ipv4_subnet_mask = try(each.value.interface.ipv4_subnet_mask, null) - ipv4_subnet_mask_variable = try("{{${each.value.interface.ipv4_subnet_mask_variable}}}", null) - ipv6_address = try(each.value.interface.ipv6_address, null) - ipv6_address_variable = try("{{${each.value.interface.ipv6_address_variable}}}", null) - ipv6_configuration_type = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv6_configuration_type) - load_interval = try(each.value.interface.load_interval, null) - load_interval_variable = try("{{${each.value.interface.load_interval_variable}}}", null) - mac_address = try(each.value.interface.mac_address, null) - mac_address_variable = try("{{${each.value.interface.mac_address_variable}}}", null) - media_type = try(each.value.interface.media_type, null) - media_type_variable = try("{{${each.value.interface.media_type_variable}}}", null) - shutdown = try(each.value.interface.shutdown, null) - shutdown_variable = try("{{${each.value.interface.shutdown_variable}}}", null) - speed = try(each.value.interface.speed, null) - speed_variable = try("{{${each.value.interface.speed_variable}}}", null) - tcp_mss = try(each.value.interface.tcp_mss, null) - tcp_mss_variable = try("{{${each.value.interface.tcp_mss_variable}}}", null) -} - -resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { - for_each = { - for transport in try(local.feature_profiles.transport_profiles, {}) : - "${transport.name}-wan_vpn" => transport - if lookup(transport, "wan_vpn", null) != null - } - name = try(each.value.wan_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.name) - description = try(each.value.wan_vpn.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id - enhance_ecmp_keying = try(each.value.wan_vpn.enhance_ecmp_keying, null) - enhance_ecmp_keying_variable = try("{{${each.value.wan_vpn.enhance_ecmp_keying_variable}}}", null) - ipv4_static_routes = try(length(each.value.wan_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv4_static_routes : { - administrative_distance = try(route.administrative_distance, null) - administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) - gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv4_static_routes.gateway) - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) - }] - network_address = try(route.network_address, null) - network_address_variable = try("{{${route.network_address_variable}}}", null) - subnet_mask = try(route.subnet_mask, null) - subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) - }] - ipv6_static_routes = try(length(each.value.wan_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv6_static_routes : { - nat = try(route.nat, null) - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) - }] - gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes.gateway) - null0 = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes.gateway) == "null0" ? true : null - prefix = try(route.prefix, null) - prefix_variable = try("{{${route.prefix_variable}}}", null) - }] - nat_64_v4_pools = try(length(each.value.wan_vpn.nat_64_v4_pools) == 0, true) ? null : [for pool in each.value.wan_vpn.nat_64_v4_pools : { - nat64_v4_pool_name = try(pool.name, null) - nat64_v4_pool_name_variable = try("{{${pool.name_variable}}}", null) - nat64_v4_pool_overload = try(pool.overload, null) - nat64_v4_pool_overload_variable = try("{{${pool.overload_variable}}}", null) - nat64_v4_pool_range_end = try(pool.range_end, null) - nat64_v4_pool_range_end_variable = try("{{${pool.range_end_variable}}}", null) - nat64_v4_pool_range_start = try(pool.range_start, null) - nat64_v4_pool_range_start_variable = try("{{${pool.range_start_variable}}}", null) - }] - new_host_mappings = try(length(each.value.wan_vpn.host_mappings) == 0, true) ? null : [for host in each.value.wan_vpn.host_mappings : { - host_name = try(host.hostname, null) - host_name_variable = try("{{${host.hostname_variable}}}", null) - list_of_ip_addresses = try(host.ips, null) - list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) - }] - primary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_primary_dns_address, null) - primary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_primary_dns_address_variable}}}", null) - primary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_primary_dns_address, null) - primary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_primary_dns_address_variable}}}", null) - secondary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_secondary_dns_address, null) - secondary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_secondary_dns_address_variable}}}", null) - secondary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_secondary_dns_address, null) - secondary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_secondary_dns_address_variable}}}", null) - services = try(length(each.value.wan_vpn.services) == 0, true) ? null : [for service in each.value.wan_vpn.services : { - service_type = service - }] - vpn = 0 -} From 6667055514e35b8cef45a2fd99c885c4bff800bc Mon Sep 17 00:00:00 2001 From: tzarski0 <92273798+tzarski0@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:27:54 +0100 Subject: [PATCH 4/9] UX 2.0 Part 3 (#76) * add support for sdwan_other_ucse_feature resource * add support for sdwan_transport_management_vpn_feature * add support for sdwan_transport_management_vpn_interface_ethernet_feature * separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" --- CHANGELOG.md | 6 +- README.md | 3 + defaults/sdwan.yaml | 13 + sdwan_features_cli.tf | 11 + sdwan_features_other.tf | 65 ++++ sdwan_features_service.tf | 108 ++++++ sdwan_features.tf => sdwan_features_system.tf | 350 +----------------- sdwan_features_transport.tf | 320 ++++++++++++++++ 8 files changed, 529 insertions(+), 347 deletions(-) create mode 100644 sdwan_features_cli.tf create mode 100644 sdwan_features_other.tf create mode 100644 sdwan_features_service.tf rename sdwan_features.tf => sdwan_features_system.tf (66%) create mode 100644 sdwan_features_transport.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b6152e..65630b0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,5 @@ ## 0.1.1 (unreleased) -- rename "sdwan_profile_parcels.tf" to "sdwan_features.tf" - provide default value for name if not explicitly set for sdwan_system_basic_feature, sdwan_system_omp_feature, sdwan_system_performance_monitoring_feature, sdwan_system_security_feature, sdwan_system_snmp_feature and sdwan_transport_wan_vpn_feature - simplify default feature name from "profile_name-feature_name" to "feature_name" - add support for sdwan_policy_object_feature_profile resource @@ -18,11 +17,14 @@ - fix issue where sdwan_custom_control_topology_policy_definition always shows diff when match_criterias or actions are not configured in data model - fix issue where sdwan_traffic_data_policy_definition always shows diff when match_criterias or actions are not configured in data model - fix issue where sdwan_application_aware_routing_policy_definition always shows diff when match_criterias or actions are not configured in data model -- add defaults for UX 2.0 feature names - fix issue where certain parameters were required by sdwan_cflowd_policy_definition resource, but are optional in the UI - fix issue where authentication_type_variable was not configurable with sdwan_cisco_security_feature_template - in sdwan_cflowd_policy_definition, fix export_spreading to be optional - add gateway parameter to ipv6_static_routes of sdwan_transport_wan_vpn_feature +- add support for sdwan_other_ucse_feature resource +- add support for sdwan_transport_management_vpn_feature +- add support for sdwan_transport_management_vpn_interface_ethernet_feature +- separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" ## 0.1.0 diff --git a/README.md b/README.md index 7ce5a28..828f164 100644 --- a/README.md +++ b/README.md @@ -125,6 +125,7 @@ module "sdwan" { | [sdwan_mirror_policy_object.mirror_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/mirror_policy_object) | resource | | [sdwan_other_feature_profile.other_feature_profile](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_feature_profile) | resource | | [sdwan_other_thousandeyes_feature.other_thousandeyes_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_thousandeyes_feature) | resource | +| [sdwan_other_ucse_feature.other_ucse_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/other_ucse_feature) | resource | | [sdwan_policer_policy_object.policer_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policer_policy_object) | resource | | [sdwan_policy_object_class_map.policy_object_class_map](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policy_object_class_map) | resource | | [sdwan_policy_object_data_ipv4_prefix_list.policy_object_data_ipv4_prefix_list](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/policy_object_data_ipv4_prefix_list) | resource | @@ -172,6 +173,8 @@ module "sdwan" { | [sdwan_transport_feature_profile.transport_feature_profile](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_feature_profile) | resource | | [sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_ipv6_tracker_feature) | resource | | [sdwan_transport_ipv6_tracker_group_feature.transport_ipv6_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_ipv6_tracker_group_feature) | resource | +| [sdwan_transport_management_vpn_feature.transport_management_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_management_vpn_feature) | resource | +| [sdwan_transport_management_vpn_interface_ethernet_feature.transport_management_vpn_interface_ethernet_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_management_vpn_interface_ethernet_feature) | resource | | [sdwan_transport_tracker_feature.transport_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_feature) | resource | | [sdwan_transport_tracker_group_feature.transport_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_group_feature) | resource | | [sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_feature) | resource | diff --git a/defaults/sdwan.yaml b/defaults/sdwan.yaml index 37e6427..4c711d7 100644 --- a/defaults/sdwan.yaml +++ b/defaults/sdwan.yaml @@ -355,5 +355,18 @@ defaults: snmp: name: snmp transport_profiles: + management_vpn: + name: management_vpn + ethernet_interfaces: + ipv4_configuration_type: static + ipv6_configuration_type: none + ipv4_static_routes: + gateway: nextHop + ipv6_static_routes: + gateway: nextHop wan_vpn: name: wan_vpn + ipv4_static_routes: + gateway: nextHop + ipv6_static_routes: + gateway: nextHop diff --git a/sdwan_features_cli.tf b/sdwan_features_cli.tf new file mode 100644 index 0000000..a86a582 --- /dev/null +++ b/sdwan_features_cli.tf @@ -0,0 +1,11 @@ +resource "sdwan_cli_config_feature" "cli_config_feature" { + for_each = { + for cli in try(local.feature_profiles.cli_profiles, {}) : + "${cli.name}-config" => cli + if try(cli.config, null) != null + } + name = try(each.value.config.name, local.defaults.sdwan.feature_profiles.cli_profiles.config.name) + description = try(each.value.config.description, "") + feature_profile_id = sdwan_cli_feature_profile.cli_feature_profile[each.value.name].id + cli_configuration = each.value.config.cli_configuration +} diff --git a/sdwan_features_other.tf b/sdwan_features_other.tf new file mode 100644 index 0000000..10ed19e --- /dev/null +++ b/sdwan_features_other.tf @@ -0,0 +1,65 @@ +resource "sdwan_other_thousandeyes_feature" "other_thousandeyes_feature" { + for_each = { + for other in try(local.feature_profiles.other_profiles, {}) : + "${other.name}-thousandeyes" => other + if try(other.thousandeyes, null) != null + } + name = try(each.value.thousandeyes.name, local.defaults.sdwan.feature_profiles.other_profiles.thousandeyes.name) + description = try(each.value.thousandeyes.description, "") + feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id + virtual_application = [{ + account_group_token = try(each.value.thousandeyes.account_group_token, null) + account_group_token_variable = try("{{${each.value.thousandeyes.account_group_token_variable}}}", null) + agent_default_gateway = try(each.value.thousandeyes.agent_default_gateway, null) + agent_default_gateway_variable = try("{{${each.value.thousandeyes.agent_default_gateway_variable}}}", null) + hostname = try(each.value.thousandeyes.hostname, null) + hostname_variable = try("{{${each.value.thousandeyes.hostname_variable}}}", null) + management_ip = try(each.value.thousandeyes.management_ip, null) + management_ip_variable = try("{{${each.value.thousandeyes.management_ip_variable}}}", null) + management_subnet_mask = try(each.value.thousandeyes.management_subnet_mask, null) + management_subnet_mask_variable = try("{{${each.value.thousandeyes.management_subnet_mask_variable}}}", null) + name_server_ip = try(each.value.thousandeyes.name_server_ip, null) + name_server_ip_variable = try("{{${each.value.thousandeyes.name_server_ip_variable}}}", null) + pac_url = try(each.value.thousandeyes.pac_proxy_url, null) + pac_url_variable = try("{{${each.value.thousandeyes.pac_proxy_url_variable}}}", null) + proxy_host = try(each.value.thousandeyes.static_proxy_host, null) + proxy_host_variable = try("{{${each.value.thousandeyes.static_proxy_host_variable}}}", null) + proxy_port = try(each.value.thousandeyes.static_proxy_port, null) + proxy_port_variable = try("{{${each.value.thousandeyes.static_proxy_port_variable}}}", null) + proxy_type = try(each.value.thousandeyes.proxy_type, null) + vpn = try(each.value.thousandeyes.vpn_id, null) + vpn_variable = try("{{${each.value.thousandeyes.vpn_id_variable}}}", null) + }] +} + +resource "sdwan_other_ucse_feature" "other_ucse_feature" { + for_each = { + for other in try(local.feature_profiles.other_profiles, {}) : + "${other.name}-ucse" => other + if try(other.ucse, null) != null + } + name = try(each.value.ucse.name, local.defaults.sdwan.feature_profiles.other_profiles.ucse.name) + description = try(each.value.ucse.description, "") + feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id + access_port_dedicated = try(each.value.ucse.cimc_access_port_dedicated, null) + access_port_shared_failover_type = try(each.value.ucse.cimc_access_port_shared_failover_type, null) + access_port_shared_type = try(each.value.ucse.cimc_access_port_shared_type, null) + assign_priority = try(each.value.ucse.cimc_assign_priority, null) + assign_priority_variable = try("{{${each.value.ucse.cimc_assign_priority_variable}}}", null) + bay = each.value.ucse.bay + default_gateway = try(each.value.ucse.cimc_default_gateway, null) + default_gateway_variable = try("{{${each.value.ucse.cimc_default_gateway_variable}}}", null) + interfaces = try(length(each.value.ucse.interfaces) == 0, true) ? null : [for i in each.value.ucse.interfaces : { + interface_name = try(i.interface_name, null) + interface_name_variable = try("{{${i.interface_name_variable}}}", null) + ipv4_address = try(i.ipv4_address, null) + ipv4_address_variable = try("{{${i.ipv4_address_variable}}}", null) + ucse_interface_vpn = try(i.vpn_id, null) + ucse_interface_vpn_variable = try("{{${i.vpn_id_variable}}}", null) + }] + ipv4_address = try(each.value.ucse.cimc_ipv4_address, null) + ipv4_address_variable = try("{{${each.value.ucse.cimc_ipv4_address_variable}}}", null) + slot = each.value.ucse.slot + vlan_id = try(each.value.ucse.cimc_vlan_id, null) + vlan_id_variable = try("{{${each.value.ucse.cimc_vlan_id_variable}}}", null) +} diff --git a/sdwan_features_service.tf b/sdwan_features_service.tf new file mode 100644 index 0000000..71f7dd3 --- /dev/null +++ b/sdwan_features_service.tf @@ -0,0 +1,108 @@ +resource "sdwan_service_tracker_group_feature" "service_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.service_profiles, []) : [ + for tracker in try(profile.ipv4_tracker_groups, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_service_tracker_feature.service_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_service_tracker_feature" "service_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.service_profiles, []) : [ + for tracker in try(profile.ipv4_trackers, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_url_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = "static-route" + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + port = try(each.value.tracker.endpoint_port, null) + port_variable = try("{{${each.value.tracker.endpoint_port_variable}}}", null) + protocol = try(each.value.tracker.endpoint_protocol, null) + protocol_variable = try("{{${each.value.tracker.endpoint_protocol_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = "endpoint" +} + +resource "sdwan_service_object_tracker_group_feature" "service_object_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.service_profiles, []) : [ + for tracker in try(profile.object_tracker_groups, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + object_tracker_id = try(each.value.tracker.id, null) + object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) + reachable = try(each.value.tracker.tracker_boolean, null) + reachable_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + object_tracker_id = sdwan_service_object_tracker_feature.service_object_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_service_object_tracker_feature" "service_object_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.service_profiles, []) : [ + for tracker in try(profile.object_trackers, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id + object_tracker_type = each.value.tracker.type + interface = try(each.value.tracker.interface_name, null) + interface_variable = try("{{${each.value.tracker.interface_name_variable}}}", null) + object_tracker_id = try(each.value.tracker.id, null) + object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) + route_ip = try(each.value.tracker.route_ip, null) + route_ip_variable = try("{{${each.value.tracker.route_ip_variable}}}", null) + route_mask = try(each.value.tracker.route_mask, null) + route_mask_variable = try("{{${each.value.tracker.route_mask_variable}}}", null) + vpn = try(each.value.tracker.vpn_id, null) + vpn_variable = try("{{${each.value.tracker.vpn_id_variable}}}", null) +} diff --git a/sdwan_features.tf b/sdwan_features_system.tf similarity index 66% rename from sdwan_features.tf rename to sdwan_features_system.tf index c54c198..ed6f2cf 100644 --- a/sdwan_features.tf +++ b/sdwan_features_system.tf @@ -1,158 +1,3 @@ -resource "sdwan_cli_config_feature" "cli_config_feature" { - for_each = { - for cli in try(local.feature_profiles.cli_profiles, {}) : - "${cli.name}-config" => cli - if try(cli.config, null) != null - } - name = try(each.value.config.name, local.defaults.sdwan.feature_profiles.cli_profiles.config.name) - description = try(each.value.config.description, "") - feature_profile_id = sdwan_cli_feature_profile.cli_feature_profile[each.value.name].id - cli_configuration = each.value.config.cli_configuration -} - -resource "sdwan_other_thousandeyes_feature" "other_thousandeyes_feature" { - for_each = { - for other in try(local.feature_profiles.other_profiles, {}) : - "${other.name}-thousandeyes" => other - if try(other.thousandeyes, null) != null - } - name = try(each.value.thousandeyes.name, local.defaults.sdwan.feature_profiles.other_profiles.thousandeyes.name) - description = try(each.value.thousandeyes.description, "") - feature_profile_id = sdwan_other_feature_profile.other_feature_profile[each.value.name].id - virtual_application = [{ - account_group_token = try(each.value.thousandeyes.account_group_token, null) - account_group_token_variable = try("{{${each.value.thousandeyes.account_group_token_variable}}}", null) - agent_default_gateway = try(each.value.thousandeyes.agent_default_gateway, null) - agent_default_gateway_variable = try("{{${each.value.thousandeyes.agent_default_gateway_variable}}}", null) - hostname = try(each.value.thousandeyes.hostname, null) - hostname_variable = try("{{${each.value.thousandeyes.hostname_variable}}}", null) - management_ip = try(each.value.thousandeyes.management_ip, null) - management_ip_variable = try("{{${each.value.thousandeyes.management_ip_variable}}}", null) - management_subnet_mask = try(each.value.thousandeyes.management_subnet_mask, null) - management_subnet_mask_variable = try("{{${each.value.thousandeyes.management_subnet_mask_variable}}}", null) - name_server_ip = try(each.value.thousandeyes.name_server_ip, null) - name_server_ip_variable = try("{{${each.value.thousandeyes.name_server_ip_variable}}}", null) - pac_url = try(each.value.thousandeyes.pac_proxy_url, null) - pac_url_variable = try("{{${each.value.thousandeyes.pac_proxy_url_variable}}}", null) - proxy_host = try(each.value.thousandeyes.static_proxy_host, null) - proxy_host_variable = try("{{${each.value.thousandeyes.static_proxy_host_variable}}}", null) - proxy_port = try(each.value.thousandeyes.static_proxy_port, null) - proxy_port_variable = try("{{${each.value.thousandeyes.static_proxy_port_variable}}}", null) - proxy_type = try(each.value.thousandeyes.proxy_type, null) - vpn = try(each.value.thousandeyes.vpn_id, null) - vpn_variable = try("{{${each.value.thousandeyes.vpn_id_variable}}}", null) - }] -} - -resource "sdwan_service_tracker_group_feature" "service_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "ipv4_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_service_tracker_feature.service_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_service_tracker_feature" "service_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "ipv4_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_url_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = "static-route" - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - port = try(each.value.tracker.endpoint_port, null) - port_variable = try("{{${each.value.tracker.endpoint_port_variable}}}", null) - protocol = try(each.value.tracker.endpoint_protocol, null) - protocol_variable = try("{{${each.value.tracker.endpoint_protocol_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = "endpoint" -} - -resource "sdwan_service_object_tracker_group_feature" "service_object_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "object_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - object_tracker_id = try(each.value.tracker.id, null) - object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) - reachable = try(each.value.tracker.tracker_boolean, null) - reachable_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - object_tracker_id = sdwan_service_object_tracker_feature.service_object_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_service_object_tracker_feature" "service_object_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "service_profiles", []) : [ - for tracker in lookup(profile, "object_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_service_feature_profile.service_feature_profile[each.value.profile.name].id - object_tracker_type = each.value.tracker.type - interface = try(each.value.tracker.interface_name, null) - interface_variable = try("{{${each.value.tracker.interface_name_variable}}}", null) - object_tracker_id = try(each.value.tracker.id, null) - object_tracker_id_variable = try("{{${each.value.tracker.id_variable}}}", null) - route_ip = try(each.value.tracker.route_ip, null) - route_ip_variable = try("{{${each.value.tracker.route_ip_variable}}}", null) - route_mask = try(each.value.tracker.route_mask, null) - route_mask_variable = try("{{${each.value.tracker.route_mask_variable}}}", null) - vpn = try(each.value.tracker.vpn_id, null) - vpn_variable = try("{{${each.value.tracker.vpn_id_variable}}}", null) -} - resource "sdwan_system_aaa_feature" "system_aaa_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : @@ -256,7 +101,7 @@ resource "sdwan_system_basic_feature" "system_basic_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : "${sys.name}-basic" => sys - if lookup(sys, "basic", null) != null + if try(sys.basic, null) != null } name = try(each.value.basic.name, local.defaults.sdwan.feature_profiles.system_profiles.basic.name) description = try(each.value.basic.description, null) @@ -546,7 +391,7 @@ resource "sdwan_system_omp_feature" "system_omp_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : "${sys.name}-omp" => sys - if lookup(sys, "omp", null) != null + if try(sys.omp, null) != null } name = try(each.value.omp.name, local.defaults.sdwan.feature_profiles.system_profiles.omp.name) description = try(each.value.omp.description, null) @@ -615,7 +460,7 @@ resource "sdwan_system_performance_monitoring_feature" "system_performance_monit for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : "${sys.name}-performance_monitoring" => sys - if lookup(sys, "performance_monitoring", null) != null + if try(sys.performance_monitoring, null) != null } name = try(each.value.performance_monitoring.name, local.defaults.sdwan.feature_profiles.system_profiles.performance_monitoring.name) description = try(each.value.performance_monitoring.description, null) @@ -632,7 +477,7 @@ resource "sdwan_system_security_feature" "system_security_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : "${sys.name}-security" => sys - if lookup(sys, "security", null) != null + if try(sys.security, null) != null } name = try(each.value.security.name, local.defaults.sdwan.feature_profiles.system_profiles.security.name) description = try(each.value.security.description, null) @@ -684,7 +529,7 @@ resource "sdwan_system_snmp_feature" "system_snmp_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : "${sys.name}-snmp" => sys - if lookup(sys, "snmp", null) != null + if try(sys.snmp, null) != null } name = try(each.value.snmp.name, local.defaults.sdwan.feature_profiles.system_profiles.snmp.name) description = try(each.value.snmp.description, null) @@ -745,188 +590,3 @@ resource "sdwan_system_snmp_feature" "system_snmp_feature" { }] }] } - -resource "sdwan_transport_tracker_group_feature" "transport_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv4_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${t}"].id - }] -} - -resource "sdwan_transport_tracker_feature" "transport_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv4_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) - endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) - endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) - endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = try(each.value.tracker.tracker_type, null) - tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) -} - -resource "sdwan_transport_ipv6_tracker_group_feature" "transport_ipv6_tracker_group_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv6_tracker_groups", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - tracker_boolean = try(each.value.tracker.tracker_boolean, null) - tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) - tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { - tracker_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${t}"].id - }] - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) -} - -resource "sdwan_transport_ipv6_tracker_feature" "transport_ipv6_tracker_feature" { - for_each = { - for tracker_item in flatten([ - for profile in lookup(local.feature_profiles, "transport_profiles", []) : [ - for tracker in lookup(profile, "ipv6_trackers", []) : { - profile = profile - tracker = tracker - } - ] - ]) - : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item - } - name = each.value.tracker.name - description = try(each.value.tracker.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id - endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) - endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) - endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) - endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) - endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) - endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) - endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) - endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) - interval = try(each.value.tracker.interval, null) - interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) - multiplier = try(each.value.tracker.multiplier, null) - multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) - threshold = try(each.value.tracker.threshold, null) - threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) - tracker_name = try(each.value.tracker.tracker_name, null) - tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) - tracker_type = try(each.value.tracker.tracker_type, null) - tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) -} - -resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { - for_each = { - for transport in try(local.feature_profiles.transport_profiles, {}) : - "${transport.name}-wan_vpn" => transport - if lookup(transport, "wan_vpn", null) != null - } - name = try(each.value.wan_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.name) - description = try(each.value.wan_vpn.description, null) - feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id - enhance_ecmp_keying = try(each.value.wan_vpn.enhance_ecmp_keying, null) - enhance_ecmp_keying_variable = try("{{${each.value.wan_vpn.enhance_ecmp_keying_variable}}}", null) - ipv4_static_routes = try(length(each.value.wan_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv4_static_routes : { - administrative_distance = try(route.administrative_distance, null) - administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) - gateway = try(route.gateway, "nextHop") - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) - }] - network_address = try(route.network_address, null) - network_address_variable = try("{{${route.network_address_variable}}}", null) - subnet_mask = try(route.subnet_mask, null) - subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) - }] - ipv6_static_routes = try(length(each.value.wan_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv6_static_routes : { - nat = try(route.nat, null) - next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { - address = try(nh.address, null) - address_variable = try("{{${nh.address_variable}}}", null) - administrative_distance = try(nh.administrative_distance, null) - administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) - }] - gateway = try(route.gateway, "nextHop") - null0 = try(route.gateway, "nextHop") == "null0" ? true : null - prefix = try(route.prefix, null) - prefix_variable = try("{{${route.prefix_variable}}}", null) - }] - nat_64_v4_pools = try(length(each.value.wan_vpn.nat_64_v4_pools) == 0, true) ? null : [for pool in each.value.wan_vpn.nat_64_v4_pools : { - nat64_v4_pool_name = try(pool.name, null) - nat64_v4_pool_name_variable = try("{{${pool.name_variable}}}", null) - nat64_v4_pool_overload = try(pool.overload, null) - nat64_v4_pool_overload_variable = try("{{${pool.overload_variable}}}", null) - nat64_v4_pool_range_end = try(pool.range_end, null) - nat64_v4_pool_range_end_variable = try("{{${pool.range_end_variable}}}", null) - nat64_v4_pool_range_start = try(pool.range_start, null) - nat64_v4_pool_range_start_variable = try("{{${pool.range_start_variable}}}", null) - }] - new_host_mappings = try(length(each.value.wan_vpn.host_mappings) == 0, true) ? null : [for host in each.value.wan_vpn.host_mappings : { - host_name = try(host.hostname, null) - host_name_variable = try("{{${host.hostname_variable}}}", null) - list_of_ip_addresses = try(host.ips, null) - list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) - }] - primary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_primary_dns_address, null) - primary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_primary_dns_address_variable}}}", null) - primary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_primary_dns_address, null) - primary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_primary_dns_address_variable}}}", null) - secondary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_secondary_dns_address, null) - secondary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_secondary_dns_address_variable}}}", null) - secondary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_secondary_dns_address, null) - secondary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_secondary_dns_address_variable}}}", null) - services = try(length(each.value.wan_vpn.services) == 0, true) ? null : [for service in each.value.wan_vpn.services : { - service_type = service - }] - vpn = 0 -} diff --git a/sdwan_features_transport.tf b/sdwan_features_transport.tf new file mode 100644 index 0000000..5e7075b --- /dev/null +++ b/sdwan_features_transport.tf @@ -0,0 +1,320 @@ +resource "sdwan_transport_tracker_group_feature" "transport_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, []) : [ + for tracker in try(profile.ipv4_tracker_groups, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${t}"].id + }] +} + +resource "sdwan_transport_tracker_feature" "transport_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, []) : [ + for tracker in try(profile.ipv4_trackers, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) + endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) + endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) + endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = try(each.value.tracker.tracker_type, null) + tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) +} + +resource "sdwan_transport_ipv6_tracker_group_feature" "transport_ipv6_tracker_group_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, []) : [ + for tracker in try(profile.ipv6_tracker_groups, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + tracker_boolean = try(each.value.tracker.tracker_boolean, null) + tracker_boolean_variable = try("{{${each.value.tracker.tracker_boolean_variable}}}", null) + tracker_elements = try(length(each.value.tracker.trackers) == 0, true) ? null : [for t in each.value.tracker.trackers : { + tracker_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${t}"].id + }] + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) +} + +resource "sdwan_transport_ipv6_tracker_feature" "transport_ipv6_tracker_feature" { + for_each = { + for tracker_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, []) : [ + for tracker in try(profile.ipv6_trackers, []) : { + profile = profile + tracker = tracker + } + ] + ]) + : "${tracker_item.profile.name}-${tracker_item.tracker.name}" => tracker_item + } + name = each.value.tracker.name + description = try(each.value.tracker.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + endpoint_api_url = try(each.value.tracker.endpoint_api_url, null) + endpoint_api_url_variable = try("{{${each.value.tracker.endpoint_api_url_variable}}}", null) + endpoint_dns_name = try(each.value.tracker.endpoint_dns_name, null) + endpoint_dns_name_variable = try("{{${each.value.tracker.endpoint_dns_name_variable}}}", null) + endpoint_ip = try(each.value.tracker.endpoint_ip, each.value.tracker.endpoint_tcp_udp_ip, null) + endpoint_ip_variable = try("{{${each.value.tracker.endpoint_ip_variable}}}", null) + endpoint_tracker_type = try(each.value.tracker.endpoint_tracker_type, null) + endpoint_tracker_type_variable = try("{{${each.value.tracker.endpoint_tracker_type_variable}}}", null) + interval = try(each.value.tracker.interval, null) + interval_variable = try("{{${each.value.tracker.interval_variable}}}", null) + multiplier = try(each.value.tracker.multiplier, null) + multiplier_variable = try("{{${each.value.tracker.multiplier_variable}}}", null) + threshold = try(each.value.tracker.threshold, null) + threshold_variable = try("{{${each.value.tracker.threshold_variable}}}", null) + tracker_name = try(each.value.tracker.tracker_name, null) + tracker_name_variable = try("{{${each.value.tracker.tracker_name_variable}}}", null) + tracker_type = try(each.value.tracker.tracker_type, null) + tracker_type_variable = try("{{${each.value.tracker.tracker_type_variable}}}", null) +} + +resource "sdwan_transport_management_vpn_feature" "transport_management_vpn_feature" { + for_each = { + for transport in try(local.feature_profiles.transport_profiles, {}) : + "${transport.name}-management_vpn" => transport + if try(transport.management_vpn, null) != null + } + name = try(each.value.management_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.name) + description = try(each.value.management_vpn.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id + ipv4_static_routes = try(length(each.value.management_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.management_vpn.ipv4_static_routes : { + administrative_distance = try(route.administrative_distance, null) + administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv4_static_routes.gateway) + network_address = try(route.network_address, null) + network_address_variable = try("{{${route.network_address_variable}}}", null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administative_distance_variable}}}", null) + }] + subnet_mask = try(route.subnet_mask, null) + subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) + }] + ipv6_static_routes = try(length(each.value.management_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.management_vpn.ipv6_static_routes : { + nat = try(route.nat, null) + nat_variable = try("{{${route.nat_variable}}}", null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administative_distance_variable}}}", null) + }] + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes.gateway) + null0 = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ipv6_static_routes.gateway) == "null0" ? true : null + prefix = try(route.prefix, null) + prefix_variable = try("{{${route.prefix_variable}}}", null) + }] + new_host_mappings = try(length(each.value.management_vpn.host_mappings) == 0, true) ? null : [for host in each.value.management_vpn.host_mappings : { + host_name = try(host.hostname, null) + host_name_variable = try("{{${host.hostname_variable}}}", null) + list_of_ip_addresses = try(host.ips, null) + list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) + }] + primary_dns_address_ipv4 = try(each.value.management_vpn.ipv4_primary_dns_address, null) + primary_dns_address_ipv4_variable = try("{{${each.value.management_vpn.ipv4_primary_dns_address_variable}}}", null) + primary_dns_address_ipv6 = try(each.value.management_vpn.ipv6_primary_dns_address, null) + primary_dns_address_ipv6_variable = try("{{${each.value.management_vpn.ipv6_primary_dns_address_variable}}}", null) + secondary_dns_address_ipv4 = try(each.value.management_vpn.ipv4_secondary_dns_address, null) + secondary_dns_address_ipv4_variable = try("{{${each.value.management_vpn.ipv4_secondary_dns_address_variable}}}", null) + secondary_dns_address_ipv6 = try(each.value.management_vpn.ipv6_secondary_dns_address, null) + secondary_dns_address_ipv6_variable = try("{{${each.value.management_vpn.ipv6_secondary_dns_address_variable}}}", null) + vpn_description = try(each.value.management_vpn.vpn_description, null) + vpn_description_variable = try("{{${each.value.management_vpn.vpn_description_variable}}}", null) +} + +resource "sdwan_transport_management_vpn_interface_ethernet_feature" "transport_management_vpn_interface_ethernet_feature" { + for_each = { + for interface_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, {}) : [ + for management_vpn in try([profile.management_vpn], []) : [ + for interface in try(management_vpn.ethernet_interfaces, []) : { + profile = profile + management_vpn = management_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-management_vpn-${interface_item.interface.name}" => interface_item + } + name = each.value.interface.name + description = try(each.value.interface.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_management_vpn_feature_id = sdwan_transport_management_vpn_feature.transport_management_vpn_feature["${each.value.profile.name}-management_vpn"].id + arp_entries = try(length(each.value.interface.arp_entries) == 0, true) ? null : [for arp in each.value.interface.arp_entries : { + ip_address = try(arp.ip_address, null) + ip_address_variable = try("{{${arp.ip_address_variable}}}", null) + mac_address = try(arp.mac_address, null) + mac_address_variable = try("{{${arp.mac_address_variable}}}", null) + }] + arp_timeout = try(each.value.interface.arp_timeout, null) + arp_timeout_variable = try("{{${each.value.interface.arp_timeout_variable}}}", null) + autonegotiate = try(each.value.interface.autonegotiate, null) + autonegotiate_variable = try("{{${each.value.interface.autonegotiate_variable}}}", null) + duplex = try(each.value.interface.duplex, null) + duplex_variable = try("{{${each.value.interface.duplex_variable}}}", null) + enable_dhcpv6 = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv6_configuration_type) == "dynamic" ? true : null + icmp_redirect_disable = try(each.value.interface.icmp_redirect_disable, null) + icmp_redirect_disable_variable = try("{{${each.value.interface.icmp_redirect_disable_variable}}}", null) + interface_description = try(each.value.interface.interface_description, null) + interface_description_variable = try("{{${each.value.interface.interface_description_variable}}}", null) + interface_mtu = try(each.value.interface.interface_mtu, null) + interface_mtu_variable = try("{{${each.value.interface.interface_mtu_variable}}}", null) + interface_name = try(each.value.interface.interface_name, null) + interface_name_variable = try("{{${each.value.interface.interface_name_variable}}}", null) + ip_directed_broadcast = try(each.value.interface.ip_directed_broadcast, null) + ip_directed_broadcast_variable = try("{{${each.value.interface.ip_directed_broadcast_variable}}}", null) + ip_mtu = try(each.value.interface.ip_mtu, null) + ip_mtu_variable = try("{{${each.value.interface.ip_mtu_variable}}}", null) + ipv4_auto_detect_bandwidth = try(each.value.interface.auto_detect_bandwidth, null) + ipv4_auto_detect_bandwidth_variable = try("{{${each.value.interface.auto_detect_bandwidth_variable}}}", null) + ipv4_address = try(each.value.interface.ipv4_address, null) + ipv4_address_variable = try("{{${each.value.interface.ipv4_address_variable}}}", null) + ipv4_configuration_type = try(each.value.interface.ipv4_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv4_configuration_type) + ipv4_dhcp_distance = try(each.value.interface.ipv4_dhcp_distance, null) + ipv4_dhcp_distance_variable = try("{{${each.value.interface.ipv4_dhcp_distance_variable}}}", null) + ipv4_dhcp_helper = try(each.value.interface.ipv4_dhcp_helpers, null) + ipv4_dhcp_helper_variable = try("{{${each.value.interface.ipv4_dhcp_helper_variable}}}", null) + ipv4_iperf_server = try(each.value.interface.iperf_server, null) + ipv4_iperf_server_variable = try("{{${each.value.interface.iperf_server_variable}}}", null) + ipv4_secondary_addresses = try(length(each.value.interface.ipv4_secondary_addresses) == 0, true) ? null : [for a in each.value.interface.ipv4_secondary_addresses : { + address = try(a.address, null) + address_variable = try("{{${a.address_variable}}}", null) + subnet_mask = try(a.subnet_mask, null) + subnet_mask_variable = try("{{${a.subnet_mask_variable}}}", null) + }] + ipv4_subnet_mask = try(each.value.interface.ipv4_subnet_mask, null) + ipv4_subnet_mask_variable = try("{{${each.value.interface.ipv4_subnet_mask_variable}}}", null) + ipv6_address = try(each.value.interface.ipv6_address, null) + ipv6_address_variable = try("{{${each.value.interface.ipv6_address_variable}}}", null) + ipv6_configuration_type = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.management_vpn.ethernet_interfaces.ipv6_configuration_type) + load_interval = try(each.value.interface.load_interval, null) + load_interval_variable = try("{{${each.value.interface.load_interval_variable}}}", null) + mac_address = try(each.value.interface.mac_address, null) + mac_address_variable = try("{{${each.value.interface.mac_address_variable}}}", null) + media_type = try(each.value.interface.media_type, null) + media_type_variable = try("{{${each.value.interface.media_type_variable}}}", null) + shutdown = try(each.value.interface.shutdown, null) + shutdown_variable = try("{{${each.value.interface.shutdown_variable}}}", null) + speed = try(each.value.interface.speed, null) + speed_variable = try("{{${each.value.interface.speed_variable}}}", null) + tcp_mss = try(each.value.interface.tcp_mss, null) + tcp_mss_variable = try("{{${each.value.interface.tcp_mss_variable}}}", null) +} + +resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { + for_each = { + for transport in try(local.feature_profiles.transport_profiles, {}) : + "${transport.name}-wan_vpn" => transport + if try(transport.wan_vpn, null) != null + } + name = try(each.value.wan_vpn.name, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.name) + description = try(each.value.wan_vpn.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.name].id + enhance_ecmp_keying = try(each.value.wan_vpn.enhance_ecmp_keying, null) + enhance_ecmp_keying_variable = try("{{${each.value.wan_vpn.enhance_ecmp_keying_variable}}}", null) + ipv4_static_routes = try(length(each.value.wan_vpn.ipv4_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv4_static_routes : { + administrative_distance = try(route.administrative_distance, null) + administrative_distance_variable = try("{{${route.administrative_distance_variable}}}", null) + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv4_static_routes.gateway) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) + }] + network_address = try(route.network_address, null) + network_address_variable = try("{{${route.network_address_variable}}}", null) + subnet_mask = try(route.subnet_mask, null) + subnet_mask_variable = try("{{${route.subnet_mask_variable}}}", null) + }] + ipv6_static_routes = try(length(each.value.wan_vpn.ipv6_static_routes) == 0, true) ? null : [for route in each.value.wan_vpn.ipv6_static_routes : { + nat = try(route.nat, null) + next_hops = try(length(route.next_hops) == 0, true) ? null : [for nh in route.next_hops : { + address = try(nh.address, null) + address_variable = try("{{${nh.address_variable}}}", null) + administrative_distance = try(nh.administrative_distance, null) + administrative_distance_variable = try("{{${nh.administrative_distance_variable}}}", null) + }] + gateway = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes.gateway) + null0 = try(route.gateway, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ipv6_static_routes.gateway) == "null0" ? true : null + prefix = try(route.prefix, null) + prefix_variable = try("{{${route.prefix_variable}}}", null) + }] + nat_64_v4_pools = try(length(each.value.wan_vpn.nat_64_v4_pools) == 0, true) ? null : [for pool in each.value.wan_vpn.nat_64_v4_pools : { + nat64_v4_pool_name = try(pool.name, null) + nat64_v4_pool_name_variable = try("{{${pool.name_variable}}}", null) + nat64_v4_pool_overload = try(pool.overload, null) + nat64_v4_pool_overload_variable = try("{{${pool.overload_variable}}}", null) + nat64_v4_pool_range_end = try(pool.range_end, null) + nat64_v4_pool_range_end_variable = try("{{${pool.range_end_variable}}}", null) + nat64_v4_pool_range_start = try(pool.range_start, null) + nat64_v4_pool_range_start_variable = try("{{${pool.range_start_variable}}}", null) + }] + new_host_mappings = try(length(each.value.wan_vpn.host_mappings) == 0, true) ? null : [for host in each.value.wan_vpn.host_mappings : { + host_name = try(host.hostname, null) + host_name_variable = try("{{${host.hostname_variable}}}", null) + list_of_ip_addresses = try(host.ips, null) + list_of_ip_addresses_variable = try("{{${host.ips_variable}}}", null) + }] + primary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_primary_dns_address, null) + primary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_primary_dns_address_variable}}}", null) + primary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_primary_dns_address, null) + primary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_primary_dns_address_variable}}}", null) + secondary_dns_address_ipv4 = try(each.value.wan_vpn.ipv4_secondary_dns_address, null) + secondary_dns_address_ipv4_variable = try("{{${each.value.wan_vpn.ipv4_secondary_dns_address_variable}}}", null) + secondary_dns_address_ipv6 = try(each.value.wan_vpn.ipv6_secondary_dns_address, null) + secondary_dns_address_ipv6_variable = try("{{${each.value.wan_vpn.ipv6_secondary_dns_address_variable}}}", null) + services = try(length(each.value.wan_vpn.services) == 0, true) ? null : [for service in each.value.wan_vpn.services : { + service_type = service + }] + vpn = 0 +} From 33805cb717d88aa50aa37a9337b9d5932685d410 Mon Sep 17 00:00:00 2001 From: netascode-gen Date: Thu, 12 Dec 2024 12:48:59 +0000 Subject: [PATCH 5/9] Nac sdwan updates --- defaults/sdwan.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/defaults/sdwan.yaml b/defaults/sdwan.yaml index 4c711d7..7adac39 100644 --- a/defaults/sdwan.yaml +++ b/defaults/sdwan.yaml @@ -325,6 +325,8 @@ defaults: other_profiles: thousandeyes: name: thousandeyes + ucse: + name: ucse system_profiles: aaa: name: aaa From 0c06c185cbb9db0a8afaed4f1bb134a5303b14fd Mon Sep 17 00:00:00 2001 From: netascode-gen Date: Tue, 17 Dec 2024 10:51:04 +0000 Subject: [PATCH 6/9] Nac sdwan updates --- defaults/sdwan.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/defaults/sdwan.yaml b/defaults/sdwan.yaml index 7adac39..23bd2f8 100644 --- a/defaults/sdwan.yaml +++ b/defaults/sdwan.yaml @@ -3,7 +3,19 @@ defaults: sdwan: centralized_policies: definitions: + control_policy: + custom_control_topology: + sequences: + ip_type: ipv4 data_policy: + application_aware_routing: + sequences: + ip_type: ipv4 + type: app_route + traffic_data: + sequences: + ip_type: ipv4 + type: custom cflowd: protocol: ipv4 tos: false From 35a31ce143564731b9937abded1ae38111efd462 Mon Sep 17 00:00:00 2001 From: tzarski0 <92273798+tzarski0@users.noreply.github.com> Date: Tue, 17 Dec 2024 14:59:41 +0100 Subject: [PATCH 7/9] change sdwan_system_performance_monitoring_feature resources name pattern (#77) --- CHANGELOG.md | 1 + sdwan_features_system.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65630b0..70f7830 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ - add support for sdwan_transport_management_vpn_feature - add support for sdwan_transport_management_vpn_interface_ethernet_feature - separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" +- rename sdwan_system_performance_monitoring_feature resources from "...-performance_monitor" to "...-perfmonitor" ## 0.1.0 diff --git a/sdwan_features_system.tf b/sdwan_features_system.tf index ed6f2cf..d0735cd 100644 --- a/sdwan_features_system.tf +++ b/sdwan_features_system.tf @@ -459,7 +459,7 @@ resource "sdwan_system_omp_feature" "system_omp_feature" { resource "sdwan_system_performance_monitoring_feature" "system_performance_monitoring_feature" { for_each = { for sys in try(local.feature_profiles.system_profiles, {}) : - "${sys.name}-performance_monitoring" => sys + "${sys.name}-perfmonitor" => sys if try(sys.performance_monitoring, null) != null } name = try(each.value.performance_monitoring.name, local.defaults.sdwan.feature_profiles.system_profiles.performance_monitoring.name) From 56bbf35c3507196cebb7b998ae2c87f6b8f005bb Mon Sep 17 00:00:00 2001 From: tzarski0 <92273798+tzarski0@users.noreply.github.com> Date: Tue, 7 Jan 2025 13:54:08 +0100 Subject: [PATCH 8/9] Add support for sdwan_transport_wan_vpn_ethernet_interface (#78) * add support for transport_wan_vpn_ethernet_interface --- CHANGELOG.md | 9 +- README.md | 5 + defaults/sdwan.yaml | 5 + sdwan_features_transport.tf | 343 ++++++++++++++++++++++++++++++++++++ 4 files changed, 360 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 70f7830..b7758ce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,10 +22,15 @@ - in sdwan_cflowd_policy_definition, fix export_spreading to be optional - add gateway parameter to ipv6_static_routes of sdwan_transport_wan_vpn_feature - add support for sdwan_other_ucse_feature resource -- add support for sdwan_transport_management_vpn_feature -- add support for sdwan_transport_management_vpn_interface_ethernet_feature +- add support for sdwan_transport_management_vpn_feature resource +- add support for sdwan_transport_management_vpn_interface_ethernet_feature resource - separate "sdwan_profile_parcels.tf" into "sdwan_features_cli.tf", "sdwan_features_other.tf", "sdwan_features_service.tf", "sdwan_features_system.tf" and "sdwan_features_transport.tf" - rename sdwan_system_performance_monitoring_feature resources from "...-performance_monitor" to "...-perfmonitor" +- add support for sdwan_transport_wan_vpn_ethernet_interface resource +- add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature resource +- add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature resource +- add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature resource +- add support for sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature resource ## 0.1.0 diff --git a/README.md b/README.md index 828f164..473acd0 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,11 @@ module "sdwan" { | [sdwan_transport_tracker_feature.transport_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_feature) | resource | | [sdwan_transport_tracker_group_feature.transport_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_tracker_group_feature) | resource | | [sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_feature) | resource | +| [sdwan_transport_wan_vpn_interface_ethernet_feature.transport_wan_vpn_interface_ethernet_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_interface_ethernet_feature) | resource | +| [sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature.transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature) | resource | +| [sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature.transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature) | resource | +| [sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature.transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature) | resource | +| [sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature.transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature) | resource | | [sdwan_vpn_interface_svi_feature_template.vpn_interface_svi_feature_template](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/vpn_interface_svi_feature_template) | resource | | [sdwan_vpn_list_policy_object.vpn_list_policy_object](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/vpn_list_policy_object) | resource | | [sdwan_vpn_membership_policy_definition.vpn_membership_policy_definition](https://registry.terraform.io/providers/CiscoDevNet/sdwan/latest/docs/resources/vpn_membership_policy_definition) | resource | diff --git a/defaults/sdwan.yaml b/defaults/sdwan.yaml index 23bd2f8..591da22 100644 --- a/defaults/sdwan.yaml +++ b/defaults/sdwan.yaml @@ -380,6 +380,11 @@ defaults: gateway: nextHop wan_vpn: name: wan_vpn + ethernet_interfaces: + ipv4_configuration_type: static + ipv6_configuration_type: none + tunnel_interface: + ipsec_encapsulation: true ipv4_static_routes: gateway: nextHop ipv6_static_routes: diff --git a/sdwan_features_transport.tf b/sdwan_features_transport.tf index 5e7075b..ffe534b 100644 --- a/sdwan_features_transport.tf +++ b/sdwan_features_transport.tf @@ -318,3 +318,346 @@ resource "sdwan_transport_wan_vpn_feature" "transport_wan_vpn_feature" { }] vpn = 0 } + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "transport_wan_vpn_interface_ethernet_feature" { + for_each = { + for interface_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, {}) : [ + for wan_vpn in try([profile.wan_vpn], []) : [ + for interface in try(wan_vpn.ethernet_interfaces, []) : { + profile = profile + wan_vpn = wan_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-wan_vpn-${interface_item.interface.name}" => interface_item + } + name = each.value.interface.name + description = try(each.value.interface.description, null) + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature["${each.value.profile.name}-wan_vpn"].id + acl_ipv4_egress_feature_id = null # to be added when ACL is supported + acl_ipv4_ingress_feature_id = null # to be added when ACL is supported + acl_ipv6_egress_feature_id = null # to be added when ACL is supported + acl_ipv6_ingress_feature_id = null # to be added when ACL is supported + arp_timeout = try(each.value.interface.arp_timeout, null) + arp_timeout_variable = try("{{${each.value.interface.arp_timeout_variable}}}", null) + arps = try(length(each.value.interface.arp_entries) == 0, true) ? null : [for arp in each.value.interface.arp_entries : { + ip_address = try(arp.ip_address, null) + ip_address_variable = try("{{${arp.ip_address_variable}}}", null) + mac_address = try(arp.mac_address, null) + mac_address_variable = try("{{${arp.mac_address_variable}}}", null) + }] + auto_detect_bandwidth = try(each.value.interface.auto_detect_bandwidth, null) + auto_detect_bandwidth_variable = try("{{${each.value.interface.auto_detect_bandwidth_variable}}}", null) + autonegotiate = try(each.value.interface.autonegotiate, null) + autonegotiate_variable = try("{{${each.value.interface.autonegotiate_variable}}}", null) + bandwidth_downstream = try(each.value.interface.bandwidth_downstream, null) + bandwidth_downstream_variable = try("{{${each.value.interface.bandwidth_downstream_variable}}}", null) + bandwidth_upstream = try(each.value.interface.bandwidth_upstream, null) + bandwidth_upstream_variable = try("{{${each.value.interface.bandwidth_upstream_variable}}}", null) + block_non_source_ip = try(each.value.interface.block_non_source_ip, null) + block_non_source_ip_variable = try("{{${each.value.interface.block_non_source_ip_variable}}}", null) + duplex = try(each.value.interface.duplex, null) + duplex_variable = try("{{${each.value.interface.duplex_variable}}}", null) + enable_dhcpv6 = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ethernet_interfaces.ipv6_configuration_type) == "dynamic" ? true : null + gre_tunnel_source_ip = try(each.value.interface.gre_tloc_extension_source_ip, null) + gre_tunnel_source_ip_variable = try("{{${each.value.interface.gre_tloc_extension_source_ip_variable}}}", null) + icmp_redirect_disable = try(each.value.interface.icmp_redirect_disable, null) + icmp_redirect_disable_variable = try("{{${each.value.interface.icmp_redirect_disable_variable}}}", null) + interface_description = try(each.value.interface.interface_description, null) + interface_description_variable = try("{{${each.value.interface.interface_description_variable}}}", null) + interface_mtu = try(each.value.interface.interface_mtu, null) + interface_mtu_variable = try("{{${each.value.interface.interface_mtu_variable}}}", null) + interface_name = try(each.value.interface.interface_name, null) + interface_name_variable = try("{{${each.value.interface.interface_name_variable}}}", null) + ip_directed_broadcast = try(each.value.interface.ip_directed_broadcast, null) + ip_directed_broadcast_variable = try("{{${each.value.interface.ip_directed_broadcast_variable}}}", null) + ip_mtu = try(each.value.interface.ip_mtu, null) + ip_mtu_variable = try("{{${each.value.interface.ip_mtu_variable}}}", null) + iperf_server = try(each.value.interface.iperf_server, null) + iperf_server_variable = try("{{${each.value.interface.iperf_server_variable}}}", null) + ipv4_address = try(each.value.interface.ipv4_address, null) + ipv4_address_variable = try("{{${each.value.interface.ipv4_address_variable}}}", null) + ipv4_configuration_type = try(each.value.interface.ipv4_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ethernet_interfaces.ipv4_configuration_type) + ipv4_dhcp_distance = try(each.value.interface.ipv4_dhcp_distance, null) + ipv4_dhcp_distance_variable = try("{{${each.value.interface.ipv4_dhcp_distance_variable}}}", null) + ipv4_dhcp_helper = try(each.value.interface.ipv4_dhcp_helpers, null) + ipv4_dhcp_helper_variable = try("{{${each.value.interface.ipv4_dhcp_helper_variable}}}", null) + ipv4_secondary_addresses = try(length(each.value.interface.ipv4_secondary_addresses) == 0, true) ? null : [for a in each.value.interface.ipv4_secondary_addresses : { + address = try(a.address, null) + address_variable = try("{{${a.address_variable}}}", null) + subnet_mask = try(a.subnet_mask, null) + subnet_mask_variable = try("{{${a.subnet_mask_variable}}}", null) + }] + ipv4_subnet_mask = try(each.value.interface.ipv4_subnet_mask, null) + ipv4_subnet_mask_variable = try("{{${each.value.interface.ipv4_subnet_mask_variable}}}", null) + ipv6_address = try(each.value.interface.ipv6_address, null) + ipv6_address_variable = try("{{${each.value.interface.ipv6_address_variable}}}", null) + ipv6_configuration_type = try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ethernet_interfaces.ipv6_configuration_type) + ipv6_dhcp_secondary_address = try(try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ethernet_interfaces.ipv6_configuration_type) == "dynamic" && length(each.value.interface.ipv6_secondary_addresses) > 0, false) ? [for a in each.value.interface.ipv6_secondary_addresses : { + address = try(a.address, null) + address_variable = try("{{${a.address_variable}}}", null) + }] : null + ipv6_secondary_addresses = try(try(each.value.interface.ipv6_configuration_type, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ethernet_interfaces.ipv6_configuration_type) == "static" && length(each.value.interface.ipv6_secondary_addresses) > 0, false) ? [for a in each.value.interface.ipv6_secondary_addresses : { + address = try(a.address, null) + address_variable = try("{{${a.address_variable}}}", null) + }] : null + load_interval = try(each.value.interface.load_interval, null) + load_interval_variable = try("{{${each.value.interface.load_interval_variable}}}", null) + mac_address = try(each.value.interface.mac_address, null) + mac_address_variable = try("{{${each.value.interface.mac_address_variable}}}", null) + media_type = try(each.value.interface.media_type, null) + media_type_variable = try("{{${each.value.interface.media_type_variable}}}", null) + nat64 = try(each.value.interface.ipv6_nat_type == "nat64", null) + nat66 = try(each.value.interface.ipv6_nat_type == "nat66", null) + nat_ipv4 = try(each.value.interface.ipv4_nat, null) + nat_ipv4_variable = try("{{${each.value.interface.ipv4_nat_variable}}}", null) + nat_ipv6 = try(each.value.interface.ipv6_nat, null) + nat_ipv6_variable = try("{{${each.value.interface.ipv6_nat_variable}}}", null) + nat_loopback = try(each.value.interface.ipv4_nat_loopback_interface, null) + nat_loopback_variable = try("{{${each.value.interface.ipv4_nat_loopback_interface_variable}}}", null) + nat_overload = try(each.value.interface.ipv4_nat_pool_overload, null) + nat_overload_variable = try("{{${each.value.interface.ipv4_nat_pool_overload_variable}}}", null) + nat_prefix_length = try(each.value.interface.ipv4_nat_pool_prefix_length, null) + nat_prefix_length_variable = try("{{${each.value.interface.ipv4_nat_pool_prefix_length_variable}}}", null) + nat_range_end = try(each.value.interface.ipv4_nat_pool_range_end, null) + nat_range_end_variable = try("{{${each.value.interface.ipv4_nat_pool_range_end_variable}}}", null) + nat_range_start = try(each.value.interface.ipv4_nat_pool_range_start, null) + nat_range_start_variable = try("{{${each.value.interface.ipv4_nat_pool_range_start_variable}}}", null) + nat_tcp_timeout = try(each.value.interface.ipv4_nat_tcp_timeout, null) + nat_tcp_timeout_variable = try("{{${each.value.interface.ipv4_nat_tcp_timeout_variable}}}", null) + nat_udp_timeout = try(each.value.interface.ipv4_nat_udp_timeout, null) + nat_udp_timeout_variable = try("{{${each.value.interface.ipv4_nat_udp_timeout_variable}}}", null) + nat_type = try(each.value.interface.ipv4_nat_type, null) + nat_type_variable = try("{{${each.value.interface.ipv4_nat_type_variable}}}", null) + new_static_nats = try(length(each.value.interface.ipv4_nat_static_entries) == 0, true) ? null : [for nat in each.value.interface.ipv4_nat_static_entries : { + direction = try(nat.direction, null) + source_ip = try(nat.source_ip, null) + source_ip_variable = try("{{${nat.source_ip_variable}}}", null) + source_vpn = try(nat.source_vpn_id, null) + source_vpn_variable = try("{{${nat.source_vpn_id_variable}}}", null) + translated_ip = try(nat.translate_ip, null) + translated_ip_variable = try("{{${nat.translate_ip_variable}}}", null) + }] + per_tunnel_qos = try(each.value.interface.tunnel_interface.per_tunnel_qos, null) + per_tunnel_qos_variable = try("{{${each.value.interface.tunnel_interface.per_tunnel_qos_variable}}}", null) + qos_adaptive = try(each.value.interface.adaptive_qos, false) + qos_adaptive_bandwidth_downstream = try(each.value.interface.adaptive_qos_shaping_rate_downstream != null, null) + qos_adaptive_bandwidth_upstream = try(each.value.interface.adaptive_qos_shaping_rate_upstream != null, null) + qos_adaptive_default_downstream = try(each.value.interface.adaptive_qos_shaping_rate_downstream.default, null) + qos_adaptive_default_downstream_variable = try("{{${each.value.interface.adaptive_qos_shaping_rate_downstream.default_variable}}}", null) + qos_adaptive_default_upstream = try(each.value.interface.adaptive_qos_shaping_rate_upstream.default, null) + qos_adaptive_default_upstream_variable = try("{{${each.value.interface.adaptive_qos_shaping_rate_upstream.default_variable}}}", null) + qos_adaptive_max_downstream = try(each.value.interface.adaptive_qos_shaping_rate_downstream.maximum, null) + qos_adaptive_max_downstream_variable = try("{{${each.value.interface.adaptive_qos_shaping_rate_downstream.maximum_variable}}}", null) + qos_adaptive_max_upstream = try(each.value.interface.adaptive_qos_shaping_rate_upstream.maximum, null) + qos_adaptive_max_upstream_variable = try("{{${each.value.interface.adaptive_qos_shaping_rate_upstream.maximum_variable}}}", null) + qos_adaptive_min_downstream = try(each.value.interface.adaptive_qos_shaping_rate_downstream.minimum, null) + qos_adaptive_min_downstream_variable = try("{{${each.value.interface.adaptive_qos_shaping_rate_downstream.minimum_variable}}}", null) + qos_adaptive_min_upstream = try(each.value.interface.adaptive_qos_shaping_rate_upstream.minimum, null) + qos_adaptive_min_upstream_variable = try("{{${each.value.interface.adaptive_qos_shaping_rate_upstream.minimum_variable}}}", null) + qos_adaptive_period = try(each.value.interface.adaptive_qos_period, null) + qos_adaptive_period_variable = try("{{${each.value.interface.adaptive_qos_period_variable}}}", null) + qos_shaping_rate = try(each.value.interface.shaping_rate, null) + qos_shaping_rate_variable = try("{{${each.value.interface.shaping_rate_variable}}}", null) + service_provider = try(each.value.interface.service_provider, null) + service_provider_variable = try("{{${each.value.interface.service_provider_variable}}}", null) + shutdown = try(each.value.interface.shutdown, null) + shutdown_variable = try("{{${each.value.interface.shutdown_variable}}}", null) + speed = try(each.value.interface.speed, null) + speed_variable = try("{{${each.value.interface.speed_variable}}}", null) + static_nat66 = try(length(each.value.interface.ipv6_nat66_static_entries) == 0, true) ? null : [for nat in each.value.interface.ipv6_nat66_static_entries : { + source_prefix = try(nat.source_prefix, null) + source_prefix_variable = try("{{${nat.source_prefix_variable}}}", null) + source_vpn_id = try(nat.source_vpn_id, null) + source_vpn_id_variable = try("{{${nat.source_vpn_id_variable}}}", null) + translated_source_prefix = try(nat.translate_prefix, null) + translated_source_prefix_variable = try("{{${nat.translate_prefix_variable}}}", null) + }] + tcp_mss = try(each.value.interface.tcp_mss, null) + tcp_mss_variable = try("{{${each.value.interface.tcp_mss_variable}}}", null) + tloc_extension = try(each.value.interface.tloc_extension, null) + tloc_extension_variable = try("{{${each.value.interface.tloc_extension_variable}}}", null) + tunnel_bandwidth_percent = try(each.value.interface.tunnel_interface.per_tunnel_qos_bandwidth_percent, null) + tunnel_bandwidth_percent_variable = try("{{${each.value.interface.tunnel_interface.per_tunnel_qos_bandwidth_percent_variable}}}", null) + tunnel_interface = try(each.value.interface.tunnel_interface != null, null) + tunnel_interface_encapsulations = try(each.value.interface.tunnel_interface == null, true) ? null : flatten([ + try(each.value.interface.tunnel_interface.ipsec_encapsulation, local.defaults.sdwan.feature_profiles.transport_profiles.wan_vpn.ethernet_interfaces.tunnel_interface.ipsec_encapsulation) ? [{ + encapsulation = "ipsec" + preference = try(each.value.interface.tunnel_interface.ipsec_preference, null) + preference_variable = try("{{${each.value.interface.tunnel_interface.ipsec_preference_variable}}}", null) + weight = try(each.value.interface.tunnel_interface.ipsec_weight, null) + weight_variable = try("{{${each.value.interface.tunnel_interface.ipsec_weight_variable}}}", null) + }] : [], + try(each.value.interface.tunnel_interface.gre_encapsulation, false) ? [{ + encapsulation = "gre" + preference = try(each.value.interface.tunnel_interface.gre_preference, null) + preference_variable = try("{{${each.value.interface.tunnel_interface.gre_preference_variable}}}", null) + weight = try(each.value.interface.tunnel_interface.gre_weight, null) + weight_variable = try("{{${each.value.interface.tunnel_interface.gre_weight_variable}}}", null) + }] : [] + ]) + tunnel_interface_allow_all = try(each.value.interface.tunnel_interface.allow_service_all, null) + tunnel_interface_allow_all_variable = try("{{${each.value.interface.tunnel_interface.allow_service_all_variable}}}", null) + tunnel_interface_allow_bfd = try(each.value.interface.tunnel_interface.allow_service_bfd, null) + tunnel_interface_allow_bfd_variable = try("{{${each.value.interface.tunnel_interface.allow_service_bfd_variable}}}", null) + tunnel_interface_allow_bgp = try(each.value.interface.tunnel_interface.allow_service_bgp, null) + tunnel_interface_allow_bgp_variable = try("{{${each.value.interface.tunnel_interface.allow_service_bgp_variable}}}", null) + tunnel_interface_allow_dhcp = try(each.value.interface.tunnel_interface.allow_service_dhcp, null) + tunnel_interface_allow_dhcp_variable = try("{{${each.value.interface.tunnel_interface.allow_service_dhcp_variable}}}", null) + tunnel_interface_allow_dns = try(each.value.interface.tunnel_interface.allow_service_dns, null) + tunnel_interface_allow_dns_variable = try("{{${each.value.interface.tunnel_interface.allow_service_dns_variable}}}", null) + tunnel_interface_allow_https = try(each.value.interface.tunnel_interface.allow_service_https, null) + tunnel_interface_allow_https_variable = try("{{${each.value.interface.tunnel_interface.allow_service_https_variable}}}", null) + tunnel_interface_allow_icmp = try(each.value.interface.tunnel_interface.allow_service_icmp, null) + tunnel_interface_allow_icmp_variable = try("{{${each.value.interface.tunnel_interface.allow_service_icmp_variable}}}", null) + tunnel_interface_allow_netconf = try(each.value.interface.tunnel_interface.allow_service_netconf, null) + tunnel_interface_allow_netconf_variable = try("{{${each.value.interface.tunnel_interface.allow_service_netconf_variable}}}", null) + tunnel_interface_allow_ntp = try(each.value.interface.tunnel_interface.allow_service_ntp, null) + tunnel_interface_allow_ntp_variable = try("{{${each.value.interface.tunnel_interface.allow_service_ntp_variable}}}", null) + tunnel_interface_allow_ospf = try(each.value.interface.tunnel_interface.allow_service_ospf, null) + tunnel_interface_allow_ospf_variable = try("{{${each.value.interface.tunnel_interface.allow_service_ospf_variable}}}", null) + tunnel_interface_allow_snmp = try(each.value.interface.tunnel_interface.allow_service_snmp, null) + tunnel_interface_allow_snmp_variable = try("{{${each.value.interface.tunnel_interface.allow_service_snmp_variable}}}", null) + tunnel_interface_allow_ssh = try(each.value.interface.tunnel_interface.allow_service_ssh, null) + tunnel_interface_allow_ssh_variable = try("{{${each.value.interface.tunnel_interface.allow_service_ssh_variable}}}", null) + tunnel_interface_allow_stun = try(each.value.interface.tunnel_interface.allow_service_stun, null) + tunnel_interface_allow_stun_variable = try("{{${each.value.interface.tunnel_interface.allow_service_stun_variable}}}", null) + tunnel_interface_bind_loopback_tunnel = try(each.value.interface.tunnel_interface.bind_loopback_tunnel, null) + tunnel_interface_bind_loopback_tunnel_variable = try("{{${each.value.interface.tunnel_interface.bind_loopback_tunnel_variable}}}", null) + tunnel_interface_border = try(each.value.interface.tunnel_interface.border, null) + tunnel_interface_border_variable = try("{{${each.value.interface.tunnel_interface.border_variable}}}", null) + tunnel_interface_carrier = try(each.value.interface.tunnel_interface.carrier, null) + tunnel_interface_carrier_variable = try("{{${each.value.interface.tunnel_interface.carrier_variable}}}", null) + tunnel_interface_clear_dont_fragment = try(each.value.interface.tunnel_interface.clear_dont_fragment, null) + tunnel_interface_clear_dont_fragment_variable = try("{{${each.value.interface.tunnel_interface.clear_dont_fragment_variable}}}", null) + tunnel_interface_color = try(each.value.interface.tunnel_interface.color, null) + tunnel_interface_color_restrict = try(each.value.interface.tunnel_interface.restrict, null) + tunnel_interface_color_restrict_variable = try("{{${each.value.interface.tunnel_interface.restrict_variable}}}", null) + tunnel_interface_color_variable = try("{{${each.value.interface.tunnel_interface.color_variable}}}", null) + tunnel_interface_cts_sgt_propagation = try(each.value.interface.tunnel_interface.cts_sgt_propagation, null) + tunnel_interface_cts_sgt_propagation_variable = try("{{${each.value.interface.tunnel_interface.cts_sgt_propagation_variable}}}", null) + tunnel_interface_exclude_controller_group_list = try(each.value.interface.tunnel_interface.exclude_controller_groups, null) + tunnel_interface_exclude_controller_group_list_variable = try("{{${each.value.interface.tunnel_interface.exclude_controller_groups_variable}}}", null) + tunnel_interface_gre_tunnel_destination_ip = try(each.value.interface.tunnel_interface.gre_tunnel_destination_ip, null) + tunnel_interface_gre_tunnel_destination_ip_variable = try("{{${each.value.interface.tunnel_interface.gre_tunnel_destination_ip_variable}}}", null) + tunnel_interface_groups = try(each.value.interface.tunnel_interface.group, null) + tunnel_interface_groups_variable = try("{{${each.value.interface.tunnel_interface.group_variable}}}", null) + tunnel_interface_hello_interval = try(each.value.interface.tunnel_interface.hello_interval, null) + tunnel_interface_hello_interval_variable = try("{{${each.value.interface.tunnel_interface.hello_interval_variable}}}", null) + tunnel_interface_hello_tolerance = try(each.value.interface.tunnel_interface.hello_tolerance, null) + tunnel_interface_hello_tolerance_variable = try("{{${each.value.interface.tunnel_interface.hello_tolerance_variable}}}", null) + tunnel_interface_last_resort_circuit = try(each.value.interface.tunnel_interface.last_resort_circuit, null) + tunnel_interface_last_resort_circuit_variable = try("{{${each.value.interface.tunnel_interface.last_resort_circuit_variable}}}", null) + tunnel_interface_low_bandwidth_link = try(each.value.interface.tunnel_interface.low_bandwidth_link, null) + tunnel_interface_low_bandwidth_link_variable = try("{{${each.value.interface.tunnel_interface.low_bandwidth_link_variable}}}", null) + tunnel_interface_max_control_connections = try(each.value.interface.tunnel_interface.max_control_connections, null) + tunnel_interface_max_control_connections_variable = try("{{${each.value.interface.tunnel_interface.max_control_connections_variable}}}", null) + tunnel_interface_nat_refresh_interval = try(each.value.interface.tunnel_interface.nat_refresh_interval, null) + tunnel_interface_nat_refresh_interval_variable = try("{{${each.value.interface.tunnel_interface.nat_refresh_interval_variable}}}", null) + tunnel_interface_network_broadcast = try(each.value.interface.tunnel_interface.network_broadcast, null) + tunnel_interface_network_broadcast_variable = try("{{${each.value.interface.tunnel_interface.network_broadcast_variable}}}", null) + tunnel_interface_port_hop = try(each.value.interface.tunnel_interface.port_hop, null) + tunnel_interface_port_hop_variable = try("{{${each.value.interface.tunnel_interface.port_hop_variable}}}", null) + tunnel_interface_tunnel_tcp_mss = try(each.value.interface.tunnel_interface.tcp_mss, null) + tunnel_interface_tunnel_tcp_mss_variable = try("{{${each.value.interface.tunnel_interface.tcp_mss_variable}}}", null) + tunnel_interface_vbond_as_stun_server = try(each.value.interface.tunnel_interface.vbond_as_stun_server, null) + tunnel_interface_vbond_as_stun_server_variable = try("{{${each.value.interface.tunnel_interface.vbond_as_stun_server_variable}}}", null) + tunnel_interface_vmanage_connection_preference = try(each.value.interface.tunnel_interface.vmanage_connection_preference, null) + tunnel_interface_vmanage_connection_preference_variable = try("{{${each.value.interface.tunnel_interface.vmanage_connection_preference_variable}}}", null) + tunnel_qos_mode = try(each.value.interface.tunnel_interface.per_tunnel_qos_mode, null) + tunnel_qos_mode_variable = try("{{${each.value.interface.tunnel_interface.per_tunnel_qos_mode_variable}}}", null) + xconnect = try(each.value.interface.gre_tloc_extension_xconnect, null) + xconnect_variable = try("{{${each.value.interface.gre_tloc_extension_xconnect_variable}}}", null) +} + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature" "transport_wan_vpn_interface_ethernet_feature_associate_tracker_feature" { + for_each = { + for interface_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, {}) : [ + for wan_vpn in try([profile.wan_vpn], []) : [ + for interface in try(wan_vpn.ethernet_interfaces, []) : { + profile = profile + wan_vpn = wan_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-wan_vpn-${interface_item.interface.name}-associate_tracker" => interface_item + if try(interface_item.interface.ipv4_tracker, null) != null + } + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature["${each.value.profile.name}-wan_vpn"].id + transport_wan_vpn_interface_ethernet_feature_id = sdwan_transport_wan_vpn_interface_ethernet_feature.transport_wan_vpn_interface_ethernet_feature["${each.value.profile.name}-wan_vpn-${each.value.interface.name}"].id + transport_tracker_feature_id = sdwan_transport_tracker_feature.transport_tracker_feature["${each.value.profile.name}-${each.value.interface.ipv4_tracker}"].id +} + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature" "transport_wan_vpn_interface_ethernet_feature_associate_tracker_group_feature" { + for_each = { + for interface_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, {}) : [ + for wan_vpn in try([profile.wan_vpn], []) : [ + for interface in try(wan_vpn.ethernet_interfaces, []) : { + profile = profile + wan_vpn = wan_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-wan_vpn-${interface_item.interface.name}-associate_tracker_group" => interface_item + if try(interface_item.interface.ipv4_tracker_group, null) != null + } + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature["${each.value.profile.name}-wan_vpn"].id + transport_wan_vpn_interface_ethernet_feature_id = sdwan_transport_wan_vpn_interface_ethernet_feature.transport_wan_vpn_interface_ethernet_feature["${each.value.profile.name}-wan_vpn-${each.value.interface.name}"].id + transport_tracker_group_feature_id = sdwan_transport_tracker_group_feature.transport_tracker_group_feature["${each.value.profile.name}-${each.value.interface.ipv4_tracker_group}"].id +} + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature" "transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_feature" { + for_each = { + for interface_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, {}) : [ + for wan_vpn in try([profile.wan_vpn], []) : [ + for interface in try(wan_vpn.ethernet_interfaces, []) : { + profile = profile + wan_vpn = wan_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-wan_vpn-${interface_item.interface.name}-associate_ipv6_tracker" => interface_item + if try(interface_item.interface.ipv6_tracker, null) != null + } + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature["${each.value.profile.name}-wan_vpn"].id + transport_wan_vpn_interface_ethernet_feature_id = sdwan_transport_wan_vpn_interface_ethernet_feature.transport_wan_vpn_interface_ethernet_feature["${each.value.profile.name}-wan_vpn-${each.value.interface.name}"].id + transport_ipv6_tracker_feature_id = sdwan_transport_ipv6_tracker_feature.transport_ipv6_tracker_feature["${each.value.profile.name}-${each.value.interface.ipv6_tracker}"].id +} + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature" "transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group_feature" { + for_each = { + for interface_item in flatten([ + for profile in try(local.feature_profiles.transport_profiles, {}) : [ + for wan_vpn in try([profile.wan_vpn], []) : [ + for interface in try(wan_vpn.ethernet_interfaces, []) : { + profile = profile + wan_vpn = wan_vpn + interface = interface + } + ] + ] + ]) + : "${interface_item.profile.name}-wan_vpn-${interface_item.interface.name}-associate_ipv6_tracker_group" => interface_item + if try(interface_item.interface.ipv6_tracker_group, null) != null + } + feature_profile_id = sdwan_transport_feature_profile.transport_feature_profile[each.value.profile.name].id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.transport_wan_vpn_feature["${each.value.profile.name}-wan_vpn"].id + transport_wan_vpn_interface_ethernet_feature_id = sdwan_transport_wan_vpn_interface_ethernet_feature.transport_wan_vpn_interface_ethernet_feature["${each.value.profile.name}-wan_vpn-${each.value.interface.name}"].id + transport_ipv6_tracker_group_feature_id = sdwan_transport_ipv6_tracker_group_feature.transport_ipv6_tracker_group_feature["${each.value.profile.name}-${each.value.interface.ipv6_tracker_group}"].id +} From 696d60d6c4cf979f307bfec2fe5a0fe8e57ce4e2 Mon Sep 17 00:00:00 2001 From: rrahimm <39684933+rrahimm@users.noreply.github.com> Date: Mon, 13 Jan 2025 01:01:12 +0530 Subject: [PATCH 9/9] Update path_mtu_discovery (#79) --- sdwan_features_system.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdwan_features_system.tf b/sdwan_features_system.tf index d0735cd..665b560 100644 --- a/sdwan_features_system.tf +++ b/sdwan_features_system.tf @@ -194,8 +194,8 @@ resource "sdwan_system_bfd_feature" "system_bfd_feature" { hello_interval_variable = try("{{${c.hello_interval_variable}}}", null) multiplier = try(c.multiplier, null) multiplier_variable = try("{{${c.multiplier_variable}}}", null) - pmtu_discovery = try(c.pmtu_discovery, null) - pmtu_discovery_variable = try("{{${c.pmtu_discovery_variable}}}", null) + pmtu_discovery = try(c.path_mtu_discovery, null) + pmtu_discovery_variable = try("{{${c.path_mtu_discovery_variable}}}", null) }] default_dscp = try(each.value.bfd.default_dscp, null) default_dscp_variable = try("{{${each.value.bfd.dscp_variable}}}", null)