diff --git a/sdwan_localized_policies.tf b/sdwan_localized_policies.tf index 1a7a5d6..077c4d2 100644 --- a/sdwan_localized_policies.tf +++ b/sdwan_localized_policies.tf @@ -48,57 +48,57 @@ resource "sdwan_ipv4_acl_policy_definition" "ipv4_acl_policy_definition" { can(s.match_criterias.source_ip_prefix) || can(s.match_criterias.source_ports) || can(s.match_criterias.tcp)) ? null : flatten([ - try(s.match_criterias.class, null) == null ? [] : [{ - type = "class" - class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].id - class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].version - }], - try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ - type = "destinationDataPrefixList" - destination_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id - destination_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version - }], - try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ - type = "destinationIp" - destination_ip = s.match_criterias.destination_ip_prefix - }], - try(s.match_criterias.destination_ports, null) == null && try(s.match_criterias.destination_port_ranges, null) == null ? [] : [{ - type = "destinationPort" - destination_ports = join(" ", concat([for p in try(s.match_criterias.destination_ports, []) : p], [for r in try(s.match_criterias.destination_port_ranges, []) : "${r.from}-${r.to}"])) - }], - try(s.match_criterias.dscp, null) == null ? [] : [{ - type = "dscp" - dscp = s.match_criterias.dscp - }], - try(s.match_criterias.packet_length, null) == null ? [] : [{ - type = "packetLength" - packet_length = s.match_criterias.packet_length - }], - try(s.match_criterias.priority, null) == null ? [] : [{ - type = "plp" - priority = s.match_criterias.priority - }], - try(s.match_criterias.protocols, null) == null ? [] : [{ - type = "protocol" - protocol = join(" ", [for p in s.match_criterias.protocols : p]) - }], - try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ - type = "sourceDataPrefixList" - source_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id - source_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version - }], - try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ - type = "sourceIp" - source_ip = s.match_criterias.source_ip_prefix - }], - try(s.match_criterias.source_ports, null) == null && try(s.match_criterias.source_port_ranges, null) == null ? [] : [{ - type = "sourcePort" - source_ports = join(" ", concat([for p in try(s.match_criterias.source_ports, []) : p], [for r in try(s.match_criterias.source_port_ranges, []) : "${r.from}-${r.to}"])) - }], - try(s.match_criterias.tcp, null) == null ? [] : [{ - type = "tcp" - tcp = s.match_criterias.tcp - }] + try(s.match_criterias.class, null) == null ? [] : [{ + type = "class" + class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].id + class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].version + }], + try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ + type = "destinationDataPrefixList" + destination_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id + destination_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version + }], + try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ + type = "destinationIp" + destination_ip = s.match_criterias.destination_ip_prefix + }], + try(s.match_criterias.destination_ports, null) == null && try(s.match_criterias.destination_port_ranges, null) == null ? [] : [{ + type = "destinationPort" + destination_ports = join(" ", concat([for p in try(s.match_criterias.destination_ports, []) : p], [for r in try(s.match_criterias.destination_port_ranges, []) : "${r.from}-${r.to}"])) + }], + try(s.match_criterias.dscp, null) == null ? [] : [{ + type = "dscp" + dscp = s.match_criterias.dscp + }], + try(s.match_criterias.packet_length, null) == null ? [] : [{ + type = "packetLength" + packet_length = s.match_criterias.packet_length + }], + try(s.match_criterias.priority, null) == null ? [] : [{ + type = "plp" + priority = s.match_criterias.priority + }], + try(s.match_criterias.protocols, null) == null ? [] : [{ + type = "protocol" + protocol = join(" ", [for p in s.match_criterias.protocols : p]) + }], + try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ + type = "sourceDataPrefixList" + source_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id + source_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version + }], + try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ + type = "sourceIp" + source_ip = s.match_criterias.source_ip_prefix + }], + try(s.match_criterias.source_ports, null) == null && try(s.match_criterias.source_port_ranges, null) == null ? [] : [{ + type = "sourcePort" + source_ports = join(" ", concat([for p in try(s.match_criterias.source_ports, []) : p], [for r in try(s.match_criterias.source_port_ranges, []) : "${r.from}-${r.to}"])) + }], + try(s.match_criterias.tcp, null) == null ? [] : [{ + type = "tcp" + tcp = s.match_criterias.tcp + }] ]) action_entries = !(can(s.actions.counter_name) || @@ -108,42 +108,42 @@ resource "sdwan_ipv4_acl_policy_definition" "ipv4_acl_policy_definition" { can(s.actions.policer) || can(s.actions.next_hop) || can(s.actions.dscp)) ? null : flatten([ - try(s.actions.counter_name, null) == null ? [] : [{ - type = "count" - counter_name = s.actions.counter_name - }], - try(s.actions.class, null) == null ? [] : [{ - type = "class" - class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].id - class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].version - }], - try(s.actions.log, null) == null ? [] : [{ - type = "log" - log = s.actions.log - }], - try(s.actions.mirror_list, null) == null ? [] : [{ - type = "mirror" - mirror_id = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].id - mirror_version = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].version - }], - try(s.actions.policer, null) == null ? [] : [{ - type = "policer" - policer_id = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].id - policer_version = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].version - }], - try(s.actions.next_hop, null) == null && try(s.actions.dscp, null) == null ? [] : [{ - type = "set" - set_parameters = flatten([ - try(s.actions.dscp, null) == null ? [] : [{ - type = "dscp" - dscp = s.actions.dscp - }], - try(s.actions.next_hop, null) == null ? [] : [{ - type = "nextHop" - next_hop = s.actions.next_hop - }] - ]) - }] + try(s.actions.counter_name, null) == null ? [] : [{ + type = "count" + counter_name = s.actions.counter_name + }], + try(s.actions.class, null) == null ? [] : [{ + type = "class" + class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].id + class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].version + }], + try(s.actions.log, null) == null ? [] : [{ + type = "log" + log = s.actions.log + }], + try(s.actions.mirror_list, null) == null ? [] : [{ + type = "mirror" + mirror_id = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].id + mirror_version = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].version + }], + try(s.actions.policer, null) == null ? [] : [{ + type = "policer" + policer_id = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].id + policer_version = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].version + }], + try(s.actions.next_hop, null) == null && try(s.actions.dscp, null) == null ? [] : [{ + type = "set" + set_parameters = flatten([ + try(s.actions.dscp, null) == null ? [] : [{ + type = "dscp" + dscp = s.actions.dscp + }], + try(s.actions.next_hop, null) == null ? [] : [{ + type = "nextHop" + next_hop = s.actions.next_hop + }] + ]) + }] ]) }] } @@ -169,57 +169,57 @@ resource "sdwan_ipv6_acl_policy_definition" "ipv6_acl_policy_definition" { can(s.match_criterias.source_ports) || can(s.match_criterias.tcp) || can(s.match_criterias.traffic_class)) ? null : flatten([ - try(s.match_criterias.class, null) == null ? [] : [{ - type = "class" - class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].id - class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].version - }], - try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ - type = "destinationDataIpv6PrefixList" - destination_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id - destination_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version - }], - try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ - type = "destinationIpv6" - destination_ip = s.match_criterias.destination_ip_prefix - }], - try(s.match_criterias.destination_port, null) == null ? [] : [{ - type = "destinationPort" - destination_ports = s.match_criterias.destination_port - }], - try(s.match_criterias.next_header, null) == null ? [] : [{ - type = "nextHeader" - next_header = s.match_criterias.next_header - }], - try(s.match_criterias.packet_length, null) == null ? [] : [{ - type = "packetLength" - packet_length = s.match_criterias.packet_length - }], - try(s.match_criterias.priority, null) == null ? [] : [{ - type = "plp" - priority = s.match_criterias.priority - }], - try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ - type = "sourceDataIpv6PrefixList" - source_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id - source_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version - }], - try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ - type = "sourceIpv6" - source_ip = s.match_criterias.source_ip_prefix - }], - try(s.match_criterias.source_ports, null) == null && try(s.match_criterias.source_port_ranges, null) == null ? [] : [{ - type = "sourcePort" - source_ports = join(" ", concat([for p in try(s.match_criterias.source_ports, []) : p], [for r in try(s.match_criterias.source_port_ranges, []) : "${r.from}-${r.to}"])) - }], - try(s.match_criterias.tcp, null) == null ? [] : [{ - type = "tcp" - tcp = s.match_criterias.tcp - }], - try(s.match_criterias.traffic_class, null) == null ? [] : [{ - type = "trafficClass" - traffic_class = s.match_criterias.traffic_class - }] + try(s.match_criterias.class, null) == null ? [] : [{ + type = "class" + class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].id + class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.match_criterias.class].version + }], + try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ + type = "destinationDataIpv6PrefixList" + destination_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id + destination_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version + }], + try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ + type = "destinationIpv6" + destination_ip = s.match_criterias.destination_ip_prefix + }], + try(s.match_criterias.destination_port, null) == null ? [] : [{ + type = "destinationPort" + destination_ports = s.match_criterias.destination_port + }], + try(s.match_criterias.next_header, null) == null ? [] : [{ + type = "nextHeader" + next_header = s.match_criterias.next_header + }], + try(s.match_criterias.packet_length, null) == null ? [] : [{ + type = "packetLength" + packet_length = s.match_criterias.packet_length + }], + try(s.match_criterias.priority, null) == null ? [] : [{ + type = "plp" + priority = s.match_criterias.priority + }], + try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ + type = "sourceDataIpv6PrefixList" + source_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id + source_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version + }], + try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ + type = "sourceIpv6" + source_ip = s.match_criterias.source_ip_prefix + }], + try(s.match_criterias.source_ports, null) == null && try(s.match_criterias.source_port_ranges, null) == null ? [] : [{ + type = "sourcePort" + source_ports = join(" ", concat([for p in try(s.match_criterias.source_ports, []) : p], [for r in try(s.match_criterias.source_port_ranges, []) : "${r.from}-${r.to}"])) + }], + try(s.match_criterias.tcp, null) == null ? [] : [{ + type = "tcp" + tcp = s.match_criterias.tcp + }], + try(s.match_criterias.traffic_class, null) == null ? [] : [{ + type = "trafficClass" + traffic_class = s.match_criterias.traffic_class + }] ]) action_entries = !(can(s.actions.counter_name) || @@ -229,42 +229,42 @@ resource "sdwan_ipv6_acl_policy_definition" "ipv6_acl_policy_definition" { can(s.actions.policer) || can(s.actions.next_hop) || can(s.actions.dscp)) ? null : flatten([ - try(s.actions.counter_name, null) == null ? [] : [{ - type = "count" - counter_name = s.actions.counter_name - }], - try(s.actions.class, null) == null ? [] : [{ - type = "class" - class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].id - class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].version - }], - try(s.actions.log, null) == null ? [] : [{ - type = "log" - log = s.actions.log - }], - try(s.actions.mirror_list, null) == null ? [] : [{ - type = "mirror" - mirror_id = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].id - mirror_version = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].version - }], - try(s.actions.policer, null) == null ? [] : [{ - type = "policer" - policer_id = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].id - policer_version = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].version - }], - try(s.actions.next_hop, null) == null && try(s.actions.dscp, null) == null ? [] : [{ - type = "set" - set_parameters = flatten([ - try(s.actions.traffic_class, null) == null ? [] : [{ - type = "trafficClass" - traffic_class = s.actions.traffic_class - }], - try(s.actions.next_hop, null) == null ? [] : [{ - type = "nextHop" - next_hop = s.actions.next_hop - }] - ]) - }] + try(s.actions.counter_name, null) == null ? [] : [{ + type = "count" + counter_name = s.actions.counter_name + }], + try(s.actions.class, null) == null ? [] : [{ + type = "class" + class_map_id = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].id + class_map_version = sdwan_class_map_policy_object.class_map_policy_object[s.actions.class].version + }], + try(s.actions.log, null) == null ? [] : [{ + type = "log" + log = s.actions.log + }], + try(s.actions.mirror_list, null) == null ? [] : [{ + type = "mirror" + mirror_id = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].id + mirror_version = sdwan_mirror_policy_object.mirror_policy_object[s.actions.mirror_list].version + }], + try(s.actions.policer, null) == null ? [] : [{ + type = "policer" + policer_id = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].id + policer_version = sdwan_policer_policy_object.policer_policy_object[s.actions.policer].version + }], + try(s.actions.next_hop, null) == null && try(s.actions.dscp, null) == null ? [] : [{ + type = "set" + set_parameters = flatten([ + try(s.actions.traffic_class, null) == null ? [] : [{ + type = "trafficClass" + traffic_class = s.actions.traffic_class + }], + try(s.actions.next_hop, null) == null ? [] : [{ + type = "nextHop" + next_hop = s.actions.next_hop + }] + ]) + }] ]) }] } @@ -284,32 +284,32 @@ resource "sdwan_ipv4_device_acl_policy_definition" "ipv4_device_acl_policy_defin can(s.match_criterias.source_data_prefix_list) || can(s.match_criterias.source_ip_prefix) || can(s.match_criterias.source_ports)) ? null : flatten([ - try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ - type = "destinationDataPrefixList" - destination_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id - destination_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version - }], - try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ - type = "destinationIp" - destination_ip = s.match_criterias.destination_ip_prefix - }], - try(s.match_criterias.destination_port, null) == null ? [] : [{ - type = "destinationPort" - destination_port = s.match_criterias.destination_port - }], - try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ - type = "sourceDataPrefixList" - source_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id - source_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version - }], - try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ - type = "sourceIp" - source_ip = s.match_criterias.source_ip_prefix - }], - try(s.match_criterias.source_ports, null) == null ? [] : [{ - type = "sourcePort" - source_ports = join(" ", [for p in try(s.match_criterias.source_ports, []) : p]) - }] + try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ + type = "destinationDataPrefixList" + destination_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id + destination_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version + }], + try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ + type = "destinationIp" + destination_ip = s.match_criterias.destination_ip_prefix + }], + try(s.match_criterias.destination_port, null) == null ? [] : [{ + type = "destinationPort" + destination_port = s.match_criterias.destination_port + }], + try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ + type = "sourceDataPrefixList" + source_data_ipv4_prefix_list_id = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id + source_data_ipv4_prefix_list_version = sdwan_data_ipv4_prefix_list_policy_object.data_ipv4_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version + }], + try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ + type = "sourceIp" + source_ip = s.match_criterias.source_ip_prefix + }], + try(s.match_criterias.source_ports, null) == null ? [] : [{ + type = "sourcePort" + source_ports = join(" ", [for p in try(s.match_criterias.source_ports, []) : p]) + }] ]) action_entries = try(s.counter_name, null) == null ? null : [{ type = "count" @@ -333,32 +333,32 @@ resource "sdwan_ipv6_device_acl_policy_definition" "ipv6_device_acl_policy_defin can(s.match_criterias.source_data_prefix_list) || can(s.match_criterias.source_ip_prefix) || can(s.match_criterias.source_ports)) ? null : flatten([ - try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ - type = "destinationDataIpv6PrefixList" - destination_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id - destination_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version - }], - try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ - type = "destinationIpv6" - destination_ip = s.match_criterias.destination_ip_prefix - }], - try(s.match_criterias.destination_port, null) == null ? [] : [{ - type = "destinationPort" - destination_port = s.match_criterias.destination_port - }], - try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ - type = "sourceDataIpv6PrefixList" - source_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id - source_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version - }], - try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ - type = "sourceIpv6" - source_ip = s.match_criterias.source_ip_prefix - }], - try(s.match_criterias.source_ports, null) == null ? [] : [{ - type = "sourcePort" - source_ports = join(" ", [for p in try(s.match_criterias.source_ports, []) : p]) - }] + try(s.match_criterias.destination_data_prefix_list, null) == null ? [] : [{ + type = "destinationDataIpv6PrefixList" + destination_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].id + destination_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.destination_data_prefix_list].version + }], + try(s.match_criterias.destination_ip_prefix, null) == null ? [] : [{ + type = "destinationIpv6" + destination_ip = s.match_criterias.destination_ip_prefix + }], + try(s.match_criterias.destination_port, null) == null ? [] : [{ + type = "destinationPort" + destination_port = s.match_criterias.destination_port + }], + try(s.match_criterias.source_data_prefix_list, null) == null ? [] : [{ + type = "sourceDataIpv6PrefixList" + source_data_ipv6_prefix_list_id = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].id + source_data_ipv6_prefix_list_version = sdwan_data_ipv6_prefix_list_policy_object.data_ipv6_prefix_list_policy_object[s.match_criterias.source_data_prefix_list].version + }], + try(s.match_criterias.source_ip_prefix, null) == null ? [] : [{ + type = "sourceIpv6" + source_ip = s.match_criterias.source_ip_prefix + }], + try(s.match_criterias.source_ports, null) == null ? [] : [{ + type = "sourcePort" + source_ports = join(" ", [for p in try(s.match_criterias.source_ports, []) : p]) + }] ]) action_entries = try(s.counter_name, null) == null ? null : [{ type = "count" @@ -390,61 +390,61 @@ resource "sdwan_route_policy_definition" "route_policy_definition" { can(s.match_criterias.peer) || can(s.match_criterias.omp_tag) || can(s.match_criterias.ospf_tag)) ? null : flatten([ - try(s.match_criterias.prefix_list, null) == null ? [] : [{ - type = "address" - prefix_list_id = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.prefix_list].id - prefix_list_version = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.prefix_list].version - }], - try(s.match_criterias.as_path_list, null) == null ? [] : [{ - type = "asPath" - as_path_list_id = sdwan_as_path_list_policy_object.as_path_list_policy_object[s.match_criterias.as_path_list].id - as_path_list_version = sdwan_as_path_list_policy_object.as_path_list_policy_object[s.match_criterias.as_path_list].version - }], - try(s.match_criterias.standard_community_lists, null) == null ? [] : [{ - type = "advancedCommunity" - community_list_ids = [for com_list in try(s.match_criterias.standard_community_lists, null) : sdwan_standard_community_list_policy_object.standard_community_list_policy_object[com_list].id] - community_list_versions = [for com_list in try(s.match_criterias.standard_community_lists, null) : sdwan_standard_community_list_policy_object.standard_community_list_policy_object[com_list].version] - community_list_match_flag = try(s.match_criterias.standard_community_lists_criteria, null) - }], - try(s.match_criterias.expanded_community_list, null) == null ? [] : [{ - type = "expandedCommunity" - expanded_community_list_id = sdwan_expanded_community_list_policy_object.expanded_community_list_policy_object[s.match_criterias.expanded_community_list].id - expanded_community_list_version = sdwan_expanded_community_list_policy_object.expanded_community_list_policy_object[s.match_criterias.expanded_community_list].version - }], - try(s.match_criterias.extended_community_list, null) == null ? [] : [{ - type = "extCommunity" - extended_community_list_id = sdwan_extended_community_list_policy_object.extended_community_list_policy_object[s.match_criterias.extended_community_list].id - extended_community_list_version = sdwan_extended_community_list_policy_object.extended_community_list_policy_object[s.match_criterias.extended_community_list].version - }], - try(s.match_criterias.bgp_local_preference, null) == null ? [] : [{ - type = "localPreference" - local_preference = s.match_criterias.bgp_local_preference - }], - try(s.match_criterias.metric, null) == null ? [] : [{ - type = "metric" - metric = s.match_criterias.metric - }], - try(s.match_criterias.next_hop_prefix_list, null) == null ? [] : [{ - type = "nextHop" - next_hop_prefix_list_id = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.next_hop_prefix_list].id - next_hop_prefix_list_version = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.next_hop_prefix_list].version - }], - try(s.match_criterias.origin, null) == null ? [] : [{ - type = "origin" - origin = s.match_criterias.origin - }], - try(s.match_criterias.peer, null) == null ? [] : [{ - type = "peer" - peer = s.match_criterias.peer - }], - try(s.match_criterias.omp_tag, null) == null ? [] : [{ - type = "ompTag" - omp_tag = s.match_criterias.omp_tag - }], - try(s.match_criterias.ospf_tag, null) == null ? [] : [{ - type = "ospfTag" - ospf_tag = s.match_criterias.ospf_tag - }] + try(s.match_criterias.prefix_list, null) == null ? [] : [{ + type = "address" + prefix_list_id = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.prefix_list].id + prefix_list_version = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.prefix_list].version + }], + try(s.match_criterias.as_path_list, null) == null ? [] : [{ + type = "asPath" + as_path_list_id = sdwan_as_path_list_policy_object.as_path_list_policy_object[s.match_criterias.as_path_list].id + as_path_list_version = sdwan_as_path_list_policy_object.as_path_list_policy_object[s.match_criterias.as_path_list].version + }], + try(s.match_criterias.standard_community_lists, null) == null ? [] : [{ + type = "advancedCommunity" + community_list_ids = [for com_list in try(s.match_criterias.standard_community_lists, null) : sdwan_standard_community_list_policy_object.standard_community_list_policy_object[com_list].id] + community_list_versions = [for com_list in try(s.match_criterias.standard_community_lists, null) : sdwan_standard_community_list_policy_object.standard_community_list_policy_object[com_list].version] + community_list_match_flag = try(s.match_criterias.standard_community_lists_criteria, null) + }], + try(s.match_criterias.expanded_community_list, null) == null ? [] : [{ + type = "expandedCommunity" + expanded_community_list_id = sdwan_expanded_community_list_policy_object.expanded_community_list_policy_object[s.match_criterias.expanded_community_list].id + expanded_community_list_version = sdwan_expanded_community_list_policy_object.expanded_community_list_policy_object[s.match_criterias.expanded_community_list].version + }], + try(s.match_criterias.extended_community_list, null) == null ? [] : [{ + type = "extCommunity" + extended_community_list_id = sdwan_extended_community_list_policy_object.extended_community_list_policy_object[s.match_criterias.extended_community_list].id + extended_community_list_version = sdwan_extended_community_list_policy_object.extended_community_list_policy_object[s.match_criterias.extended_community_list].version + }], + try(s.match_criterias.bgp_local_preference, null) == null ? [] : [{ + type = "localPreference" + local_preference = s.match_criterias.bgp_local_preference + }], + try(s.match_criterias.metric, null) == null ? [] : [{ + type = "metric" + metric = s.match_criterias.metric + }], + try(s.match_criterias.next_hop_prefix_list, null) == null ? [] : [{ + type = "nextHop" + next_hop_prefix_list_id = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.next_hop_prefix_list].id + next_hop_prefix_list_version = sdwan_ipv4_prefix_list_policy_object.ipv4_prefix_list_policy_object[s.match_criterias.next_hop_prefix_list].version + }], + try(s.match_criterias.origin, null) == null ? [] : [{ + type = "origin" + origin = s.match_criterias.origin + }], + try(s.match_criterias.peer, null) == null ? [] : [{ + type = "peer" + peer = s.match_criterias.peer + }], + try(s.match_criterias.omp_tag, null) == null ? [] : [{ + type = "ompTag" + omp_tag = s.match_criterias.omp_tag + }], + try(s.match_criterias.ospf_tag, null) == null ? [] : [{ + type = "ospfTag" + ospf_tag = s.match_criterias.ospf_tag + }] ]) action_entries = !(can(s.actions.aggregator_ip) || @@ -462,67 +462,67 @@ resource "sdwan_route_policy_definition" "route_policy_definition" { can(s.actions.ospf_tag) || can(s.actions.origin) || can(s.actions.originator)) ? null : flatten([ - try(s.actions.aggregator_ip, null) == null || try(s.actions.aggregator, null) == null ? [] : [{ - type = "aggregator" - aggregator = s.actions.aggregator - aggregator_ip_address = s.actions.aggregator_ip - }], - try(s.actions.prepend_as_paths, null) == null ? [] : [{ - type = "asPath" - as_path_prepend = join(" ", [for as in s.actions.prepend_as_paths : as]) - }], - try(s.actions.exclude_as_paths, null) == null ? [] : [{ - type = "asPath" - as_path_exclude = join(" ", [for as in s.actions.exclude_as_paths : as]) - }], - try(s.actions.atomic_aggregate, null) == null ? [] : [{ - type = "atomicAggregate" - atomic_aggregate = s.actions.atomic_aggregate - }], - try(s.actions.communities, null) == null ? [] : [{ - type = "community" - community = join(" ", [for c in s.actions.communities : c]) - }], - try(s.actions.community_additive, null) == null ? [] : [{ - type = "communityAdditive" - community_additive = s.actions.community_additive - }], - try(s.actions.local_preference, null) == null ? [] : [{ - type = "localPreference" - local_preference = s.actions.local_preference - }], - try(s.actions.metric, null) == null ? [] : [{ - type = "metric" - metric = s.actions.metric - }], - try(s.actions.weight, null) == null ? [] : [{ - type = "weight" - weight = s.actions.weight - }], - try(s.actions.metric_type, null) == null ? [] : [{ - type = "metricType" - metric_type = s.actions.metric_type - }], - try(s.actions.next_hop, null) == null ? [] : [{ - type = "nextHop" - next_hop = s.actions.next_hop - }], - try(s.actions.omp_tag, null) == null ? [] : [{ - type = "ompTag" - omp_tag = s.actions.omp_tag - }], - try(s.actions.ospf_tag, null) == null ? [] : [{ - type = "ospfTag" - ospf_tag = s.actions.ospf_tag - }], - try(s.actions.origin, null) == null ? [] : [{ - type = "origin" - origin = s.actions.origin - }], - try(s.actions.originator, null) == null ? [] : [{ - type = "originator" - originator = s.actions.originator - }] + try(s.actions.aggregator_ip, null) == null || try(s.actions.aggregator, null) == null ? [] : [{ + type = "aggregator" + aggregator = s.actions.aggregator + aggregator_ip_address = s.actions.aggregator_ip + }], + try(s.actions.prepend_as_paths, null) == null ? [] : [{ + type = "asPath" + as_path_prepend = join(" ", [for as in s.actions.prepend_as_paths : as]) + }], + try(s.actions.exclude_as_paths, null) == null ? [] : [{ + type = "asPath" + as_path_exclude = join(" ", [for as in s.actions.exclude_as_paths : as]) + }], + try(s.actions.atomic_aggregate, null) == null ? [] : [{ + type = "atomicAggregate" + atomic_aggregate = s.actions.atomic_aggregate + }], + try(s.actions.communities, null) == null ? [] : [{ + type = "community" + community = join(" ", [for c in s.actions.communities : c]) + }], + try(s.actions.community_additive, null) == null ? [] : [{ + type = "communityAdditive" + community_additive = s.actions.community_additive + }], + try(s.actions.local_preference, null) == null ? [] : [{ + type = "localPreference" + local_preference = s.actions.local_preference + }], + try(s.actions.metric, null) == null ? [] : [{ + type = "metric" + metric = s.actions.metric + }], + try(s.actions.weight, null) == null ? [] : [{ + type = "weight" + weight = s.actions.weight + }], + try(s.actions.metric_type, null) == null ? [] : [{ + type = "metricType" + metric_type = s.actions.metric_type + }], + try(s.actions.next_hop, null) == null ? [] : [{ + type = "nextHop" + next_hop = s.actions.next_hop + }], + try(s.actions.omp_tag, null) == null ? [] : [{ + type = "ompTag" + omp_tag = s.actions.omp_tag + }], + try(s.actions.ospf_tag, null) == null ? [] : [{ + type = "ospfTag" + ospf_tag = s.actions.ospf_tag + }], + try(s.actions.origin, null) == null ? [] : [{ + type = "origin" + origin = s.actions.origin + }], + try(s.actions.originator, null) == null ? [] : [{ + type = "originator" + originator = s.actions.originator + }] ]) }] }