forked from netascode/terraform-sdwan-nac-sdwan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsdwan_features_system.tf
592 lines (580 loc) · 41.1 KB
/
sdwan_features_system.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
resource "sdwan_system_aaa_feature" "system_aaa_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-aaa" => sys
if try(sys.aaa, null) != null
}
name = try(each.value.aaa.name, local.defaults.sdwan.feature_profiles.system_profiles.aaa.name)
description = try(each.value.aaa.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
accounting_group = try(each.value.aaa.dot1x_accounting, null)
accounting_group_variable = try("{{${each.value.aaa.dot1x_accounting_variable}}}", null)
accounting_rules = try(length(each.value.aaa.accounting_rules) == 0, true) ? null : [for rule in each.value.aaa.accounting_rules : {
group = rule.groups
level = try(rule.level, null)
method = rule.method
rule_id = rule.id
start_stop = try(rule.start_stop, null)
start_stop_variable = try(rule.start_stop_variable, null)
}]
authentication_group = try(each.value.aaa.dot1x_authentication, null)
authentication_group_variable = try("{{${each.value.aaa.dot1x_authentication_variable}}}", null)
authorization_config_commands = try(each.value.aaa.authorization_config_commands, null)
authorization_config_commands_variable = try("{{${each.value.aaa.authorization_config_commands_variable}}}", null)
authorization_console = try(each.value.aaa.authorization_console, null)
authorization_console_variable = try("{{${each.value.aaa.authorization_console_variable}}}", null)
authorization_rules = try(length(each.value.aaa.authorization_rules) == 0, true) ? null : [for rule in each.value.aaa.authorization_rules : {
group = rule.groups
if_authenticated = try(rule.authenticated, null)
level = try(rule.level, null)
method = rule.method
rule_id = rule.id
}]
radius_groups = try(length(each.value.aaa.radius_groups) == 0, true) ? null : [for group in each.value.aaa.radius_groups : {
group_name = try("radius-${group.vpn}", "radius-0-0")
servers = !can(group.servers) ? null : [for server in group.servers : {
acct_port = try(server.accounting_port, null)
acct_port_variable = try("{{${server.accounting_port_variable}}}", null)
address = server.address
auth_port = try(server.authentication_port, null)
auth_port_variable = try("{{${server.authentication_port_variable}}}", null)
key = server.key
key_type = try(server.key_type, null)
key_type_variable = try("{{${server.key_type_variable}}}", null)
retransmit = try(server.retransmit, null)
retransmit_variable = try("{{${server.retransmit_variable}}}", null)
secret_key = try(server.secret_key, null)
secret_key_variable = try("{{${server.secret_key_variable}}}", null)
timeout = try(server.timeout, null)
timeout_variable = try("{{${server.timeout_variable}}}", null)
}]
vpn = try(group.vpn, null)
source_interface = try(group.source_interface, null)
source_interface_variable = try("{{${group.source_interface_variable}}}", null)
}]
server_auth_order = try(each.value.aaa.auth_order, local.defaults.sdwan.feature_profiles.system_profiles.aaa.auth_order)
tacacs_groups = try(length(each.value.aaa.tacacs_groups) == 0, true) ? null : [for group in each.value.aaa.tacacs_groups : {
group_name = try("tacacs-${group.vpn}", "tacacs-0-0")
servers = !can(group.servers) ? null : [for server in group.servers : {
address = server.address
key = server.key
port = try(server.port, null)
port_variable = try("{{${server.port_variable}}}", null)
secret_key = server.secret_key
timeout = try(server.timeout, null)
timeout_variable = try("{{${server.timeout_variable}}}", null)
}]
vpn = try(group.vpn, null)
source_interface = try(group.source_interface, null)
source_interface_variable = try("{{${group.source_interface_variable}}}", null)
}]
users = try(length(each.value.aaa.users) == 0, true) ? null : [for user in each.value.aaa.users : {
name = try(user.name, null)
name_variable = try("{{${user.name_variable}}}", null)
password = try(user.password, null)
password_variable = try("{{${user.password_variable}}}", null)
privilege = try(user.privilege, null)
privilege_variable = try("{{${user.privilege_variable}}}", null)
public_keys = try(length(user.public_key_chains) == 0, true) ? null : [for public_key in user.public_key_chains : {
key_type = "ssh-rsa"
key_string = public_key
}]
}]
}
resource "sdwan_system_banner_feature" "system_banner_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-banner" => sys
if try(sys.banner, null) != null
}
name = try(each.value.banner.name, local.defaults.sdwan.feature_profiles.system_profiles.banner.name)
description = try(each.value.banner.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
login = try(each.value.banner.login, null)
login_variable = try("{{${each.value.banner.login_variable}}}", null)
motd = try(each.value.banner.motd, null)
motd_variable = try("{{${each.value.banner.motd_variable}}}", null)
}
resource "sdwan_system_basic_feature" "system_basic_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-basic" => sys
if try(sys.basic, null) != null
}
name = try(each.value.basic.name, local.defaults.sdwan.feature_profiles.system_profiles.basic.name)
description = try(each.value.basic.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
admin_tech_on_failure = try(each.value.basic.admin_tech_on_failure, null)
admin_tech_on_failure_variable = try("{{${each.value.basic.admin_tech_on_failure_variable}}}", null)
affinity_group_number = try(each.value.basic.affinity_group_number, null)
affinity_group_number_variable = try("{{${each.value.basic.affinity_group_number_variable}}}", null)
affinity_group_preferences = try(each.value.basic.affinity_group_preferences, null)
affinity_group_preferences_variable = try("{{${each.value.basic.affinity_group_preferences_variable}}}", null)
affinity_per_vrfs = try(length(each.value.basic.affinity_per_vrfs) == 0, true) ? null : [for a in each.value.basic.affinity_per_vrfs : {
affinity_group_number = try(a.affinity_group_number, null)
affinity_group_number_variable = try("{{${a.affinity_group_number_variable}}}", null)
vrf_range = try(a.vrf_range, null)
vrf_range_variable = try("{{${a.vrf_range_variable}}}", null)
}]
affinity_preference_auto = try(each.value.basic.affinity_preference_auto, null)
affinity_preference_auto_variable = try("{{${each.value.basic.affinity_preference_auto_variable}}}", null)
config_description = try(each.value.basic.system_description, null)
config_description_variable = try("{{${each.value.basic.system_description_variable}}}", null)
console_baud_rate = try(each.value.basic.console_baud_rate, null)
console_baud_rate_variable = try("{{${each.value.basic.console_baud_rate_variable}}}", null)
control_session_pps = try(each.value.basic.control_session_pps, null)
control_session_pps_variable = try("{{${each.value.basic.control_session_pps_variable}}}", null)
controller_groups = try(each.value.basic.controller_groups, null)
controller_groups_variable = try("{{${each.value.basic.controller_groups_variable}}}", null)
device_groups = try(each.value.basic.device_groups, null)
device_groups_variable = try("{{${each.value.basic.device_groups_variable}}}", null)
enhanced_app_aware_routing = try(each.value.basic.enhanced_app_aware_routing, null)
enhanced_app_aware_routing_variable = try("{{${each.value.basic.enhanced_app_aware_routing_variable}}}", null)
gps_geo_fencing_enable = try(each.value.basic.geo_fencing_enable, null)
gps_geo_fencing_range = try(each.value.basic.geo_fencing_range, null)
gps_geo_fencing_range_variable = try("{{${each.value.basic.geo_fencing_range_variable}}}", null)
gps_latitude = try(each.value.basic.latitude, null)
gps_latitude_variable = try("{{${each.value.basic.latitude_variable}}}", null)
gps_longitude = try(each.value.basic.longitude, null)
gps_longitude_variable = try("{{${each.value.basic.longitude_variable}}}", null)
gps_sms_enable = try(each.value.basic.geo_fencing_sms_enable, null)
gps_sms_mobile_numbers = try(length(each.value.basic.geo_fencing_sms_mobile_numbers) == 0, true) ? null : [for n in each.value.basic.geo_fencing_sms_mobile_numbers : {
number = try(n.number, null)
number_variable = try("{{${n.number_variable}}}", null)
}]
idle_timeout = try(each.value.basic.idle_timeout, null)
idle_timeout_variable = try("{{${each.value.basic.idle_timeout_variable}}}", null)
location = try(each.value.basic.location, null)
location_variable = try("{{${each.value.basic.location_variable}}}", null)
max_omp_sessions = try(each.value.basic.max_omp_sessions, null)
max_omp_sessions_variable = try("{{${each.value.basic.max_omp_sessions_variable}}}", null)
multi_tenant = try(each.value.basic.multitenant, null)
multi_tenant_variable = try("{{${each.value.basic.multitenant_variable}}}", null)
on_demand_enable = try(each.value.basic.on_demand_tunnel, null)
on_demand_enable_variable = try("{{${each.value.basic.on_demand_tunnel_variable}}}", null)
on_demand_idle_timeout = try(each.value.basic.on_demand_tunnel_idle_timeout, null)
on_demand_idle_timeout_variable = try("{{${each.value.basic.on_demand_tunnel_idle_timeout_variable}}}", null)
overlay_id = try(each.value.basic.overlay_id, null)
overlay_id_variable = try("{{${each.value.basic.overlay_id_variable}}}", null)
port_hopping = try(each.value.basic.port_hopping, null)
port_hopping_variable = try("{{${each.value.basic.port_hopping_variable}}}", null)
port_offset = try(each.value.basic.port_offset, null)
port_offset_variable = try("{{${each.value.basic.port_offset_variable}}}", null)
site_types = try(each.value.basic.site_types, null)
site_types_variable = try("{{${each.value.basic.site_types_variable}}}", null)
timezone = try(each.value.basic.timezone, null)
timezone_variable = try("{{${each.value.basic.timezone_variable}}}", null)
track_default_gateway = try(each.value.basic.track_default_gateway, null)
track_default_gateway_variable = try("{{${each.value.basic.track_default_gateway_variable}}}", null)
track_interface_tag = try(each.value.basic.track_interface_tag, null)
track_interface_tag_variable = try("{{${each.value.basic.track_interface_tag_variable}}}", null)
track_transport = try(each.value.basic.track_transport, null)
track_transport_variable = try("{{${each.value.basic.track_transport_variable}}}", null)
transport_gateway = try(each.value.basic.transport_gateway, null)
transport_gateway_variable = try("{{${each.value.basic.transport_gateway_variable}}}", null)
}
resource "sdwan_system_bfd_feature" "system_bfd_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-bfd" => sys
if try(sys.bfd, null) != null
}
name = try(each.value.bfd.name, local.defaults.sdwan.feature_profiles.system_profiles.bfd.name)
description = try(each.value.bfd.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
colors = try(length(each.value.bfd.colors) == 0, true) ? null : [for c in each.value.bfd.colors : {
color = try(c.color, null)
color_variable = try("{{${c.color_variable}}}", null)
dscp = try(c.default_dscp, null)
dscp_variable = try("{{${c.dscp_variable}}}", null)
hello_interval = try(c.hello_interval, null)
hello_interval_variable = try("{{${c.hello_interval_variable}}}", null)
multiplier = try(c.multiplier, null)
multiplier_variable = try("{{${c.multiplier_variable}}}", null)
pmtu_discovery = try(c.path_mtu_discovery, null)
pmtu_discovery_variable = try("{{${c.path_mtu_discovery_variable}}}", null)
}]
default_dscp = try(each.value.bfd.default_dscp, null)
default_dscp_variable = try("{{${each.value.bfd.dscp_variable}}}", null)
multiplier = try(each.value.bfd.multiplier, null)
multiplier_variable = try("{{${each.value.bfd.multiplier_variable}}}", null)
poll_interval = try(each.value.bfd.poll_interval, null)
poll_interval_variable = try("{{${each.value.bfd.poll_interval_variable}}}", null)
}
resource "sdwan_system_flexible_port_speed_feature" "system_flexible_port_speed_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-flexible_port_speed" => sys
if try(sys.flexible_port_speed, null) != null
}
name = try(each.value.flexible_port_speed.name, local.defaults.sdwan.feature_profiles.system_profiles.flexible_port_speed.name)
description = try(each.value.flexible_port_speed.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
port_type = try(each.value.flexible_port_speed.port_type, null)
port_type_variable = try("{{${each.value.flexible_port_speed.port_type_variable}}}", null)
}
resource "sdwan_system_global_feature" "system_global_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-global" => sys
if try(sys.global, null) != null
}
name = try(each.value.global.name, local.defaults.sdwan.feature_profiles.system_profiles.global.name)
description = try(each.value.global.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
arp_proxy = try(each.value.global.arp_proxy, null)
arp_proxy_variable = try("{{${each.value.global.arp_proxy_variable}}}", null)
cdp = try(each.value.global.cdp, null)
cdp_variable = try("{{${each.value.global.cdp_variable}}}", null)
console_logging = try(each.value.global.console_logging, null)
console_logging_variable = try("{{${each.value.global.console_logging_variable}}}", null)
domain_lookup = try(each.value.global.domain_lookup, null)
domain_lookup_variable = try("{{${each.value.global.domain_lookup_variable}}}", null)
ftp_passive = try(each.value.global.ftp_passive, null)
ftp_passive_variable = try("{{${each.value.global.ftp_passive_variable}}}", null)
http_authentication = try(each.value.global.http_authentication, null)
http_authentication_variable = try("{{${each.value.global.http_authentication_variable}}}", null)
http_server = try(each.value.global.http_server, null)
http_server_variable = try("{{${each.value.global.http_server_variable}}}", null)
https_server = try(each.value.global.https_server, null)
https_server_variable = try("{{${each.value.global.https_server_variable}}}", null)
ignore_bootp = try(each.value.global.ignore_bootp, null)
ignore_bootp_variable = try("{{${each.value.global.ignore_bootp_variable}}}", null)
ip_source_routing = try(each.value.global.ip_source_routing, null)
ip_source_routing_variable = try("{{${each.value.global.ip_source_routing_variable}}}", null)
line_vty = try(each.value.global.telnet_outbound, null)
line_vty_variable = try("{{${each.value.global.telnet_outbound_variable}}}", null)
lldp = try(each.value.global.lldp, null)
lldp_variable = try("{{${each.value.global.lldp_variable}}}", null)
nat64_tcp_timeout = try(each.value.global.nat64_tcp_timeout, null)
nat64_tcp_timeout_variable = try("{{${each.value.global.nat64_tcp_timeout_variable}}}", null)
nat64_udp_timeout = try(each.value.global.nat64_udp_timeout, null)
nat64_udp_timeout_variable = try("{{${each.value.global.nat64_udp_timeout_variable}}}", null)
rsh_rcp = try(each.value.global.rsh_rcp, null)
rsh_rcp_variable = try("{{${each.value.global.rsh_rcp_variable}}}", null)
snmp_ifindex_persist = try(each.value.global.snmp_ifindex_persist, null)
snmp_ifindex_persist_variable = try("{{${each.value.global.snmp_ifindex_persist_variable}}}", null)
source_interface = try(each.value.global.source_interface, null)
source_interface_variable = try("{{${each.value.global.source_interface_variable}}}", null)
ssh_version = try(each.value.global.ssh_version, null)
ssh_version_variable = try("{{${each.value.global.ssh_version_variable}}}", null)
tcp_keepalives_in = try(each.value.global.tcp_keepalives_in, null)
tcp_keepalives_in_variable = try("{{${each.value.global.tcp_keepalives_in_variable}}}", null)
tcp_keepalives_out = try(each.value.global.tcp_keepalives_out, null)
tcp_keepalives_out_variable = try("{{${each.value.global.tcp_keepalives_out_variable}}}", null)
tcp_small_servers = try(each.value.global.tcp_small_servers, null)
tcp_small_servers_variable = try("{{${each.value.global.tcp_small_servers_variable}}}", null)
udp_small_servers = try(each.value.global.udp_small_servers, null)
udp_small_servers_variable = try("{{${each.value.global.udp_small_servers_variable}}}", null)
vty_line_logging = try(each.value.global.vty_line_logging, null)
vty_line_logging_variable = try("{{${each.value.global.vty_line_logging_variable}}}", null)
}
resource "sdwan_system_logging_feature" "system_logging_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-logging" => sys
if try(sys.logging, null) != null
}
name = try(each.value.logging.name, local.defaults.sdwan.feature_profiles.system_profiles.logging.name)
description = try(each.value.logging.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
disk_file_rotate = try(each.value.logging.disk_file_rotate, null)
disk_file_rotate_variable = try("{{${each.value.logging.disk_file_rotate_variable}}}", null)
disk_file_size = try(each.value.logging.disk_file_size, null)
disk_file_size_variable = try("{{${each.value.logging.disk_file_size_variable}}}", null)
ipv4_servers = try(length(each.value.logging.ipv4_servers) == 0, true) ? null : [for server in each.value.logging.ipv4_servers : {
hostname_ip = try(server.hostname_ip, null)
hostname_ip_variable = try("{{${server.hostname_ip_variable}}}", null)
priority = try(server.severity, null)
priority_variable = try("{{${server.severity_variable}}}", null)
source_interface = try(server.source_interface, null)
source_interface_variable = try("{{${server.source_interface_variable}}}", null)
tls_enable = try(server.tls_enable, null)
tls_enable_variable = try("{{${server.tls_enable_variable}}}", null)
tls_properties_custom_profile = try(server.tls_properties_custom_profile, null)
tls_properties_custom_profile_variable = try("{{${server.tls_properties_custom_profile_variable}}}", null)
tls_properties_profile = try(server.tls_properties_profile, null)
tls_properties_profile_variable = try("{{${server.tls_properties_profile_variable}}}", null)
vpn = try(server.vpn_id, null)
vpn_variable = try("{{${server.vpn_id_variable}}}", null)
}]
ipv6_servers = try(length(each.value.logging.ipv6_servers) == 0, true) ? null : [for server in each.value.logging.ipv6_servers : {
hostname_ip = try(server.hostname_ip, null)
hostname_ip_variable = try("{{${server.hostname_ip_variable}}}", null)
priority = try(server.severity, null)
priority_variable = try("{{${server.severity_variable}}}", null)
source_interface = try(server.source_interface, null)
source_interface_variable = try("{{${server.source_interface_variable}}}", null)
tls_enable = try(server.tls_enable, null)
tls_enable_variable = try("{{${server.tls_enable_variable}}}", null)
tls_properties_custom_profile = try(server.tls_properties_custom_profile, null)
tls_properties_custom_profile_variable = try("{{${server.tls_properties_custom_profile_variable}}}", null)
tls_properties_profile = try(server.tls_properties_profile, null)
tls_properties_profile_variable = try("{{${server.tls_properties_profile_variable}}}", null)
vpn = try(server.vpn_id, null)
vpn_variable = try("{{${server.vpn_id_variable}}}", null)
}]
tls_profiles = try(length(each.value.logging.tls_profiles) == 0, true) ? null : [for profile in each.value.logging.tls_profiles : {
cipher_suites = try(profile.cipher_suites, null)
cipher_suites_variable = try("{{${profile.cipher_suites_variable}}}", null)
profile = try(profile.name, null)
profile_variable = try("{{${profile.name_variable}}}", null)
tls_version = try(profile.tls_version, null)
tls_version_variable = try("{{${profile.tls_version_variable}}}", null)
}]
}
resource "sdwan_system_mrf_feature" "system_mrf_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-mrf" => sys
if try(sys.mrf, null) != null
}
name = try(each.value.mrf.name, local.defaults.sdwan.feature_profiles.system_profiles.mrf.name)
description = try(each.value.mrf.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
enable_migration_to_mrf = try(each.value.mrf.migration_to_mrf, null)
migration_bgp_community = try(each.value.mrf.migration_bgp_community, null)
region_id = try(each.value.mrf.region_id, null)
role = try(each.value.mrf.role, null)
role_variable = try("{{${each.value.mrf.role_variable}}}", null)
secondary_region_id = try(each.value.mrf.secondary_region_id, null)
secondary_region_id_variable = try("{{${each.value.mrf.secondary_region_id_variable}}}", null)
}
resource "sdwan_system_ntp_feature" "system_ntp_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-ntp" => sys
if try(sys.ntp, null) != null
}
name = try(each.value.ntp.name, local.defaults.sdwan.feature_profiles.system_profiles.ntp.name)
description = try(each.value.ntp.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
authentication_keys = try(length(each.value.ntp.authentication_keys) == 0, true) ? null : [for key in each.value.ntp.authentication_keys : {
key_id = try(key.id, null)
key_id_variable = try("{{${key.id_variable}}}", null)
md5_value = try(key.md5_value, null)
md5_value_variable = try("{{${key.md5_value_variable}}}", null)
}]
authoritative_ntp_server = try(each.value.ntp.authoritative_ntp_server, null)
authoritative_ntp_server_variable = try("{{${each.value.ntp.authoritative_ntp_server_variable}}}", null)
servers = try(length(each.value.ntp.servers) == 0, true) ? null : [for server in each.value.ntp.servers : {
authentication_key = try(server.authentication_key, null)
authentication_key_variable = try("{{${server.authentication_key_variable}}}", null)
hostname_ip_address = try(server.hostname_ip, null)
hostname_ip_address_variable = try("{{${server.hostname_ip_variable}}}", null)
ntp_version = try(server.ntp_version, null)
ntp_version_variable = try("{{${server.ntp_version_variable}}}", null)
prefer_this_ntp_server = try(server.prefer, null)
prefer_this_ntp_server_variable = try("{{${server.prefer_variable}}}", null)
source_interface = try(server.source_interface, null)
source_interface_variable = try("{{${server.source_interface_variable}}}", null)
vpn = try(server.vpn_id, null)
vpn_variable = try("{{${server.vpn_id_variable}}}", null)
}]
source_interface = try(each.value.ntp.authoritative_ntp_server_source_interface, null)
source_interface_variable = try("{{${each.value.ntp.authoritative_ntp_server_source_interface_variable}}}", null)
stratum = try(each.value.ntp.authoritative_ntp_server_stratum, null)
stratum_variable = try("{{${each.value.ntp.authoritative_ntp_server_stratum_variable}}}", null)
trusted_keys = try(each.value.ntp.trusted_keys, null)
trusted_keys_variable = try("{{${each.value.ntp.trusted_keys_variable}}}", null)
}
resource "sdwan_system_omp_feature" "system_omp_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-omp" => sys
if try(sys.omp, null) != null
}
name = try(each.value.omp.name, local.defaults.sdwan.feature_profiles.system_profiles.omp.name)
description = try(each.value.omp.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
advertise_ipv4_bgp = try(each.value.omp.advertise_ipv4_bgp, null)
advertise_ipv4_bgp_variable = try("{{${each.value.omp.advertise_ipv4_bgp_variable}}}", null)
advertise_ipv4_connected = try(each.value.omp.advertise_ipv4_connected, null)
advertise_ipv4_connected_variable = try("{{${each.value.omp.advertise_ipv4_connected_variable}}}", null)
advertise_ipv4_eigrp = try(each.value.omp.advertise_ipv4_eigrp, null)
advertise_ipv4_eigrp_variable = try("{{${each.value.omp.advertise_ipv4_eigrp_variable}}}", null)
advertise_ipv4_isis = try(each.value.omp.advertise_ipv4_isis, null)
advertise_ipv4_isis_variable = try("{{${each.value.omp.advertise_ipv4_isis_variable}}}", null)
advertise_ipv4_lisp = try(each.value.omp.advertise_ipv4_lisp, null)
advertise_ipv4_lisp_variable = try("{{${each.value.omp.advertise_ipv4_lisp_variable}}}", null)
advertise_ipv4_ospf = try(each.value.omp.advertise_ipv4_ospf, null)
advertise_ipv4_ospf_v3 = try(each.value.omp.advertise_ipv4_ospf_v3, null)
advertise_ipv4_ospf_v3_variable = try("{{${each.value.omp.advertise_ipv4_ospf_v3_variable}}}", null)
advertise_ipv4_ospf_variable = try("{{${each.value.omp.advertise_ipv4_ospf_variable}}}", null)
advertise_ipv4_static = try(each.value.omp.advertise_ipv4_static, null)
advertise_ipv4_static_variable = try("{{${each.value.omp.advertise_ipv4_static_variable}}}", null)
advertise_ipv6_bgp = try(each.value.omp.advertise_ipv6_bgp, null)
advertise_ipv6_bgp_variable = try("{{${each.value.omp.advertise_ipv6_bgp_variable}}}", null)
advertise_ipv6_connected = try(each.value.omp.advertise_ipv6_connected, null)
advertise_ipv6_connected_variable = try("{{${each.value.omp.advertise_ipv6_connected_variable}}}", null)
advertise_ipv6_eigrp = try(each.value.omp.advertise_ipv6_eigrp, null)
advertise_ipv6_eigrp_variable = try("{{${each.value.omp.advertise_ipv6_eigrp_variable}}}", null)
advertise_ipv6_isis = try(each.value.omp.advertise_ipv6_isis, null)
advertise_ipv6_isis_variable = try("{{${each.value.omp.advertise_ipv6_isis_variable}}}", null)
advertise_ipv6_lisp = try(each.value.omp.advertise_ipv6_lisp, null)
advertise_ipv6_lisp_variable = try("{{${each.value.omp.advertise_ipv6_lisp_variable}}}", null)
advertise_ipv6_ospf = try(each.value.omp.advertise_ipv6_ospf, null)
advertise_ipv6_ospf_variable = try("{{${each.value.omp.advertise_ipv6_ospf_variable}}}", null)
advertise_ipv6_static = try(each.value.omp.advertise_ipv6_static, null)
advertise_ipv6_static_variable = try("{{${each.value.omp.advertise_ipv6_static_variable}}}", null)
advertisement_interval = try(each.value.omp.advertisement_interval, null)
advertisement_interval_variable = try("{{${each.value.omp.advertisement_interval_variable}}}", null)
ecmp_limit = try(each.value.omp.ecmp_limit, null)
ecmp_limit_variable = try("{{${each.value.omp.ecmp_limit_variable}}}", null)
eor_timer = try(each.value.omp.eor_timer, null)
eor_timer_variable = try("{{${each.value.omp.eor_timer_variable}}}", null)
graceful_restart = try(each.value.omp.graceful_restart, null)
graceful_restart_timer = try(each.value.omp.graceful_restart_timer, null)
graceful_restart_timer_variable = try("{{${each.value.omp.graceful_restart_timer_variable}}}", null)
graceful_restart_variable = try("{{${each.value.omp.graceful_restart_variable}}}", null)
holdtime = try(each.value.omp.holdtime, null)
holdtime_variable = try("{{${each.value.omp.holdtime_variable}}}", null)
ignore_region_path_length = try(each.value.omp.ignore_region_path_length, null)
ignore_region_path_length_variable = try("{{${each.value.omp.ignore_region_path_length_variable}}}", null)
omp_admin_distance_ipv4 = try(each.value.omp.omp_admin_distance_ipv4, null)
omp_admin_distance_ipv4_variable = try("{{${each.value.omp.omp_admin_distance_ipv4_variable}}}", null)
omp_admin_distance_ipv6 = try(each.value.omp.omp_admin_distance_ipv6, null)
omp_admin_distance_ipv6_variable = try("{{${each.value.omp.omp_admin_distance_ipv6_variable}}}", null)
overlay_as = try(each.value.omp.overlay_as, null)
overlay_as_variable = try("{{${each.value.omp.overlay_as_variable}}}", null)
paths_advertised_per_prefix = try(each.value.omp.send_path_limit, null)
paths_advertised_per_prefix_variable = try("{{${each.value.omp.send_path_limit_variable}}}", null)
shutdown = try(each.value.omp.shutdown, null)
shutdown_variable = try("{{${each.value.omp.shutdown_variable}}}", null)
site_types = try(each.value.omp.site_types, null)
site_types_variable = try("{{${each.value.omp.site_types_variable}}}", null)
transport_gateway = try(each.value.omp.transport_gateway, null)
transport_gateway_variable = try("{{${each.value.omp.transport_gateway_variable}}}", null)
}
resource "sdwan_system_performance_monitoring_feature" "system_performance_monitoring_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-perfmonitor" => sys
if try(sys.performance_monitoring, null) != null
}
name = try(each.value.performance_monitoring.name, local.defaults.sdwan.feature_profiles.system_profiles.performance_monitoring.name)
description = try(each.value.performance_monitoring.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
app_perf_monitor_app_group = try(each.value.performance_monitoring.app_perf_monitor_app_groups, null)
app_perf_monitor_enabled = try(each.value.performance_monitoring.app_perf_monitor_enabled, null)
event_driven_config_enabled = try(each.value.performance_monitoring.event_driven_config_enabled, null)
event_driven_events = try(each.value.performance_monitoring.event_driven_events, null)
monitoring_config_enabled = try(each.value.performance_monitoring.monitoring_config_enabled, null)
monitoring_config_interval = try(each.value.performance_monitoring.monitoring_config_interval, null)
}
resource "sdwan_system_security_feature" "system_security_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-security" => sys
if try(sys.security, null) != null
}
name = try(each.value.security.name, local.defaults.sdwan.feature_profiles.system_profiles.security.name)
description = try(each.value.security.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
anti_replay_window = try(each.value.security.anti_replay_window, null)
anti_replay_window_variable = try("{{${each.value.security.anti_replay_window_variable}}}", null)
extended_anti_replay_window = try(each.value.security.extended_anti_replay_window, null)
extended_anti_replay_window_variable = try("{{${each.value.security.extended_anti_replay_window_variable}}}", null)
integrity_type = try(each.value.security.integrity_types, null)
integrity_type_variable = try("{{${each.value.security.integrity_types_variable}}}", null)
ipsec_pairwise_keying = try(each.value.security.ipsec_pairwise_keying, null)
ipsec_pairwise_keying_variable = try("{{${each.value.security.ipsec_pairwise_keying_variable}}}", null)
keychains = try(length(each.value.security.key_chains) == 0, true) ? null : [for key_chain in each.value.security.key_chains : {
key_chain_name = key_chain.name
key_id = key_chain.key_id
}]
keys = try(length(each.value.security.keys) == 0, true) ? null : [for key in each.value.security.keys : {
accept_ao_mismatch = try(key.accept_ao_mismatch, null)
accept_ao_mismatch_variable = try("{{${key.accept_ao_mismatch_variable}}}", null)
accept_life_time_duration = try(key.accept_life_time_duration, null)
accept_life_time_exact = try(key.accept_life_time_exact, null)
accept_life_time_infinite = try(key.accept_life_time_infinite, null)
accept_life_time_local = try(key.accept_life_time_local, null)
accept_life_time_local_variable = try("{{${key.accept_life_time_local_variable}}}", null)
accept_life_time_start_epoch = try(key.accept_life_time_start_epoch, null)
crypto_algorithm = key.crypto_algorithm
id = key.id
include_tcp_options = try(key.include_tcp_options, null)
include_tcp_options_variable = try("{{${key.include_tcp_options_variable}}}", null)
key_string = try(key.key_string, null)
key_string_variable = try("{{${key.key_string_variable}}}", null)
name = key.key_chain_name
receiver_id = try(key.receiver_id, null)
receiver_id_variable = try("{{${key.receiver_id_variable}}}", null)
send_id = try(key.send_id, null)
send_id_variable = try("{{${key.send_id_variable}}}", null)
send_life_time_duration = try(key.send_life_time_duration, null)
send_life_time_exact = try(key.send_life_time_exact, null)
send_life_time_infinite = try(key.send_life_time_infinite, null)
send_life_time_local = try(key.send_life_time_local, null)
send_life_time_local_variable = try("{{${key.send_life_time_local_variable}}}", null)
send_life_time_start_epoch = try(key.send_life_time_start_epoch, null)
}]
rekey = try(each.value.security.rekey_time, null)
rekey_variable = try("{{${each.value.security.rekey_time_variable}}}", null)
}
resource "sdwan_system_snmp_feature" "system_snmp_feature" {
for_each = {
for sys in try(local.feature_profiles.system_profiles, {}) :
"${sys.name}-snmp" => sys
if try(sys.snmp, null) != null
}
name = try(each.value.snmp.name, local.defaults.sdwan.feature_profiles.system_profiles.snmp.name)
description = try(each.value.snmp.description, null)
feature_profile_id = sdwan_system_feature_profile.system_feature_profile[each.value.name].id
communities = try(length(each.value.snmp.communities) == 0, true) ? null : [for c in each.value.snmp.communities : {
authorization = try(c.authorization, null)
authorization_variable = try("{{${c.authorization_variable}}}", null)
name = c.name
user_label = c.user_label
view = try(c.view, null)
view_variable = try("{{${c.view_variable}}}", null)
}]
contact_person = try(each.value.snmp.contact_person, null)
contact_person_variable = try("{{${each.value.snmp.contact_person_variable}}}", null)
groups = try(length(each.value.snmp.groups) == 0, true) ? null : [for group in each.value.snmp.groups : {
name = group.name
security_level = group.security_level
view = try(group.view, null)
view_variable = try("{{${group.view.view_variable}}}", null)
}]
location_of_device = try(each.value.snmp.location, null)
location_of_device_variable = try("{{${each.value.snmp.location_variable}}}", null)
shutdown = try(each.value.snmp.shutdown, null)
shutdown_variable = try("{{${each.value.snmp.shutdown_variable}}}", null)
trap_target_servers = try(length(each.value.snmp.trap_target_servers) == 0, true) ? null : [for server in each.value.snmp.trap_target_servers : {
ip = try(server.ip, null)
ip_variable = try("{{${server.ip_variable}}}", null)
port = try(server.port, null)
port_variable = try("{{${server.port_variable}}}", null)
source_interface = try(server.source_interface, null)
source_interface_variable = try("{{${server.source_interface_variable}}}", null)
user = try(server.user, null)
user_label = try(server.user_label, null)
user_variable = try("{{${server.user_variable}}}", null)
vpn_id = try(server.vpn_id, null)
vpn_id_variable = try("{{${server.vpn_id_variable}}}", null)
}]
users = try(length(each.value.snmp.users) == 0, true) ? null : [for user in each.value.snmp.users : {
authentication_password = try(user.authentication_password, null)
authentication_password_variable = try("{{${user.authentication_password_variable}}}", null)
authentication_protocol = try(user.authentication_protocol, null)
authentication_protocol_variable = try("{{${user.authentication_protocol_variable}}}", null)
group = try(user.group, null)
group_variable = try("{{${user.group_variable}}}", null)
name = user.name
privacy_password = try(user.privacy_password, null)
privacy_password_variable = try("{{${user.privacy_password_variable}}}", null)
privacy_protocol = try(user.privacy_protocol, null)
privacy_protocol_variable = try("{{${user.privacy_protocol_variable}}}", null)
}]
views = try(length(each.value.snmp.views) == 0, true) ? null : [for view in each.value.snmp.views : {
name = view.name
oids = try(length(view.oids) == 0, true) ? null : [for oid in view.oids : {
exclude = try(oid.exclude, null)
exclude_variable = try("{{${oid.exclude_variable}}}", null)
id = try(oid.id, null)
id_variable = try("{{${oid.id_variable}}}", null)
}]
}]
}