Resolve Issue #278 and #279 (#281)

seconroy · web-flow · commit 8f37062a13f7 · 2024-07-10T21:53:08.000+02:00
diff --git a/docs/data-sources/zone_based_firewall_policy_definition.md b/docs/data-sources/zone_based_firewall_policy_definition.md
@@ -69,6 +69,7 @@ Read-Only:
 Read-Only:
 
 - `policy_id` (String) policy id for selected match entry
+- `protocol_type` (String) Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.
 - `type` (String) Type of match entry
 - `value` (String) value for selected match entry
 - `value_variable` (String) variable value for selected match entry if it has variable option (sourceIp & destinationIp)
diff --git a/docs/resources/zone_based_firewall_policy_definition.md b/docs/resources/zone_based_firewall_policy_definition.md
@@ -80,13 +80,22 @@ Required:
 
 - `base_action` (String) Base action
   - Choices: `pass`, `drop`, `inspect`
-- `match_entries` (Attributes List) List of match entries (see [below for nested schema](#nestedatt--rules--match_entries))
 - `rule_name` (String) Rule name
 - `rule_order` (Number) Rule
 
 Optional:
 
 - `action_entries` (Attributes List) List of actions entries (see [below for nested schema](#nestedatt--rules--action_entries))
+- `match_entries` (Attributes List) List of match entries (see [below for nested schema](#nestedatt--rules--match_entries))
+
+<a id="nestedatt--rules--action_entries"></a>
+### Nested Schema for `rules.action_entries`
+
+Optional:
+
+- `type` (String) Type of action entry
+  - Choices: `log`, `connectionEvents`
+
 
 <a id="nestedatt--rules--match_entries"></a>
 ### Nested Schema for `rules.match_entries`
@@ -99,18 +108,10 @@ Required:
 Optional:
 
 - `policy_id` (String) policy id for selected match entry
+- `protocol_type` (String) Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.
 - `value` (String) value for selected match entry
 - `value_variable` (String) variable value for selected match entry if it has variable option (sourceIp & destinationIp)
 
-
-<a id="nestedatt--rules--action_entries"></a>
-### Nested Schema for `rules.action_entries`
-
-Optional:
-
-- `type` (String) Type of action entry
-  - Choices: `log`, `connectionEvents`
-
 ## Import
 
 Import is supported using the following syntax:
diff --git a/gen/definitions/generic/zone_based_firewall_policy_definition.yaml b/gen/definitions/generic/zone_based_firewall_policy_definition.yaml
@@ -85,7 +85,6 @@ attributes:
       tf_name: match_entries
       data_path: [match]
       type: List
-      mandatory: true
       min_list: 1
       description: List of match entries
       attributes:
@@ -109,6 +108,12 @@ attributes:
         description: value for selected match entry
         exclude_test: true
         example: 2
+      - model_name: app
+        tf_name: protocol_type
+        type: String
+        description: Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.
+        exclude_test: true
+        example: dns
       - model_name: vipVariableName
         tf_name: value_variable
         type: String
@@ -118,6 +123,7 @@ attributes:
     - model_name: actions
       tf_name: action_entries
       type: List
+      min_list: 1
       description: List of actions entries
       attributes:
         - model_name: type
diff --git a/internal/provider/data_source_sdwan_zone_based_firewall_policy_definition.go b/internal/provider/data_source_sdwan_zone_based_firewall_policy_definition.go
@@ -131,6 +131,10 @@ func (d *ZoneBasedFirewallPolicyDefinitionDataSource) Schema(ctx context.Context
 										MarkdownDescription: "value for selected match entry",
 										Computed:            true,
 									},
+									"protocol_type": schema.StringAttribute{
+										MarkdownDescription: "Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.",
+										Computed:            true,
+									},
 									"value_variable": schema.StringAttribute{
 										MarkdownDescription: "variable value for selected match entry if it has variable option (sourceIp & destinationIp)",
 										Computed:            true,
diff --git a/internal/provider/model_sdwan_zone_based_firewall_policy_definition.go b/internal/provider/model_sdwan_zone_based_firewall_policy_definition.go
@@ -57,6 +57,7 @@ type ZoneBasedFirewallPolicyDefinitionRulesMatchEntries struct {
 	Type          types.String `tfsdk:"type"`
 	PolicyId      types.String `tfsdk:"policy_id"`
 	Value         types.String `tfsdk:"value"`
+	ProtocolType  types.String `tfsdk:"protocol_type"`
 	ValueVariable types.String `tfsdk:"value_variable"`
 }
 type ZoneBasedFirewallPolicyDefinitionRulesActionEntries struct {
@@ -132,6 +133,9 @@ func (data ZoneBasedFirewallPolicyDefinition) toBody(ctx context.Context) string
 					if !childItem.Value.IsNull() {
 						itemChildBody, _ = sjson.Set(itemChildBody, "value", childItem.Value.ValueString())
 					}
+					if !childItem.ProtocolType.IsNull() {
+						itemChildBody, _ = sjson.Set(itemChildBody, "app", childItem.ProtocolType.ValueString())
+					}
 					if !childItem.ValueVariable.IsNull() {
 						itemChildBody, _ = sjson.Set(itemChildBody, "vipVariableName", childItem.ValueVariable.ValueString())
 					}
@@ -238,6 +242,11 @@ func (data *ZoneBasedFirewallPolicyDefinition) fromBody(ctx context.Context, res
 					} else {
 						cItem.Value = types.StringNull()
 					}
+					if ccValue := cv.Get("app"); ccValue.Exists() {
+						cItem.ProtocolType = types.StringValue(ccValue.String())
+					} else {
+						cItem.ProtocolType = types.StringNull()
+					}
 					if ccValue := cv.Get("vipVariableName"); ccValue.Exists() {
 						cItem.ValueVariable = types.StringValue(ccValue.String())
 					} else {
@@ -333,6 +342,9 @@ func (data *ZoneBasedFirewallPolicyDefinition) hasChanges(ctx context.Context, s
 					if !data.Rules[i].MatchEntries[ii].Value.Equal(state.Rules[i].MatchEntries[ii].Value) {
 						hasChanges = true
 					}
+					if !data.Rules[i].MatchEntries[ii].ProtocolType.Equal(state.Rules[i].MatchEntries[ii].ProtocolType) {
+						hasChanges = true
+					}
 					if !data.Rules[i].MatchEntries[ii].ValueVariable.Equal(state.Rules[i].MatchEntries[ii].ValueVariable) {
 						hasChanges = true
 					}
diff --git a/internal/provider/resource_sdwan_zone_based_firewall_policy_definition.go b/internal/provider/resource_sdwan_zone_based_firewall_policy_definition.go
@@ -140,7 +140,7 @@ func (r *ZoneBasedFirewallPolicyDefinitionResource) Schema(ctx context.Context,
 						},
 						"match_entries": schema.ListNestedAttribute{
 							MarkdownDescription: helpers.NewAttributeDescription("List of match entries").String,
-							Required:            true,
+							Optional:            true,
 							NestedObject: schema.NestedAttributeObject{
 								Attributes: map[string]schema.Attribute{
 									"type": schema.StringAttribute{
@@ -158,6 +158,10 @@ func (r *ZoneBasedFirewallPolicyDefinitionResource) Schema(ctx context.Context,
 										MarkdownDescription: helpers.NewAttributeDescription("value for selected match entry").String,
 										Optional:            true,
 									},
+									"protocol_type": schema.StringAttribute{
+										MarkdownDescription: helpers.NewAttributeDescription("Should be included with additionally entries for `destinationPort` and `protocol` whenever the type `protocolName` is used.").String,
+										Optional:            true,
+									},
 									"value_variable": schema.StringAttribute{
 										MarkdownDescription: helpers.NewAttributeDescription("variable value for selected match entry if it has variable option (sourceIp & destinationIp)").String,
 										Optional:            true,
@@ -182,6 +186,9 @@ func (r *ZoneBasedFirewallPolicyDefinitionResource) Schema(ctx context.Context,
 									},
 								},
 							},
+							Validators: []validator.List{
+								listvalidator.SizeAtLeast(1),
+							},
 						},
 					},
 				},
