From 4342887e36f2d883632ea44e0217a35d4d80822a Mon Sep 17 00:00:00 2001 From: tzarski Date: Wed, 23 Jul 2025 17:10:04 +0200 Subject: [PATCH 01/10] initial commit for policy group support --- CHANGELOG.md | 4 + docs/data-sources/policy_group.md | 34 +++ docs/guides/changelog.md | 4 + docs/resources/policy_group.md | 53 ++++ .../sdwan_policy_group/data-source.tf | 3 + .../resources/sdwan_policy_group/import.sh | 1 + .../resources/sdwan_policy_group/resource.tf | 6 + gen/definitions/generic/policy_group.yaml | 42 +++ .../data_source_sdwan_policy_group.go | 128 +++++++++ .../data_source_sdwan_policy_group_test.go | 82 ++++++ internal/provider/model_sdwan_policy_group.go | 127 +++++++++ internal/provider/provider.go | 2 + .../provider/resource_sdwan_policy_group.go | 255 ++++++++++++++++++ .../resource_sdwan_policy_group_test.go | 75 ++++++ templates/guides/changelog.md.tmpl | 4 + 15 files changed, 820 insertions(+) create mode 100644 docs/data-sources/policy_group.md create mode 100644 docs/resources/policy_group.md create mode 100644 examples/data-sources/sdwan_policy_group/data-source.tf create mode 100644 examples/resources/sdwan_policy_group/import.sh create mode 100644 examples/resources/sdwan_policy_group/resource.tf create mode 100644 gen/definitions/generic/policy_group.yaml create mode 100644 internal/provider/data_source_sdwan_policy_group.go create mode 100644 internal/provider/data_source_sdwan_policy_group_test.go create mode 100644 internal/provider/model_sdwan_policy_group.go create mode 100644 internal/provider/resource_sdwan_policy_group.go create mode 100644 internal/provider/resource_sdwan_policy_group_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b2b49d57..98ad7eedb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.3 (unreleased) + +- Add `sdwan_policy_group` resource and data source + ## 0.6.2 - Fix issue causing changes to applied feature templates to fail, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/417) diff --git a/docs/data-sources/policy_group.md b/docs/data-sources/policy_group.md new file mode 100644 index 000000000..35b1b5bf8 --- /dev/null +++ b/docs/data-sources/policy_group.md @@ -0,0 +1,34 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_policy_group Data Source - terraform-provider-sdwan" +subcategory: "Policy Groups" +description: |- + This data source can read the Policy Group . +--- + +# sdwan_policy_group (Data Source) + +This data source can read the Policy Group . + +## Example Usage + +```terraform +data "sdwan_policy_group" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} +``` + + +## Schema + +### Required + +- `id` (String) The id of the object + +### Read-Only + +- `description` (String) Description +- `feature_profile_ids` (Set of String) List of feature profile IDs +- `name` (String) The name of the policy group +- `policy_versions` (List of String) List of all associated policy versions +- `solution` (String) Type of solution diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index 3805e503e..47d4b5b88 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -7,6 +7,10 @@ description: |- # Changelog +## 0.6.3 (unreleased) + +- Add `sdwan_policy_group` resource and data source + ## 0.6.2 - Fix issue causing changes to applied feature templates to fail, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/417) diff --git a/docs/resources/policy_group.md b/docs/resources/policy_group.md new file mode 100644 index 000000000..ac74dcd67 --- /dev/null +++ b/docs/resources/policy_group.md @@ -0,0 +1,53 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "sdwan_policy_group Resource - terraform-provider-sdwan" +subcategory: "Policy Groups" +description: |- + This resource can manage a Policy Group . + Minimum SD-WAN Manager version: 20.12.0 +--- + +# sdwan_policy_group (Resource) + +This resource can manage a Policy Group . + - Minimum SD-WAN Manager version: `20.12.0` + +## Example Usage + +```terraform +resource "sdwan_policy_group" "example" { + name = "PG_1" + description = "My policy group 1" + solution = "sdwan" + feature_profile_ids = ["f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"] +} +``` + + +## Schema + +### Required + +- `description` (String) Description +- `name` (String) The name of the policy group +- `solution` (String) Type of solution + - Choices: `sdwan` + +### Optional + +- `feature_profile_ids` (Set of String) List of feature profile IDs +- `policy_versions` (List of String) List of all associated policy versions + +### Read-Only + +- `id` (String) The id of the object + +## Import + +Import is supported using the following syntax: + +The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example: + +```shell +terraform import sdwan_policy_group.example "f6b2c44c-693c-4763-b010-895aa3d236bd" +``` diff --git a/examples/data-sources/sdwan_policy_group/data-source.tf b/examples/data-sources/sdwan_policy_group/data-source.tf new file mode 100644 index 000000000..94112efee --- /dev/null +++ b/examples/data-sources/sdwan_policy_group/data-source.tf @@ -0,0 +1,3 @@ +data "sdwan_policy_group" "example" { + id = "f6b2c44c-693c-4763-b010-895aa3d236bd" +} diff --git a/examples/resources/sdwan_policy_group/import.sh b/examples/resources/sdwan_policy_group/import.sh new file mode 100644 index 000000000..3a4c727c0 --- /dev/null +++ b/examples/resources/sdwan_policy_group/import.sh @@ -0,0 +1 @@ +terraform import sdwan_policy_group.example "f6b2c44c-693c-4763-b010-895aa3d236bd" diff --git a/examples/resources/sdwan_policy_group/resource.tf b/examples/resources/sdwan_policy_group/resource.tf new file mode 100644 index 000000000..d792f9dd9 --- /dev/null +++ b/examples/resources/sdwan_policy_group/resource.tf @@ -0,0 +1,6 @@ +resource "sdwan_policy_group" "example" { + name = "PG_1" + description = "My policy group 1" + solution = "sdwan" + feature_profile_ids = ["f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"] +} diff --git a/gen/definitions/generic/policy_group.yaml b/gen/definitions/generic/policy_group.yaml new file mode 100644 index 000000000..338878679 --- /dev/null +++ b/gen/definitions/generic/policy_group.yaml @@ -0,0 +1,42 @@ +--- +name: Policy Group +rest_endpoint: /v1/policy-group/ +id_attribute: id +minimum_version: 20.12.0 +test_tags: [SDWAN_2012] +doc_category: Policy Groups +attributes: + - model_name: name + type: String + mandatory: true + description: The name of the policy group + example: PG_1 + - model_name: description + type: String + mandatory: true + description: Description + example: My policy group 1 + - model_name: solution + type: String + mandatory: true + enum_values: [sdwan] + description: Type of solution + example: sdwan + - model_name: profiles + tf_name: feature_profile_ids + type: Set + element_type: String + description: List of feature profile IDs + example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac + test_value: "[sdwan_application_priority_feature_profile.test.id]" + - tf_name: policy_versions + tf_only: true + type: Versions + description: List of all associated policy versions + exclude_test: true + +test_prerequisites: | + resource "sdwan_application_priority_feature_profile" "test" { + name = "APPLICATION_PRIORITY_TF" + description = "Terraform test" + } diff --git a/internal/provider/data_source_sdwan_policy_group.go b/internal/provider/data_source_sdwan_policy_group.go new file mode 100644 index 000000000..2cdd474f2 --- /dev/null +++ b/internal/provider/data_source_sdwan_policy_group.go @@ -0,0 +1,128 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +package provider + +// Section below is generated&owned by "gen/generator.go". //template:begin imports +import ( + "context" + "fmt" + "net/url" + + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// End of section. //template:end imports + +// Section below is generated&owned by "gen/generator.go". //template:begin model + +// Ensure the implementation satisfies the expected interfaces. +var ( + _ datasource.DataSource = &PolicyGroupDataSource{} + _ datasource.DataSourceWithConfigure = &PolicyGroupDataSource{} +) + +func NewPolicyGroupDataSource() datasource.DataSource { + return &PolicyGroupDataSource{} +} + +type PolicyGroupDataSource struct { + client *sdwan.Client +} + +func (d *PolicyGroupDataSource) Metadata(_ context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_group" +} + +func (d *PolicyGroupDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: "This data source can read the Policy Group .", + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Required: true, + }, + "name": schema.StringAttribute{ + MarkdownDescription: "The name of the policy group", + Computed: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: "Description", + Computed: true, + }, + "solution": schema.StringAttribute{ + MarkdownDescription: "Type of solution", + Computed: true, + }, + "feature_profile_ids": schema.SetAttribute{ + MarkdownDescription: "List of feature profile IDs", + ElementType: types.StringType, + Computed: true, + }, + "policy_versions": schema.ListAttribute{ + MarkdownDescription: "List of all associated policy versions", + ElementType: types.StringType, + Computed: true, + }, + }, + } +} + +func (d *PolicyGroupDataSource) Configure(_ context.Context, req datasource.ConfigureRequest, _ *datasource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + d.client = req.ProviderData.(*SdwanProviderData).Client +} + +// End of section. //template:end model + +// Section below is generated&owned by "gen/generator.go". //template:begin read +func (d *PolicyGroupDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { + var config PolicyGroup + + // Read config + diags := req.Config.Get(ctx, &config) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String())) + + res, err := d.client.Get(config.getPath() + url.QueryEscape(config.Id.ValueString())) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) + return + } + + config.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) + + diags = resp.State.Set(ctx, &config) + resp.Diagnostics.Append(diags...) +} + +// End of section. //template:end read diff --git a/internal/provider/data_source_sdwan_policy_group_test.go b/internal/provider/data_source_sdwan_policy_group_test.go new file mode 100644 index 000000000..7993ae916 --- /dev/null +++ b/internal/provider/data_source_sdwan_policy_group_test.go @@ -0,0 +1,82 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +package provider + +// Section below is generated&owned by "gen/generator.go". //template:begin imports +import ( + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +// End of section. //template:end imports + +// Section below is generated&owned by "gen/generator.go". //template:begin testAccDataSource +func TestAccDataSourceSdwanPolicyGroup(t *testing.T) { + if os.Getenv("SDWAN_2012") == "" { + t.Skip("skipping test, set environment variable SDWAN_2012") + } + var checks []resource.TestCheckFunc + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "name", "PG_1")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "description", "My policy group 1")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "solution", "sdwan")) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceSdwanPolicyGroupPrerequisitesConfig + testAccDataSourceSdwanPolicyGroupConfig(), + Check: resource.ComposeTestCheckFunc(checks...), + }, + }, + }) +} + +// End of section. //template:end testAccDataSource + +// Section below is generated&owned by "gen/generator.go". //template:begin testPrerequisites +const testAccDataSourceSdwanPolicyGroupPrerequisitesConfig = ` +resource "sdwan_application_priority_feature_profile" "test" { + name = "APPLICATION_PRIORITY_TF" + description = "Terraform test" +} + +` + +// End of section. //template:end testPrerequisites + +// Section below is generated&owned by "gen/generator.go". //template:begin testAccDataSourceConfig +func testAccDataSourceSdwanPolicyGroupConfig() string { + config := "" + config += `resource "sdwan_policy_group" "test" {` + "\n" + config += ` name = "PG_1"` + "\n" + config += ` description = "My policy group 1"` + "\n" + config += ` solution = "sdwan"` + "\n" + config += ` feature_profile_ids = [sdwan_application_priority_feature_profile.test.id]` + "\n" + config += `}` + "\n" + + config += ` + data "sdwan_policy_group" "test" { + id = sdwan_policy_group.test.id + } + ` + return config +} + +// End of section. //template:end testAccDataSourceConfig diff --git a/internal/provider/model_sdwan_policy_group.go b/internal/provider/model_sdwan_policy_group.go new file mode 100644 index 000000000..77a396910 --- /dev/null +++ b/internal/provider/model_sdwan_policy_group.go @@ -0,0 +1,127 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +package provider + +// Section below is generated&owned by "gen/generator.go". //template:begin imports +import ( + "context" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" +) + +// End of section. //template:end imports + +// Section below is generated&owned by "gen/generator.go". //template:begin types +type PolicyGroup struct { + Id types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + Solution types.String `tfsdk:"solution"` + FeatureProfileIds types.Set `tfsdk:"feature_profile_ids"` + PolicyVersions types.List `tfsdk:"policy_versions"` +} + +// End of section. //template:end types + +// Section below is generated&owned by "gen/generator.go". //template:begin getPath +func (data PolicyGroup) getPath() string { + return "/v1/policy-group/" +} + +// End of section. //template:end getPath + +// Section below is generated&owned by "gen/generator.go". //template:begin toBody +func (data PolicyGroup) toBody(ctx context.Context) string { + body := "" + if !data.Name.IsNull() { + body, _ = sjson.Set(body, "name", data.Name.ValueString()) + } + if !data.Description.IsNull() { + body, _ = sjson.Set(body, "description", data.Description.ValueString()) + } + if !data.Solution.IsNull() { + body, _ = sjson.Set(body, "solution", data.Solution.ValueString()) + } + if !data.FeatureProfileIds.IsNull() { + var values []string + data.FeatureProfileIds.ElementsAs(ctx, &values, false) + body, _ = sjson.Set(body, "profiles", values) + } + return body +} + +// End of section. //template:end toBody + +// Section below is generated&owned by "gen/generator.go". //template:begin fromBody +func (data *PolicyGroup) fromBody(ctx context.Context, res gjson.Result) { + state := *data + if value := res.Get("name"); value.Exists() { + data.Name = types.StringValue(value.String()) + } else { + data.Name = types.StringNull() + } + if value := res.Get("description"); value.Exists() { + data.Description = types.StringValue(value.String()) + } else { + data.Description = types.StringNull() + } + if value := res.Get("solution"); value.Exists() { + data.Solution = types.StringValue(value.String()) + } else { + data.Solution = types.StringNull() + } + if value := res.Get("profiles"); value.Exists() { + data.FeatureProfileIds = helpers.GetStringSet(value.Array()) + } else { + data.FeatureProfileIds = types.SetNull(types.StringType) + } + data.updateVersions(ctx, &state) +} + +// End of section. //template:end fromBody + +// Section below is generated&owned by "gen/generator.go". //template:begin hasChanges +func (data *PolicyGroup) hasChanges(ctx context.Context, state *PolicyGroup) bool { + hasChanges := false + if !data.Name.Equal(state.Name) { + hasChanges = true + } + if !data.Description.Equal(state.Description) { + hasChanges = true + } + if !data.Solution.Equal(state.Solution) { + hasChanges = true + } + if !data.FeatureProfileIds.Equal(state.FeatureProfileIds) { + hasChanges = true + } + return hasChanges +} + +// End of section. //template:end hasChanges + +// Section below is generated&owned by "gen/generator.go". //template:begin updateVersions + +func (data *PolicyGroup) updateVersions(ctx context.Context, state *PolicyGroup) { + data.PolicyVersions = state.PolicyVersions +} + +// End of section. //template:end updateVersions diff --git a/internal/provider/provider.go b/internal/provider/provider.go index 0af5b9b1f..a9afc1b04 100644 --- a/internal/provider/provider.go +++ b/internal/provider/provider.go @@ -434,6 +434,7 @@ func (p *SdwanProvider) Resources(ctx context.Context) []func() resource.Resourc NewObjectGroupPolicyDefinitionResource, NewOtherFeatureProfileResource, NewPolicerPolicyObjectResource, + NewPolicyGroupResource, NewPolicyObjectFeatureProfileResource, NewPortListPolicyObjectResource, NewPreferredColorGroupPolicyObjectResource, @@ -673,6 +674,7 @@ func (p *SdwanProvider) DataSources(ctx context.Context) []func() datasource.Dat NewObjectGroupPolicyDefinitionDataSource, NewOtherFeatureProfileDataSource, NewPolicerPolicyObjectDataSource, + NewPolicyGroupDataSource, NewPolicyObjectFeatureProfileDataSource, NewPortListPolicyObjectDataSource, NewPreferredColorGroupPolicyObjectDataSource, diff --git a/internal/provider/resource_sdwan_policy_group.go b/internal/provider/resource_sdwan_policy_group.go new file mode 100644 index 000000000..35646a949 --- /dev/null +++ b/internal/provider/resource_sdwan_policy_group.go @@ -0,0 +1,255 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +package provider + +// Section below is generated&owned by "gen/generator.go". //template:begin imports +import ( + "context" + "fmt" + "net/url" + "strings" + "sync" + + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/path" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/netascode/go-sdwan" +) + +// End of section. //template:end imports + +// Section below is generated&owned by "gen/generator.go". //template:begin model + +// Ensure provider defined types fully satisfy framework interfaces +var _ resource.Resource = &PolicyGroupResource{} +var _ resource.ResourceWithImportState = &PolicyGroupResource{} + +func NewPolicyGroupResource() resource.Resource { + return &PolicyGroupResource{} +} + +type PolicyGroupResource struct { + client *sdwan.Client + updateMutex *sync.Mutex +} + +func (r *PolicyGroupResource) Metadata(ctx context.Context, req resource.MetadataRequest, resp *resource.MetadataResponse) { + resp.TypeName = req.ProviderTypeName + "_policy_group" +} + +func (r *PolicyGroupResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + // This description is used by the documentation generator and the language server. + MarkdownDescription: helpers.NewAttributeDescription("This resource can manage a Policy Group .").AddMinimumVersionDescription("20.12.0").String, + + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "The id of the object", + Computed: true, + PlanModifiers: []planmodifier.String{ + stringplanmodifier.UseStateForUnknown(), + }, + }, + "name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("The name of the policy group").String, + Required: true, + }, + "description": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Description").String, + Required: true, + }, + "solution": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Type of solution").AddStringEnumDescription("sdwan").String, + Required: true, + Validators: []validator.String{ + stringvalidator.OneOf("sdwan"), + }, + }, + "feature_profile_ids": schema.SetAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of feature profile IDs").String, + ElementType: types.StringType, + Optional: true, + }, + "policy_versions": schema.ListAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of all associated policy versions").String, + ElementType: types.StringType, + Optional: true, + }, + }, + } +} + +func (r *PolicyGroupResource) Configure(_ context.Context, req resource.ConfigureRequest, _ *resource.ConfigureResponse) { + if req.ProviderData == nil { + return + } + + r.client = req.ProviderData.(*SdwanProviderData).Client + r.updateMutex = req.ProviderData.(*SdwanProviderData).UpdateMutex +} + +// End of section. //template:end model + +// Section below is generated&owned by "gen/generator.go". //template:begin create +func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { + var plan PolicyGroup + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Name.ValueString())) + + // Create object + body := plan.toBody(ctx) + + res, err := r.client.Post(plan.getPath(), body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) + return + } + plan.Id = types.StringValue(res.Get("id").String()) + + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +// End of section. //template:end create + +// Section below is generated&owned by "gen/generator.go". //template:begin read +func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { + var state PolicyGroup + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Name.ValueString())) + + res, err := r.client.Get(state.getPath() + url.QueryEscape(state.Id.ValueString())) + if strings.Contains(res.Get("error.message").String(), "Failed to find specified resource") || strings.Contains(res.Get("error.message").String(), "Invalid template type") || strings.Contains(res.Get("error.message").String(), "Template definition not found") || strings.Contains(res.Get("error.message").String(), "Invalid Profile Id") || strings.Contains(res.Get("error.message").String(), "Invalid feature Id") || strings.Contains(res.Get("error.message").String(), "Invalid config group passed") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + state.fromBody(ctx, res) + + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Name.ValueString())) + + diags = resp.State.Set(ctx, &state) + resp.Diagnostics.Append(diags...) +} + +// End of section. //template:end read + +// Section below is generated&owned by "gen/generator.go". //template:begin update +func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { + var plan, state PolicyGroup + + // Read plan + diags := req.Plan.Get(ctx, &plan) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + // Read state + diags = req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Name.ValueString())) + + if plan.hasChanges(ctx, &state) { + body := plan.toBody(ctx) + r.updateMutex.Lock() + res, err := r.client.Put(plan.getPath()+url.QueryEscape(plan.Id.ValueString()), body) + r.updateMutex.Unlock() + if err != nil { + if strings.Contains(res.Get("error.message").String(), "Failed to acquire lock") { + resp.Diagnostics.AddWarning("Client Warning", "Failed to modify policy due to policy being locked by another change. Policy changes will not be applied. Re-run 'terraform apply' to try again.") + } else if strings.Contains(res.Get("error.message").String(), "Template locked in edit mode") { + resp.Diagnostics.AddWarning("Client Warning", "Failed to modify template due to template being locked by another change. Template changes will not be applied. Re-run 'terraform apply' to try again.") + } else { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return + } + } + } else { + tflog.Debug(ctx, fmt.Sprintf("%s: No changes detected", plan.Name.ValueString())) + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) + + diags = resp.State.Set(ctx, &plan) + resp.Diagnostics.Append(diags...) +} + +// End of section. //template:end update + +// Section below is generated&owned by "gen/generator.go". //template:begin delete +func (r *PolicyGroupResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { + var state PolicyGroup + + // Read state + diags := req.State.Get(ctx, &state) + resp.Diagnostics.Append(diags...) + if resp.Diagnostics.HasError() { + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Name.ValueString())) + + res, err := r.client.Delete(state.getPath() + url.QueryEscape(state.Id.ValueString())) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) + return + } + + tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Name.ValueString())) + + resp.State.RemoveResource(ctx) +} + +// End of section. //template:end delete + +// Section below is generated&owned by "gen/generator.go". //template:begin import +func (r *PolicyGroupResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { + resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) +} + +// End of section. //template:end import diff --git a/internal/provider/resource_sdwan_policy_group_test.go b/internal/provider/resource_sdwan_policy_group_test.go new file mode 100644 index 000000000..b7213936b --- /dev/null +++ b/internal/provider/resource_sdwan_policy_group_test.go @@ -0,0 +1,75 @@ +// Copyright © 2023 Cisco Systems, Inc. and its affiliates. +// All rights reserved. +// +// Licensed under the Mozilla Public License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://mozilla.org/MPL/2.0/ +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: MPL-2.0 + +package provider + +// Section below is generated&owned by "gen/generator.go". //template:begin imports +import ( + "os" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +// End of section. //template:end imports + +// Section below is generated&owned by "gen/generator.go". //template:begin testAcc +func TestAccSdwanPolicyGroup(t *testing.T) { + if os.Getenv("SDWAN_2012") == "" { + t.Skip("skipping test, set environment variable SDWAN_2012") + } + var checks []resource.TestCheckFunc + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "name", "PG_1")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "description", "My policy group 1")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "solution", "sdwan")) + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, + Steps: []resource.TestStep{ + { + Config: testAccSdwanPolicyGroupPrerequisitesConfig + testAccSdwanPolicyGroupConfig_all(), + Check: resource.ComposeTestCheckFunc(checks...), + }, + }, + }) +} + +// End of section. //template:end testAcc + +// Section below is generated&owned by "gen/generator.go". //template:begin testPrerequisites +const testAccSdwanPolicyGroupPrerequisitesConfig = ` +resource "sdwan_application_priority_feature_profile" "test" { + name = "APPLICATION_PRIORITY_TF" + description = "Terraform test" +} + +` + +// End of section. //template:end testPrerequisites + +// Section below is generated&owned by "gen/generator.go". //template:begin testAccConfigAll +func testAccSdwanPolicyGroupConfig_all() string { + config := `resource "sdwan_policy_group" "test" {` + "\n" + config += ` name = "PG_1"` + "\n" + config += ` description = "My policy group 1"` + "\n" + config += ` solution = "sdwan"` + "\n" + config += ` feature_profile_ids = [sdwan_application_priority_feature_profile.test.id]` + "\n" + config += `}` + "\n" + return config +} + +// End of section. //template:end testAccConfigAll diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index 3805e503e..47d4b5b88 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -7,6 +7,10 @@ description: |- # Changelog +## 0.6.3 (unreleased) + +- Add `sdwan_policy_group` resource and data source + ## 0.6.2 - Fix issue causing changes to applied feature templates to fail, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/417) From 64e227405fc52a2478b10bcb93c0dd66e8fa21d4 Mon Sep 17 00:00:00 2001 From: tzarski Date: Tue, 29 Jul 2025 10:38:49 +0200 Subject: [PATCH 02/10] update policy group read, create, delete --- .../data_source_sdwan_policy_group.go | 11 +-- internal/provider/model_sdwan_policy_group.go | 71 +++++++------------ .../provider/resource_sdwan_policy_group.go | 59 ++++++--------- 3 files changed, 53 insertions(+), 88 deletions(-) diff --git a/internal/provider/data_source_sdwan_policy_group.go b/internal/provider/data_source_sdwan_policy_group.go index 2cdd474f2..bf572ad62 100644 --- a/internal/provider/data_source_sdwan_policy_group.go +++ b/internal/provider/data_source_sdwan_policy_group.go @@ -98,7 +98,6 @@ func (d *PolicyGroupDataSource) Configure(_ context.Context, req datasource.Conf // End of section. //template:end model -// Section below is generated&owned by "gen/generator.go". //template:begin read func (d *PolicyGroupDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) { var config PolicyGroup @@ -111,18 +110,20 @@ func (d *PolicyGroupDataSource) Read(ctx context.Context, req datasource.ReadReq tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", config.Id.String())) + // Read policy group res, err := d.client.Get(config.getPath() + url.QueryEscape(config.Id.ValueString())) - if err != nil { + if res.Raw == "" && err != nil { + resp.State.RemoveResource(ctx) + return + } else if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object, got error: %s", err)) return } - config.fromBody(ctx, res) + config.fromBodyPolicyGroup(ctx, res) tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) diags = resp.State.Set(ctx, &config) resp.Diagnostics.Append(diags...) } - -// End of section. //template:end read diff --git a/internal/provider/model_sdwan_policy_group.go b/internal/provider/model_sdwan_policy_group.go index 77a396910..b5ee2dc8a 100644 --- a/internal/provider/model_sdwan_policy_group.go +++ b/internal/provider/model_sdwan_policy_group.go @@ -20,8 +20,9 @@ package provider // Section below is generated&owned by "gen/generator.go". //template:begin imports import ( "context" + "strings" - "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/tidwall/gjson" "github.com/tidwall/sjson" @@ -48,8 +49,7 @@ func (data PolicyGroup) getPath() string { // End of section. //template:end getPath -// Section below is generated&owned by "gen/generator.go". //template:begin toBody -func (data PolicyGroup) toBody(ctx context.Context) string { +func (data PolicyGroup) toBodyPolicyGroup(ctx context.Context) string { body := "" if !data.Name.IsNull() { body, _ = sjson.Set(body, "name", data.Name.ValueString()) @@ -60,19 +60,20 @@ func (data PolicyGroup) toBody(ctx context.Context) string { if !data.Solution.IsNull() { body, _ = sjson.Set(body, "solution", data.Solution.ValueString()) } - if !data.FeatureProfileIds.IsNull() { - var values []string - data.FeatureProfileIds.ElementsAs(ctx, &values, false) - body, _ = sjson.Set(body, "profiles", values) + if true { + body, _ = sjson.Set(body, "profiles", []interface{}{}) + for _, item := range data.FeatureProfileIds.Elements() { + itemBody := "" + if !item.IsNull() { + itemBody, _ = sjson.Set(itemBody, "id", strings.Trim(item.String(), "\"")) + } + body, _ = sjson.SetRaw(body, "profiles.-1", itemBody) + } } return body } -// End of section. //template:end toBody - -// Section below is generated&owned by "gen/generator.go". //template:begin fromBody -func (data *PolicyGroup) fromBody(ctx context.Context, res gjson.Result) { - state := *data +func (data *PolicyGroup) fromBodyPolicyGroup(ctx context.Context, res gjson.Result) { if value := res.Get("name"); value.Exists() { data.Name = types.StringValue(value.String()) } else { @@ -88,40 +89,20 @@ func (data *PolicyGroup) fromBody(ctx context.Context, res gjson.Result) { } else { data.Solution = types.StringNull() } - if value := res.Get("profiles"); value.Exists() { - data.FeatureProfileIds = helpers.GetStringSet(value.Array()) + if value := res.Get("profiles"); value.Exists() && len(value.Array()) > 0 { + a := make([]attr.Value, len(value.Array())) + c := 0 + value.ForEach(func(k, v gjson.Result) bool { + if cValue := v.Get("id"); cValue.Exists() { + a[c] = types.StringValue(cValue.String()) + } else { + a[c] = types.StringNull() + } + c += 1 + return true + }) + data.FeatureProfileIds = types.SetValueMust(types.StringType, a) } else { data.FeatureProfileIds = types.SetNull(types.StringType) } - data.updateVersions(ctx, &state) } - -// End of section. //template:end fromBody - -// Section below is generated&owned by "gen/generator.go". //template:begin hasChanges -func (data *PolicyGroup) hasChanges(ctx context.Context, state *PolicyGroup) bool { - hasChanges := false - if !data.Name.Equal(state.Name) { - hasChanges = true - } - if !data.Description.Equal(state.Description) { - hasChanges = true - } - if !data.Solution.Equal(state.Solution) { - hasChanges = true - } - if !data.FeatureProfileIds.Equal(state.FeatureProfileIds) { - hasChanges = true - } - return hasChanges -} - -// End of section. //template:end hasChanges - -// Section below is generated&owned by "gen/generator.go". //template:begin updateVersions - -func (data *PolicyGroup) updateVersions(ctx context.Context, state *PolicyGroup) { - data.PolicyVersions = state.PolicyVersions -} - -// End of section. //template:end updateVersions diff --git a/internal/provider/resource_sdwan_policy_group.go b/internal/provider/resource_sdwan_policy_group.go index 35646a949..ee1399b6d 100644 --- a/internal/provider/resource_sdwan_policy_group.go +++ b/internal/provider/resource_sdwan_policy_group.go @@ -22,11 +22,11 @@ import ( "context" "fmt" "net/url" - "strings" "sync" "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" @@ -112,7 +112,6 @@ func (r *PolicyGroupResource) Configure(_ context.Context, req resource.Configur // End of section. //template:end model -// Section below is generated&owned by "gen/generator.go". //template:begin create func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateRequest, resp *resource.CreateResponse) { var plan PolicyGroup @@ -125,9 +124,8 @@ func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateReq tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Create", plan.Name.ValueString())) - // Create object - body := plan.toBody(ctx) - + // Create policy group + body := plan.toBodyPolicyGroup(ctx) res, err := r.client.Post(plan.getPath(), body) if err != nil { resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (POST), got error: %s, %s", err, res.String())) @@ -141,9 +139,6 @@ func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateReq resp.Diagnostics.Append(diags...) } -// End of section. //template:end create - -// Section below is generated&owned by "gen/generator.go". //template:begin read func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var state PolicyGroup @@ -156,8 +151,9 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Name.ValueString())) + // Read policy group res, err := r.client.Get(state.getPath() + url.QueryEscape(state.Id.ValueString())) - if strings.Contains(res.Get("error.message").String(), "Failed to find specified resource") || strings.Contains(res.Get("error.message").String(), "Invalid template type") || strings.Contains(res.Get("error.message").String(), "Template definition not found") || strings.Contains(res.Get("error.message").String(), "Invalid Profile Id") || strings.Contains(res.Get("error.message").String(), "Invalid feature Id") || strings.Contains(res.Get("error.message").String(), "Invalid config group passed") { + if res.Raw == "" && err == nil { resp.State.RemoveResource(ctx) return } else if err != nil { @@ -165,7 +161,7 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest return } - state.fromBody(ctx, res) + state.fromBodyPolicyGroup(ctx, res) tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Name.ValueString())) @@ -173,8 +169,6 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest resp.Diagnostics.Append(diags...) } -// End of section. //template:end read - // Section below is generated&owned by "gen/generator.go". //template:begin update func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var plan, state PolicyGroup @@ -194,23 +188,13 @@ func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateReq tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Update", plan.Name.ValueString())) - if plan.hasChanges(ctx, &state) { - body := plan.toBody(ctx) - r.updateMutex.Lock() - res, err := r.client.Put(plan.getPath()+url.QueryEscape(plan.Id.ValueString()), body) - r.updateMutex.Unlock() - if err != nil { - if strings.Contains(res.Get("error.message").String(), "Failed to acquire lock") { - resp.Diagnostics.AddWarning("Client Warning", "Failed to modify policy due to policy being locked by another change. Policy changes will not be applied. Re-run 'terraform apply' to try again.") - } else if strings.Contains(res.Get("error.message").String(), "Template locked in edit mode") { - resp.Diagnostics.AddWarning("Client Warning", "Failed to modify template due to template being locked by another change. Template changes will not be applied. Re-run 'terraform apply' to try again.") - } else { - resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) - return - } - } - } else { - tflog.Debug(ctx, fmt.Sprintf("%s: No changes detected", plan.Name.ValueString())) + // Update policy group + body := plan.toBodyPolicyGroup(ctx) + + res, err := r.client.Put(plan.getPath()+url.QueryEscape(plan.Id.ValueString()), body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure object (PUT), got error: %s, %s", err, res.String())) + return } tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) @@ -219,9 +203,14 @@ func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateReq resp.Diagnostics.Append(diags...) } -// End of section. //template:end update +func (r *PolicyGroupResource) DeletePolicyGroup(ctx context.Context, state PolicyGroup, diag *diag.Diagnostics) { + res, err := r.client.Delete(state.getPath() + url.QueryEscape(state.Id.ValueString())) + if err != nil { + diag.AddError("Client Error", fmt.Sprintf("Failed to delete policy group (DELETE), got error: %s, %s", err, res.String())) + return + } +} -// Section below is generated&owned by "gen/generator.go". //template:begin delete func (r *PolicyGroupResource) Delete(ctx context.Context, req resource.DeleteRequest, resp *resource.DeleteResponse) { var state PolicyGroup @@ -234,19 +223,13 @@ func (r *PolicyGroupResource) Delete(ctx context.Context, req resource.DeleteReq tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Delete", state.Name.ValueString())) - res, err := r.client.Delete(state.getPath() + url.QueryEscape(state.Id.ValueString())) - if err != nil { - resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete object (DELETE), got error: %s, %s", err, res.String())) - return - } + r.DeletePolicyGroup(ctx, state, &resp.Diagnostics) tflog.Debug(ctx, fmt.Sprintf("%s: Delete finished successfully", state.Name.ValueString())) resp.State.RemoveResource(ctx) } -// End of section. //template:end delete - // Section below is generated&owned by "gen/generator.go". //template:begin import func (r *PolicyGroupResource) ImportState(ctx context.Context, req resource.ImportStateRequest, resp *resource.ImportStateResponse) { resource.ImportStatePassthroughID(ctx, path.Root("id"), req, resp) From 6578811862f5b32dcb7202c1763b69d934ccc803 Mon Sep 17 00:00:00 2001 From: tzarski Date: Tue, 29 Jul 2025 10:47:00 +0200 Subject: [PATCH 03/10] update policy group resource --- internal/provider/resource_sdwan_policy_group.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/provider/resource_sdwan_policy_group.go b/internal/provider/resource_sdwan_policy_group.go index ee1399b6d..c89965e27 100644 --- a/internal/provider/resource_sdwan_policy_group.go +++ b/internal/provider/resource_sdwan_policy_group.go @@ -169,7 +169,6 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest resp.Diagnostics.Append(diags...) } -// Section below is generated&owned by "gen/generator.go". //template:begin update func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateRequest, resp *resource.UpdateResponse) { var plan, state PolicyGroup From f7a24e20758cb3e0b1e1e9d42b9a84ca347416d0 Mon Sep 17 00:00:00 2001 From: tzarski Date: Tue, 29 Jul 2025 16:40:54 +0200 Subject: [PATCH 04/10] add policy group device association --- docs/data-sources/policy_group.md | 19 +++ docs/resources/policy_group.md | 34 ++++ .../resources/sdwan_policy_group/resource.tf | 11 ++ gen/definitions/generic/policy_group.yaml | 36 ++++ .../data_source_sdwan_policy_group.go | 60 +++++++ .../data_source_sdwan_policy_group_test.go | 10 ++ internal/provider/model_sdwan_policy_group.go | 109 +++++++++++- .../provider/resource_sdwan_policy_group.go | 156 +++++++++++++++++- .../resource_sdwan_policy_group_test.go | 10 ++ 9 files changed, 437 insertions(+), 8 deletions(-) diff --git a/docs/data-sources/policy_group.md b/docs/data-sources/policy_group.md index 35b1b5bf8..28e366525 100644 --- a/docs/data-sources/policy_group.md +++ b/docs/data-sources/policy_group.md @@ -28,7 +28,26 @@ data "sdwan_policy_group" "example" { ### Read-Only - `description` (String) Description +- `devices` (Attributes List) List of devices (see [below for nested schema](#nestedatt--devices)) - `feature_profile_ids` (Set of String) List of feature profile IDs - `name` (String) The name of the policy group - `policy_versions` (List of String) List of all associated policy versions - `solution` (String) Type of solution + + +### Nested Schema for `devices` + +Read-Only: + +- `deploy` (Boolean) Deploy to device if enabled. +- `id` (String) Device ID +- `variables` (Attributes Set) List of variables (see [below for nested schema](#nestedatt--devices--variables)) + + +### Nested Schema for `devices.variables` + +Read-Only: + +- `list_value` (List of String) Use this instead of `value` in case value is of type `List`. +- `name` (String) Variable name +- `value` (String) Variable value diff --git a/docs/resources/policy_group.md b/docs/resources/policy_group.md index ac74dcd67..38e726517 100644 --- a/docs/resources/policy_group.md +++ b/docs/resources/policy_group.md @@ -20,6 +20,17 @@ resource "sdwan_policy_group" "example" { description = "My policy group 1" solution = "sdwan" feature_profile_ids = ["f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"] + devices = [ + { + id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" + variables = [ + { + name = "host_name" + value = "edge1" + } + ] + } + ] } ``` @@ -35,6 +46,7 @@ resource "sdwan_policy_group" "example" { ### Optional +- `devices` (Attributes List) List of devices (see [below for nested schema](#nestedatt--devices)) - `feature_profile_ids` (Set of String) List of feature profile IDs - `policy_versions` (List of String) List of all associated policy versions @@ -42,6 +54,28 @@ resource "sdwan_policy_group" "example" { - `id` (String) The id of the object + +### Nested Schema for `devices` + +Optional: + +- `deploy` (Boolean) Deploy to device if enabled. + - Default value: `false` +- `id` (String) Device ID +- `variables` (Attributes Set) List of variables (see [below for nested schema](#nestedatt--devices--variables)) + + +### Nested Schema for `devices.variables` + +Required: + +- `name` (String) Variable name + +Optional: + +- `list_value` (List of String) Use this instead of `value` in case value is of type `List`. +- `value` (String) Variable value + ## Import Import is supported using the following syntax: diff --git a/examples/resources/sdwan_policy_group/resource.tf b/examples/resources/sdwan_policy_group/resource.tf index d792f9dd9..0c64d090a 100644 --- a/examples/resources/sdwan_policy_group/resource.tf +++ b/examples/resources/sdwan_policy_group/resource.tf @@ -3,4 +3,15 @@ resource "sdwan_policy_group" "example" { description = "My policy group 1" solution = "sdwan" feature_profile_ids = ["f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"] + devices = [ + { + id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" + variables = [ + { + name = "host_name" + value = "edge1" + } + ] + } + ] } diff --git a/gen/definitions/generic/policy_group.yaml b/gen/definitions/generic/policy_group.yaml index 338878679..8bd296c77 100644 --- a/gen/definitions/generic/policy_group.yaml +++ b/gen/definitions/generic/policy_group.yaml @@ -29,6 +29,42 @@ attributes: description: List of feature profile IDs example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac test_value: "[sdwan_application_priority_feature_profile.test.id]" + - model_name: devices + type: List + description: List of devices + attributes: + - model_name: id + type: String + id: true + description: Device ID + example: C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B + - tf_name: deploy + tf_only: true + type: Bool + description: Deploy to device if enabled. + default_value: false + example: true + - model_name: variables + type: Set + description: List of variables + attributes: + - model_name: name + type: String + mandatory: true + id: true + description: Variable name + example: host_name + - model_name: value + type: String + description: Variable value + example: edge1 + - model_name: list_value + type: List + element_type: String + tf_only: true + description: Use this instead of `value` in case value is of type `List`. + example: 1.2.3.4 + exclude_test: true - tf_name: policy_versions tf_only: true type: Versions diff --git a/internal/provider/data_source_sdwan_policy_group.go b/internal/provider/data_source_sdwan_policy_group.go index bf572ad62..42f5822e6 100644 --- a/internal/provider/data_source_sdwan_policy_group.go +++ b/internal/provider/data_source_sdwan_policy_group.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "net/url" + "strings" "github.com/hashicorp/terraform-plugin-framework/datasource" "github.com/hashicorp/terraform-plugin-framework/datasource/schema" @@ -79,6 +80,43 @@ func (d *PolicyGroupDataSource) Schema(ctx context.Context, req datasource.Schem ElementType: types.StringType, Computed: true, }, + "devices": schema.ListNestedAttribute{ + MarkdownDescription: "List of devices", + Computed: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: "Device ID", + Computed: true, + }, + "deploy": schema.BoolAttribute{ + MarkdownDescription: "Deploy to device if enabled.", + Computed: true, + }, + "variables": schema.SetNestedAttribute{ + MarkdownDescription: "List of variables", + Computed: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "name": schema.StringAttribute{ + MarkdownDescription: "Variable name", + Computed: true, + }, + "value": schema.StringAttribute{ + MarkdownDescription: "Variable value", + Computed: true, + }, + "list_value": schema.ListAttribute{ + MarkdownDescription: "Use this instead of `value` in case value is of type `List`.", + ElementType: types.StringType, + Computed: true, + }, + }, + }, + }, + }, + }, + }, "policy_versions": schema.ListAttribute{ MarkdownDescription: "List of all associated policy versions", ElementType: types.StringType, @@ -122,6 +160,28 @@ func (d *PolicyGroupDataSource) Read(ctx context.Context, req datasource.ReadReq config.fromBodyPolicyGroup(ctx, res) + // Read policy group devices + path := fmt.Sprintf("/v1/policy-group/%v/device/associate/", config.Id.ValueString()) + res, err = d.client.Get(path) + if strings.Contains(res.Get("error.message").String(), "Invalid policy group passed") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + // Read policy group devices variables + path = fmt.Sprintf("/v1/policy-group/%v/device/variables/", config.Id.ValueString()) + res, err = d.client.Get(path) + if strings.Contains(res.Get("error.message").String(), "Invalid policy group passed") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) diags = resp.State.Set(ctx, &config) diff --git a/internal/provider/data_source_sdwan_policy_group_test.go b/internal/provider/data_source_sdwan_policy_group_test.go index 7993ae916..dece4b1ad 100644 --- a/internal/provider/data_source_sdwan_policy_group_test.go +++ b/internal/provider/data_source_sdwan_policy_group_test.go @@ -36,6 +36,9 @@ func TestAccDataSourceSdwanPolicyGroup(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "name", "PG_1")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "description", "My policy group 1")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "solution", "sdwan")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "devices.0.id", "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "devices.0.variables.0.name", "host_name")) + checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "devices.0.variables.0.value", "edge1")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -69,6 +72,13 @@ func testAccDataSourceSdwanPolicyGroupConfig() string { config += ` description = "My policy group 1"` + "\n" config += ` solution = "sdwan"` + "\n" config += ` feature_profile_ids = [sdwan_application_priority_feature_profile.test.id]` + "\n" + config += ` devices = [{` + "\n" + config += ` id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B"` + "\n" + config += ` variables = [{` + "\n" + config += ` name = "host_name"` + "\n" + config += ` value = "edge1"` + "\n" + config += ` }]` + "\n" + config += ` }]` + "\n" config += `}` + "\n" config += ` diff --git a/internal/provider/model_sdwan_policy_group.go b/internal/provider/model_sdwan_policy_group.go index b5ee2dc8a..3f95662d8 100644 --- a/internal/provider/model_sdwan_policy_group.go +++ b/internal/provider/model_sdwan_policy_group.go @@ -20,6 +20,8 @@ package provider // Section below is generated&owned by "gen/generator.go". //template:begin imports import ( "context" + "fmt" + "slices" "strings" "github.com/hashicorp/terraform-plugin-framework/attr" @@ -32,12 +34,25 @@ import ( // Section below is generated&owned by "gen/generator.go". //template:begin types type PolicyGroup struct { - Id types.String `tfsdk:"id"` - Name types.String `tfsdk:"name"` - Description types.String `tfsdk:"description"` - Solution types.String `tfsdk:"solution"` - FeatureProfileIds types.Set `tfsdk:"feature_profile_ids"` - PolicyVersions types.List `tfsdk:"policy_versions"` + Id types.String `tfsdk:"id"` + Name types.String `tfsdk:"name"` + Description types.String `tfsdk:"description"` + Solution types.String `tfsdk:"solution"` + FeatureProfileIds types.Set `tfsdk:"feature_profile_ids"` + Devices []PolicyGroupDevices `tfsdk:"devices"` + PolicyVersions types.List `tfsdk:"policy_versions"` +} + +type PolicyGroupDevices struct { + Id types.String `tfsdk:"id"` + Deploy types.Bool `tfsdk:"deploy"` + Variables []PolicyGroupDevicesVariables `tfsdk:"variables"` +} + +type PolicyGroupDevicesVariables struct { + Name types.String `tfsdk:"name"` + Value types.String `tfsdk:"value"` + ListValue types.List `tfsdk:"list_value"` } // End of section. //template:end types @@ -73,6 +88,21 @@ func (data PolicyGroup) toBodyPolicyGroup(ctx context.Context) string { return body } +func (data PolicyGroup) toBodyPolicyGroupDevices(ctx context.Context) string { + body := "" + if true { + body, _ = sjson.Set(body, "devices", []interface{}{}) + for _, item := range data.Devices { + itemBody := "" + if !item.Id.IsNull() { + itemBody, _ = sjson.Set(itemBody, "id", item.Id.ValueString()) + } + body, _ = sjson.SetRaw(body, "devices.-1", itemBody) + } + } + return body +} + func (data *PolicyGroup) fromBodyPolicyGroup(ctx context.Context, res gjson.Result) { if value := res.Get("name"); value.Exists() { data.Name = types.StringValue(value.String()) @@ -106,3 +136,70 @@ func (data *PolicyGroup) fromBodyPolicyGroup(ctx context.Context, res gjson.Resu data.FeatureProfileIds = types.SetNull(types.StringType) } } + +func (data *PolicyGroup) fromBodyPolicyGroupDevices(ctx context.Context, res gjson.Result) { + original := *data + if value := res.Get("devices"); value.Exists() && len(value.Array()) > 0 { + data.Devices = make([]PolicyGroupDevices, 0) + value.ForEach(func(k, v gjson.Result) bool { + item := PolicyGroupDevices{} + if cValue := v.Get("id"); cValue.Exists() { + item.Id = types.StringValue(cValue.String()) + } else { + item.Id = types.StringNull() + } + data.Devices = append(data.Devices, item) + return true + }) + } else { + if len(data.Devices) > 0 { + data.Devices = []PolicyGroupDevices{} + } + } + // reorder + slices.Reverse(original.Devices) + for i := range original.Devices { + keyValues := [...]string{original.Devices[i].Id.ValueString()} + + for y := range data.Devices { + found := false + for _, keyValue := range keyValues { + if !data.Devices[y].Id.IsNull() { + if data.Devices[y].Id.ValueString() == keyValue { + found = true + continue + } + found = false + break + } + continue + } + if found { + //insert at the beginning + device := data.Devices[y] + data.Devices = append(data.Devices[:y], data.Devices[y+1:]...) + data.Devices = append([]PolicyGroupDevices{device}, data.Devices...) + } + } + } +} + +func (data *PolicyGroup) updateTfAttributes(ctx context.Context, state *PolicyGroup) { + //data.FeatureVersions = state.FeatureVersions + for i := range data.Devices { + dataKeys := [...]string{fmt.Sprintf("%v", data.Devices[i].Id.ValueString())} + stateIndex := -1 + for j := range state.Devices { + stateKeys := [...]string{fmt.Sprintf("%v", state.Devices[j].Id.ValueString())} + if dataKeys == stateKeys { + stateIndex = j + break + } + } + if stateIndex > -1 { + data.Devices[i].Deploy = state.Devices[stateIndex].Deploy + } else { + data.Devices[i].Deploy = types.BoolNull() + } + } +} diff --git a/internal/provider/resource_sdwan_policy_group.go b/internal/provider/resource_sdwan_policy_group.go index c89965e27..2f13e9dd2 100644 --- a/internal/provider/resource_sdwan_policy_group.go +++ b/internal/provider/resource_sdwan_policy_group.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "net/url" + "strings" "sync" "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" @@ -30,12 +31,15 @@ import ( "github.com/hashicorp/terraform-plugin-framework/path" "github.com/hashicorp/terraform-plugin-framework/resource" "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault" "github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier" "github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier" "github.com/hashicorp/terraform-plugin-framework/schema/validator" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/hashicorp/terraform-plugin-log/tflog" "github.com/netascode/go-sdwan" + "github.com/tidwall/gjson" + "github.com/tidwall/sjson" ) // End of section. //template:end imports @@ -92,6 +96,45 @@ func (r *PolicyGroupResource) Schema(ctx context.Context, req resource.SchemaReq ElementType: types.StringType, Optional: true, }, + "devices": schema.ListNestedAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of devices").String, + Optional: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "id": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Device ID").String, + Optional: true, + }, + "deploy": schema.BoolAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Deploy to device if enabled.").AddDefaultValueDescription("false").String, + Optional: true, + Computed: true, + Default: booldefault.StaticBool(false), + }, + "variables": schema.SetNestedAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("List of variables").String, + Optional: true, + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "name": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable name").String, + Required: true, + }, + "value": schema.StringAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Variable value").String, + Optional: true, + }, + "list_value": schema.ListAttribute{ + MarkdownDescription: helpers.NewAttributeDescription("Use this instead of `value` in case value is of type `List`.").String, + ElementType: types.StringType, + Optional: true, + }, + }, + }, + }, + }, + }, + }, "policy_versions": schema.ListAttribute{ MarkdownDescription: helpers.NewAttributeDescription("List of all associated policy versions").String, ElementType: types.StringType, @@ -133,6 +176,19 @@ func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateReq } plan.Id = types.StringValue(res.Get("id").String()) + // Create policy group devices + if len(plan.Devices) > 0 { + body = plan.toBodyPolicyGroupDevices(ctx) + + path := fmt.Sprintf("/v1/policy-group/%v/device/associate/", plan.Id.ValueString()) + res, err = r.client.Post(path, body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure policy group devices (POST), got error: %s, %s", err, res.String())) + r.DeletePolicyGroup(ctx, plan, &resp.Diagnostics) + return + } + } + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) diags = resp.State.Set(ctx, &plan) @@ -151,6 +207,8 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest tflog.Debug(ctx, fmt.Sprintf("%s: Beginning Read", state.Name.ValueString())) + oldState := state + // Read policy group res, err := r.client.Get(state.getPath() + url.QueryEscape(state.Id.ValueString())) if res.Raw == "" && err == nil { @@ -163,7 +221,20 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest state.fromBodyPolicyGroup(ctx, res) - tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", state.Name.ValueString())) + // Read policy group device associations + path := fmt.Sprintf("/v1/policy-group/%v/device/associate/", state.Id.ValueString()) + res, err = r.client.Get(path) + if strings.Contains(res.Get("error.message").String(), "Invalid policy group passed") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + state.fromBodyPolicyGroupDevices(ctx, res) + + state.updateTfAttributes(ctx, &oldState) diags = resp.State.Set(ctx, &state) resp.Diagnostics.Append(diags...) @@ -196,6 +267,66 @@ func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateReq return } + res, err = r.client.Get(fmt.Sprintf("/v1/policy-group/%v/device/associate/", plan.Id.ValueString())) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + var currentDeviceIds []string + if value := res.Get("devices"); value.Exists() && len(value.Array()) > 0 { + value.ForEach(func(k, v gjson.Result) bool { + currentDeviceIds = append(currentDeviceIds, v.Get("id").String()) + return true + }) + } + + associateBody, _ := sjson.Set("", "devices", []interface{}{}) + for _, d := range plan.Devices { + found := false + for _, cdid := range currentDeviceIds { + if d.Id.ValueString() == cdid { + found = true + break + } + } + if !found { + associateBody, _ = sjson.SetRaw(associateBody, "devices.-1", helpers.Must(sjson.Set("", "id", d.Id.ValueString()))) + } + } + + disassociateBody, _ := sjson.Set("", "devices", []interface{}{}) + for _, cdid := range currentDeviceIds { + found := false + for _, d := range plan.Devices { + if d.Id.ValueString() == cdid { + found = true + break + } + } + if !found { + disassociateBody, _ = sjson.SetRaw(disassociateBody, "devices.-1", helpers.Must(sjson.Set("", "id", cdid))) + } + } + + // associate missing devices + if len(gjson.Get(associateBody, "devices").Array()) > 0 { + res, err = r.client.Put(fmt.Sprintf("/v1/policy-group/%v/device/associate/", plan.Id.ValueString()), associateBody) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure policy group devices (PUT), got error: %s, %s", err, res.String())) + return + } + } + + // disassociate extra devices + if len(gjson.Get(disassociateBody, "devices").Array()) > 0 { + res, err = r.client.DeleteBody(fmt.Sprintf("/v1/policy-group/%v/device/associate/", plan.Id.ValueString()), disassociateBody) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to delete policy group devices (DELETE), got error: %s, %s", err, res.String())) + return + } + } + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) diags = resp.State.Set(ctx, &plan) @@ -203,7 +334,28 @@ func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateReq } func (r *PolicyGroupResource) DeletePolicyGroup(ctx context.Context, state PolicyGroup, diag *diag.Diagnostics) { - res, err := r.client.Delete(state.getPath() + url.QueryEscape(state.Id.ValueString())) + path := fmt.Sprintf("/v1/policy-group/%v/device/associate/", state.Id.ValueString()) + res, err := r.client.Get(path) + if err == nil { + body, _ := sjson.Set("", "devices", []interface{}{}) + if value := res.Get("devices"); value.Exists() && len(value.Array()) > 0 { + value.ForEach(func(k, v gjson.Result) bool { + id := v.Get("id").String() + itemBody, _ := sjson.Set("", "id", id) + body, _ = sjson.SetRaw(body, "devices.-1", itemBody) + return true + }) + } + if len(gjson.Get(body, "devices").Array()) > 0 { + res, err := r.client.DeleteBody(path, body) + if err != nil { + diag.AddError("Client Error", fmt.Sprintf("Failed to delete policy group devices (DELETE), got error: %s, %s", err, res.String())) + return + } + } + } + + res, err = r.client.Delete(state.getPath() + url.QueryEscape(state.Id.ValueString())) if err != nil { diag.AddError("Client Error", fmt.Sprintf("Failed to delete policy group (DELETE), got error: %s, %s", err, res.String())) return diff --git a/internal/provider/resource_sdwan_policy_group_test.go b/internal/provider/resource_sdwan_policy_group_test.go index b7213936b..0eee67bcb 100644 --- a/internal/provider/resource_sdwan_policy_group_test.go +++ b/internal/provider/resource_sdwan_policy_group_test.go @@ -36,6 +36,9 @@ func TestAccSdwanPolicyGroup(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "name", "PG_1")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "description", "My policy group 1")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "solution", "sdwan")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "devices.0.id", "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "devices.0.variables.0.name", "host_name")) + checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "devices.0.variables.0.value", "edge1")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -68,6 +71,13 @@ func testAccSdwanPolicyGroupConfig_all() string { config += ` description = "My policy group 1"` + "\n" config += ` solution = "sdwan"` + "\n" config += ` feature_profile_ids = [sdwan_application_priority_feature_profile.test.id]` + "\n" + config += ` devices = [{` + "\n" + config += ` id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B"` + "\n" + config += ` variables = [{` + "\n" + config += ` name = "host_name"` + "\n" + config += ` value = "edge1"` + "\n" + config += ` }]` + "\n" + config += ` }]` + "\n" config += `}` + "\n" return config } From 098de29130cbb0c80391de7ea9d0a777c934b2df Mon Sep 17 00:00:00 2001 From: tzarski Date: Tue, 29 Jul 2025 17:25:47 +0200 Subject: [PATCH 05/10] add policy group device variables --- internal/provider/model_sdwan_policy_group.go | 142 ++++++++++++++++++ .../provider/resource_sdwan_policy_group.go | 40 +++++ 2 files changed, 182 insertions(+) diff --git a/internal/provider/model_sdwan_policy_group.go b/internal/provider/model_sdwan_policy_group.go index 3f95662d8..48e5e3ab2 100644 --- a/internal/provider/model_sdwan_policy_group.go +++ b/internal/provider/model_sdwan_policy_group.go @@ -22,8 +22,10 @@ import ( "context" "fmt" "slices" + "strconv" "strings" + "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" "github.com/hashicorp/terraform-plugin-framework/attr" "github.com/hashicorp/terraform-plugin-framework/types" "github.com/tidwall/gjson" @@ -103,6 +105,49 @@ func (data PolicyGroup) toBodyPolicyGroupDevices(ctx context.Context) string { return body } +func (data PolicyGroup) toBodyPolicyGroupDeviceVariables(ctx context.Context) string { + body := "" + if !data.Solution.IsNull() { + body, _ = sjson.Set(body, "solution", data.Solution.ValueString()) + } + if true { + body, _ = sjson.Set(body, "devices", []interface{}{}) + for _, item := range data.Devices { + itemBody := "" + if !item.Id.IsNull() { + itemBody, _ = sjson.Set(itemBody, "device-id", item.Id.ValueString()) + } + if true { + itemBody, _ = sjson.Set(itemBody, "variables", []interface{}{}) + for _, childItem := range item.Variables { + itemChildBody := "" + if !childItem.Name.IsNull() { + itemChildBody, _ = sjson.Set(itemChildBody, "name", childItem.Name.ValueString()) + } + if !childItem.ListValue.IsNull() { + var values []string + childItem.ListValue.ElementsAs(ctx, &values, false) + itemChildBody, _ = sjson.Set(itemChildBody, "value", values) + } else if !childItem.Value.IsNull() { + if val, err := strconv.Atoi(childItem.Value.ValueString()); err == nil { + itemChildBody, _ = sjson.Set(itemChildBody, "value", val) + } else if val, err := strconv.ParseFloat(childItem.Value.ValueString(), 64); err == nil { + itemChildBody, _ = sjson.Set(itemChildBody, "value", val) + } else if val, err := strconv.ParseBool(childItem.Value.ValueString()); err == nil { + itemChildBody, _ = sjson.Set(itemChildBody, "value", val) + } else { + itemChildBody, _ = sjson.Set(itemChildBody, "value", childItem.Value.ValueString()) + } + } + itemBody, _ = sjson.SetRaw(itemBody, "variables.-1", itemChildBody) + } + } + body, _ = sjson.SetRaw(body, "devices.-1", itemBody) + } + } + return body +} + func (data *PolicyGroup) fromBodyPolicyGroup(ctx context.Context, res gjson.Result) { if value := res.Get("name"); value.Exists() { data.Name = types.StringValue(value.String()) @@ -184,6 +229,94 @@ func (data *PolicyGroup) fromBodyPolicyGroupDevices(ctx context.Context, res gjs } } +func (data *PolicyGroup) fromBodyPolicyGroupDeviceVariables(ctx context.Context, res gjson.Result) { + original := *data + if value := res.Get("family"); value.Exists() { + data.Solution = types.StringValue(value.String()) + } else { + data.Solution = types.StringNull() + } + if value := res.Get("devices"); value.Exists() && len(value.Array()) > 0 { + data.Devices = make([]PolicyGroupDevices, 0) + value.ForEach(func(k, v gjson.Result) bool { + item := PolicyGroupDevices{} + if cValue := v.Get("device-id"); cValue.Exists() { + item.Id = types.StringValue(cValue.String()) + } else { + item.Id = types.StringNull() + } + if cValue := v.Get("variables"); cValue.Exists() && len(cValue.Array()) > 0 { + item.Variables = make([]PolicyGroupDevicesVariables, 0) + cValue.ForEach(func(ck, cv gjson.Result) bool { + // skip optional variables + if !cv.Get("value").Exists() { + return true + } + cItem := PolicyGroupDevicesVariables{} + if ccValue := cv.Get("name"); ccValue.Exists() { + cItem.Name = types.StringValue(ccValue.String()) + } else { + cItem.Name = types.StringNull() + } + if ccValue := cv.Get("value"); ccValue.Exists() { + if ccValue.IsArray() { + cItem.ListValue = helpers.GetStringList(ccValue.Array()) + cItem.Value = types.StringNull() + } else { + cItem.ListValue = types.ListNull(types.StringType) + if !strings.Contains(strings.ToLower(ccValue.String()), "$crypt_cluster") { + cItem.Value = types.StringValue(ccValue.String()) + } + } + } else { + cItem.ListValue = types.ListNull(types.StringType) + cItem.Value = types.StringNull() + } + item.Variables = append(item.Variables, cItem) + return true + }) + } else { + if len(item.Variables) > 0 { + item.Variables = []PolicyGroupDevicesVariables{} + } + } + data.Devices = append(data.Devices, item) + return true + }) + } else { + if len(data.Devices) > 0 { + data.Devices = []PolicyGroupDevices{} + } + } + + // reorder + slices.Reverse(original.Devices) + for i := range original.Devices { + keyValues := [...]string{original.Devices[i].Id.ValueString()} + + for y := range data.Devices { + found := false + for _, keyValue := range keyValues { + if !data.Devices[y].Id.IsNull() { + if data.Devices[y].Id.ValueString() == keyValue { + found = true + continue + } + found = false + break + } + continue + } + if found { + //insert at the beginning + device := data.Devices[y] + data.Devices = append(data.Devices[:y], data.Devices[y+1:]...) + data.Devices = append([]PolicyGroupDevices{device}, data.Devices...) + } + } + } +} + func (data *PolicyGroup) updateTfAttributes(ctx context.Context, state *PolicyGroup) { //data.FeatureVersions = state.FeatureVersions for i := range data.Devices { @@ -203,3 +336,12 @@ func (data *PolicyGroup) updateTfAttributes(ctx context.Context, state *PolicyGr } } } + +func (data PolicyGroup) hasPolicyGroupDeviceVariables(ctx context.Context) bool { + for _, device := range data.Devices { + if len(device.Variables) > 0 { + return true + } + } + return false +} diff --git a/internal/provider/resource_sdwan_policy_group.go b/internal/provider/resource_sdwan_policy_group.go index 2f13e9dd2..e8854a9e9 100644 --- a/internal/provider/resource_sdwan_policy_group.go +++ b/internal/provider/resource_sdwan_policy_group.go @@ -189,6 +189,19 @@ func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateReq } } + // Create policy group device variables + if len(plan.Devices) > 0 && plan.hasPolicyGroupDeviceVariables(ctx) { + body = plan.toBodyPolicyGroupDeviceVariables(ctx) + + path := fmt.Sprintf("/v1/policy-group/%v/device/variables/", plan.Id.ValueString()) + res, err = r.client.Put(path, body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure policy group device variables (PUT), got error: %s, %s", err, res.String())) + r.DeletePolicyGroup(ctx, plan, &resp.Diagnostics) + return + } + } + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) diags = resp.State.Set(ctx, &plan) @@ -234,6 +247,21 @@ func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest state.fromBodyPolicyGroupDevices(ctx, res) + // Read policy group device variables + if value := res.Get("devices"); value.Exists() && len(value.Array()) > 0 { + path = fmt.Sprintf("/v1/policy-group/%v/device/variables/", state.Id.ValueString()) + res, err = r.client.Get(path) + if strings.Contains(res.Get("error.message").String(), "Invalid policy group passed") { + resp.State.RemoveResource(ctx) + return + } else if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + state.fromBodyPolicyGroupDeviceVariables(ctx, res) + } + state.updateTfAttributes(ctx, &oldState) diags = resp.State.Set(ctx, &state) @@ -327,6 +355,18 @@ func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateReq } } + // Update policy group device variables + if len(plan.Devices) > 0 && plan.hasPolicyGroupDeviceVariables(ctx) { + body = plan.toBodyPolicyGroupDeviceVariables(ctx) + + path := fmt.Sprintf("/v1/policy-group/%v/device/variables/", plan.Id.ValueString()) + res, err = r.client.Put(path, body) + if err != nil { + resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Failed to configure policy group device variables (PUT), got error: %s, %s", err, res.String())) + return + } + } + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) diags = resp.State.Set(ctx, &plan) From ba6e04f9835e33a85b104a2da4dd94eb802866c4 Mon Sep 17 00:00:00 2001 From: tzarski Date: Wed, 30 Jul 2025 09:17:27 +0200 Subject: [PATCH 06/10] add configuration group deployment --- internal/provider/model_sdwan_policy_group.go | 62 +++++++++++++++ .../provider/resource_sdwan_policy_group.go | 77 +++++++++++++++++++ 2 files changed, 139 insertions(+) diff --git a/internal/provider/model_sdwan_policy_group.go b/internal/provider/model_sdwan_policy_group.go index 48e5e3ab2..d2482a7cd 100644 --- a/internal/provider/model_sdwan_policy_group.go +++ b/internal/provider/model_sdwan_policy_group.go @@ -345,3 +345,65 @@ func (data PolicyGroup) hasPolicyGroupDeviceVariables(ctx context.Context) bool } return false } + +func (data PolicyGroup) getUpdatedDevices(ctx context.Context, state *PolicyGroup) []string { + updatedDevices := make([]string, 0) + for _, device := range data.Devices { + for _, stateDevice := range state.Devices { + if device.Id.ValueString() == stateDevice.Id.ValueString() { + for _, variable := range device.Variables { + found := false + for _, stateVariable := range stateDevice.Variables { + if variable.Name.ValueString() == stateVariable.Name.ValueString() { + found = true + if variable.Value.ValueString() != stateVariable.Value.ValueString() { + if !slices.Contains(updatedDevices, device.Id.ValueString()) { + updatedDevices = append(updatedDevices, device.Id.ValueString()) + } + } + if variable.ListValue.String() != stateVariable.ListValue.String() { + if !slices.Contains(updatedDevices, device.Id.ValueString()) { + updatedDevices = append(updatedDevices, device.Id.ValueString()) + } + } + } + } + if !found { + if !slices.Contains(updatedDevices, device.Id.ValueString()) { + updatedDevices = append(updatedDevices, device.Id.ValueString()) + } + } + } + for _, stateVariable := range stateDevice.Variables { + found := false + for _, variable := range device.Variables { + if variable.Name.ValueString() == stateVariable.Name.ValueString() { + found = true + } + } + if !found { + if !slices.Contains(updatedDevices, device.Id.ValueString()) { + updatedDevices = append(updatedDevices, device.Id.ValueString()) + } + } + } + } + } + } + return updatedDevices +} + +func (data PolicyGroup) hasPolicyVersionChanges(ctx context.Context, state *PolicyGroup) bool { + var planValues, stateValues []string + data.PolicyVersions.ElementsAs(ctx, &planValues, false) + state.PolicyVersions.ElementsAs(ctx, &stateValues, false) + if len(planValues) != len(stateValues) { + return true + } + for i := range planValues { + if i >= len(stateValues) || planValues[i] != stateValues[i] { + return true + } + } + return false +} diff --git a/internal/provider/resource_sdwan_policy_group.go b/internal/provider/resource_sdwan_policy_group.go index e8854a9e9..d02696dd4 100644 --- a/internal/provider/resource_sdwan_policy_group.go +++ b/internal/provider/resource_sdwan_policy_group.go @@ -26,6 +26,7 @@ import ( "sync" "github.com/CiscoDevNet/terraform-provider-sdwan/internal/provider/helpers" + "github.com/hashicorp/go-version" "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/path" @@ -44,6 +45,8 @@ import ( // End of section. //template:end imports +var MinPolicyGroupUpdateVersion = version.Must(version.NewVersion("20.15.0")) + // Section below is generated&owned by "gen/generator.go". //template:begin model // Ensure provider defined types fully satisfy framework interfaces @@ -202,12 +205,78 @@ func (r *PolicyGroupResource) Create(ctx context.Context, req resource.CreateReq } } + // Deploy policy group to devices + if len(plan.Devices) > 0 { + r.Deploy(ctx, plan, nil, &resp.Diagnostics, true) + } + if resp.Diagnostics.HasError() { + return + } + tflog.Debug(ctx, fmt.Sprintf("%s: Create finished successfully", plan.Name.ValueString())) diags = resp.State.Set(ctx, &plan) resp.Diagnostics.Append(diags...) } +func (r *PolicyGroupResource) Deploy(ctx context.Context, plan PolicyGroup, state *PolicyGroup, diag *diag.Diagnostics, deleteOnError bool) { + var updatedDevices []string + if state != nil { + updatedDevices = plan.getUpdatedDevices(ctx, state) + } + + hasPolicyVersionChanges := false + currentVersion := version.Must(version.NewVersion(r.client.ManagerVersion)) + if state != nil && currentVersion.LessThan(MinPolicyGroupUpdateVersion) { + hasPolicyVersionChanges = plan.hasPolicyVersionChanges(ctx, state) + } + + path := fmt.Sprintf("/v1/policy-group/%v/device/associate/", plan.Id.ValueString()) + res, err := r.client.Get(path) + if err != nil { + diag.AddError("Client Error", fmt.Sprintf("Failed to retrieve object (GET), got error: %s, %s", err, res.String())) + return + } + + // Build deploy body + body, _ := sjson.Set("", "devices", []interface{}{}) + if value := res.Get("devices"); value.Exists() && len(value.Array()) > 0 { + value.ForEach(func(k, v gjson.Result) bool { + id := v.Get("id").String() + for _, item := range plan.Devices { + if item.Id.ValueString() == id && item.Deploy.ValueBool() && (!v.Get("policyGroupUpToDate").Bool() || updatedDevices == nil || helpers.Contains(updatedDevices, id) || hasPolicyVersionChanges) { + itemBody, _ := sjson.Set("", "id", id) + body, _ = sjson.SetRaw(body, "devices.-1", itemBody) + tflog.Debug(ctx, fmt.Sprintf("%s: Deploying to device %s", plan.Name.ValueString(), id)) + } + } + return true + }) + } + if len(gjson.Get(body, "devices").Array()) > 0 { + path := fmt.Sprintf("/v1/policy-group/%v/device/deploy/", plan.Id.ValueString()) + res, err = r.client.Post(path, body) + if err != nil { + diag.AddError("Client Error", fmt.Sprintf("Failed to deploy to policy group devices (POST), got error: %s, %s", err, res.String())) + if deleteOnError { + r.DeletePolicyGroup(ctx, plan, diag) + } + return + } + + // Wait for deploy action to complete + actionId := res.Get("parentTaskId").String() + err = helpers.WaitForActionToComplete(ctx, r.client, actionId) + if err != nil { + diag.AddError("Client Error", fmt.Sprintf("Failed to deploy to config group devices, got error: %s", err)) + if deleteOnError { + r.DeletePolicyGroup(ctx, plan, diag) + } + return + } + } +} + func (r *PolicyGroupResource) Read(ctx context.Context, req resource.ReadRequest, resp *resource.ReadResponse) { var state PolicyGroup @@ -367,6 +436,14 @@ func (r *PolicyGroupResource) Update(ctx context.Context, req resource.UpdateReq } } + // Deploy policy group to devices + if len(plan.Devices) > 0 { + r.Deploy(ctx, plan, &state, &resp.Diagnostics, false) + } + if resp.Diagnostics.HasError() { + return + } + tflog.Debug(ctx, fmt.Sprintf("%s: Update finished successfully", plan.Name.ValueString())) diags = resp.State.Set(ctx, &plan) From cee770b865ca3307d0748b0be69d0bad69497c73 Mon Sep 17 00:00:00 2001 From: tzarski Date: Wed, 30 Jul 2025 16:37:01 +0200 Subject: [PATCH 07/10] fix policy group data source --- internal/provider/data_source_sdwan_policy_group.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/provider/data_source_sdwan_policy_group.go b/internal/provider/data_source_sdwan_policy_group.go index 42f5822e6..c09516a5b 100644 --- a/internal/provider/data_source_sdwan_policy_group.go +++ b/internal/provider/data_source_sdwan_policy_group.go @@ -171,6 +171,8 @@ func (d *PolicyGroupDataSource) Read(ctx context.Context, req datasource.ReadReq return } + config.fromBodyPolicyGroupDevices(ctx, res) + // Read policy group devices variables path = fmt.Sprintf("/v1/policy-group/%v/device/variables/", config.Id.ValueString()) res, err = d.client.Get(path) @@ -182,6 +184,8 @@ func (d *PolicyGroupDataSource) Read(ctx context.Context, req datasource.ReadReq return } + config.fromBodyPolicyGroupDeviceVariables(ctx, res) + tflog.Debug(ctx, fmt.Sprintf("%s: Read finished successfully", config.Id.ValueString())) diags = resp.State.Set(ctx, &config) From e95e583ab5d56ef7809c80d3ddbc3c3791383d75 Mon Sep 17 00:00:00 2001 From: tzarski Date: Wed, 30 Jul 2025 16:42:02 +0200 Subject: [PATCH 08/10] updates for policy group tests --- docs/resources/policy_group.md | 6 - .../resources/sdwan_policy_group/resource.tf | 6 - gen/definitions/generic/policy_group.yaml | 127 ++++++++++++++- .../data_source_sdwan_policy_group_test.go | 145 ++++++++++++++++-- .../resource_sdwan_policy_group_test.go | 142 +++++++++++++++-- 5 files changed, 390 insertions(+), 36 deletions(-) diff --git a/docs/resources/policy_group.md b/docs/resources/policy_group.md index 38e726517..b6189f842 100644 --- a/docs/resources/policy_group.md +++ b/docs/resources/policy_group.md @@ -23,12 +23,6 @@ resource "sdwan_policy_group" "example" { devices = [ { id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" - variables = [ - { - name = "host_name" - value = "edge1" - } - ] } ] } diff --git a/examples/resources/sdwan_policy_group/resource.tf b/examples/resources/sdwan_policy_group/resource.tf index 0c64d090a..ec3660e33 100644 --- a/examples/resources/sdwan_policy_group/resource.tf +++ b/examples/resources/sdwan_policy_group/resource.tf @@ -6,12 +6,6 @@ resource "sdwan_policy_group" "example" { devices = [ { id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" - variables = [ - { - name = "host_name" - value = "edge1" - } - ] } ] } diff --git a/gen/definitions/generic/policy_group.yaml b/gen/definitions/generic/policy_group.yaml index 8bd296c77..017ebe8d6 100644 --- a/gen/definitions/generic/policy_group.yaml +++ b/gen/definitions/generic/policy_group.yaml @@ -47,24 +47,24 @@ attributes: - model_name: variables type: Set description: List of variables + exclude_test: true attributes: - model_name: name type: String mandatory: true id: true description: Variable name - example: host_name + example: qos_interfaces - model_name: value type: String description: Variable value - example: edge1 + example: GigabitEthernet1 - model_name: list_value type: List element_type: String tf_only: true description: Use this instead of `value` in case value is of type `List`. - example: 1.2.3.4 - exclude_test: true + example: GigabitEthernet1 - tf_name: policy_versions tf_only: true type: Versions @@ -72,7 +72,126 @@ attributes: exclude_test: true test_prerequisites: | + resource "sdwan_system_feature_profile" "test" { + name = "SYSTEM_TF" + description = "Terraform test" + } + + resource "sdwan_system_basic_feature" "test" { + name = "BASIC_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + } + + resource "sdwan_system_aaa_feature" "test" { + name = "AAA_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + server_auth_order = ["local"] + users = [{ + name = "admin" + password = "admin" + }] + } + + resource "sdwan_system_bfd_feature" "test" { + name = "BFD_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + } + + resource "sdwan_system_global_feature" "test" { + name = "GLOBAL_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + } + + resource "sdwan_system_logging_feature" "test" { + name = "LOGGING_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + } + + resource "sdwan_system_omp_feature" "test" { + name = "OMP_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + } + + resource "sdwan_transport_feature_profile" "test" { + name = "TRANSPORT_TF" + description = "My transport feature profile 1" + } + + resource "sdwan_transport_wan_vpn_feature" "test" { + name = "WAN_VPN_TF" + feature_profile_id = sdwan_transport_feature_profile.test.id + vpn = 0 + } + + resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "test" { + name = "WAN_VPN_INT_TF" + feature_profile_id = sdwan_transport_feature_profile.test.id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.test.id + interface_name = "GigabitEthernet1" + shutdown = false + ipv4_configuration_type = "dynamic" + ipv4_dhcp_distance = 1 + tunnel_interface = true + tunnel_interface_encapsulations = [ + { + encapsulation = "ipsec" + } + ] + } + + resource "sdwan_configuration_group" "test" { + name = "CG_1" + description = "My config group 1" + solution = "sdwan" + feature_profile_ids = [ + sdwan_system_feature_profile.test.id, + sdwan_transport_feature_profile.test.id, + ] + devices = [{ + id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" + deploy = true + variables = [ + { + name = "host_name" + value = "edge1" + }, + { + name = "pseudo_commit_timer" + value = 0 + }, + { + name = "site_id" + value = 1 + }, + { + name = "system_ip" + value = "10.1.1.1" + }, + { + name = "ipv6_strict_control" + value = "false" + } + ] + }] + feature_versions = [ + sdwan_system_basic_feature.test.version, + sdwan_system_aaa_feature.test.version, + sdwan_system_bfd_feature.test.version, + sdwan_system_global_feature.test.version, + sdwan_system_logging_feature.test.version, + sdwan_system_omp_feature.test.version, + sdwan_transport_wan_vpn_interface_ethernet_feature.test.version, + ] + } + resource "sdwan_application_priority_feature_profile" "test" { name = "APPLICATION_PRIORITY_TF" description = "Terraform test" } + + resource "sdwan_application_priority_qos_policy" "test" { + name = "qos" + description = "QoS policy for application priority" + feature_profile_id = sdwan_application_priority_feature_profile.test.id + target_interface_variable = "{{qos_interfaces}}" + } diff --git a/internal/provider/data_source_sdwan_policy_group_test.go b/internal/provider/data_source_sdwan_policy_group_test.go index dece4b1ad..649902cb1 100644 --- a/internal/provider/data_source_sdwan_policy_group_test.go +++ b/internal/provider/data_source_sdwan_policy_group_test.go @@ -37,8 +37,6 @@ func TestAccDataSourceSdwanPolicyGroup(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "description", "My policy group 1")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "solution", "sdwan")) checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "devices.0.id", "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B")) - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "devices.0.variables.0.name", "host_name")) - checks = append(checks, resource.TestCheckResourceAttr("data.sdwan_policy_group.test", "devices.0.variables.0.value", "edge1")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -55,30 +53,157 @@ func TestAccDataSourceSdwanPolicyGroup(t *testing.T) { // Section below is generated&owned by "gen/generator.go". //template:begin testPrerequisites const testAccDataSourceSdwanPolicyGroupPrerequisitesConfig = ` +resource "sdwan_system_feature_profile" "test" { + name = "SYSTEM_TF" + description = "Terraform test" +} + +resource "sdwan_system_basic_feature" "test" { + name = "BASIC_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_aaa_feature" "test" { + name = "AAA_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + server_auth_order = ["local"] + users = [{ + name = "admin" + password = "admin" + }] +} + +resource "sdwan_system_bfd_feature" "test" { + name = "BFD_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_global_feature" "test" { + name = "GLOBAL_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_logging_feature" "test" { + name = "LOGGING_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_omp_feature" "test" { + name = "OMP_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_transport_feature_profile" "test" { + name = "TRANSPORT_TF" + description = "My transport feature profile 1" +} + +resource "sdwan_transport_wan_vpn_feature" "test" { + name = "WAN_VPN_TF" + feature_profile_id = sdwan_transport_feature_profile.test.id + vpn = 0 +} + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "test" { + name = "WAN_VPN_INT_TF" + feature_profile_id = sdwan_transport_feature_profile.test.id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.test.id + interface_name = "GigabitEthernet1" + shutdown = false + ipv4_configuration_type = "dynamic" + ipv4_dhcp_distance = 1 + tunnel_interface = true + tunnel_interface_encapsulations = [ + { + encapsulation = "ipsec" + } + ] +} + +resource "sdwan_configuration_group" "test" { + name = "CG_1" + description = "My config group 1" + solution = "sdwan" + feature_profile_ids = [ + sdwan_system_feature_profile.test.id, + sdwan_transport_feature_profile.test.id, + ] + devices = [{ + id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" + deploy = true + variables = [ + { + name = "host_name" + value = "edge1" + }, + { + name = "pseudo_commit_timer" + value = 0 + }, + { + name = "site_id" + value = 1 + }, + { + name = "system_ip" + value = "10.1.1.1" + }, + { + name = "ipv6_strict_control" + value = "false" + } + ] + }] + feature_versions = [ + sdwan_system_basic_feature.test.version, + sdwan_system_aaa_feature.test.version, + sdwan_system_bfd_feature.test.version, + sdwan_system_global_feature.test.version, + sdwan_system_logging_feature.test.version, + sdwan_system_omp_feature.test.version, + sdwan_transport_wan_vpn_interface_ethernet_feature.test.version, + ] +} + resource "sdwan_application_priority_feature_profile" "test" { name = "APPLICATION_PRIORITY_TF" description = "Terraform test" } +resource "sdwan_application_priority_qos_policy" "test" { + name = "qos" + description = "QoS policy for application priority" + feature_profile_id = sdwan_application_priority_feature_profile.test.id + target_interface_variable = "{{qos_interfaces}}" +} + ` // End of section. //template:end testPrerequisites -// Section below is generated&owned by "gen/generator.go". //template:begin testAccDataSourceConfig func testAccDataSourceSdwanPolicyGroupConfig() string { - config := "" - config += `resource "sdwan_policy_group" "test" {` + "\n" + config := `resource "sdwan_policy_group" "test" {` + "\n" config += ` name = "PG_1"` + "\n" config += ` description = "My policy group 1"` + "\n" config += ` solution = "sdwan"` + "\n" config += ` feature_profile_ids = [sdwan_application_priority_feature_profile.test.id]` + "\n" config += ` devices = [{` + "\n" config += ` id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B"` + "\n" - config += ` variables = [{` + "\n" - config += ` name = "host_name"` + "\n" - config += ` value = "edge1"` + "\n" - config += ` }]` + "\n" + config += ` deploy = true` + "\n" + config += ` variables = [` + "\n" + config += ` {` + "\n" + config += ` name = "qos_interfaces"` + "\n" + config += ` list_value = [` + "\n" + config += ` "GigabitEthernet1",` + "\n" + config += ` "GigabitEthernet2"` + "\n" + config += ` ]` + "\n" + config += ` },` + "\n" + config += ` ]` + "\n" config += ` }]` + "\n" + config += ` policy_versions = [` + "\n" + config += ` sdwan_application_priority_qos_policy.test.version,` + "\n" + config += ` ]` + "\n" + config += ` depends_on = [ sdwan_configuration_group.test ]` + "\n" config += `}` + "\n" config += ` @@ -88,5 +213,3 @@ func testAccDataSourceSdwanPolicyGroupConfig() string { ` return config } - -// End of section. //template:end testAccDataSourceConfig diff --git a/internal/provider/resource_sdwan_policy_group_test.go b/internal/provider/resource_sdwan_policy_group_test.go index 0eee67bcb..e42971c27 100644 --- a/internal/provider/resource_sdwan_policy_group_test.go +++ b/internal/provider/resource_sdwan_policy_group_test.go @@ -37,8 +37,6 @@ func TestAccSdwanPolicyGroup(t *testing.T) { checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "description", "My policy group 1")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "solution", "sdwan")) checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "devices.0.id", "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B")) - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "devices.0.variables.0.name", "host_name")) - checks = append(checks, resource.TestCheckResourceAttr("sdwan_policy_group.test", "devices.0.variables.0.value", "edge1")) resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, ProtoV6ProviderFactories: testAccProtoV6ProviderFactories, @@ -55,16 +53,134 @@ func TestAccSdwanPolicyGroup(t *testing.T) { // Section below is generated&owned by "gen/generator.go". //template:begin testPrerequisites const testAccSdwanPolicyGroupPrerequisitesConfig = ` +resource "sdwan_system_feature_profile" "test" { + name = "SYSTEM_TF" + description = "Terraform test" +} + +resource "sdwan_system_basic_feature" "test" { + name = "BASIC_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_aaa_feature" "test" { + name = "AAA_TF" + feature_profile_id = sdwan_system_feature_profile.test.id + server_auth_order = ["local"] + users = [{ + name = "admin" + password = "admin" + }] +} + +resource "sdwan_system_bfd_feature" "test" { + name = "BFD_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_global_feature" "test" { + name = "GLOBAL_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_logging_feature" "test" { + name = "LOGGING_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_system_omp_feature" "test" { + name = "OMP_TF" + feature_profile_id = sdwan_system_feature_profile.test.id +} + +resource "sdwan_transport_feature_profile" "test" { + name = "TRANSPORT_TF" + description = "My transport feature profile 1" +} + +resource "sdwan_transport_wan_vpn_feature" "test" { + name = "WAN_VPN_TF" + feature_profile_id = sdwan_transport_feature_profile.test.id + vpn = 0 +} + +resource "sdwan_transport_wan_vpn_interface_ethernet_feature" "test" { + name = "WAN_VPN_INT_TF" + feature_profile_id = sdwan_transport_feature_profile.test.id + transport_wan_vpn_feature_id = sdwan_transport_wan_vpn_feature.test.id + interface_name = "GigabitEthernet1" + shutdown = false + ipv4_configuration_type = "dynamic" + ipv4_dhcp_distance = 1 + tunnel_interface = true + tunnel_interface_encapsulations = [ + { + encapsulation = "ipsec" + } + ] +} + +resource "sdwan_configuration_group" "test" { + name = "CG_1" + description = "My config group 1" + solution = "sdwan" + feature_profile_ids = [ + sdwan_system_feature_profile.test.id, + sdwan_transport_feature_profile.test.id, + ] + devices = [{ + id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B" + deploy = true + variables = [ + { + name = "host_name" + value = "edge1" + }, + { + name = "pseudo_commit_timer" + value = 0 + }, + { + name = "site_id" + value = 1 + }, + { + name = "system_ip" + value = "10.1.1.1" + }, + { + name = "ipv6_strict_control" + value = "false" + } + ] + }] + feature_versions = [ + sdwan_system_basic_feature.test.version, + sdwan_system_aaa_feature.test.version, + sdwan_system_bfd_feature.test.version, + sdwan_system_global_feature.test.version, + sdwan_system_logging_feature.test.version, + sdwan_system_omp_feature.test.version, + sdwan_transport_wan_vpn_interface_ethernet_feature.test.version, + ] +} + resource "sdwan_application_priority_feature_profile" "test" { name = "APPLICATION_PRIORITY_TF" description = "Terraform test" } +resource "sdwan_application_priority_qos_policy" "test" { + name = "qos" + description = "QoS policy for application priority" + feature_profile_id = sdwan_application_priority_feature_profile.test.id + target_interface_variable = "{{qos_interfaces}}" +} + ` // End of section. //template:end testPrerequisites -// Section below is generated&owned by "gen/generator.go". //template:begin testAccConfigAll func testAccSdwanPolicyGroupConfig_all() string { config := `resource "sdwan_policy_group" "test" {` + "\n" config += ` name = "PG_1"` + "\n" @@ -73,13 +189,21 @@ func testAccSdwanPolicyGroupConfig_all() string { config += ` feature_profile_ids = [sdwan_application_priority_feature_profile.test.id]` + "\n" config += ` devices = [{` + "\n" config += ` id = "C8K-40C0CCFD-9EA8-2B2E-E73B-32C5924EC79B"` + "\n" - config += ` variables = [{` + "\n" - config += ` name = "host_name"` + "\n" - config += ` value = "edge1"` + "\n" - config += ` }]` + "\n" + config += ` deploy = true` + "\n" + config += ` variables = [` + "\n" + config += ` {` + "\n" + config += ` name = "qos_interfaces"` + "\n" + config += ` list_value = [` + "\n" + config += ` "GigabitEthernet1",` + "\n" + config += ` "GigabitEthernet2"` + "\n" + config += ` ]` + "\n" + config += ` },` + "\n" + config += ` ]` + "\n" config += ` }]` + "\n" + config += ` policy_versions = [` + "\n" + config += ` sdwan_application_priority_qos_policy.test.version,` + "\n" + config += ` ]` + "\n" + config += ` depends_on = [ sdwan_configuration_group.test ]` + "\n" config += `}` + "\n" return config } - -// End of section. //template:end testAccConfigAll From 134562fb6a096fc50a5156383512ff53dd3fef0b Mon Sep 17 00:00:00 2001 From: tzarski Date: Wed, 30 Jul 2025 17:10:53 +0200 Subject: [PATCH 09/10] fix policy group read when all variables are empty --- internal/provider/model_sdwan_policy_group.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/provider/model_sdwan_policy_group.go b/internal/provider/model_sdwan_policy_group.go index d2482a7cd..ca2725352 100644 --- a/internal/provider/model_sdwan_policy_group.go +++ b/internal/provider/model_sdwan_policy_group.go @@ -275,6 +275,9 @@ func (data *PolicyGroup) fromBodyPolicyGroupDeviceVariables(ctx context.Context, item.Variables = append(item.Variables, cItem) return true }) + if len(item.Variables) == 0 { + item.Variables = nil + } } else { if len(item.Variables) > 0 { item.Variables = []PolicyGroupDevicesVariables{} From bb5eb0460b68e606ee389a60dd89da5010d55824 Mon Sep 17 00:00:00 2001 From: tzarski Date: Fri, 8 Aug 2025 11:59:18 +0200 Subject: [PATCH 10/10] generate --- docs/guides/changelog.md | 20 ++++++++++---------- templates/guides/changelog.md.tmpl | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/docs/guides/changelog.md b/docs/guides/changelog.md index 443da6343..7b5ea5699 100644 --- a/docs/guides/changelog.md +++ b/docs/guides/changelog.md @@ -1,12 +1,12 @@ ---- -subcategory: "Guides" -page_title: "Changelog" -description: |- - Changelog ---- - -# Changelog - +--- +subcategory: "Guides" +page_title: "Changelog" +description: |- + Changelog +--- + +# Changelog + ## 0.6.3 (unreleased) - Add missing options under `unsupported_features` attribute of `sdwan_configuration_group`, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/478) @@ -452,4 +452,4 @@ description: |- ## 0.1.0 (July 23, 2021) - Initial Release - + diff --git a/templates/guides/changelog.md.tmpl b/templates/guides/changelog.md.tmpl index 443da6343..7b5ea5699 100644 --- a/templates/guides/changelog.md.tmpl +++ b/templates/guides/changelog.md.tmpl @@ -1,12 +1,12 @@ ---- -subcategory: "Guides" -page_title: "Changelog" -description: |- - Changelog ---- - -# Changelog - +--- +subcategory: "Guides" +page_title: "Changelog" +description: |- + Changelog +--- + +# Changelog + ## 0.6.3 (unreleased) - Add missing options under `unsupported_features` attribute of `sdwan_configuration_group`, [link](https://github.com/CiscoDevNet/terraform-provider-sdwan/issues/478) @@ -452,4 +452,4 @@ description: |- ## 0.1.0 (July 23, 2021) - Initial Release - +