init/updateFortiADCTerraform: 1.3.0

Signed-off-by: FTNT-HQCM <hq-devops-admin@fortinet.com>
fortinetdev · Oct 22, 2024 · 14b36b7 · 14b36b7
1 parent 33110a1
commit 14b36b7
Show file tree

Hide file tree

Showing 64 changed files with 11,951 additions and 0 deletions.
diff --git a/adc-sdk/sdkcore/act_func.go b/adc-sdk/sdkcore/act_func.go
@@ -5060,3 +5060,55 @@ func (c *FortiSDKClient) ReadSystemTimeNtp(mkey string, vdom string) (mapTmp map
 	mapTmp, err = read(c, HTTPMethod, path, false, vdom)
 	return
 }
+
+func (c *FortiSDKClient) StandardCreate(params *map[string]interface{}, vdom string, path string) (output map[string]interface{}, err error) {
+	HTTPMethod := "POST"
+	output = make(map[string]interface{})
+
+	err = createUpdate(c, HTTPMethod, path, params, output, vdom)
+	return
+}
+
+func (c *FortiSDKClient) StandardDelete(mkey string, vdom string, path string) (err error) {
+	HTTPMethod := "DELETE"
+
+	err = delete(c, HTTPMethod, path, vdom)
+	return
+}
+
+func (c *FortiSDKClient) StandardUpdate(params *map[string]interface{}, mkey string, vdom string, path string) (output map[string]interface{}, err error) {
+	HTTPMethod := "PUT"
+	output = make(map[string]interface{})
+
+	err = createUpdate(c, HTTPMethod, path, params, output, vdom)
+	return
+}
+
+func (c *FortiSDKClient) StandardRead(mkey string, vdom string, path string) (mapTmp map[string]interface{}, err error) {
+	HTTPMethod := "GET"
+
+	mapTmp, err = read(c, HTTPMethod, path, false, vdom)
+	return
+}
+
+func (c *FortiSDKClient) DeleteGlobalLoadBalanceSetting(mkey string, vdom string) (err error) {
+	return
+}
+
+func (c *FortiSDKClient) UpdateGlobalLoadBalanceSetting(params *map[string]interface{}, mkey string, vdom string) (output map[string]interface{}, err error) {
+	HTTPMethod := "PUT"
+	path := "/api/global_load_balance_setting?vdom=test&mkey=-1"
+	//path += "?mkey=" + escapeURLString(mkey)
+	output = make(map[string]interface{})
+
+	err = createUpdate(c, HTTPMethod, path, params, output, vdom)
+	return
+}
+
+func (c *FortiSDKClient) ReadGlobalLoadBalanceSetting(mkey string, vdom string) (mapTmp map[string]interface{}, err error) {
+	HTTPMethod := "GET"
+	path := "/api/global_load_balance_setting?vdom=test"
+
+	mapTmp, err = read(c, HTTPMethod, path, false, vdom)
+	return
+}
diff --git a/fadc/client.go b/fadc/client.go
@@ -281,3 +281,7 @@ func createFortiOSClient(fClient *FortiClient, c *Config) error {
 
 	return nil
 }
+
+func escapeURLString(v string) string { // doesn't support "<>()"'#"
+	return strings.Replace(url.QueryEscape(v), "+", "%20", -1)
+}
diff --git a/fadc/provider.go b/fadc/provider.go
@@ -563,6 +563,36 @@ func Provider() *schema.Provider {
 			"fortiadc_load_balance_ippool":                                         resourceLoadBalanceIppool(),
 			"fortiadc_system_dns":                                                  resourceSystemDns(),
 			"fortiadc_system_dns_vdom":                                             resourceSystemDnsVdom(),
+			"fortiadc_firewall_policy":                                             resourceFirewallPolicy(),
+			"fortiadc_firewall_policy_child_rule":                                  resourceFirewallPolicyChildRule(),
+			"fortiadc_global_dns_server_address_group":                             resourceGlobalDnsServerAddressGroup(),
+			"fortiadc_global_dns_server_address_group_child_member":                resourceGlobalDnsServerAddressGroupChildMember(),
+			"fortiadc_global_dns_server_general":                                   resourceGlobalDnsServerGeneral(),
+			"fortiadc_global_dns_server_policy":                                    resourceGlobalDnsServerPolicy(),
+			"fortiadc_global_dns_server_remote_dns_server":                         resourceGlobalDnsServerRemoteDnsServer(),
+			"fortiadc_global_dns_server_remote_dns_server_child_member":            resourceGlobalDnsServerRemoteDnsServerChildMember(),
+			"fortiadc_global_dns_server_response_rate_limit":                       resourceGlobalDnsServerResponseRateLimit(),
+			"fortiadc_global_dns_server_zone":                                      resourceGlobalDnsServerZone(),
+			"fortiadc_global_load_balance_data_center":                             resourceGlobalLoadBalanceDataCenter(),
+			"fortiadc_global_load_balance_host":                                    resourceGlobalLoadBalanceHost(),
+			"fortiadc_global_load_balance_host_child_virtual_server_pool_list":     resourceGlobalLoadBalanceHostChildVirtualServerPoolList(),
+			"fortiadc_global_load_balance_servers":                                 resourceGlobalLoadBalanceServers(),
+			"fortiadc_global_load_balance_servers_child_virtual_server_list":       resourceGlobalLoadBalanceServersChildVirtualServerList(),
+			"fortiadc_global_load_balance_setting":                                 resourceGlobalLoadBalanceSetting(),
+			"fortiadc_global_load_balance_virtual_server_pool":                     resourceGlobalLoadBalanceVirtualServerPool(),
+			"fortiadc_global_load_balance_virtual_server_pool_child_member":        resourceGlobalLoadBalanceVirtualServerPoolChildMember(),
+			"fortiadc_security_waf_exception":                                      resourceSecurityWafException(),
+			"fortiadc_security_waf_exception_child_exception_rule":                 resourceSecurityWafExceptionChildExceptionRule(),
+			"fortiadc_security_waf_sig_profile_category_id_list_group":             resourceSecurityWafSigProfileCategoryIdListGroup(),
+			"fortiadc_security_waf_sig_profile_sub_category_id_list_group":         resourceSecurityWafSigProfileSubCategoryIdListGroup(),
+			"fortiadc_security_waf_threshold_based_detection":                      resourceSecurityWafThresholdBasedDetection(),
+			"fortiadc_security_waf_url_protection":                                 resourceSecurityWafUrlProtection(),
+			"fortiadc_security_waf_url_protection_child_file_extension_rule":       resourceSecurityWafUrlProtectionChildFileExtensionRule(),
+			"fortiadc_security_waf_url_protection_child_url_access_rule":           resourceSecurityWafUrlProtectionChildUrlAccessRule(),
+			"fortiadc_security_waf_web_attack_signature":                           resourceSecurityWafWebAttackSignature(),
+			"fortiadc_security_waf_web_attack_signature_child_category":            resourceSecurityWafWebAttackSignatureChildCategory(),
+			"fortiadc_security_waf_web_attack_signature_child_signature":           resourceSecurityWafWebAttackSignatureChildSignature(),
+			"fortiadc_security_waf_web_attack_signature_child_sub_category":        resourceSecurityWafWebAttackSignatureChildSubCategory(),
 		},
 
 		ConfigureFunc: providerConfigure,

diff --git a/fadc/resource_firewall_policy.go b/fadc/resource_firewall_policy.go
@@ -0,0 +1,186 @@
+// Copyright 2024 Fortinet, Inc. All rights reserved.
+// Author: Wayne Chou
+// Description: Configure firewall policy.
+
+package fortiadc
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceFirewallPolicy() *schema.Resource {
+	return &schema.Resource{
+		Read:   resourceFirewallPolicyRead,
+		Update: resourceFirewallPolicyUpdate,
+		Create: resourceFirewallPolicyUpdate,
+		Delete: resourceFirewallPolicyDelete,
+
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		Schema: map[string]*schema.Schema{
+			"default_action": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+				Optional: true,
+			},
+			"deny_log": &schema.Schema{
+				Type:     schema.TypeString,
+				Computed: true,
+				Optional: true,
+			},
+			"vdom": &schema.Schema{
+				Type:     schema.TypeString,
+				Optional: true,
+			},
+		},
+	}
+}
+func resourceFirewallPolicyUpdate(d *schema.ResourceData, m interface{}) error {
+	mkey := d.Id()
+	c := m.(*FortiClient).Client
+	c.Retries = 1
+
+	vdom := ""
+
+	if v, ok := d.GetOk("vdom"); ok {
+		if s, ok := v.(string); ok {
+			vdom = s
+		}
+	}
+
+	obj, err := getObjectFirewallPolicy(d, false, c.Fv)
+	if err != nil {
+		return fmt.Errorf("Error updating FirewallPolicy resource while getting object: %v", err)
+	}
+
+	path := "/api/firewall_policy?mkey=-1"
+	_, err = c.StandardUpdate(obj, mkey, vdom, path)
+	if err != nil {
+		return fmt.Errorf("Error updating FirewallPolicy resource: %v", err)
+	}
+
+	d.SetId("FirewallPolicy")
+	return resourceFirewallPolicyRead(d, m)
+}
+func resourceFirewallPolicyDelete(d *schema.ResourceData, m interface{}) error {
+	mkey := d.Id()
+
+	c := m.(*FortiClient).Client
+	c.Retries = 1
+
+	vdom := ""
+	if v, ok := d.GetOk("vdom"); ok {
+		if s, ok := v.(string); ok {
+			vdom = s
+		}
+	}
+
+	obj, err := getObjectFirewallPolicy(d, true, c.Fv)
+	if err != nil {
+		return fmt.Errorf("Error updating FirewallPolicy resource while getting object: %v", err)
+	}
+
+	path := "/api/firewall_policy?mkey=-1"
+	_, err = c.StandardUpdate(obj, mkey, vdom, path)
+	if err != nil {
+		return fmt.Errorf("Error clearing FirewallPolicy resource: %v", err)
+	}
+
+	d.SetId("")
+
+	return nil
+}
+func resourceFirewallPolicyRead(d *schema.ResourceData, m interface{}) error {
+	mkey := d.Id()
+
+	c := m.(*FortiClient).Client
+	c.Retries = 1
+
+	vdom := ""
+
+	if v, ok := d.GetOk("vdom"); ok {
+		if s, ok := v.(string); ok {
+			vdom = s
+		}
+	}
+
+	path := "/api/firewall_policy"
+	o, err := c.StandardRead(mkey, vdom, path)
+	if err != nil {
+		return fmt.Errorf("Error reading FirewallPolicy resource: %v", err)
+	}
+
+	if o == nil {
+		log.Printf("[WARN] resource (%s) not found, removing from state", d.Id())
+		d.SetId("")
+		return nil
+	}
+
+	err = refreshObjectFirewallPolicy(d, o, c.Fv)
+	if err != nil {
+		return fmt.Errorf("Error reading FirewallPolicy resource from API: %v", err)
+	}
+	return nil
+}
+
+func flattenFirewallPolicy(v interface{}, d *schema.ResourceData, pre string, sv string) interface{} {
+	return v
+}
+
+func refreshObjectFirewallPolicy(d *schema.ResourceData, o map[string]interface{}, sv string) error {
+	var err error
+
+	if err = d.Set("default_action", flattenFirewallPolicy(o["default-action"], d, "default_action", sv)); err != nil {
+		if !fortiAPIPatch(o["default-action"]) {
+			return fmt.Errorf("Error reading default_action: %v", err)
+		}
+	}
+	if err = d.Set("deny_log", flattenFirewallPolicy(o["deny-log"], d, "deny_log", sv)); err != nil {
+		if !fortiAPIPatch(o["deny-log"]) {
+			return fmt.Errorf("Error reading deny_log: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func expandFirewallPolicy(d *schema.ResourceData, v interface{}, pre string, sv string) (interface{}, error) {
+	return v, nil
+}
+
+func getObjectFirewallPolicy(d *schema.ResourceData, setArgNil bool, sv string) (*map[string]interface{}, error) {
+	obj := make(map[string]interface{})
+
+	if v, ok := d.GetOk("default_action"); ok {
+		if setArgNil {
+			obj["default-action"] = nil
+		} else {
+			t, err := expandFirewallPolicy(d, v, "default_action", sv)
+			if err != nil {
+				return &obj, err
+			} else if t != nil {
+				obj["default-action"] = t
+			}
+		}
+	}
+
+	if v, ok := d.GetOk("deny_log"); ok {
+		if setArgNil {
+			obj["deny-log"] = nil
+		} else {
+			t, err := expandFirewallPolicy(d, v, "deny_log", sv)
+			if err != nil {
+				return &obj, err
+			} else if t != nil {
+				obj["deny-log"] = t
+			}
+		}
+	}
+
+	return &obj, nil
+}