Expose DHCP guard network properties

paultyng · Jun 12, 2023 · 9c8df1a · 9c8df1a
1 parent c7a58f2
commit 9c8df1a
Show file tree

Hide file tree

Showing 2 changed files with 78 additions and 0 deletions.
diff --git a/internal/provider/resource_network.go b/internal/provider/resource_network.go
@@ -135,6 +135,20 @@ func resourceNetwork() *schema.Resource {
 					),
 				},
 			},
+			"dhcp_guard": {
+				Description: "Specifies the IPv4 addresses of trusted DHCP servers. Leave blank to disable this feature.",
+				Type:        schema.TypeList,
+				Optional:    true,
+				MaxItems:    3,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+					ValidateFunc: validation.All(
+						validation.IsIPv4Address,
+						// this doesn't let blank through
+						validation.StringLenBetween(1, 50),
+					),
+				},
+			},
 			"dhcpd_boot_enabled": {
 				Description: "Toggles on the DHCP boot options. Should be set to true when you want to have dhcpd_boot_filename, and dhcpd_boot_server to take effect.",
 				Type:        schema.TypeBool,
@@ -409,6 +423,10 @@ func resourceNetworkGetResourceData(d *schema.ResourceData, meta interface{}) (*
 	if err != nil {
 		return nil, fmt.Errorf("unable to convert dhcp_v6_dns to string slice: %w", err)
 	}
+	dhcpGuard, err := listToStringSlice(d.Get("dhcp_guard").([]interface{}))
+	if err != nil {
+		return nil, fmt.Errorf("unable to convert dhcp_guard to string slice: %w", err)
+	}
 	wanDNS, err := listToStringSlice(d.Get("wan_dns").([]interface{}))
 	if err != nil {
 		return nil, fmt.Errorf("unable to convert wan_dns to string slice: %w", err)
@@ -439,6 +457,12 @@ func resourceNetworkGetResourceData(d *schema.ResourceData, meta interface{}) (*
 		DHCPDDNS3: append(dhcpDNS, "", "", "")[2],
 		DHCPDDNS4: append(dhcpDNS, "", "", "", "")[3],
 
+		DHCPguardEnabled: len(dhcpGuard) > 0,
+		// this is kinda hacky but ¯\_(ツ)_/¯
+		DHCPDIP1: append(dhcpGuard, "")[0],
+		DHCPDIP2: append(dhcpGuard, "", "")[1],
+		DHCPDIP3: append(dhcpGuard, "", "", "")[2],
+
 		VLANEnabled: vlan != 0 && vlan != 1,
 
 		Enabled: true,
@@ -561,6 +585,20 @@ func resourceNetworkSetResourceData(resp *unifi.Network, d *schema.ResourceData,
 		dhcpV6DNS = append(dhcpV6DNS, dns)
 	}
 
+	dhcpGuard := []string{}
+	if resp.DHCPguardEnabled {
+		for _, server := range []string{
+			resp.DHCPDIP1,
+			resp.DHCPDIP2,
+			resp.DHCPDIP3,
+		} {
+			if server == "" {
+				continue
+			}
+			dhcpGuard = append(dhcpGuard, server)
+		}
+	}
+
 	d.Set("site", site)
 	d.Set("name", resp.Name)
 	d.Set("purpose", resp.Purpose)
@@ -570,6 +608,7 @@ func resourceNetworkSetResourceData(resp *unifi.Network, d *schema.ResourceData,
 
 	d.Set("dhcp_dns", dhcpDNS)
 	d.Set("dhcp_enabled", resp.DHCPDEnabled)
+	d.Set("dhcp_guard", dhcpGuard)
 	d.Set("dhcp_lease", dhcpLease)
 	d.Set("dhcp_relay_enabled", resp.DHCPRelayEnabled)
 	d.Set("dhcp_start", resp.DHCPDStart)

diff --git a/internal/provider/resource_network_test.go b/internal/provider/resource_network_test.go
@@ -130,6 +130,32 @@ func TestAccNetwork_dhcp_boot(t *testing.T) {
 	})
 }
 
+func TestAccNetwork_dhcp_guard(t *testing.T) {
+	name := acctest.RandomWithPrefix("tfacc")
+	subnet, vlan := getTestVLAN(t)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { preCheck(t) },
+		ProviderFactories: providerFactories,
+		// TODO: CheckDestroy: ,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkConfigDHCPGuard(name, subnet, vlan, nil),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("unifi_network.test", "dhcp_guard.#", "0"),
+				),
+			},
+			{
+				Config: testAccNetworkConfigDHCPGuard(name, subnet, vlan, []string{"192.168.1.1"}),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("unifi_network.test", "dhcp_guard.0", "192.168.1.1"),
+				),
+			},
+			importStep("unifi_network.test"),
+		},
+	})
+}
+
 func TestAccNetwork_v6(t *testing.T) {
 	name := acctest.RandomWithPrefix("tfacc")
 	subnet1, vlan1 := getTestVLAN(t)
@@ -691,3 +717,16 @@ resource "unifi_network" "test" {
 }
 `, name, subnet, vlan, mdns)
 }
+
+func testAccNetworkConfigDHCPGuard(name string, subnet *net.IPNet, vlan int, dhcpGuard []string) string {
+	return fmt.Sprintf(`
+resource "unifi_network" "test" {
+	name    = "%[1]s"
+	purpose = "corporate"
+	subnet  = "%[2]s"
+	vlan_id = %[3]d
+
+	dhcp_guard = [%[4]s]
+}
+`, name, subnet, vlan, strings.Join(quoteStrings(dhcpGuard), ","))
+}