Merge pull request #94 from CiscoDevNet/develop

VTEP support and bug fixes

README.md

@@ -48,7 +48,9 @@ Initializing provider plugins...
 That's it! You have successfully installed the FMC terraform provider. Head on to examples to see what you can do with them!
 Provider documentation is present [here](https://registry.terraform.io/providers/CiscoDevNet/fmc/latest/docs).
 
-## Note: This new version 0.2.4 uses a different url for access policy get operation than before. It uses "name=xxx" instead of "filter=name:xxx" in its query parameters. Kindly verify the url for your version of access policy get operation before upgrading.
+## 3. Troubleshooting
+
+
 
 ## Tutorials
 

docs/data-sources/device_vtep_policies.md

@@ -0,0 +1,40 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "fmc_device_vtep_policies Data Source - terraform-provider-fmc"
+subcategory: ""
+description: |-
+  Data source for VTEP policy on FMC
+  An example is shown below:
+  hcl
+  data "fmc_device_vtep_policies" "vtep" {
+     device_id = "<device ID>"
+  }
+---
+
+# fmc_device_vtep_policies (Data Source)
+
+Data source for VTEP policy on FMC
+
+An example is shown below: 
+```hcl
+data "fmc_device_vtep_policies" "vtep" {
+   device_id = "<device ID>"
+}
+```
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `device_id` (String) The ID of this VTEP Policies
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+- `nveenable` (Boolean) NveEnable of this VTEP Policies
+- `type` (String) Type of this VTEP Policies
+
+

docs/data-sources/staticIPv4_route.md

@@ -8,6 +8,7 @@ description: |-
   hcl
   data "fmc_staticIPv4_route" "route" {
      device_id = "<device ID>"
+     network_name = "Random-net"
   }
 ---
 
@@ -19,6 +20,7 @@ An example is shown below:
 ```hcl
 data "fmc_staticIPv4_route" "route" {
    device_id = "<device ID>"
+   network_name = "Random-net"
 }
 ```
 

docs/resources/device_vtep.md

@@ -0,0 +1,66 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "fmc_device_vtep Resource - terraform-provider-fmc"
+subcategory: ""
+description: |-
+  Resource for configuring VTEP
+  Example
+  An example is shown below:
+  hcl
+  resource "fmc_device_vtep" "my_fmc_device_vtep" {
+      device_id = data.fmc_devices.device.id
+      nve_enabled = true
+      nve_vtep_id = 1
+      nve_destination_port = 6081
+      nve_encapsulation_type = "GENEVE"
+      source_interface_id = data.fmc_device_physical_interfaces.physical_interface1.id
+  }
+  
+  Note: If creating multiple rules during a single terraform apply, remember to use depends_on to chain the rules so that terraform creates it in the same order that you intended.
+---
+
+# fmc_device_vtep (Resource)
+
+Resource for configuring VTEP
+
+## Example
+An example is shown below: 
+```hcl
+resource "fmc_device_vtep" "my_fmc_device_vtep" {
+    device_id = data.fmc_devices.device.id
+    nve_enabled = true
+    nve_vtep_id = 1
+    nve_destination_port = 6081
+    nve_encapsulation_type = "GENEVE"
+    source_interface_id = data.fmc_device_physical_interfaces.physical_interface1.id
+}
+```
+**Note:** If creating multiple rules during a single `terraform apply`, remember to use `depends_on` to chain the rules so that terraform creates it in the same order that you intended.
+
+
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `device_id` (String) The Device Id of VTEP
+- `nve_destination_port` (Number) NVE Destination port
+- `nve_enabled` (Boolean) NVE Enabled
+- `nve_encapsulation_type` (String) NVE Encapsulation type
+- `nve_vtep_id` (Number) NVE VTEP Id
+- `source_interface_id` (String) Source Interface Id
+
+### Optional
+
+- `neighbor_addr_literal_type` (String) Neighbor Address literal type
+- `neighbor_addr_literal_value` (String) Neighbor Address literal value
+- `neighbor_addr_object_id` (String) Neighbor Address Object ID
+- `neighbor_addr_object_overridable` (Boolean) If Object Overridable
+- `nve_neighbor_discovery_type` (String) NVE Discovery type
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+

docs/resources/devices.md

@@ -7,12 +7,11 @@ description: |-
   Example
   An example is shown below:
   hcl
-  resource "fmc_devicese" "device1" {
+  resource "fmc_devices" "device1" {
       name = "ftd"
       hostname = "<IP ADDR OF HOST>"
       regkey = "<Reg key used in FTD>"
       metric_value = 22
-      type = "Device"
       license_caps = [
           "MALWARE"
       ]
@@ -33,12 +32,11 @@ Resource for adding device in FMC
 ## Example
 An example is shown below: 
 ```hcl
-resource "fmc_devicese" "device1" {
+resource "fmc_devices" "device1" {
     name = "ftd"
     hostname = "<IP ADDR OF HOST>"
     regkey = "<Reg key used in FTD>"
     metric_value = 22
-    type = "Device"
     license_caps = [
 		"MALWARE"
     ]
@@ -53,7 +51,6 @@ resource "fmc_devicese" "device1" {
 
 
 
-
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
@@ -67,19 +64,23 @@ resource "fmc_devicese" "device1" {
 
 - `license_caps` (List of String) License caps for this resource
 - `name` (String) The name of FTD
-- `nat_id` (String) NAT_ID is required if configured in FTD
-- `type` (String) The type of this resource
+- `nat_id` (String) NAT_ID is required, if configured in FTD
+- `performance_tier` (String) Select the desired performace tier
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
+- `type` (String) The type of this resource
 
 <a id="nestedblock--access_policy"></a>
 ### Nested Schema for `access_policy`
 
 Required:
 
 - `id` (String) The ID of this resource
+
+Optional:
+
 - `type` (String) The type of this resource
 
 

examples/fmc_devices/main.tf

@@ -30,11 +30,10 @@ resource "fmc_devices" "device"{
   name = "FTD"
   hostname = "<Device IP>"
   regkey = "cisco"
-  type = "Device"
+  performance_tier = "FTDv30"
   license_caps = [ "MALWARE"]
   access_policy {
       id = data.fmc_access_policies.access_policy.id
-      type = data.fmc_access_policies.access_policy.type
   }
 }
 

examples/fmc_vtep/main.tf

@@ -0,0 +1,69 @@
+terraform {
+  required_providers {
+    fmc = {
+      source = "CiscoDevNet/fmc"
+      # version = "0.1.1"
+    }
+  }
+}
+
+provider "fmc" {
+  fmc_username = var.fmc_username
+  fmc_password = var.fmc_password
+  fmc_host = var.fmc_host
+  fmc_insecure_skip_verify = var.fmc_insecure_skip_verify
+}
+
+data "fmc_devices" "device" {
+    name = "FTD1"
+}
+
+# data "fmc_device_vtep_policies" "fmc_device_vtep" {
+#      device_id = data.fmc_devices.device.id
+# }
+
+# output "fmc_device_vtep" {
+#     value = data.fmc_device_vtep_policies.fmc_device_vtep
+# }
+
+data "fmc_device_physical_interfaces" "zero_physical_interface" {
+    device_id = data.fmc_devices.device.id
+    name = "TenGigabitEthernet0/0"
+}
+resource "fmc_host_objects" "test1" {
+  name        = "test1"
+  value       = "172.16.1.1"
+}
+resource "fmc_host_objects" "test2" {
+  name        = "test2"
+  value       = "172.16.2.1"
+}
+
+resource "fmc_network_group_objects" "TestPrivateGroup" {
+  name = "TestPrivateGroup"
+  description = "Testing groups"
+  objects {
+      id = fmc_host_objects.test1.id
+      type = fmc_host_objects.test1.type
+  }
+  objects {
+      id = fmc_host_objects.test2.id
+      type = fmc_host_objects.test2.type
+  }
+}
+resource "fmc_device_vtep" "my_fmc_device_vtep" {
+    device_id = data.fmc_devices.device.id
+    nve_enabled = true
+
+    nve_vtep_id = 1
+    nve_encapsulation_type = "VXLAN"
+    nve_destination_port = 4789
+    source_interface_id = data.fmc_device_physical_interfaces.zero_physical_interface.id 
+
+    nve_neighbor_discovery_type= "NONE"
+    # neighbor_addr_object_id = fmc_network_group_objects.TestPrivateGroup.id
+    # neighbor_addr_object_overridable = true
+
+    # neighbor_addr_literal_type = "Host"
+    # neighbor_addr_literal_value = "1.1.0.1"
+}

examples/fmc_vtep/terraform.tfvars.example

@@ -0,0 +1,4 @@
+fmc_username = "api"
+fmc_password = "CXsecurity!@34"
+fmc_host = "10.106.107.228"
+fmc_insecure_skip_verify = true

examples/fmc_vtep/var.tf

@@ -0,0 +1,18 @@
+variable "fmc_username" {
+    type = string
+    sensitive = true
+}
+
+variable "fmc_password" {
+    type = string
+    sensitive = true
+}
+
+variable "fmc_host" {
+    type = string
+}
+
+variable "fmc_insecure_skip_verify" {
+    type = bool
+    default = false
+}

fmc/data_source_fmc_device_vtep_policies.go

@@ -0,0 +1,90 @@
+package fmc
+
+import (
+	"context"
+	"log"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func dataSourceFmcVTEPPolicies() *schema.Resource {
+	return &schema.Resource{
+		Description: "Data source for VTEP policy on FMC\n\n" +
+            "An example is shown below: \n" +
+            "```hcl\n" +
+            "data \"fmc_device_vtep_policies\" \"vtep\" {\n" +
+            "   device_id = \"<device ID>\"\n" +
+            "}\n" +
+            "```",
+		ReadContext: dataSourceFmcVTEPPoliciesRead,
+		Schema: map[string]*schema.Schema{
+			"device_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The ID of this VTEP Policies",
+			},
+
+			"type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Type of this VTEP Policies",
+			},
+
+			"nveenable": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "NveEnable of this VTEP Policies",
+			},
+		},
+	}
+}
+
+func dataSourceFmcVTEPPoliciesRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	c := m.(*Client)
+
+	// Warning or errors can be collected in a slice type
+	var diags diag.Diagnostics
+	resp, err := c.GetVTEPPolicies(ctx, d.Get("device_id").(string))
+
+	if err != nil {
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  "unable to get VTEP Policies",
+			Detail:   err.Error(),
+		})
+		return diags
+	}
+
+	log.Printf("VTEP Details ID=%v Type=%v", resp.ID, resp.Type)
+
+	d.SetId(resp.ID)
+
+	if err := d.Set("type", resp.Type); err != nil {
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  "unable to read VTEP Policies",
+			Detail:   err.Error(),
+		})
+		return diags
+	}
+
+	vtepdetails, err := c.GetFmcVTEPDetails(ctx, d.Get("device_id").(string), resp.ID)
+
+	if err != nil {
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  "unable to get VTEP",
+			Detail:   err.Error(),
+		})
+		return diags
+	}
+
+	log.Printf("VTEP Details ID=%s Type=%s NVEEnabled=%v", vtepdetails.ID, vtepdetails.Type, vtepdetails.NveEnable)
+
+	d.SetId(vtepdetails.ID)
+	d.Set("type", vtepdetails.Type)
+	d.Set("nveenable", vtepdetails.NveEnable)
+
+	return diags
+}