Merge pull request #133 from CiscoDevNet/develop

Develop
CiscoDevNet · Oct 19, 2023 · f53b373 · f53b373
2 parents 202e4ba + 5cf2991
commit f53b373
Show file tree

Hide file tree

Showing 7 changed files with 134 additions and 37 deletions.
diff --git a/docs/data-sources/network_group_objects.md b/docs/data-sources/network_group_objects.md
@@ -33,6 +33,7 @@ data "fmc_network_group_objects" "test" {
 
 ### Read-Only
 
-- `id` (String) The ID of this resource.
+- `id` (String) The id of the network group object
+- `type` (String) The type of the network group object
 
 
diff --git a/docs/resources/extended_acl.md b/docs/resources/extended_acl.md
@@ -11,8 +11,8 @@ description: |-
       name = "ACL-1"
       action = "DENY"
       log_level = "ERROR"
-       logging = "PER_ACCESS_LIST_ENTRY"
-       log_interval= 545
+      logging = "PER_ACCESS_LIST_ENTRY"
+      log_interval= 545
   }
 ---
 
@@ -27,8 +27,8 @@ resource "fmc_extended_acl" "acl1" {
     name = "ACL-1"
     action = "DENY"
     log_level = "ERROR"
-     logging = "PER_ACCESS_LIST_ENTRY"
-     log_interval= 545
+    logging = "PER_ACCESS_LIST_ENTRY"
+    log_interval= 545
 }
 ```
 
@@ -50,6 +50,9 @@ resource "fmc_extended_acl" "acl1" {
 - `destination_network_literal_type` (String) Destination Network Literal Type
 - `destination_network_literal_value` (String) Destination Network Literal Value
 - `destination_network_object_id` (String) Destination Network Object ID
+- `destination_port_literal_port` (String) Destination Port Literal Port
+- `destination_port_literal_protocol` (String) Destination Port Literal Protocol
+- `destination_port_object_id` (String) Destination Port Object ID
 - `source_network_literal_type` (String) Source Network Literal Type
 - `source_network_literal_value` (String) Source Network Literal Value
 - `source_network_object_id` (String) Source Network Object ID

diff --git a/examples/fmc_extended_acl/main.tf b/examples/fmc_extended_acl/main.tf
@@ -8,43 +8,48 @@ terraform {
 }
 
 provider "fmc" {
-  fmc_username = var.fmc_username
-  fmc_password = var.fmc_password
-  fmc_host = var.fmc_host
+  fmc_username             = var.fmc_username
+  fmc_password             = var.fmc_password
+  fmc_host                 = var.fmc_host
   fmc_insecure_skip_verify = var.fmc_insecure_skip_verify
 }
 
 data "fmc_extended_acl" "test" {
-    name = "test-extended-acl"
+  name = "test-extended-acl"
 }
 
-data "fmc_host_objects" "test"{
-  name="test-object"
+data "fmc_host_objects" "test" {
+  name = "test-object"
 }
 
-data "fmc_port_objects" "test"{
-  name="HTTP"
+data "fmc_port_objects" "test" {
+  name = "HTTP"
 }
 
 resource "fmc_extended_acl" "new_acl" {
-  name = "new_acl_test"
-  action = "DENY"//"PERMIT"//
-  log_level = "ERROR"//"INFORMATIONAL"
-  logging="PER_ACCESS_LIST_ENTRY"
-  log_interval=545
-  source_port_object_id = data.fmc_port_objects.test.id
-  source_port_literal_port="12311"
-  source_port_literal_protocol="6"
-
-  source_network_object_id = data.fmc_host_objects.test.id
-  source_network_literal_type="Host"
-  source_network_literal_value="172.16.1.2"
-
-  destination_network_object_id = data.fmc_host_objects.test.id
-  destination_network_literal_type="Host"
-  destination_network_literal_value="172.16.1.2"
+  name         = "new_acl_test"
+  action       = "DENY"  //"PERMIT"//
+  log_level    = "ERROR" //"INFORMATIONAL"
+  logging      = "PER_ACCESS_LIST_ENTRY"
+  log_interval = 545
+
+  source_port_object_id        = data.fmc_port_objects.test.id
+  source_port_literal_port     = "12311"
+  source_port_literal_protocol = "6"
+
+  destination_port_object_id        = data.fmc_port_objects.test.id
+  destination_port_literal_port     = "12311"
+  destination_port_literal_protocol = "6"
+
+  source_network_object_id     = data.fmc_host_objects.test.id
+  source_network_literal_type  = "Host"
+  source_network_literal_value = "172.16.1.2"
+
+  destination_network_object_id     = data.fmc_host_objects.test.id
+  destination_network_literal_type  = "Host"
+  destination_network_literal_value = "172.16.1.2"
 }
 
 output "existing_acl" {
-    value = data.fmc_extended_acl.test
+  value = data.fmc_extended_acl.test
 }
diff --git a/fmc/data_source_fmc_network_group_objects.go b/fmc/data_source_fmc_network_group_objects.go
@@ -24,6 +24,18 @@ func dataSourceFmcNetworkGroupObjects() *schema.Resource {
 				Required:    true,
 				Description: "Name of the network group object",
 			},
+
+			"id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The id of the network group object",
+			},	
+
+			"type": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The type of the network group object",
+			},			
 		},
 	}
 }
@@ -55,5 +67,14 @@ func dataSourceNetworkGroupObjectsRead(ctx context.Context, d *schema.ResourceDa
 		return diags
 	}
 
+	if err := d.Set("type", ifc.Type); err != nil {
+		diags = append(diags, diag.Diagnostic{
+			Severity: diag.Error,
+			Summary:  "unable to read network group object",
+			Detail:   err.Error(),
+		})
+		return diags
+	}
+
 	return diags
 }
diff --git a/fmc/fmc_extended_acl.go b/fmc/fmc_extended_acl.go
@@ -32,6 +32,7 @@ type Entries_data struct {
 	Logging             string     `json:"logging"`
 	LogInterval         int        `json:"logInterval"`
 	SourcePorts         Data_Ports `json:"sourcePorts"`
+	DestinationPorts    Data_Ports `json:"destinationPorts"`
 	SourceNetworks      Data_Nw    `json:"sourceNetworks"`
 	DestinationNetworks Data_Nw    `json:"destinationNetworks"`
 }

diff --git a/fmc/resource_fmc_extended_acl.go b/fmc/resource_fmc_extended_acl.go
@@ -18,8 +18,8 @@ func resourceFmcExtendedAcl() *schema.Resource {
 			"    name = \"ACL-1\"\n" +
 			"    action = \"DENY\"\n" +
 			"    log_level = \"ERROR\"\n" +
-			"     logging = \"PER_ACCESS_LIST_ENTRY\"\n" +
-			"     log_interval= 545\n" +
+			"    logging = \"PER_ACCESS_LIST_ENTRY\"\n" +
+			"    log_interval= 545\n" +
 			"}\n" +
 			"```\n",
 		CreateContext: resourceFmcExtendedAclCreate,
@@ -62,6 +62,11 @@ func resourceFmcExtendedAcl() *schema.Resource {
 				Optional:    true,
 				Description: "Source Port Object ID",
 			},
+			"destination_port_object_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Destination Port Object ID",
+			},
 			"source_network_object_id": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -72,7 +77,6 @@ func resourceFmcExtendedAcl() *schema.Resource {
 				Optional:    true,
 				Description: "Destination Network Object ID",
 			},
-
 			"source_port_literal_port": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -83,6 +87,16 @@ func resourceFmcExtendedAcl() *schema.Resource {
 				Optional:    true,
 				Description: "Source Port Literal Protocol",
 			},
+			"destination_port_literal_port": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Destination Port Literal Port",
+			},
+			"destination_port_literal_protocol": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Destination Port Literal Protocol",
+			},
 			"source_network_literal_type": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -93,7 +107,6 @@ func resourceFmcExtendedAcl() *schema.Resource {
 				Optional:    true,
 				Description: "Source Network Literal Value",
 			},
-
 			"destination_network_literal_type": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -126,6 +139,15 @@ func resourceFmcExtendedAclCreate(ctx context.Context, d *schema.ResourceData, m
 		})
 	}
 
+	//Destination port object
+	DestinationPort_objectID := d.Get("destination_port_object_id").(string)
+	var DestinationPort_Object_input []Object_data
+	if len(DestinationPort_objectID) > 0 {
+		DestinationPort_Object_input = append(DestinationPort_Object_input, Object_data{
+			ID: DestinationPort_objectID,
+		})
+	}
+
 	//Source port Literal
 	SourcePort_lit_Port := d.Get("source_port_literal_port").(string)
 	SourcePort_lit_Protocol := d.Get("source_port_literal_protocol").(string)
@@ -139,6 +161,19 @@ func resourceFmcExtendedAclCreate(ctx context.Context, d *schema.ResourceData, m
 		})
 	}
 
+	//Destination port Literal
+	DestinationPort_lit_Port := d.Get("destination_port_literal_port").(string)
+	DestinationPort_lit_Protocol := d.Get("destination_port_literal_protocol").(string)
+
+	var DestinationPort_Lit_input []Literals_Port_data
+	if len(DestinationPort_lit_Port) > 0 && len(DestinationPort_lit_Protocol) > 0 {
+		DestinationPort_Lit_input = append(DestinationPort_Lit_input, Literals_Port_data{
+			Type:     "PortLiteral",
+			Port:     DestinationPort_lit_Port,
+			Protocol: DestinationPort_lit_Protocol,
+		})
+	}
+
 	//Source Network Object
 	SourceNw_objectID := d.Get("source_network_object_id").(string)
 	var SourceNw_Object_input []Object_data
@@ -192,6 +227,10 @@ func resourceFmcExtendedAclCreate(ctx context.Context, d *schema.ResourceData, m
 					Objects:  SourcePort_Object_input,
 					Literals: SourcePort_Lit_input,
 				},
+				DestinationPorts: Data_Ports{
+					Objects:  DestinationPort_Object_input,
+					Literals: DestinationPort_Lit_input,
+				},
 				SourceNetworks: Data_Nw{
 					Objects:  SourceNw_Object_input,
 					Literals: SourceNw_Lit_input,
@@ -266,6 +305,15 @@ func resourceFmcExtendedAclUpdate(ctx context.Context, d *schema.ResourceData, m
 		})
 	}
 
+	//Destination port object
+	DestinationPort_objectID := d.Get("destination_port_object_id").(string)
+	var DestinationPort_Object_input []Object_data
+	if len(DestinationPort_objectID) > 0 {
+		DestinationPort_Object_input = append(DestinationPort_Object_input, Object_data{
+			ID: DestinationPort_objectID,
+		})
+	}
+
 	//Source port Literal
 	SourcePort_lit_Port := d.Get("source_port_literal_port").(string)
 	SourcePort_lit_Protocol := d.Get("source_port_literal_protocol").(string)
@@ -279,6 +327,19 @@ func resourceFmcExtendedAclUpdate(ctx context.Context, d *schema.ResourceData, m
 		})
 	}
 
+	//Destination port Literal
+	DestinationPort_lit_Port := d.Get("destination_port_literal_port").(string)
+	DestinationPort_lit_Protocol := d.Get("destination_port_literal_protocol").(string)
+
+	var DestinationPort_Lit_input []Literals_Port_data
+	if len(DestinationPort_lit_Port) > 0 && len(DestinationPort_lit_Protocol) > 0 {
+		DestinationPort_Lit_input = append(DestinationPort_Lit_input, Literals_Port_data{
+			Type:     "PortLiteral",
+			Port:     DestinationPort_lit_Port,
+			Protocol: DestinationPort_lit_Protocol,
+		})
+	}
+
 	//Source Network Object
 	SourceNw_objectID := d.Get("source_network_object_id").(string)
 	var SourceNw_Object_input []Object_data
@@ -318,7 +379,7 @@ func resourceFmcExtendedAclUpdate(ctx context.Context, d *schema.ResourceData, m
 			Value: DestinationNw_litValue,
 		})
 	}
-	if d.HasChanges("name", "action", "log_level", "logging", "log_interval", "source_port_object_id", "source_network_object_id", "destination_network_object_id", "source_port_literal_port", "source_port_literal_protocol", "source_network_literal_type", "source_network_literal_value", "destination_network_literal_type", "destination_network_literal_value") {
+	if d.HasChanges("name", "action", "log_level", "logging", "log_interval", "source_port_object_id", "destination_port_object_id", "source_network_object_id", "destination_network_object_id", "source_port_literal_port", "source_port_literal_protocol", "destination_port_literal_port", "destination_port_literal_protocol", "source_network_literal_type", "source_network_literal_value", "destination_network_literal_type", "destination_network_literal_value") {
 		res, err := c.UpdateFmcExtendedAcl(ctx, d.Id(), &ExtendedAcl{
 			ID:   d.Id(),
 			Name: d.Get("name").(string),
@@ -333,6 +394,10 @@ func resourceFmcExtendedAclUpdate(ctx context.Context, d *schema.ResourceData, m
 						Objects:  SourcePort_Object_input,
 						Literals: SourcePort_Lit_input,
 					},
+					DestinationPorts: Data_Ports{
+						Objects:  DestinationPort_Object_input,
+						Literals: DestinationPort_Lit_input,
+					},
 					SourceNetworks: Data_Nw{
 						Objects:  SourceNw_Object_input,
 						Literals: SourceNw_Lit_input,

diff --git a/fmc/resource_fmc_extended_acl_test.go b/fmc/resource_fmc_extended_acl_test.go
@@ -70,11 +70,12 @@ func testAccCheckFmcExtendedAclConfigBasic(hostObjectName, hostObjectValue strin
 		source_port_object_id = data.fmc_port_objects.test.id
 		source_port_literal_port="12311"
 		source_port_literal_protocol="6"
-	  
+		destination_port_object_id = data.fmc_port_objects.test.id
+		destination_port_literal_port="12311"
+		destination_port_literal_protocol="6"
 		source_network_object_id = fmc_host_objects.test.id
 		source_network_literal_type="Host"
 		source_network_literal_value="172.16.1.2"
-	  
 		destination_network_object_id = fmc_host_objects.test.id
 		destination_network_literal_type="Host"
 		destination_network_literal_value="172.16.1.2"