From 905563d5ef84f839f1d55a7875f47184ee08896f Mon Sep 17 00:00:00 2001
From: Trois-Six <trois.six@free.fr>
Date: Mon, 21 Jun 2021 14:02:21 +0200
Subject: [PATCH] feat: add panorama networking

---
 providers/panos/helpers.go             |  16 +-
 providers/panos/panorama_networking.go | 423 +++++++++++++++----------
 2 files changed, 276 insertions(+), 163 deletions(-)

diff --git a/providers/panos/helpers.go b/providers/panos/helpers.go
index 816574252..e964143e0 100644
--- a/providers/panos/helpers.go
+++ b/providers/panos/helpers.go
@@ -206,8 +206,10 @@ type Import struct {
 }
 
 type Network struct {
-	XMLName   xml.Name  `xml:"network"`
-	Interface Interface `xml:"interface"`
+	XMLName       xml.Name      `xml:"network"`
+	Interface     Interface     `xml:"interface"`
+	VirtualRouter VirtualRouter `xml:"virtual-router"`
+	Vlan          Vlan          `xml:"vlan"`
 }
 
 type Interface struct {
@@ -215,6 +217,16 @@ type Interface struct {
 	Members []string `xml:"member"`
 }
 
+type VirtualRouter struct {
+	XMLName xml.Name `xml:"virtual-router"`
+	Members []string `xml:"member"`
+}
+
+type Vlan struct {
+	XMLName xml.Name `xml:"vlan"`
+	Members []string `xml:"member"`
+}
+
 func contains(s []string, e string) bool {
 	for _, v := range s {
 		if v == e {
diff --git a/providers/panos/panorama_networking.go b/providers/panos/panorama_networking.go
index 6418e450e..d1d357771 100644
--- a/providers/panos/panorama_networking.go
+++ b/providers/panos/panorama_networking.go
@@ -91,33 +91,13 @@ func (g *PanoramaNetworkingGenerator) createResourcesFromList(
 	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createAggregateInterfaceResources(tmpl, ts string) (resources []terraformutils.Resource) {
-	vsysRawFull, err := g.client.(util.XapiClient).Get([]string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"template",
-		util.AsEntryXpath([]string{tmpl}),
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-	}, nil, nil)
-	if err != nil {
-		return resources
-	}
-
-	var resp Response
-	if err = xml.Unmarshal(vsysRawFull, &resp); err != nil {
-		return resources
-	}
-
+func (g *PanoramaNetworkingGenerator) createAggregateInterfaceResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
 	l, err := g.client.(*pango.Panorama).Network.AggregateInterface.GetList(tmpl, ts)
 	if err != nil {
 		return []terraformutils.Resource{}
 	}
 
-	for _, vsys := range resp.Result.Vsys.Entries {
+	for _, vsys := range v.Entries {
 		for _, aggregateInterface := range l {
 			if !contains(vsys.Import.Network.Interface.Members, aggregateInterface) {
 				continue
@@ -162,10 +142,10 @@ func (g *PanoramaNetworkingGenerator) createBFDProfileResources(tmpl, ts string)
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPResource(virtualRouter string) terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPResource(tmpl, ts, virtualRouter string) terraformutils.Resource {
 	return terraformutils.NewSimpleResource(
-		virtualRouter,
-		normalizeResourceName(virtualRouter),
+		tmpl+":"+ts+":"+virtualRouter,
+		normalizeResourceName(tmpl+":"+ts+":"+virtualRouter),
 		"panos_panorama_bgp",
 		"panos",
 		[]string{},
@@ -179,7 +159,7 @@ func (g *PanoramaNetworkingGenerator) createBGPAggregateResources(tmpl, ts, virt
 	}
 
 	for _, bgpAggregate := range l {
-		id := virtualRouter + ":" + bgpAggregate
+		id := tmpl + ":" + ts + ":" + virtualRouter + ":" + bgpAggregate
 		resources = append(resources, terraformutils.NewSimpleResource(
 			id,
 			normalizeResourceName(id),
@@ -188,32 +168,32 @@ func (g *PanoramaNetworkingGenerator) createBGPAggregateResources(tmpl, ts, virt
 			[]string{},
 		))
 
-		resources = append(resources, g.createBGPAggregateAdvertiseFilterResources(virtualRouter, bgpAggregate)...)
-		resources = append(resources, g.createBGPAggregateSuppressFilterResources(virtualRouter, bgpAggregate)...)
+		resources = append(resources, g.createBGPAggregateAdvertiseFilterResources(tmpl, ts, virtualRouter, bgpAggregate)...)
+		resources = append(resources, g.createBGPAggregateSuppressFilterResources(tmpl, ts, virtualRouter, bgpAggregate)...)
 	}
 
 	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPAggregateAdvertiseFilterResources(virtualRouter, bgpAggregate string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPAggregateAdvertiseFilterResources(tmpl, ts, virtualRouter, bgpAggregate string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpAggAdvertiseFilter, []string{virtualRouter, bgpAggregate}},
-		virtualRouter+":"+bgpAggregate+":", true, "panos_panorama_bgp_aggregate_advertise_filter", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpAggAdvertiseFilter, []string{tmpl, ts, virtualRouter, bgpAggregate}},
+		tmpl+":"+ts+":"+virtualRouter+":"+bgpAggregate+":", true, "panos_panorama_bgp_aggregate_advertise_filter", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPAggregateSuppressFilterResources(virtualRouter, bgpAggregate string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPAggregateSuppressFilterResources(tmpl, ts, virtualRouter, bgpAggregate string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpAggSuppressFilter, []string{virtualRouter, bgpAggregate}},
-		virtualRouter+":"+bgpAggregate+":", true, "panos_panorama_bgp_aggregate_suppress_filter", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpAggSuppressFilter, []string{tmpl, ts, virtualRouter, bgpAggregate}},
+		tmpl+":"+ts+":"+virtualRouter+":"+bgpAggregate+":", true, "panos_panorama_bgp_aggregate_suppress_filter", false, "", "", "", "",
 	)
 }
 
 // The secret argument will contain "(incorrect)", not the real value
-func (g *PanoramaNetworkingGenerator) createBGPAuthProfileResources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPAuthProfileResources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpAuthProfile, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_bgp_auth_profile", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpAuthProfile, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_bgp_auth_profile", false, "", "", "", "",
 	)
 }
 
@@ -224,7 +204,7 @@ func (g *PanoramaNetworkingGenerator) createBGPConditionalAdvertisementResources
 	}
 
 	for _, bgpConditionalAdv := range l {
-		id := virtualRouter + ":" + bgpConditionalAdv
+		id := tmpl + ":" + ts + ":" + virtualRouter + ":" + bgpConditionalAdv
 		resources = append(resources, terraformutils.NewSimpleResource(
 			id,
 			normalizeResourceName(id),
@@ -233,45 +213,45 @@ func (g *PanoramaNetworkingGenerator) createBGPConditionalAdvertisementResources
 			[]string{},
 		))
 
-		resources = append(resources, g.createBGPConditionalAdvertisementAdvertiseFilterResources(virtualRouter, bgpConditionalAdv)...)
-		resources = append(resources, g.createBGPConditionalAdvertisementNonExistFilterResources(virtualRouter, bgpConditionalAdv)...)
+		resources = append(resources, g.createBGPConditionalAdvertisementAdvertiseFilterResources(tmpl, ts, virtualRouter, bgpConditionalAdv)...)
+		resources = append(resources, g.createBGPConditionalAdvertisementNonExistFilterResources(tmpl, ts, virtualRouter, bgpConditionalAdv)...)
 	}
 
 	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPConditionalAdvertisementAdvertiseFilterResources(virtualRouter, bgpConditionalAdv string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPConditionalAdvertisementAdvertiseFilterResources(tmpl, ts, virtualRouter, bgpConditionalAdv string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpConAdvAdvertiseFilter, []string{virtualRouter, bgpConditionalAdv}},
-		virtualRouter+":"+bgpConditionalAdv+":", true, "panos_panorama_bgp_conditional_adv_advertise_filter", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpConAdvAdvertiseFilter, []string{tmpl, ts, virtualRouter, bgpConditionalAdv}},
+		tmpl+":"+ts+":"+virtualRouter+":"+bgpConditionalAdv+":", true, "panos_panorama_bgp_conditional_adv_advertise_filter", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPConditionalAdvertisementNonExistFilterResources(virtualRouter, bgpConditionalAdv string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPConditionalAdvertisementNonExistFilterResources(tmpl, ts, virtualRouter, bgpConditionalAdv string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpConAdvNonExistFilter, []string{virtualRouter, bgpConditionalAdv}},
-		virtualRouter+":"+bgpConditionalAdv+":", true, "panos_panorama_bgp_conditional_adv_non_exist_filter", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpConAdvNonExistFilter, []string{tmpl, ts, virtualRouter, bgpConditionalAdv}},
+		tmpl+":"+ts+":"+virtualRouter+":"+bgpConditionalAdv+":", true, "panos_panorama_bgp_conditional_adv_non_exist_filter", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPDampeningProfileResources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPDampeningProfileResources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpDampeningProfile, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_bgp_dampening_profile", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpDampeningProfile, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_bgp_dampening_profile", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPExportRuleGroupResources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPExportRuleGroupResources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpExport, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_bgp_export_rule_group", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpExport, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_bgp_export_rule_group", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPImportRuleGroupResources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPImportRuleGroupResources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpImport, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_bgp_import_rule_group", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpImport, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_bgp_import_rule_group", false, "", "", "", "",
 	)
 }
 
@@ -282,7 +262,7 @@ func (g *PanoramaNetworkingGenerator) createBGPPeerGroupResources(tmpl, ts, virt
 	}
 
 	for _, bgpPeerGroup := range l {
-		id := virtualRouter + ":" + bgpPeerGroup
+		id := tmpl + ":" + ts + ":" + virtualRouter + ":" + bgpPeerGroup
 		resources = append(resources, terraformutils.NewSimpleResource(
 			id,
 			normalizeResourceName(id),
@@ -291,53 +271,33 @@ func (g *PanoramaNetworkingGenerator) createBGPPeerGroupResources(tmpl, ts, virt
 			[]string{},
 		))
 
-		resources = append(resources, g.createBGPPeerResources(virtualRouter, bgpPeerGroup)...)
+		resources = append(resources, g.createBGPPeerResources(tmpl, ts, virtualRouter, bgpPeerGroup)...)
 	}
 
 	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPPeerResources(virtualRouter, bgpPeerGroup string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPPeerResources(tmpl, ts, virtualRouter, bgpPeerGroup string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpPeer, []string{virtualRouter, bgpPeerGroup}},
-		virtualRouter+":"+bgpPeerGroup+":", true, "panos_panorama_bgp_peer", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpPeer, []string{tmpl, ts, virtualRouter, bgpPeerGroup}},
+		tmpl+":"+ts+":"+virtualRouter+":"+bgpPeerGroup+":", true, "panos_panorama_bgp_peer", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createBGPRedistResources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createBGPRedistResources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.BgpRedistRule, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_bgp_redist_rule", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.BgpRedistRule, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_bgp_redist_rule", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createEthernetInterfaceResources(tmpl, ts string) (resources []terraformutils.Resource) {
-	vsysRawFull, err := g.client.(util.XapiClient).Get([]string{
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"template",
-		util.AsEntryXpath([]string{tmpl}),
-		"config",
-		"devices",
-		util.AsEntryXpath([]string{"localhost.localdomain"}),
-		"vsys",
-	}, nil, nil)
-	if err != nil {
-		return resources
-	}
-
-	var resp Response
-	if err = xml.Unmarshal(vsysRawFull, &resp); err != nil {
-		return resources
-	}
-
+func (g *PanoramaNetworkingGenerator) createEthernetInterfaceResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
 	l, err := g.client.(*pango.Panorama).Network.EthernetInterface.GetList(tmpl, ts)
 	if err != nil {
 		return []terraformutils.Resource{}
 	}
 
-	for _, vsys := range resp.Result.Vsys.Entries {
+	for _, vsys := range v.Entries {
 		for _, ethernetInterface := range l {
 			if !contains(vsys.Import.Network.Interface.Members, ethernetInterface) {
 				continue
@@ -378,7 +338,7 @@ func (g *PanoramaNetworkingGenerator) createEthernetInterfaceResources(tmpl, ts
 func (g *PanoramaNetworkingGenerator) createGRETunnelResources(tmpl, ts string) []terraformutils.Resource {
 	return g.createResourcesFromList(
 		getGeneric{g.client.(*pango.Panorama).Network.GreTunnel, []string{tmpl, ts}},
-		tmpl+"::", false, "panos_panorama_gre_tunnel", false, "", "", "", "",
+		tmpl+":"+ts+":", false, "panos_panorama_gre_tunnel", false, "", "", "", "",
 	)
 }
 
@@ -491,7 +451,7 @@ func (g *PanoramaNetworkingGenerator) createLayer2SubInterfaceResources(tmpl, ts
 	// TO FIX: check disabled!
 	return g.createResourcesFromList(
 		getGeneric{g.client.(*pango.Panorama).Network.Layer2Subinterface, []string{tmpl, ts, interfaceType, parentInterface, parentMode}},
-		tmpl+"::"+interfaceType+":"+parentInterface+":"+parentMode+":"+vsys+":", true, "panos_panorama_layer2_subinterface", false, vsys, util.InterfaceImport, tmpl, ts,
+		tmpl+":"+ts+":"+interfaceType+":"+parentInterface+":"+parentMode+":"+vsys+":", true, "panos_panorama_layer2_subinterface", false, vsys, util.InterfaceImport, tmpl, ts,
 	)
 }
 
@@ -499,15 +459,39 @@ func (g *PanoramaNetworkingGenerator) createLayer3SubInterfaceResources(tmpl, ts
 	// TO FIX: check disabled!
 	return g.createResourcesFromList(
 		getGeneric{g.client.(*pango.Panorama).Network.Layer3Subinterface, []string{tmpl, ts, interfaceType, parentInterface}},
-		tmpl+"::"+interfaceType+":"+parentInterface+":"+vsys+":", true, "panos_panorama_layer3_subinterface", false, vsys, util.InterfaceImport, tmpl, ts,
+		tmpl+":"+ts+":"+interfaceType+":"+parentInterface+":"+vsys+":", true, "panos_panorama_layer3_subinterface", false, vsys, util.InterfaceImport, tmpl, ts,
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createLoopbackInterfaceResources(tmpl, ts, vsys string) []terraformutils.Resource {
-	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.LoopbackInterface, []string{}},
-		vsys+":", false, "panos_panorama_loopback_interface", true, vsys, util.InterfaceImport, tmpl, ts,
-	)
+func (g *PanoramaNetworkingGenerator) createLoopbackInterfaceResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
+	l, err := g.client.(*pango.Panorama).Network.LoopbackInterface.GetList(tmpl, ts)
+	if err != nil {
+		return []terraformutils.Resource{}
+	}
+
+	for _, vsys := range v.Entries {
+		for _, loopbackInterface := range l {
+			if !contains(vsys.Import.Network.Interface.Members, loopbackInterface) {
+				continue
+			}
+
+			rv, err := g.client.(*pango.Panorama).IsImported(util.InterfaceImport, tmpl, ts, vsys.Name, loopbackInterface)
+			if err != nil || !rv {
+				continue
+			}
+
+			id := tmpl + ":" + ts + ":" + vsys.Name + ":" + loopbackInterface
+			resources = append(resources, terraformutils.NewSimpleResource(
+				id,
+				normalizeResourceName(id),
+				"panos_panorama_loopback_interface",
+				"panos",
+				[]string{},
+			))
+		}
+	}
+
+	return resources
 }
 
 func (g *PanoramaNetworkingGenerator) createManagementProfileResources(tmpl, ts string) (resources []terraformutils.Resource) {
@@ -516,10 +500,12 @@ func (g *PanoramaNetworkingGenerator) createManagementProfileResources(tmpl, ts
 		return []terraformutils.Resource{}
 	}
 
+	idPrefix := tmpl + ":" + ts + ":"
 	for _, managementProfile := range l {
+		id := idPrefix + managementProfile
 		resources = append(resources, terraformutils.NewResource(
-			managementProfile,
-			normalizeResourceName(managementProfile),
+			id,
+			normalizeResourceName(id),
 			"panos_panorama_management_profile",
 			"panos",
 			map[string]string{
@@ -533,92 +519,185 @@ func (g *PanoramaNetworkingGenerator) createManagementProfileResources(tmpl, ts
 	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createMonitorProfileResources() []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createMonitorProfileResources(tmpl, ts string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.MonitorProfile, []string{}},
-		"", false, "panos_panorama_monitor_profile", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.MonitorProfile, []string{tmpl, ts}},
+		tmpl+":"+ts+":", true, "panos_panorama_monitor_profile", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createRedistributionProfileResources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createRedistributionProfileResources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.RedistributionProfile, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_redistribution_profile_ipv4", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.RedistributionProfile, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_redistribution_profile_ipv4", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createStaticRouteIpv4Resources(virtualRouter string) []terraformutils.Resource {
+func (g *PanoramaNetworkingGenerator) createStaticRouteIpv4Resources(tmpl, ts, virtualRouter string) []terraformutils.Resource {
 	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.StaticRoute, []string{virtualRouter}},
-		virtualRouter+":", true, "panos_panorama_static_route_ipv4", false, "", "", "", "",
+		getGeneric{g.client.(*pango.Panorama).Network.StaticRoute, []string{tmpl, ts, virtualRouter}},
+		tmpl+":"+ts+":"+virtualRouter+":", true, "panos_panorama_static_route_ipv4", false, "", "", "", "",
 	)
 }
 
-func (g *PanoramaNetworkingGenerator) createTunnelInterfaceResources(vsys string) []terraformutils.Resource {
-	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.TunnelInterface, []string{}},
-		vsys+":", false, "panos_panorama_tunnel_interface", true, vsys, util.InterfaceImport, "", "",
-	)
+func (g *PanoramaNetworkingGenerator) createTunnelInterfaceResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
+	l, err := g.client.(*pango.Panorama).Network.TunnelInterface.GetList(tmpl, ts)
+	if err != nil {
+		return []terraformutils.Resource{}
+	}
+
+	for _, vsys := range v.Entries {
+		for _, tunnelInterface := range l {
+			if !contains(vsys.Import.Network.Interface.Members, tunnelInterface) {
+				continue
+			}
+
+			rv, err := g.client.(*pango.Panorama).IsImported(util.InterfaceImport, tmpl, ts, vsys.Name, tunnelInterface)
+			if err != nil || !rv {
+				continue
+			}
+
+			id := tmpl + ":" + ts + ":" + vsys.Name + ":" + tunnelInterface
+			resources = append(resources, terraformutils.NewSimpleResource(
+				id,
+				normalizeResourceName(id),
+				"panos_panorama_tunnel_interface",
+				"panos",
+				[]string{},
+			))
+		}
+	}
+
+	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createVirtualRouterResources(tmpl, ts, vsys string) (resources []terraformutils.Resource) {
+func (g *PanoramaNetworkingGenerator) createVirtualRouterResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
 	l, err := g.client.(*pango.Panorama).Network.VirtualRouter.GetList(tmpl, ts)
 	if err != nil {
 		return []terraformutils.Resource{}
 	}
 
-	for _, virtualRouter := range l {
-		// TODO: doesn't work!!?
-		// rv, err := g.client.(*pango.Panorama).IsImported(util.VirtualRouterImport, tmpl, ts, vsys, virtualRouter)
-		// if err != nil || !rv {
-		// 	continue
-		// }
+	for _, vsys := range v.Entries {
+		for _, virtualRouter := range l {
+			if !contains(vsys.Import.Network.VirtualRouter.Members, virtualRouter) {
+				continue
+			}
 
-		id := vsys + ":" + virtualRouter
-		resources = append(resources, terraformutils.NewSimpleResource(
-			id,
-			normalizeResourceName(virtualRouter),
-			"panos_panorama_virtual_router",
-			"panos",
-			[]string{},
-		))
+			// TODO: doesn't work!!?
+			// rv, err := g.client.(*pango.Panorama).IsImported(util.InterfaceImport, tmpl, ts, vsys.Name, virtualRouter)
+			// if err != nil || !rv {
+			// 	continue
+			// }
+
+			id := tmpl + ":" + ts + ":" + vsys.Name + ":" + virtualRouter
+			resources = append(resources, terraformutils.NewSimpleResource(
+				id,
+				normalizeResourceName(id),
+				"panos_panorama_virtual_router",
+				"panos",
+				[]string{},
+			))
 
-		resources = append(resources, g.createBGPResource(virtualRouter))
-		// resources = append(resources, g.createBGPAggregateResources(virtualRouter)...)
-		resources = append(resources, g.createBGPAuthProfileResources(virtualRouter)...)
-		// resources = append(resources, g.createBGPConditionalAdvertisementResources(virtualRouter)...)
-		resources = append(resources, g.createBGPDampeningProfileResources(virtualRouter)...)
-		resources = append(resources, g.createBGPExportRuleGroupResources(virtualRouter)...)
-		resources = append(resources, g.createBGPImportRuleGroupResources(virtualRouter)...)
-		// resources = append(resources, g.createBGPPeerGroupResources(virtualRouter)...)
-		resources = append(resources, g.createBGPRedistResources(virtualRouter)...)
-		resources = append(resources, g.createRedistributionProfileResources(virtualRouter)...)
-		resources = append(resources, g.createStaticRouteIpv4Resources(virtualRouter)...)
+			resources = append(resources, g.createBGPResource(tmpl, ts, virtualRouter))
+			resources = append(resources, g.createBGPAggregateResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPAuthProfileResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPConditionalAdvertisementResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPDampeningProfileResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPExportRuleGroupResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPImportRuleGroupResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPPeerGroupResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createBGPRedistResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createRedistributionProfileResources(tmpl, ts, virtualRouter)...)
+			resources = append(resources, g.createStaticRouteIpv4Resources(tmpl, ts, virtualRouter)...)
+		}
 	}
 
 	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createVlanResources(vsys string) []terraformutils.Resource {
-	// TODO: should activate check with util.VlanImport, but doesn't work?
-	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.Vlan, []string{}},
-		vsys+":", false, "panos_panorama_vlan", false, "", "", "", "",
-	)
+// FIX: get VLANs in Vsys = None
+func (g *PanoramaNetworkingGenerator) createVlanResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
+	l, err := g.client.(*pango.Panorama).Network.Vlan.GetList(tmpl, ts)
+	if err != nil {
+		return []terraformutils.Resource{}
+	}
+
+	for _, vsys := range v.Entries {
+		for _, vlan := range l {
+			if !contains(vsys.Import.Network.Vlan.Members, vlan) {
+				continue
+			}
+
+			rv, err := g.client.(*pango.Panorama).IsImported(util.VlanImport, tmpl, ts, vsys.Name, vlan)
+			if err != nil || !rv {
+				continue
+			}
+
+			id := tmpl + ":" + ts + ":" + vsys.Name + ":" + vlan
+			resources = append(resources, terraformutils.NewSimpleResource(
+				id,
+				normalizeResourceName(id),
+				"panos_panorama_vlan",
+				"panos",
+				[]string{},
+			))
+		}
+	}
+
+	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createVlanInterfaceResources(tmpl, ts, vsys string) []terraformutils.Resource {
-	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.VlanInterface, []string{}},
-		vsys+":", false, "panos_panorama_vlan_interface", true, vsys, util.InterfaceImport, tmpl, ts,
-	)
+func (g *PanoramaNetworkingGenerator) createVlanInterfaceResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
+	l, err := g.client.(*pango.Panorama).Network.VlanInterface.GetList(tmpl, ts)
+	if err != nil {
+		return []terraformutils.Resource{}
+	}
+
+	for _, vsys := range v.Entries {
+		for _, vlanInterface := range l {
+			if !contains(vsys.Import.Network.Interface.Members, vlanInterface) {
+				continue
+			}
+
+			rv, err := g.client.(*pango.Panorama).IsImported(util.InterfaceImport, tmpl, ts, vsys.Name, vlanInterface)
+			if err != nil || !rv {
+				continue
+			}
+
+			id := tmpl + ":" + ts + ":" + vsys.Name + ":" + vlanInterface
+			resources = append(resources, terraformutils.NewSimpleResource(
+				id,
+				normalizeResourceName(id),
+				"panos_panorama_vlan_interface",
+				"panos",
+				[]string{},
+			))
+		}
+	}
+
+	return resources
 }
 
-func (g *PanoramaNetworkingGenerator) createZoneResources(vsys string) []terraformutils.Resource {
-	return g.createResourcesFromList(
-		getGeneric{g.client.(*pango.Panorama).Network.Zone, []string{vsys}},
-		vsys+":", false, "panos_panorama_zone", false, vsys, "", "", "",
-	)
+func (g *PanoramaNetworkingGenerator) createZoneResources(tmpl, ts string, v Vsys) (resources []terraformutils.Resource) {
+	for _, vsys := range v.Entries {
+		l, err := g.client.(*pango.Panorama).Network.Zone.GetList(tmpl, ts, vsys.Name)
+		if err != nil {
+			return []terraformutils.Resource{}
+		}
+
+		for _, zone := range l {
+			id := tmpl + ":" + ts + ":" + vsys.Name + ":" + zone
+			resources = append(resources, terraformutils.NewSimpleResource(
+				id,
+				normalizeResourceName(id),
+				"panos_panorama_zone",
+				"panos",
+				[]string{},
+			))
+		}
+	}
+
+	return resources
 }
 
 func (g *PanoramaNetworkingGenerator) InitResources() error {
@@ -636,6 +715,8 @@ func (g *PanoramaNetworkingGenerator) InitResources() error {
 		g.Resources = append(g.Resources, g.createIKECryptoProfileResources("", v)...)
 		g.Resources = append(g.Resources, g.createIKEGatewayResources("", v)...)
 		g.Resources = append(g.Resources, g.createIPSECCryptoProfileResources("", v)...)
+		g.Resources = append(g.Resources, g.createManagementProfileResources("", v)...)
+		g.Resources = append(g.Resources, g.createMonitorProfileResources("", v)...)
 	}
 
 	tmpl, err := g.client.(*pango.Panorama).Panorama.Template.GetList()
@@ -644,22 +725,42 @@ func (g *PanoramaNetworkingGenerator) InitResources() error {
 	}
 
 	for _, v := range tmpl {
-		g.Resources = append(g.Resources, g.createAggregateInterfaceResources(v, "")...)
+		vsysRawFull, err := g.client.(util.XapiClient).Get([]string{
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{"localhost.localdomain"}),
+			"template",
+			util.AsEntryXpath([]string{v}),
+			"config",
+			"devices",
+			util.AsEntryXpath([]string{"localhost.localdomain"}),
+			"vsys",
+		}, nil, nil)
+		if err != nil {
+			return err
+		}
+
+		var resp Response
+		if err = xml.Unmarshal(vsysRawFull, &resp); err != nil {
+			return err
+		}
+
+		g.Resources = append(g.Resources, g.createAggregateInterfaceResources(v, "", resp.Result.Vsys)...)
 		g.Resources = append(g.Resources, g.createBFDProfileResources(v, "")...)
-		g.Resources = append(g.Resources, g.createEthernetInterfaceResources(v, "")...)
+		g.Resources = append(g.Resources, g.createEthernetInterfaceResources(v, "", resp.Result.Vsys)...)
 		g.Resources = append(g.Resources, g.createGRETunnelResources(v, "")...)
 		g.Resources = append(g.Resources, g.createIKECryptoProfileResources(v, "")...)
 		g.Resources = append(g.Resources, g.createIKEGatewayResources(v, "")...)
 		g.Resources = append(g.Resources, g.createIPSECCryptoProfileResources(v, "")...)
 		g.Resources = append(g.Resources, g.createIPSECTunnelResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createLoopbackInterfaceResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createManagementProfileResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createMonitorProfileResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createTunnelInterfaceResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createVirtualRouterResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createVlanResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createVlanInterfaceResources(v, "")...)
-		// g.Resources = append(g.Resources, g.createZoneResources(v, "")...)
+		g.Resources = append(g.Resources, g.createLoopbackInterfaceResources(v, "", resp.Result.Vsys)...)
+		g.Resources = append(g.Resources, g.createManagementProfileResources(v, "")...)
+		g.Resources = append(g.Resources, g.createMonitorProfileResources(v, "")...)
+		g.Resources = append(g.Resources, g.createTunnelInterfaceResources(v, "", resp.Result.Vsys)...)
+		g.Resources = append(g.Resources, g.createVirtualRouterResources(v, "", resp.Result.Vsys)...)
+		g.Resources = append(g.Resources, g.createVlanResources(v, "", resp.Result.Vsys)...)
+		g.Resources = append(g.Resources, g.createVlanInterfaceResources(v, "", resp.Result.Vsys)...)
+		g.Resources = append(g.Resources, g.createZoneResources(v, "", resp.Result.Vsys)...)
 	}
 
 	return nil