WIP

appgate · Apr 17, 2024 · e1d607e · e1d607e
1 parent 55969ee
commit e1d607e
Show file tree

Hide file tree

Showing 53 changed files with 783 additions and 1,138 deletions.
diff --git a/appgate/config.go b/appgate/config.go
@@ -15,7 +15,7 @@ import (
 	"sync"
 	"time"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 	"github.com/cenkalti/backoff/v4"
 	"github.com/hashicorp/go-version"
 	"golang.org/x/net/http/httpproxy"
@@ -185,6 +185,8 @@ func guessVersion(clientVersion int) (*version.Version, error) {
 		return version.NewVersion("6.1.0+estimated")
 	case Version19:
 		return version.NewVersion("6.2.0+estimated")
+	case Version20:
+		return version.NewVersion("6.3.0+estimated")
 	}
 	return nil, fmt.Errorf("could not determine appliance version with client version %d", clientVersion)
 }
@@ -283,13 +285,9 @@ func (c *Client) login(ctx context.Context) (*openapi.LoginResponse, error) {
 	err := backoff.Retry(func() error {
 		login, response, err := c.API.LoginApi.LoginPost(ctx).LoginRequest(loginOpts).Execute()
 		if response == nil {
-			if err != nil {
-				if err, ok := err.(*url.Error); ok {
-					if err, ok := err.Unwrap().(x509.UnknownAuthorityError); ok {
-						return &backoff.PermanentError{
-							Err: fmt.Errorf("Import certificate or toggle APPGATE_INSECURE - %s", err),
-						}
-					}
+			if err != nil && errors.As(err, &x509.UnknownAuthorityError{}) {
+				return &backoff.PermanentError{
+					Err: fmt.Errorf("Import certificate or toggle APPGATE_INSECURE - %s", err),
 				}
 			}
 			log.Printf("[DEBUG] Login failed, No response %s", err)

diff --git a/appgate/config_test.go b/appgate/config_test.go
@@ -11,7 +11,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 	"github.com/google/uuid"
 	"github.com/hashicorp/go-version"
 )

diff --git a/appgate/data_source_appgate_appliance_seed.go b/appgate/data_source_appgate_appliance_seed.go
@@ -8,7 +8,7 @@ import (
 	"log"
 	"net/http"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -112,10 +112,6 @@ func dataSourceAppgateApplianceSeedRead(d *schema.ResourceData, meta interface{}
 		sshConfig.ProvideCloudSSHKey = openapi.PtrBool(cloudKey.(bool))
 		d.Set("provide_cloud_ssh_key", true)
 	}
-	if _, lvOk := d.GetOk("latest_version"); lvOk {
-		exportRequest = exportRequest.LatestVersion(true)
-		d.Set("latest_version", true)
-	}
 	exportRequest = exportRequest.SSHConfig(*sshConfig)
 	seedmap, _, err := exportRequest.Authorization(token).Execute()
 	if err != nil {

diff --git a/appgate/data_source_appgate_appliance_seed_test.go b/appgate/data_source_appgate_appliance_seed_test.go
@@ -22,7 +22,6 @@ func TestAccAppgateApplianceSeedDataSource(t *testing.T) {
 				},
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttrPair(dataSourceName, "appliance_id", resourceName, "id"),
-					resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "latest_version"),
 					resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "password"),
 					resource.TestCheckResourceAttrSet("data.appgatesdp_appliance_seed.test_gateway_seed_file", "seed_file"),
 				),

diff --git a/appgate/data_source_appgate_certificate_authority.go b/appgate/data_source_appgate_certificate_authority.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"log"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )

diff --git a/appgate/data_source_appgate_global_settings.go b/appgate/data_source_appgate_global_settings.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
@@ -53,11 +53,6 @@ func dataSourceGlobalSettings() *schema.Resource {
 				Deprecated: "Whether there is a backup passphrase set or not. Deprecated as of 5.0. Use backupApiEnabled instead.",
 				Computed:   true,
 			},
-			"fips": {
-				Type:        schema.TypeBool,
-				Description: "FIPS 140-2 Compliant Tunneling.",
-				Computed:    true,
-			},
 			"geo_ip_updates": {
 				Type:        schema.TypeBool,
 				Description: "Whether the automatic GeoIp updates are enabled or not.",
@@ -102,7 +97,6 @@ func dataSourceAppgateGlobalSettingsRead(d *schema.ResourceData, meta interface{
 	d.Set("login_banner_message", settings.GetLoginBannerMessage())
 	d.Set("message_of_the_day", settings.GetMessageOfTheDay())
 	d.Set("backup_api_enabled", settings.GetBackupApiEnabled())
-	d.Set("fips", settings.GetFips())
 	d.Set("geo_ip_updates", settings.GetGeoIpUpdates())
 	d.Set("audit_log_persistence_mode", settings.GetAuditLogPersistenceMode())
 	d.Set("app_discovery_domains", settings.GetAppDiscoveryDomains())

diff --git a/appgate/data_source_appgate_global_settings_test.go b/appgate/data_source_appgate_global_settings_test.go
@@ -21,7 +21,6 @@ func TestAccAppgateGlobalSettingsDataSource(t *testing.T) {
 
 					resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "backup_api_enabled"),
 
-					resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "fips"),
 					resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "geo_ip_updates"),
 					resource.TestCheckResourceAttrSet("data.appgatesdp_global_settings.test", "audit_log_persistence_mode"),
 

diff --git a/appgate/data_source_appgate_identity_provider.go b/appgate/data_source_appgate_identity_provider.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )

diff --git a/appgate/find_resource_by_name.go b/appgate/find_resource_by_name.go
diff --git a/appgate/identity_provider.go b/appgate/identity_provider.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"log"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 	"github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode"
 
 	"github.com/hashicorp/go-version"
@@ -453,7 +453,7 @@ func readProviderFromConfig(d *schema.ResourceData, provider openapi.Configurabl
 	}
 
 	if v, ok := d.GetOk("on_boarding_two_factor"); ok {
-		onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}), currentVersion)
+		onboarding, err := readOnBoardingTwoFactorFromConfig(v.([]interface{}))
 		if err != nil {
 			return &provider, err
 		}
@@ -511,7 +511,7 @@ func readProviderFromConfig(d *schema.ResourceData, provider openapi.Configurabl
 	return &provider, nil
 }
 
-func readOnBoardingTwoFactorFromConfig(input []interface{}, currentVersion *version.Version) (openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA, error) {
+func readOnBoardingTwoFactorFromConfig(input []interface{}) (openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA, error) {
 	onboarding := openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA{}
 	for _, r := range input {
 		raw := r.(map[string]interface{})
@@ -521,24 +521,6 @@ func readOnBoardingTwoFactorFromConfig(input []interface{}, currentVersion *vers
 		if v, ok := raw["message"]; ok {
 			onboarding.SetMessage(v.(string))
 		}
-		if v, ok := raw["device_limit_per_user"]; ok {
-			val := int32(v.(int))
-			log.Printf("[DEBUG] on_boarding_two_factor.device_limit_per_user only available in version 5.4 or less got %v - %v", val, currentVersion.LessThan(Appliance55Version))
-			if currentVersion.LessThan(Appliance55Version) && val > 0 {
-				onboarding.SetDeviceLimitPerUser(val)
-			} else if val > 0 {
-				// device_limit_per_user is not allowed in 5.5
-				return onboarding, fmt.Errorf(
-					"on_boarding_two_factor.device_limit_per_user is deprecated in %s. Use root level field instead. Got %d",
-					currentVersion.String(),
-					val,
-				)
-			} else {
-				// else omit devicelmit per user from the request.
-				log.Printf("[DEBUG] on_boarding_two_factor.device_limit_per_user is not allowed on %s, omitted it from request, use root level instead", currentVersion.String())
-				onboarding.DeviceLimitPerUser = nil
-			}
-		}
 
 		if v, ok := raw["claim_suffix"]; ok {
 			onboarding.SetClaimSuffix(v.(string))
@@ -667,20 +649,14 @@ func flattenIdentityProviderOnDemandClaimsMappning(claims []openapi.OnDemandClai
 	return schema.NewSet(resourceIdentityProviderOnDemandClaimMappingsHash, out)
 }
 
-func flattenIdentityProviderOnboarding2fa(input openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA, currentVersion *version.Version) []interface{} {
+func flattenIdentityProviderOnboarding2fa(input openapi.ConfigurableIdentityProviderAllOfOnBoarding2FA) []interface{} {
 	o := make(map[string]interface{})
 	if v, ok := input.GetMfaProviderIdOk(); ok {
 		o["mfa_provider_id"] = v
 	}
 	if v, ok := input.GetMessageOk(); ok {
 		o["message"] = v
 	}
-	// we will only save device_limit_per_user in the statefile if the currentversion still supports it.
-	if currentVersion.LessThan(Appliance55Version) {
-		if v, ok := input.GetDeviceLimitPerUserOk(); ok {
-			o["device_limit_per_user"] = int(*v)
-		}
-	}
 	if v, ok := input.GetClaimSuffixOk(); ok {
 		o["claim_suffix"] = v
 	}

diff --git a/appgate/provider.go b/appgate/provider.go
@@ -27,10 +27,11 @@ const (
 	Version17 int = 17
 	Version18 int = 18
 	Version19 int = 19
+	Version20 int = 20
 	// DefaultClientVersion is the latest support version of appgate sdp client that is supported.
 	// its not recommended to change this value.
-	DefaultClientVersion    = Version18
-	MinimumSupportedVersion = Version16
+	DefaultClientVersion    = Version20
+	MinimumSupportedVersion = Version18
 )
 
 var (
@@ -44,6 +45,7 @@ var (
 		Version17: "6.0.0",
 		Version18: "6.1.0",
 		Version19: "6.2.0",
+		Version20: "6.3.0",
 	}
 
 	Appliance53Version, _ = version.NewVersion(ApplianceVersionMap[Version14])
@@ -52,6 +54,7 @@ var (
 	Appliance60Version, _ = version.NewVersion(ApplianceVersionMap[Version17])
 	Appliance61Version, _ = version.NewVersion(ApplianceVersionMap[Version18])
 	Appliance62Version, _ = version.NewVersion(ApplianceVersionMap[Version19])
+	Appliance63Version, _ = version.NewVersion(ApplianceVersionMap[Version20])
 )
 
 // Provider function returns the object that implements the terraform.ResourceProvider interface, specifically a schema.Provider
@@ -192,7 +195,6 @@ func Provider() *schema.Provider {
 			"appgatesdp_local_user":                         resourceAppgateLocalUser(),
 			"appgatesdp_license":                            resourceAppgateLicense(),
 			"appgatesdp_admin_mfa_settings":                 resourceAdminMfaSettings(),
-			"appgatesdp_client_connections":                 resourceClientConnections(),
 			"appgatesdp_blacklist_user":                     resourceAppgateBlacklistUser(),
 			"appgatesdp_radius_identity_provider":           resourceAppgateRadiusProvider(),
 			"appgatesdp_oidc_identity_provider":             resourceAppgateOidcProvider(),
@@ -206,12 +208,12 @@ func Provider() *schema.Provider {
 	}
 
 	provider.ConfigureContextFunc = func(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) {
-		return providerConfigure(ctx, d, provider.UserAgent("appgatesdp", pkgversion.ProviderVersion))
+		return providerConfigure(d, provider.UserAgent("appgatesdp", pkgversion.ProviderVersion))
 	}
 	return provider
 }
 
-func providerConfigure(ctx context.Context, d *schema.ResourceData, ua string) (interface{}, diag.Diagnostics) {
+func providerConfigure(d *schema.ResourceData, ua string) (interface{}, diag.Diagnostics) {
 	// Warning or errors can be collected in a slice type
 	var diags diag.Diagnostics
 	config := Config{

diff --git a/appgate/resource_appgate_administrative_role.go b/appgate/resource_appgate_administrative_role.go
@@ -10,7 +10,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/appgate/sdp-api-client-go/api/v19/openapi"
+	"github.com/appgate/sdp-api-client-go/api/v20/openapi"
 	"github.com/appgate/terraform-provider-appgatesdp/appgate/adminrole"
 	"github.com/appgate/terraform-provider-appgatesdp/appgate/hashcode"
 
@@ -321,21 +321,21 @@ func readAdminIstrativeRolePrivileges(privileges []interface{}, currentVersion *
 			if _, ok := a.GetScopeOk(); ok {
 				return result, fmt.Errorf("Scope is not applicable in combination with privileges.functions")
 			}
-			funcs, err := readArrayOfStringsFromConfig(v)
+			funcs, err := readArrayOfFunctionsFromConfig(v)
 			if err != nil {
 				return result, fmt.Errorf("Failed to resolve privileges functions %w", err)
 			}
-			specialCases := func(input []string) []string {
+			specialCases := func(input []string) []openapi.ApplianceFunction {
 				// the API in 6.2 is very strict with the format of the function,
 				// and the formatted string is not plain CamelCase, so we need to do our own custom logic here
 				// to format the function string. this is so we don't break backwards compatibility, since this attribute
 				// DiffSuppress string case
 				forcedFormated := []string{"Controller", "Gateway", "LogServer", "LogForwarder", "Connector", "Portal"}
-				result := make([]string, 0, len(input))
+				result := make([]openapi.ApplianceFunction, 0, len(input))
 				for _, s := range input {
 					for index, inner := range forcedFormated {
 						if strings.EqualFold(s, inner) {
-							result = append(result, forcedFormated[index])
+							result = append(result, openapi.ApplianceFunction(forcedFormated[index]))
 						}
 					}