feat: PA-VM Integration with Panorama Server

equinix · Jul 10, 2024 · b8de2d5 · b8de2d5
1 parent 112d6eb
commit b8de2d5
Show file tree

Hide file tree

Showing 3 changed files with 150 additions and 11 deletions.
diff --git a/docs/resources/network_device.md b/docs/resources/network_device.md
@@ -99,6 +99,103 @@ resource "equinix_network_device" "panw-cluster" {
 }
 ```
 
+```terraform
+# Create self configured PANW cluster with Panorama Server Integration
+
+data "equinix_network_account" "sv" {
+  metro_code = "SV"
+}
+
+resource "equinix_network_device" "panw-cluster" {
+  name            = "tf-panw"
+  metro_code      = data.equinix_network_account.sv.metro_code
+  type_code       = "PA-VM"
+  self_managed    = true
+  byol            = true
+  package_code    = "VM100"
+  notifications   = ["john@equinix.com", "marry@equinix.com", "fred@equinix.com"]
+  term_length     = 12
+  account_number  = data.equinix_network_account.sv.number
+  version         = "11.1.3"
+  interface_count = 10
+  core_count      = 2
+  ssh_key {
+    username = "test"
+    key_name = "test-key"
+  }
+  acl_template_id = "0bff6e05-f0e7-44cd-804a-25b92b835f8b"
+  cluster_details {
+    cluster_name = "tf-panw-cluster"
+    node0 {
+      vendor_configuration {
+        hostname            = "panw-node0"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+    node1 {
+      vendor_configuration {
+        hostname            = "panw-node1"
+        panorama_ip_address = "x.x.x.x"
+        panorama_auth_key   = "xxxxxxxxxxx"
+      }
+      license_token = "licenseToken"
+    }
+  }
+}
+```
+
+```terraform
+# Create self configured PANW HA device with Panorama Server Integration
+
+data "equinix_network_account" "sv" {
+  metro_code = "SV"
+}
+
+resource "equinix_network_device" "panw-ha" {
+  name            = "tf-panw-panorama-pri"
+  project_id      = "3e548c02-9164-4197-aa23-05b1f644883c"
+  metro_code      = data.equinix_network_account.sy.metro_code
+  type_code       = "PA-VM"
+  self_managed    = true
+  byol            = true
+  hostname        = "test"
+  package_code    = "VM100"
+  notifications   = ["test@eq.com"]
+  account_number  = data.equinix_network_account.sy.number
+  acl_template_id = "3e548c02-9164-4197-aa23-05b1f644883c"
+  version         = "11.1.3"
+  core_count      = 2
+  term_length     = 1
+  connectivity ="INTERNET-ACCESS"
+  ssh_key {
+    username = "test"
+    key_name = "test"
+  }
+  vendor_configuration = {
+    panorama_ip_address = "x.x.x.x"
+    panorama_auth_key   = "xxxxxxxxxxxxxxx"
+  }
+  secondary_device {
+    name            = "tf-panw-panorama-sec"
+    hostname        = "test"
+    metro_code      = data.equinix_network_account.sy.metro_code
+    notifications   = ["john@equinix.com", "marry@equinix.com"]
+    account_number  = data.equinix_network_account.sy.number
+    acl_template_id = "3e548c02-9164-4197-aa23-05b1f644883c"
+    ssh_key {
+      username = "test"
+      key_name = "test"
+    }
+    vendor_configuration = {
+      panorama_ip_address = "x.x.x.x"
+      panorama_auth_key   = "xxxxxxxxxxxxxxx"
+    }
+  }
+}
+```
+
 ```terraform
 # Create self configured single Aviatrix device with cloud init file
 

diff --git a/equinix/data_source_network_device.go b/equinix/data_source_network_device.go
@@ -661,6 +661,19 @@ func createDataSourceVendorConfigurationSchema() map[string]*schema.Schema {
 			Sensitive:   true,
 			Description: neDeviceVendorConfigDescriptions["LicenseID"],
 		},
+		neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]: {
+			Type:        schema.TypeString,
+			ForceNew:    true,
+			Computed:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaIPAddress"],
+		},
+		neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]: {
+			Type:        schema.TypeString,
+			Sensitive:   true,
+			ForceNew:    true,
+			Computed:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaAuthKey"],
+		},
 	}
 }
 

diff --git a/equinix/resource_network_device.go b/equinix/resource_network_device.go
@@ -186,17 +186,19 @@ var neDeviceClusterNodeDescriptions = map[string]string{
 }
 
 var neDeviceVendorConfigSchemaNames = map[string]string{
-	"Hostname":        "hostname",
-	"AdminPassword":   "admin_password",
-	"Controller1":     "controller1",
-	"ActivationKey":   "activation_key",
-	"ControllerFqdn":  "controller_fqdn",
-	"RootPassword":    "root_password",
-	"PrivateAddress":  "private_address",
-	"PrivateCIDRMask": "private_cidr_mask",
-	"PrivateGateway":  "private_gateway",
-	"LicenseKey":      "license_key",
-	"LicenseID":       "license_id",
+	"Hostname":          "hostname",
+	"AdminPassword":     "admin_password",
+	"Controller1":       "controller1",
+	"ActivationKey":     "activation_key",
+	"ControllerFqdn":    "controller_fqdn",
+	"RootPassword":      "root_password",
+	"PrivateAddress":    "private_address",
+	"PrivateCIDRMask":   "private_cidr_mask",
+	"PrivateGateway":    "private_gateway",
+	"LicenseKey":        "license_key",
+	"LicenseID":         "license_id",
+	"PanoramaIPAddress": "panorama_ip_address",
+	"PanoramaAuthKey":   "panorama_auth_key",
 }
 
 var neDeviceVendorConfigDescriptions = map[string]string{
@@ -212,6 +214,8 @@ var neDeviceVendorConfigDescriptions = map[string]string{
 	"PrivateGateway":    "Private gateway. This field is relevant only for the BlueCat DNS and DHCP Server",
 	"LicenseKey":        "License key. This field is relevant only for the BlueCat DNS and DHCP Server",
 	"LicenseID":         "License id. This field is relevant only for the BlueCat DNS and DHCP Server",
+	"PanoramaIPAddress": "Panorama Server IP Address. This field is relevant only for Palo Alto Networks Firewall devices",
+	"PanoramaAuthKey":   "Panorama Server Auth Key. This field is relevant only for Palo Alto Networks Firewall devices",
 }
 
 func resourceNetworkDevice() *schema.Resource {
@@ -950,6 +954,19 @@ func createVendorConfigurationSchema() map[string]*schema.Schema {
 			ForceNew:    true,
 			Description: neDeviceVendorConfigDescriptions["LicenseID"],
 		},
+		neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]: {
+			Type:        schema.TypeString,
+			Optional:    true,
+			ForceNew:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaIPAddress"],
+		},
+		neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]: {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Sensitive:   true,
+			ForceNew:    true,
+			Description: neDeviceVendorConfigDescriptions["PanoramaAuthKey"],
+		},
 	}
 }
 
@@ -1541,6 +1558,12 @@ func flattenVendorConfiguration(vendorConfig map[string]string) interface{} {
 	if v, ok := vendorConfig["licenseId"]; ok {
 		transformed[neDeviceVendorConfigSchemaNames["LicenseID"]] = v
 	}
+	if v, ok := vendorConfig["panoramaIpAddress"]; ok {
+		transformed[neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]] = v
+	}
+	if v, ok := vendorConfig["panoramaAuthKey"]; ok {
+		transformed[neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]] = v
+	}
 	return []interface{}{transformed}
 }
 
@@ -1622,6 +1645,12 @@ func expandVendorConfiguration(vendorConfigs []interface{}) map[string]string {
 	if v, ok := vendorConfig[neDeviceVendorConfigSchemaNames["PrivateGateway"]]; ok && !isEmpty(v) {
 		transformed["privateGateway"] = v.(string)
 	}
+	if v, ok := vendorConfig[neDeviceVendorConfigSchemaNames["PanoramaIPAddress"]]; ok && !isEmpty(v) {
+		transformed["panoramaIpAddress"] = v.(string)
+	}
+	if v, ok := vendorConfig[neDeviceVendorConfigSchemaNames["PanoramaAuthKey"]]; ok && !isEmpty(v) {
+		transformed["panoramaAuthKey"] = v.(string)
+	}
 	return transformed
 }