implementaion of routeros_firewall_connection_tracking

routeros/provider.go

@@ -64,24 +64,25 @@ func Provider() *schema.Provider {
 		ResourcesMap: map[string]*schema.Resource{
 
 			// IP objects
-			"routeros_ip_dhcp_client":          ResourceDhcpClient(),
-			"routeros_ip_dhcp_server":          ResourceDhcpServer(),
-			"routeros_ip_dhcp_server_network":  ResourceDhcpServerNetwork(),
-			"routeros_ip_dhcp_server_lease":    ResourceDhcpServerLease(),
-			"routeros_ip_firewall_addr_list":   ResourceIPFirewallAddrList(),
-			"routeros_ip_firewall_filter":      ResourceIPFirewallFilter(),
-			"routeros_ip_firewall_mangle":      ResourceIPFirewallMangle(),
-			"routeros_ip_firewall_nat":         ResourceIPFirewallNat(),
-			"routeros_ip_address":              ResourceIPAddress(),
-			"routeros_ip_pool":                 ResourceIPPool(),
-			"routeros_ip_route":                ResourceIPRoute(),
-			"routeros_ip_dns":                  ResourceDns(),
-			"routeros_ip_dns_record":           ResourceDnsRecord(),
-			"routeros_ip_service":              ResourceIpService(),
-			"routeros_ipv6_address":            ResourceIPv6Address(),
-			"routeros_ipv6_firewall_addr_list": ResourceIPv6FirewallAddrList(),
-			"routeros_ipv6_firewall_filter":    ResourceIPv6FirewallFilter(),
-			"routeros_ipv6_route":              ResourceIPv6Route(),
+			"routeros_firewall_connection_tracking": ResourceIPConnectionTracking(),
+			"routeros_ip_dhcp_client":               ResourceDhcpClient(),
+			"routeros_ip_dhcp_server":               ResourceDhcpServer(),
+			"routeros_ip_dhcp_server_network":       ResourceDhcpServerNetwork(),
+			"routeros_ip_dhcp_server_lease":         ResourceDhcpServerLease(),
+			"routeros_ip_firewall_addr_list":        ResourceIPFirewallAddrList(),
+			"routeros_ip_firewall_filter":           ResourceIPFirewallFilter(),
+			"routeros_ip_firewall_mangle":           ResourceIPFirewallMangle(),
+			"routeros_ip_firewall_nat":              ResourceIPFirewallNat(),
+			"routeros_ip_address":                   ResourceIPAddress(),
+			"routeros_ip_pool":                      ResourceIPPool(),
+			"routeros_ip_route":                     ResourceIPRoute(),
+			"routeros_ip_dns":                       ResourceDns(),
+			"routeros_ip_dns_record":                ResourceDnsRecord(),
+			"routeros_ip_service":                   ResourceIpService(),
+			"routeros_ipv6_address":                 ResourceIPv6Address(),
+			"routeros_ipv6_firewall_addr_list":      ResourceIPv6FirewallAddrList(),
+			"routeros_ipv6_firewall_filter":         ResourceIPv6FirewallFilter(),
+			"routeros_ipv6_route":                   ResourceIPv6Route(),
 
 			// Aliases for IP objects to retain compatibility between original and fork
 			"routeros_dhcp_client":         ResourceDhcpClient(),

routeros/resource_ip_firewall_connection_tracking.go

@@ -0,0 +1,184 @@
+package routeros
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+/*
+ {
+    "active-ipv4": "yes",
+    "active-ipv6": "yes",
+    "enabled": "yes",
+    "generic-timeout": "10m",
+    "icmp-timeout": "10s",
+    "loose-tcp-tracking": "true",
+    "max-entries": "1048576",
+    "tcp-close-timeout": "1m",
+    "tcp-close-wait-timeout": "1m",
+    "tcp-established-timeout": "1d",
+    "tcp-fin-wait-timeout": "1m",
+    "tcp-last-ack-timeout": "1m",
+    "tcp-max-retrans-timeout": "5m",
+    "tcp-syn-received-timeout": "5s",
+    "tcp-syn-sent-timeout": "5s",
+    "tcp-time-wait-timeout": "1m",
+    "tcp-unacked-timeout": "5m",
+    "total-entries": "87",
+    "udp-stream-timeout": "3m",
+    "udp-timeout": "10s"
+}
+*/
+
+// ResourceIPConnectionTracking https://help.mikrotik.com/docs/display/ROS/Connection+tracking
+func ResourceIPConnectionTracking() *schema.Resource {
+
+	resSchema := map[string]*schema.Schema{
+		MetaResourcePath: PropResourcePath("/ip/firewall/connection/tracking"),
+		MetaId:           PropId(Name),
+		"active_ipv4": {
+			Type:        schema.TypeBool,
+			Computed:    true,
+			Description: "documentation is missing",
+		},
+		"active_ipv6": {
+			Type:        schema.TypeBool,
+			Computed:    true,
+			Description: "documentation is missing",
+		},
+		"enabled": {
+			Type:     schema.TypeString,
+			Optional: true,
+			Default:  "yes",
+			Description: `Allows to disable or enable connection tracking. Disabling connection tracking will cause several firewall features to stop working. 
+				          See the list of affected features. Starting from v6.0rc2 default value is auto. This means that connection tracing is disabled until at least one firewall rule is added.`,
+			ValidateFunc: ValidationAutoYesNo,
+		},
+		"generic_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10m",
+			Description:  "Timeout for all other connection entries",
+			ValidateFunc: ValidationTime,
+		},
+		"icmp_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Description:  "ICMP connection timeout",
+			Default:      "10s",
+			ValidateFunc: ValidationTime,
+		},
+		"loose_tcp_tracking": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "Disable picking up already established connections",
+		},
+		"max_entries": {
+			Type: schema.TypeString,
+			Description: `Max amount of entries that the connection tracking table can hold. This value depends on the installed amount of RAM.
+                          Note that the system does not create a maximum_size connection tracking table when it starts, it may increase if the situation demands it and the system still has free ram, but size will not exceed 1048576`,
+			Computed: true,
+		},
+		"tcp_close_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10s",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_close_wait_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10s",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_established_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "1d",
+			Description:  "Time when established TCP connection times out.",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_fin_wait_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10s",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_last_ack_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10s",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_max_retrans_timeout": {
+			Type:     schema.TypeString,
+			Optional: true,
+			// Documentation did contain the default, I'm getting it from the docker image default (7.10)
+			Default:      "5m",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_syn_received_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "5s",
+			Description:  "TCP SYN timeout.",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_syn_sent_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "5s",
+			Description:  "TCP SYN timeout.",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_time_wait_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10s",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"tcp_unacked_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "5m",
+			Description:  "No documentation",
+			ValidateFunc: ValidationTime,
+		},
+		"total_entries": {
+			Type:        schema.TypeInt,
+			Computed:    true,
+			Description: "Amount of connections that currently connection table holds.",
+		},
+		"udp_stream_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "3m",
+			Description:  "Specifies the timeout of UDP connections that has seen packets in both directions",
+			ValidateFunc: ValidationTime,
+		},
+		"udp_timeout": {
+			Type:         schema.TypeString,
+			Optional:     true,
+			Default:      "10s",
+			Description:  "Specifies the timeout for UDP connections that have seen packets in one direction",
+			ValidateFunc: ValidationTime,
+		},
+	}
+	return &schema.Resource{
+		CreateContext: DefaultSystemCreate(resSchema),
+		ReadContext:   DefaultSystemRead(resSchema),
+		UpdateContext: DefaultSystemUpdate(resSchema),
+		DeleteContext: DefaultSystemDelete(resSchema),
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: resSchema,
+	}
+}

routeros/resource_ip_firewall_connection_tracking_test.go

@@ -0,0 +1,71 @@
+package routeros
+
+import (
+	"errors"
+	"fmt"
+	"strconv"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+const testIPConnectionTracking = "routeros_firewall_connection_tracking.data"
+
+func TestAccIPConnectionTrackingTest_basic(t *testing.T) {
+	for _, name := range testNames {
+		t.Run(name, func(t *testing.T) {
+			resource.Test(t, resource.TestCase{
+				PreCheck: func() {
+					testAccPreCheck(t)
+					testSetTransportEnv(t, name)
+				},
+				ProviderFactories: testAccProviderFactories,
+				Steps: []resource.TestStep{
+					{
+						Config: testAccIPConnectionTrackingConfig(),
+						Check: resource.ComposeTestCheckFunc(
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "active_ipv4", "true"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "active_ipv6", "true"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "enabled", "yes"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "generic_timeout", "10m"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "icmp_timeout", "10s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "loose_tcp_tracking", "true"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "max_entries", "419840"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_close_timeout", "10s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_close_wait_timeout", "10s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_established_timeout", "1d"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_fin_wait_timeout", "10s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_last_ack_timeout", "10s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_max_retrans_timeout", "5m"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_syn_received_timeout", "5s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_syn_sent_timeout", "5s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_time_wait_timeout", "10s"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "tcp_unacked_timeout", "5m"),
+							resource.TestCheckResourceAttrWith(testIPConnectionTracking, "total_entries", func(value string) error {
+								nConn, err := strconv.Atoi(value)
+								if err != nil {
+									return fmt.Errorf("the total_entries was not a number %q", err)
+								}
+								if nConn <= 0 || nConn >= 100 {
+									return errors.New("number of tcp connections (total_entries) does not seem correct")
+								}
+								return nil
+							}),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "udp_stream_timeout", "3m"),
+							resource.TestCheckResourceAttr(testIPConnectionTracking, "udp_timeout", "10s"),
+						),
+					},
+				},
+			})
+		})
+	}
+}
+
+func testAccIPConnectionTrackingConfig() string {
+	return providerConfig + `
+resource "routeros_firewall_connection_tracking" "data" {
+	
+}
+
+`
+}