diff --git a/assets/terraform/test/resource_config_log_settings_test.go b/assets/terraform/test/resource_config_log_settings_test.go new file mode 100644 index 00000000..a591d6d1 --- /dev/null +++ b/assets/terraform/test/resource_config_log_settings_test.go @@ -0,0 +1,132 @@ +package provider_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/config" + "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/statecheck" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" +) + +func TestAccConfigLogSettings(t *testing.T) { + t.Parallel() + + nameSuffix := acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum) + prefix := fmt.Sprintf("test-acc-%s", nameSuffix) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProviders, + Steps: []resource.TestStep{ + { + Config: configLogSettingsTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "description": config.StringVariable("test description"), + "filter": config.StringVariable("(dgname eq default)"), + "send_to_panorama": config.BoolVariable(true), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("description"), + knownvalue.StringExact("test description"), + ), + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("filter"), + knownvalue.StringExact("(dgname eq default)"), + ), + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("send_to_panorama"), + knownvalue.Bool(true), + ), + }, + }, + { + Config: configLogSettingsTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "description": config.StringVariable("updated description"), + "filter": config.StringVariable("(dgname eq default)"), + "send_to_panorama": config.BoolVariable(false), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("description"), + knownvalue.StringExact("updated description"), + ), + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("filter"), + knownvalue.StringExact("(dgname eq default)"), + ), + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("send_to_panorama"), + knownvalue.Bool(false), + ), + statecheck.ExpectKnownValue( + "panos_config_log_settings.settings", + tfjsonpath.New("syslog_profiles").AtSliceIndex(0), + knownvalue.StringExact(fmt.Sprintf("%s1", prefix)), + ), + }, + }, + }, + }) +} + +const configLogSettingsTmpl = ` +variable "prefix" { type = string } +variable "description" { type = string } +variable "filter" { type = string } +variable "send_to_panorama" { type = bool } +variable "send_syslog" { + type = list(string) + default = [] +} + + +resource "panos_template" "tmpl" { + location = { panorama = {} } + name = var.prefix +} + +resource "panos_syslog_profile" "syslog1" { + location = { template = { name = panos_template.tmpl.name } } + + name = "${var.prefix}1" + + servers = [{ + name = "server2" + server = "10.0.0.2" + }] +} + +resource "panos_syslog_profile" "syslog2" { + location = { template = { name = panos_template.tmpl.name } } + + name = "${var.prefix}2" + + servers = [{ + name = "server2" + server = "10.0.0.2" + }] +} + +resource "panos_config_log_settings" "settings" { + location = { template = { name = panos_template.tmpl.name } } + name = var.prefix + description = var.description + filter = var.filter + send_to_panorama = var.send_to_panorama + syslog_profiles = [panos_syslog_profile.syslog1.name, panos_syslog_profile.syslog2.name] +} +` diff --git a/assets/terraform/test/resource_system_log_settings_test.go b/assets/terraform/test/resource_system_log_settings_test.go new file mode 100644 index 00000000..6fddcadb --- /dev/null +++ b/assets/terraform/test/resource_system_log_settings_test.go @@ -0,0 +1,153 @@ +package provider_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/config" + "github.com/hashicorp/terraform-plugin-testing/helper/acctest" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/knownvalue" + "github.com/hashicorp/terraform-plugin-testing/statecheck" + "github.com/hashicorp/terraform-plugin-testing/tfjsonpath" +) + +func TestAccSystemLogSettings(t *testing.T) { + t.Parallel() + + nameSuffix := acctest.RandStringFromCharSet(6, acctest.CharSetAlphaNum) + prefix := fmt.Sprintf("test-acc-%s", nameSuffix) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + ProtoV6ProviderFactories: testAccProviders, + Steps: []resource.TestStep{ + { + Config: systemLogSettingsTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "description": config.StringVariable("test description"), + "filter": config.StringVariable("(severity eq high)"), + "send_to_panorama": config.BoolVariable(true), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("description"), + knownvalue.StringExact("test description"), + ), + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("filter"), + knownvalue.StringExact("(severity eq high)"), + ), + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("send_to_panorama"), + knownvalue.Bool(true), + ), + }, + }, + { + Config: systemLogSettingsTmpl, + ConfigVariables: map[string]config.Variable{ + "prefix": config.StringVariable(prefix), + "description": config.StringVariable("updated description"), + "filter": config.StringVariable("(severity eq critical)"), + "send_to_panorama": config.BoolVariable(false), + "actions": config.ListVariable(config.ObjectVariable(map[string]config.Variable{ + "name": config.StringVariable("azure-action"), + "type": config.ObjectVariable(map[string]config.Variable{ + "integration": config.ObjectVariable(map[string]config.Variable{ + "action": config.StringVariable("Azure-Security-Center-Integration"), + }), + }), + })), + }, + ConfigStateChecks: []statecheck.StateCheck{ + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("description"), + knownvalue.StringExact("updated description"), + ), + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("filter"), + knownvalue.StringExact("(severity eq critical)"), + ), + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("send_to_panorama"), + knownvalue.Bool(false), + ), + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("actions").AtSliceIndex(0).AtMapKey("name"), + knownvalue.StringExact("azure-action"), + ), + statecheck.ExpectKnownValue( + "panos_system_log_settings.settings", + tfjsonpath.New("actions").AtSliceIndex(0).AtMapKey("type").AtMapKey("integration").AtMapKey("action"), + knownvalue.StringExact("Azure-Security-Center-Integration"), + ), + }, + }, + }, + }) +} + +const systemLogSettingsTmpl = ` +variable "prefix" { type = string } +variable "description" { type = string } +variable "filter" { type = string } +variable "send_to_panorama" { type = bool } +variable "actions" { + type = list(object({ + name = string + type = object({ + integration = object({ + action = string + }) + }) + })) + default = [] +} + + +resource "panos_template" "tmpl" { + location = { panorama = {} } + name = var.prefix +} + +resource "panos_syslog_profile" "syslog1" { + location = { template = { name = panos_template.tmpl.name } } + + name = "${var.prefix}1" + + servers = [{ + name = "server2" + server = "10.0.0.2" + }] +} + +resource "panos_syslog_profile" "syslog2" { + location = { template = { name = panos_template.tmpl.name } } + + name = "${var.prefix}2" + + servers = [{ + name = "server2" + server = "10.0.0.2" + }] +} + +resource "panos_system_log_settings" "settings" { + location = { template = { name = panos_template.tmpl.name } } + name = var.prefix + description = var.description + filter = var.filter + send_to_panorama = var.send_to_panorama + syslog_profiles = [panos_syslog_profile.syslog1.name, panos_syslog_profile.syslog2.name] + actions = var.actions +} +` diff --git a/specs/device/log-settings/system.yaml b/specs/device/log-settings/system.yaml new file mode 100644 index 00000000..a54555f0 --- /dev/null +++ b/specs/device/log-settings/system.yaml @@ -0,0 +1,350 @@ +name: system-log-settings +terraform_provider_config: + description: System Log Settings + skip_resource: false + skip_datasource: false + resource_type: entry + resource_variants: + - singular + suffix: system_log_settings + plural_suffix: '' + plural_name: '' + plural_description: '' +go_sdk_config: + skip: false + package: + - device + - logsettings + - system +panos_xpath: + path: + - log-settings + - system + - match-list + vars: [] +locations: +- name: panorama + xpath: + path: + - config + - panorama + vars: [] + description: Located in a panorama. + validators: [] + required: false + read_only: false +- name: template + xpath: + path: + - config + - devices + - $panorama_device + - template + - $template + - config + - shared + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template + description: Specific Panorama template + required: true + validators: [] + type: entry + description: A shared resource located within a specific template + devices: + - panorama + validators: [] + required: false + read_only: false +- name: template-vsys + xpath: + path: + - config + - devices + - $panorama_device + - template + - $template + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template + description: Specific Panorama template + required: true + validators: [] + type: entry + - name: ngfw_device + description: The NGFW device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The vsys. + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys cannot be "shared". + type: entry + description: Located in a specific template, device and vsys. + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +- name: template-stack + xpath: + path: + - config + - devices + - $panorama_device + - template-stack + - $template_stack + - config + - shared + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template_stack + description: The template stack + required: true + validators: [] + type: entry + description: Located in a specific template + devices: + - panorama + validators: [] + required: false + read_only: false +- name: template-stack-vsys + xpath: + path: + - config + - devices + - $panorama_device + - template-stack + - $template_stack + - config + - devices + - $ngfw_device + - vsys + - $vsys + vars: + - name: panorama_device + description: Specific Panorama device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: template_stack + description: The template stack + required: true + validators: [] + type: entry + - name: ngfw_device + description: The NGFW device + required: false + default: localhost.localdomain + validators: [] + type: entry + - name: vsys + description: The vsys. + required: false + default: vsys1 + validators: + - type: not-values + spec: + values: + - value: shared + error: The vsys cannot be "shared". + type: entry + description: Located in a specific template, device and vsys. + devices: + - panorama + - ngfw + validators: [] + required: false + read_only: false +entries: +- name: name + description: '' + validators: [] +imports: [] +spec: + params: + - name: actions + type: list + profiles: + - xpath: + - actions + - entry + type: entry + validators: [] + spec: + type: object + items: + type: object + spec: + params: + - name: type + type: object + profiles: + - xpath: + - type + validators: [] + spec: + params: [] + variants: + - name: integration + type: object + profiles: + - xpath: + - integration + validators: [] + spec: + params: + - name: action + type: enum + profiles: + - xpath: + - action + validators: + - type: values + spec: + values: + - Azure-Security-Center-Integration + spec: + default: Azure-Security-Center-Integration + values: + - value: Azure-Security-Center-Integration + description: '' + required: false + variants: [] + description: '' + required: false + description: '' + required: false + variants: [] + description: '' + required: false + - name: description + type: string + profiles: + - xpath: + - description + validators: + - type: length + spec: + min: 0 + max: 1023 + spec: {} + description: '' + required: false + - name: filter + type: string + profiles: + - xpath: + - filter + validators: + - type: length + spec: + max: 1023 + spec: {} + description: '' + required: false + - name: send-email + type: list + profiles: + - xpath: + - send-email + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: email-profiles + - name: send-http + type: list + profiles: + - xpath: + - send-http + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: http-profile + - name: send-snmptrap + type: list + profiles: + - xpath: + - send-snmptrap + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: snmp-profiles + - name: send-syslog + type: list + profiles: + - xpath: + - send-syslog + type: member + validators: [] + spec: + type: string + items: + type: string + description: '' + required: false + codegen_overrides: + terraform: + name: syslog-profiles + - name: send-to-panorama + type: bool + profiles: + - xpath: + - send-to-panorama + validators: [] + spec: {} + description: '' + required: false + variants: []