github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/panos/firewall_networking.go (about) 1 // Copyright 2018 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package panos 16 17 import ( 18 "encoding/base64" 19 "fmt" 20 "strconv" 21 22 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 23 "github.com/PaloAltoNetworks/pango" 24 "github.com/PaloAltoNetworks/pango/netw/interface/eth" 25 "github.com/PaloAltoNetworks/pango/netw/interface/subinterface/layer2" 26 "github.com/PaloAltoNetworks/pango/netw/interface/subinterface/layer3" 27 "github.com/PaloAltoNetworks/pango/util" 28 ) 29 30 type FirewallNetworkingGenerator struct { 31 PanosService 32 } 33 34 func (g *FirewallNetworkingGenerator) createResourcesFromList(o getGeneric, idPrefix string, useIDForResourceName bool, terraformResourceName string, checkIfIsVsys bool, checkType string) (resources []terraformutils.Resource) { 35 var l []string 36 var err error 37 38 switch f := o.i.(type) { 39 case getListWithoutArg: 40 l, err = f.GetList() 41 case getListWithOneArg: 42 l, err = f.GetList(o.params[0]) 43 case getListWithTwoArgs: 44 l, err = f.GetList(o.params[0], o.params[1]) 45 case getListWithThreeArgs: 46 l, err = f.GetList(o.params[0], o.params[1], o.params[2]) 47 default: 48 err = fmt.Errorf("not supported") 49 } 50 if err != nil || len(l) == 0 { 51 return []terraformutils.Resource{} 52 } 53 54 for _, r := range l { 55 if checkIfIsVsys { 56 rv, err := g.client.(*pango.Firewall).IsImported(checkType, "", "", g.vsys, r) 57 if err != nil || !rv { 58 continue 59 } 60 } 61 62 id := idPrefix + r 63 resources = append(resources, terraformutils.NewSimpleResource( 64 id, 65 normalizeResourceName(func() string { 66 if useIDForResourceName { 67 return id 68 } 69 70 return r 71 }()), 72 terraformResourceName, 73 "panos", 74 []string{}, 75 )) 76 } 77 78 return resources 79 } 80 81 func (g *FirewallNetworkingGenerator) createAggregateInterfaceResources() (resources []terraformutils.Resource) { 82 l, err := g.client.(*pango.Firewall).Network.AggregateInterface.GetList() 83 if err != nil { 84 return []terraformutils.Resource{} 85 } 86 87 for _, aggregateInterface := range l { 88 rv, err := g.client.(*pango.Firewall).IsImported(util.InterfaceImport, "", "", g.vsys, aggregateInterface) 89 if err != nil || !rv { 90 continue 91 } 92 93 id := g.vsys + ":" + aggregateInterface 94 resources = append(resources, terraformutils.NewSimpleResource( 95 id, 96 normalizeResourceName(aggregateInterface), 97 "panos_aggregate_interface", 98 "panos", 99 []string{}, 100 )) 101 102 e, err := g.client.(*pango.Firewall).Network.AggregateInterface.Get(aggregateInterface) 103 if err != nil { 104 continue 105 } 106 107 if e.Mode == eth.ModeLayer2 || e.Mode == eth.ModeVirtualWire { 108 g.Resources = append(g.Resources, g.createLayer2SubInterfaceResources(layer2.AggregateInterface, aggregateInterface, e.Mode)...) 109 } 110 111 if e.Mode == eth.ModeLayer3 { 112 g.Resources = append(g.Resources, g.createLayer3SubInterfaceResources(layer3.AggregateInterface, aggregateInterface)...) 113 } 114 } 115 116 return resources 117 } 118 119 func (g *FirewallNetworkingGenerator) createBFDProfileResources() []terraformutils.Resource { 120 return g.createResourcesFromList( 121 getGeneric{g.client.(*pango.Firewall).Network.BfdProfile, []string{}}, 122 "", false, "panos_bfd_profile", false, "", 123 ) 124 } 125 126 func (g *FirewallNetworkingGenerator) createBGPResource(virtualRouter string) terraformutils.Resource { 127 return terraformutils.NewSimpleResource( 128 virtualRouter, 129 normalizeResourceName(virtualRouter), 130 "panos_bgp", 131 "panos", 132 []string{}, 133 ) 134 } 135 136 func (g *FirewallNetworkingGenerator) createBGPAggregateResources(virtualRouter string) (resources []terraformutils.Resource) { 137 l, err := g.client.(*pango.Firewall).Network.BgpAggregate.GetList(virtualRouter) 138 if err != nil { 139 return []terraformutils.Resource{} 140 } 141 142 for _, bgpAggregate := range l { 143 id := virtualRouter + ":" + bgpAggregate 144 resources = append(resources, terraformutils.NewSimpleResource( 145 id, 146 normalizeResourceName(id), 147 "panos_bgp_aggregate", 148 "panos", 149 []string{}, 150 )) 151 152 resources = append(resources, g.createBGPAggregateAdvertiseFilterResources(virtualRouter, bgpAggregate)...) 153 resources = append(resources, g.createBGPAggregateSuppressFilterResources(virtualRouter, bgpAggregate)...) 154 } 155 156 return resources 157 } 158 159 func (g *FirewallNetworkingGenerator) createBGPAggregateAdvertiseFilterResources(virtualRouter, bgpAggregate string) []terraformutils.Resource { 160 return g.createResourcesFromList( 161 getGeneric{g.client.(*pango.Firewall).Network.BgpAggAdvertiseFilter, []string{virtualRouter, bgpAggregate}}, 162 virtualRouter+":"+bgpAggregate+":", true, "panos_bgp_aggregate_advertise_filter", false, "", 163 ) 164 } 165 166 func (g *FirewallNetworkingGenerator) createBGPAggregateSuppressFilterResources(virtualRouter, bgpAggregate string) []terraformutils.Resource { 167 return g.createResourcesFromList( 168 getGeneric{g.client.(*pango.Firewall).Network.BgpAggSuppressFilter, []string{virtualRouter, bgpAggregate}}, 169 virtualRouter+":"+bgpAggregate+":", true, "panos_bgp_aggregate_suppress_filter", false, "", 170 ) 171 } 172 173 // The secret argument will contain "(incorrect)", not the real value 174 func (g *FirewallNetworkingGenerator) createBGPAuthProfileResources(virtualRouter string) []terraformutils.Resource { 175 return g.createResourcesFromList( 176 getGeneric{g.client.(*pango.Firewall).Network.BgpAuthProfile, []string{virtualRouter}}, 177 virtualRouter+":", true, "panos_bgp_auth_profile", false, "", 178 ) 179 } 180 181 func (g *FirewallNetworkingGenerator) createBGPConditionalAdvertisementResources(virtualRouter string) (resources []terraformutils.Resource) { 182 l, err := g.client.(*pango.Firewall).Network.BgpConditionalAdv.GetList(virtualRouter) 183 if err != nil { 184 return []terraformutils.Resource{} 185 } 186 187 for _, bgpConditionalAdv := range l { 188 id := virtualRouter + ":" + bgpConditionalAdv 189 resources = append(resources, terraformutils.NewSimpleResource( 190 id, 191 normalizeResourceName(id), 192 "panos_bgp_conditional_adv", 193 "panos", 194 []string{}, 195 )) 196 197 resources = append(resources, g.createBGPConditionalAdvertisementAdvertiseFilterResources(virtualRouter, bgpConditionalAdv)...) 198 resources = append(resources, g.createBGPConditionalAdvertisementNonExistFilterResources(virtualRouter, bgpConditionalAdv)...) 199 } 200 201 return resources 202 } 203 204 func (g *FirewallNetworkingGenerator) createBGPConditionalAdvertisementAdvertiseFilterResources(virtualRouter, bgpConditionalAdv string) []terraformutils.Resource { 205 return g.createResourcesFromList( 206 getGeneric{g.client.(*pango.Firewall).Network.BgpConAdvAdvertiseFilter, []string{virtualRouter, bgpConditionalAdv}}, 207 virtualRouter+":"+bgpConditionalAdv+":", true, "panos_bgp_conditional_adv_advertise_filter", false, "", 208 ) 209 } 210 211 func (g *FirewallNetworkingGenerator) createBGPConditionalAdvertisementNonExistFilterResources(virtualRouter, bgpConditionalAdv string) []terraformutils.Resource { 212 return g.createResourcesFromList( 213 getGeneric{g.client.(*pango.Firewall).Network.BgpConAdvNonExistFilter, []string{virtualRouter, bgpConditionalAdv}}, 214 virtualRouter+":"+bgpConditionalAdv+":", true, "panos_bgp_conditional_adv_non_exist_filter", false, "", 215 ) 216 } 217 218 func (g *FirewallNetworkingGenerator) createBGPDampeningProfileResources(virtualRouter string) []terraformutils.Resource { 219 return g.createResourcesFromList( 220 getGeneric{g.client.(*pango.Firewall).Network.BgpDampeningProfile, []string{virtualRouter}}, 221 virtualRouter+":", true, "panos_bgp_dampening_profile", false, "", 222 ) 223 } 224 225 func (g *FirewallNetworkingGenerator) createBGPRuleGroupResourcesFromList(o getGeneric, terraformResourceName string) (resources []terraformutils.Resource) { 226 l, err := o.i.(getListWithOneArg).GetList(o.params[0]) 227 if err != nil || len(l) == 0 { 228 return []terraformutils.Resource{} 229 } 230 231 var positionReference string 232 id := o.params[0] + ":" + strconv.Itoa(util.MoveTop) + "::" 233 234 for k, r := range l { 235 if k > 0 { 236 id = o.params[0] + ":" + strconv.Itoa(util.MoveAfter) + ":" + positionReference + ":" 237 } 238 239 id += base64.StdEncoding.EncodeToString([]byte(r)) 240 positionReference = r 241 242 resources = append(resources, terraformutils.NewSimpleResource( 243 id, 244 normalizeResourceName(r), 245 terraformResourceName, 246 "panos", 247 []string{}, 248 )) 249 } 250 251 return resources 252 } 253 254 func (g *FirewallNetworkingGenerator) createBGPExportRuleGroupResources(virtualRouter string) []terraformutils.Resource { 255 return g.createBGPRuleGroupResourcesFromList( 256 getGeneric{g.client.(*pango.Firewall).Network.BgpExport, []string{virtualRouter}}, 257 "panos_bgp_export_rule_group", 258 ) 259 } 260 261 func (g *FirewallNetworkingGenerator) createBGPImportRuleGroupResources(virtualRouter string) []terraformutils.Resource { 262 return g.createBGPRuleGroupResourcesFromList( 263 getGeneric{g.client.(*pango.Firewall).Network.BgpImport, []string{virtualRouter}}, 264 "panos_bgp_import_rule_group", 265 ) 266 } 267 268 func (g *FirewallNetworkingGenerator) createBGPPeerGroupResources(virtualRouter string) (resources []terraformutils.Resource) { 269 l, err := g.client.(*pango.Firewall).Network.BgpPeerGroup.GetList(virtualRouter) 270 if err != nil { 271 return []terraformutils.Resource{} 272 } 273 274 for _, bgpPeerGroup := range l { 275 id := virtualRouter + ":" + bgpPeerGroup 276 resources = append(resources, terraformutils.NewSimpleResource( 277 id, 278 normalizeResourceName(id), 279 "panos_bgp_peer_group", 280 "panos", 281 []string{}, 282 )) 283 284 resources = append(resources, g.createBGPPeerResources(virtualRouter, bgpPeerGroup)...) 285 } 286 287 return resources 288 } 289 290 func (g *FirewallNetworkingGenerator) createBGPPeerResources(virtualRouter, bgpPeerGroup string) []terraformutils.Resource { 291 return g.createResourcesFromList( 292 getGeneric{g.client.(*pango.Firewall).Network.BgpPeer, []string{virtualRouter, bgpPeerGroup}}, 293 virtualRouter+":"+bgpPeerGroup+":", true, "panos_bgp_peer", false, "", 294 ) 295 } 296 297 func (g *FirewallNetworkingGenerator) createBGPRedistResources(virtualRouter string) []terraformutils.Resource { 298 return g.createResourcesFromList( 299 getGeneric{g.client.(*pango.Firewall).Network.BgpRedistRule, []string{virtualRouter}}, 300 virtualRouter+":", true, "panos_bgp_redist_rule", false, "", 301 ) 302 } 303 304 func (g *FirewallNetworkingGenerator) createEthernetInterfaceResources() (resources []terraformutils.Resource) { 305 l, err := g.client.(*pango.Firewall).Network.EthernetInterface.GetList() 306 if err != nil { 307 return []terraformutils.Resource{} 308 } 309 310 for _, ethernetInterface := range l { 311 rv, err := g.client.(*pango.Firewall).IsImported(util.InterfaceImport, "", "", g.vsys, ethernetInterface) 312 if err != nil || !rv { 313 continue 314 } 315 316 id := g.vsys + ":" + ethernetInterface 317 resources = append(resources, terraformutils.NewSimpleResource( 318 id, 319 normalizeResourceName(ethernetInterface), 320 "panos_ethernet_interface", 321 "panos", 322 []string{}, 323 )) 324 325 e, err := g.client.(*pango.Firewall).Network.EthernetInterface.Get(ethernetInterface) 326 if err != nil { 327 continue 328 } 329 330 if e.Mode == eth.ModeLayer2 || e.Mode == eth.ModeVirtualWire { 331 g.Resources = append(g.Resources, g.createLayer2SubInterfaceResources(layer2.EthernetInterface, ethernetInterface, e.Mode)...) 332 } 333 334 if e.Mode == eth.ModeLayer3 { 335 g.Resources = append(g.Resources, g.createLayer3SubInterfaceResources(layer3.EthernetInterface, ethernetInterface)...) 336 } 337 } 338 339 return resources 340 } 341 342 func (g *FirewallNetworkingGenerator) createGRETunnelResources() []terraformutils.Resource { 343 return g.createResourcesFromList( 344 getGeneric{g.client.(*pango.Firewall).Network.GreTunnel, []string{}}, 345 "", false, "panos_gre_tunnel", false, "", 346 ) 347 } 348 349 func (g *FirewallNetworkingGenerator) createIKECryptoProfileResources() (resources []terraformutils.Resource) { 350 l, err := g.client.(*pango.Firewall).Network.IkeCryptoProfile.GetList() 351 if err != nil { 352 return []terraformutils.Resource{} 353 } 354 355 for _, ikeCryptoProfile := range l { 356 resources = append(resources, terraformutils.NewResource( 357 ikeCryptoProfile, 358 normalizeResourceName(ikeCryptoProfile), 359 "panos_ike_crypto_profile", 360 "panos", 361 map[string]string{ 362 "name": ikeCryptoProfile, 363 }, 364 []string{}, 365 map[string]interface{}{}, 366 )) 367 } 368 369 return resources 370 } 371 372 func (g *FirewallNetworkingGenerator) createIKEGatewayResources() (resources []terraformutils.Resource) { 373 l, err := g.client.(*pango.Firewall).Network.IkeGateway.GetList() 374 if err != nil { 375 return []terraformutils.Resource{} 376 } 377 378 for _, ikeGateway := range l { 379 resources = append(resources, terraformutils.NewResource( 380 ikeGateway, 381 normalizeResourceName(ikeGateway), 382 "panos_ike_gateway", 383 "panos", 384 map[string]string{ 385 "name": ikeGateway, 386 }, 387 []string{}, 388 map[string]interface{}{}, 389 )) 390 } 391 392 return resources 393 } 394 395 func (g *FirewallNetworkingGenerator) createIPSECCryptoProfileResources() (resources []terraformutils.Resource) { 396 l, err := g.client.(*pango.Firewall).Network.IpsecCryptoProfile.GetList() 397 if err != nil { 398 return []terraformutils.Resource{} 399 } 400 401 for _, ipsecCryptoProfile := range l { 402 resources = append(resources, terraformutils.NewResource( 403 ipsecCryptoProfile, 404 normalizeResourceName(ipsecCryptoProfile), 405 "panos_ipsec_crypto_profile", 406 "panos", 407 map[string]string{ 408 "name": ipsecCryptoProfile, 409 }, 410 []string{}, 411 map[string]interface{}{}, 412 )) 413 } 414 415 return resources 416 } 417 418 func (g *FirewallNetworkingGenerator) createIPSECTunnelProxyIDIPv4Resources(ipsecTunnel string) []terraformutils.Resource { 419 return g.createResourcesFromList( 420 getGeneric{g.client.(*pango.Firewall).Network.IpsecTunnelProxyId, []string{ipsecTunnel}}, 421 ipsecTunnel+":", false, "panos_ipsec_tunnel_proxy_id_ipv4", false, "", 422 ) 423 } 424 425 func (g *FirewallNetworkingGenerator) createIPSECTunnelResources() (resources []terraformutils.Resource) { 426 l, err := g.client.(*pango.Firewall).Network.IpsecTunnel.GetList() 427 if err != nil { 428 return []terraformutils.Resource{} 429 } 430 431 for _, ipsecTunnel := range l { 432 resources = append(resources, terraformutils.NewSimpleResource( 433 ipsecTunnel, 434 normalizeResourceName(ipsecTunnel), 435 "panos_ipsec_tunnel", 436 "panos", 437 []string{}, 438 )) 439 440 resources = append(resources, g.createIPSECTunnelProxyIDIPv4Resources(ipsecTunnel)...) 441 } 442 443 return resources 444 } 445 446 func (g *FirewallNetworkingGenerator) createLayer2SubInterfaceResources(interfaceType, parentInterface, parentMode string) []terraformutils.Resource { 447 return g.createResourcesFromList( 448 getGeneric{g.client.(*pango.Firewall).Network.Layer2Subinterface, []string{interfaceType, parentInterface, parentMode}}, 449 interfaceType+":"+parentInterface+":"+parentMode+":"+g.vsys+":", false, "panos_layer2_subinterface", true, util.InterfaceImport, 450 ) 451 } 452 453 func (g *FirewallNetworkingGenerator) createLayer3SubInterfaceResources(interfaceType, parentInterface string) []terraformutils.Resource { 454 return g.createResourcesFromList( 455 getGeneric{g.client.(*pango.Firewall).Network.Layer3Subinterface, []string{interfaceType, parentInterface}}, 456 interfaceType+":"+parentInterface+":"+g.vsys+":", false, "panos_layer3_subinterface", true, util.InterfaceImport, 457 ) 458 } 459 460 func (g *FirewallNetworkingGenerator) createLoopbackInterfaceResources() []terraformutils.Resource { 461 return g.createResourcesFromList( 462 getGeneric{g.client.(*pango.Firewall).Network.LoopbackInterface, []string{}}, 463 g.vsys+":", false, "panos_loopback_interface", true, util.InterfaceImport, 464 ) 465 } 466 467 func (g *FirewallNetworkingGenerator) createManagementProfileResources() (resources []terraformutils.Resource) { 468 l, err := g.client.(*pango.Firewall).Network.ManagementProfile.GetList() 469 if err != nil { 470 return []terraformutils.Resource{} 471 } 472 473 for _, managementProfile := range l { 474 resources = append(resources, terraformutils.NewResource( 475 managementProfile, 476 normalizeResourceName(managementProfile), 477 "panos_management_profile", 478 "panos", 479 map[string]string{ 480 "name": managementProfile, 481 }, 482 []string{}, 483 map[string]interface{}{}, 484 )) 485 } 486 487 return resources 488 } 489 490 func (g *FirewallNetworkingGenerator) createMonitorProfileResources() []terraformutils.Resource { 491 return g.createResourcesFromList( 492 getGeneric{g.client.(*pango.Firewall).Network.MonitorProfile, []string{}}, 493 "", false, "panos_monitor_profile", false, "", 494 ) 495 } 496 497 func (g *FirewallNetworkingGenerator) createRedistributionProfileResources(virtualRouter string) []terraformutils.Resource { 498 return g.createResourcesFromList( 499 getGeneric{g.client.(*pango.Firewall).Network.RedistributionProfile, []string{virtualRouter}}, 500 virtualRouter+":", true, "panos_redistribution_profile_ipv4", false, "", 501 ) 502 } 503 504 func (g *FirewallNetworkingGenerator) createStaticRouteIpv4Resources(virtualRouter string) []terraformutils.Resource { 505 return g.createResourcesFromList( 506 getGeneric{g.client.(*pango.Firewall).Network.StaticRoute, []string{virtualRouter}}, 507 virtualRouter+":", true, "panos_static_route_ipv4", false, "", 508 ) 509 } 510 511 func (g *FirewallNetworkingGenerator) createTunnelInterfaceResources() []terraformutils.Resource { 512 return g.createResourcesFromList( 513 getGeneric{g.client.(*pango.Firewall).Network.TunnelInterface, []string{}}, 514 g.vsys+":", false, "panos_tunnel_interface", true, util.InterfaceImport, 515 ) 516 } 517 518 func (g *FirewallNetworkingGenerator) createVirtualRouterResources() (resources []terraformutils.Resource) { 519 l, err := g.client.(*pango.Firewall).Network.VirtualRouter.GetList() 520 if err != nil { 521 return []terraformutils.Resource{} 522 } 523 524 for _, virtualRouter := range l { 525 // TODO: doesn't work!!? 526 // rv, err := g.client.(*pango.Firewall).IsImported(util.VirtualRouterImport, "", "", g.vsys, virtualRouter) 527 // if err != nil || !rv { 528 // continue 529 // } 530 531 id := g.vsys + ":" + virtualRouter 532 resources = append(resources, terraformutils.NewSimpleResource( 533 id, 534 normalizeResourceName(virtualRouter), 535 "panos_virtual_router", 536 "panos", 537 []string{}, 538 )) 539 540 resources = append(resources, g.createBGPResource(virtualRouter)) 541 resources = append(resources, g.createBGPAggregateResources(virtualRouter)...) 542 resources = append(resources, g.createBGPAuthProfileResources(virtualRouter)...) 543 resources = append(resources, g.createBGPConditionalAdvertisementResources(virtualRouter)...) 544 resources = append(resources, g.createBGPDampeningProfileResources(virtualRouter)...) 545 resources = append(resources, g.createBGPExportRuleGroupResources(virtualRouter)...) 546 resources = append(resources, g.createBGPImportRuleGroupResources(virtualRouter)...) 547 resources = append(resources, g.createBGPPeerGroupResources(virtualRouter)...) 548 resources = append(resources, g.createBGPRedistResources(virtualRouter)...) 549 resources = append(resources, g.createRedistributionProfileResources(virtualRouter)...) 550 resources = append(resources, g.createStaticRouteIpv4Resources(virtualRouter)...) 551 } 552 553 return resources 554 } 555 556 func (g *FirewallNetworkingGenerator) createVlanResources() []terraformutils.Resource { 557 // TODO: should activate check with util.VlanImport, but doesn't work? 558 return g.createResourcesFromList( 559 getGeneric{g.client.(*pango.Firewall).Network.Vlan, []string{}}, 560 g.vsys+":", false, "panos_vlan", false, "", 561 ) 562 } 563 564 func (g *FirewallNetworkingGenerator) createVlanInterfaceResources() []terraformutils.Resource { 565 return g.createResourcesFromList( 566 getGeneric{g.client.(*pango.Firewall).Network.VlanInterface, []string{}}, 567 g.vsys+":", false, "panos_vlan_interface", true, util.InterfaceImport, 568 ) 569 } 570 571 func (g *FirewallNetworkingGenerator) createZoneResources() []terraformutils.Resource { 572 return g.createResourcesFromList( 573 getGeneric{g.client.(*pango.Firewall).Network.Zone, []string{g.vsys}}, 574 g.vsys+":", false, "panos_zone", false, "", 575 ) 576 } 577 578 func (g *FirewallNetworkingGenerator) InitResources() error { 579 if err := g.Initialize(); err != nil { 580 return err 581 } 582 583 g.Resources = append(g.Resources, g.createAggregateInterfaceResources()...) 584 g.Resources = append(g.Resources, g.createBFDProfileResources()...) 585 g.Resources = append(g.Resources, g.createEthernetInterfaceResources()...) 586 g.Resources = append(g.Resources, g.createGRETunnelResources()...) 587 g.Resources = append(g.Resources, g.createIKECryptoProfileResources()...) 588 g.Resources = append(g.Resources, g.createIKEGatewayResources()...) 589 g.Resources = append(g.Resources, g.createIPSECCryptoProfileResources()...) 590 g.Resources = append(g.Resources, g.createIPSECTunnelResources()...) 591 g.Resources = append(g.Resources, g.createLoopbackInterfaceResources()...) 592 g.Resources = append(g.Resources, g.createManagementProfileResources()...) 593 g.Resources = append(g.Resources, g.createMonitorProfileResources()...) 594 g.Resources = append(g.Resources, g.createTunnelInterfaceResources()...) 595 g.Resources = append(g.Resources, g.createVirtualRouterResources()...) 596 g.Resources = append(g.Resources, g.createVlanResources()...) 597 g.Resources = append(g.Resources, g.createVlanInterfaceResources()...) 598 g.Resources = append(g.Resources, g.createZoneResources()...) 599 600 return nil 601 } 602 603 func (g *FirewallNetworkingGenerator) PostConvertHook() error { 604 mapInterfaceNames := map[string]string{} 605 mapInterfaceModes := map[string]string{} 606 mapIKECryptoProfileNames := map[string]string{} 607 mapIKEGatewayNames := map[string]string{} 608 mapIPSECCryptoProfileNames := map[string]string{} 609 610 for _, r := range g.Resources { 611 if r.InstanceInfo.Type == "panos_aggregate_interface" { 612 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 613 mapInterfaceModes[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".mode}" 614 } 615 616 if r.InstanceInfo.Type == "panos_ethernet_interface" { 617 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 618 mapInterfaceModes[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".mode}" 619 } 620 621 if r.InstanceInfo.Type == "panos_layer2_subinterface" { 622 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 623 } 624 625 if r.InstanceInfo.Type == "panos_layer3_subinterface" { 626 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 627 } 628 629 if r.InstanceInfo.Type == "panos_loopback_interface" { 630 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 631 } 632 633 if r.InstanceInfo.Type == "panos_tunnel_interface" { 634 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 635 } 636 637 if r.InstanceInfo.Type == "panos_vlan_interface" { 638 mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 639 } 640 641 if r.InstanceInfo.Type == "panos_ike_crypto_profile" { 642 mapIKECryptoProfileNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 643 } 644 645 if r.InstanceInfo.Type == "panos_ike_gateway" { 646 mapIKEGatewayNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 647 } 648 649 if r.InstanceInfo.Type == "panos_ipsec_crypto_profile" { 650 mapIPSECCryptoProfileNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 651 } 652 } 653 654 for _, r := range g.Resources { 655 if r.InstanceInfo.Type == "panos_bgp" || 656 r.InstanceInfo.Type == "panos_redistribution_profile_ipv4" || 657 r.InstanceInfo.Type == "panos_static_route_ipv4" { 658 r.Item["virtual_router"] = "${panos_virtual_router." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".name}" 659 } 660 661 if r.InstanceInfo.Type == "panos_bgp_aggregate" || 662 r.InstanceInfo.Type == "panos_bgp_auth_profile" || 663 r.InstanceInfo.Type == "panos_bgp_conditional_adv" || 664 r.InstanceInfo.Type == "panos_bgp_dampening_profile" || 665 r.InstanceInfo.Type == "panos_bgp_export_rule_group" || 666 r.InstanceInfo.Type == "panos_bgp_import_rule_group" || 667 r.InstanceInfo.Type == "panos_bgp_peer_group" || 668 r.InstanceInfo.Type == "panos_bgp_redist_rule" { 669 r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}" 670 } 671 672 if r.InstanceInfo.Type == "panos_bgp_aggregate_advertise_filter" || 673 r.InstanceInfo.Type == "panos_bgp_aggregate_suppress_filter" { 674 r.Item["virtual_router"] = "${panos_bgp_aggregate." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}" 675 r.Item["bgp_aggregate"] = "${panos_bgp_aggregate." + normalizeResourceName(r.Item["bgp_aggregate"].(string)) + ".name}" 676 } 677 678 if r.InstanceInfo.Type == "panos_bgp_peer" { 679 r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}" 680 r.Item["peer_as"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".as_number}" 681 } 682 683 if r.InstanceInfo.Type == "panos_bgp_conditional_adv_advertise_filter" || 684 r.InstanceInfo.Type == "panos_bgp_conditional_adv_non_exist_filter" { 685 r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}" 686 r.Item["bgp_conditional_adv"] = "${panos_bgp_conditional_adv." + normalizeResourceName(r.Item["panos_bgp_conditional_adv"].(string)) + ".name}" 687 } 688 689 if r.InstanceInfo.Type == "panos_gre_tunnel" { 690 r.Item["interface"] = mapInterfaceNames[r.Item["interface"].(string)] 691 r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)] 692 } 693 694 if r.InstanceInfo.Type == "panos_ike_gateway" { 695 if _, ok := r.Item["ikev1_crypto_profile"]; ok { 696 r.Item["ikev1_crypto_profile"] = mapIKECryptoProfileNames[r.Item["ikev1_crypto_profile"].(string)] 697 } 698 } 699 700 if r.InstanceInfo.Type == "panos_ipsec_tunnel" { 701 r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)] 702 r.Item["ak_ike_gateway"] = mapIKEGatewayNames[r.Item["ak_ike_gateway"].(string)] 703 if _, ok := r.Item["ak_ipsec_crypto_profile"]; ok { 704 r.Item["ak_ipsec_crypto_profile"] = mapIPSECCryptoProfileNames[r.Item["ak_ipsec_crypto_profile"].(string)] 705 } 706 } 707 708 if r.InstanceInfo.Type == "panos_ipsec_tunnel_proxy_id_ipv4" { 709 r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)] 710 } 711 712 if r.InstanceInfo.Type == "panos_layer2_subinterface" { 713 if _, ok := mapInterfaceModes[r.Item["parent_interface"].(string)]; ok { 714 r.Item["parent_mode"] = mapInterfaceModes[r.Item["parent_interface"].(string)] 715 } 716 } 717 718 if r.InstanceInfo.Type == "panos_layer2_subinterface" || 719 r.InstanceInfo.Type == "panos_layer3_subinterface" { 720 if _, ok := mapInterfaceNames[r.Item["parent_interface"].(string)]; ok { 721 r.Item["parent_interface"] = mapInterfaceNames[r.Item["parent_interface"].(string)] 722 } 723 } 724 725 if r.InstanceInfo.Type == "panos_virtual_router" { 726 if r.Item["ospfv3_ext_dist"].(string) == "0" { 727 r.Item["ospfv3_ext_dist"] = "110" 728 } 729 730 if r.Item["ebgp_dist"].(string) == "0" { 731 r.Item["ebgp_dist"] = "20" 732 } 733 734 if r.Item["rip_dist"].(string) == "0" { 735 r.Item["rip_dist"] = "120" 736 } 737 738 if r.Item["ibgp_dist"].(string) == "0" { 739 r.Item["ibgp_dist"] = "200" 740 } 741 742 if r.Item["static_dist"].(string) == "0" { 743 r.Item["static_dist"] = "10" 744 } 745 746 if r.Item["ospf_int_dist"].(string) == "0" { 747 r.Item["ospf_int_dist"] = "30" 748 } 749 750 if r.Item["static_ipv6_dist"].(string) == "0" { 751 r.Item["static_ipv6_dist"] = "10" 752 } 753 754 if r.Item["ospf_ext_dist"].(string) == "0" { 755 r.Item["ospf_ext_dist"] = "110" 756 } 757 758 if r.Item["ospfv3_int_dist"].(string) == "0" { 759 r.Item["ospfv3_int_dist"] = "30" 760 } 761 } 762 763 if r.InstanceInfo.Type == "panos_virtual_router" || 764 r.InstanceInfo.Type == "panos_zone" { 765 if _, ok := r.Item["interfaces"]; ok { 766 interfaces := make([]string, len(r.Item["interfaces"].([]interface{}))) 767 for k, eth := range r.Item["interfaces"].([]interface{}) { 768 if name, ok := mapInterfaceNames[eth.(string)]; ok { 769 interfaces[k] = name 770 } 771 } 772 773 r.Item["interfaces"] = interfaces 774 } 775 } 776 777 if r.InstanceInfo.Type == "panos_vlan" { 778 r.Item["vlan_interface"] = mapInterfaceNames[r.Item["vlan_interface"].(string)] 779 } 780 } 781 782 return nil 783 }