github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/panos/firewall_objects.go (about) 1 // Copyright 2018 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package panos 16 17 import ( 18 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 19 "github.com/PaloAltoNetworks/pango" 20 ) 21 22 type FirewallObjectsGenerator struct { 23 PanosService 24 } 25 26 func (g *FirewallObjectsGenerator) createResourcesFromList(o getGeneric, idPrefix string, terraformResourceName string) (resources []terraformutils.Resource) { 27 l, err := o.i.(getListWithOneArg).GetList(o.params[0]) 28 if err != nil || len(l) == 0 { 29 return []terraformutils.Resource{} 30 } 31 32 for _, r := range l { 33 id := idPrefix + r 34 resources = append(resources, terraformutils.NewSimpleResource( 35 id, 36 normalizeResourceName(r), 37 terraformResourceName, 38 "panos", 39 []string{}, 40 )) 41 } 42 43 return resources 44 } 45 46 func (g *FirewallObjectsGenerator) createResourcesFromListWithVsys(o getGeneric, idPrefix string, terraformResourceName string) (resources []terraformutils.Resource) { 47 l, err := o.i.(getListWithOneArg).GetList(o.params[0]) 48 if err != nil { 49 return []terraformutils.Resource{} 50 } 51 52 for _, r := range l { 53 id := idPrefix + r 54 resources = append(resources, terraformutils.NewResource( 55 id, 56 normalizeResourceName(r), 57 terraformResourceName, 58 "panos", 59 map[string]string{ 60 "vsys": g.vsys, 61 "device_group": "shared", 62 }, 63 []string{}, 64 map[string]interface{}{}, 65 )) 66 } 67 68 return resources 69 } 70 71 func (g *FirewallObjectsGenerator) createAddressGroupResources() []terraformutils.Resource { 72 return g.createResourcesFromList( 73 getGeneric{g.client.(*pango.Firewall).Objects.AddressGroup, []string{g.vsys}}, 74 g.vsys+":", "panos_address_group", 75 ) 76 } 77 78 func (g *FirewallObjectsGenerator) createAdministrativeTagResources() []terraformutils.Resource { 79 return g.createResourcesFromList( 80 getGeneric{g.client.(*pango.Firewall).Objects.Tags, []string{g.vsys}}, 81 g.vsys+":", "panos_administrative_tag", 82 ) 83 } 84 85 func (g *FirewallObjectsGenerator) createApplicationGroupResources() []terraformutils.Resource { 86 return g.createResourcesFromList( 87 getGeneric{g.client.(*pango.Firewall).Objects.AppGroup, []string{g.vsys}}, 88 g.vsys+":", "panos_application_group", 89 ) 90 } 91 92 func (g *FirewallObjectsGenerator) createApplicationObjectResources() (resources []terraformutils.Resource) { 93 l, err := g.client.(*pango.Firewall).Objects.Application.GetList(g.vsys) 94 if err != nil { 95 return []terraformutils.Resource{} 96 } 97 98 for _, r := range l { 99 id := g.vsys + ":" + r 100 resources = append(resources, terraformutils.NewSimpleResource( 101 id, 102 normalizeResourceName(r), 103 "panos_application_object", 104 "panos", 105 []string{}, 106 )) 107 108 // TODO: fix 109 // resources = append(resources, g.createApplicationSignatureResources(r)...) 110 } 111 112 return resources 113 } 114 115 // func (g *FirewallObjectsGenerator) createApplicationSignatureResources(applicationObject string) []terraformutils.Resource { 116 // return g.createResourcesFromList( 117 // getGeneric{g.client.(*pango.Firewall).Objects.AppSignature, []string{g.vsys, applicationObject}}, 118 // g.vsys+":"+applicationObject+":", "panos_application_signature", 119 // ) 120 // } 121 122 func (g *FirewallObjectsGenerator) createEDLResources() []terraformutils.Resource { 123 return g.createResourcesFromList( 124 getGeneric{g.client.(*pango.Firewall).Objects.Edl, []string{g.vsys}}, 125 g.vsys+":", "panos_edl", 126 ) 127 } 128 129 func (g *FirewallObjectsGenerator) createLogForwardingResources() []terraformutils.Resource { 130 return g.createResourcesFromList( 131 getGeneric{g.client.(*pango.Firewall).Objects.LogForwardingProfile, []string{g.vsys}}, 132 g.vsys+":", "panos_log_forwarding_profile", 133 ) 134 } 135 136 func (g *FirewallObjectsGenerator) createServiceGroupResources() []terraformutils.Resource { 137 return g.createResourcesFromList( 138 getGeneric{g.client.(*pango.Firewall).Objects.ServiceGroup, []string{g.vsys}}, 139 g.vsys+":", "panos_service_group", 140 ) 141 } 142 143 func (g *FirewallObjectsGenerator) createServiceObjectResources() []terraformutils.Resource { 144 return g.createResourcesFromList( 145 getGeneric{g.client.(*pango.Firewall).Objects.Services, []string{g.vsys}}, 146 g.vsys+":", "panos_service_object", 147 ) 148 } 149 150 func (g *FirewallObjectsGenerator) createAddressObjectResources() []terraformutils.Resource { 151 return g.createResourcesFromList( 152 getGeneric{g.client.(*pango.Firewall).Objects.Address, []string{g.vsys}}, 153 g.vsys+":", "panos_address_object", 154 ) 155 } 156 157 func (g *FirewallObjectsGenerator) createAntiSpywareSecurityProfileResources() []terraformutils.Resource { 158 return g.createResourcesFromListWithVsys( 159 getGeneric{g.client.(*pango.Firewall).Objects.AntiSpywareProfile, []string{g.vsys}}, 160 g.vsys+":", "panos_anti_spyware_security_profile", 161 ) 162 } 163 164 func (g *FirewallObjectsGenerator) createAntivirusSecurityProfileResources() []terraformutils.Resource { 165 return g.createResourcesFromListWithVsys( 166 getGeneric{g.client.(*pango.Firewall).Objects.AntivirusProfile, []string{g.vsys}}, 167 g.vsys+":", "panos_antivirus_security_profile", 168 ) 169 } 170 171 func (g *FirewallObjectsGenerator) createCustomDataPatternObjectResources() []terraformutils.Resource { 172 return g.createResourcesFromListWithVsys( 173 getGeneric{g.client.(*pango.Firewall).Objects.DataPattern, []string{g.vsys}}, 174 g.vsys+":", "panos_custom_data_pattern_object", 175 ) 176 } 177 178 func (g *FirewallObjectsGenerator) createDataFilteringSecurityProfileResources() []terraformutils.Resource { 179 return g.createResourcesFromListWithVsys( 180 getGeneric{g.client.(*pango.Firewall).Objects.DataFilteringProfile, []string{g.vsys}}, 181 g.vsys+":", "panos_data_filtering_security_profile", 182 ) 183 } 184 185 func (g *FirewallObjectsGenerator) createDOSProtectionProfileResources() []terraformutils.Resource { 186 return g.createResourcesFromListWithVsys( 187 getGeneric{g.client.(*pango.Firewall).Objects.DosProtectionProfile, []string{g.vsys}}, 188 g.vsys+":", "panos_dos_protection_profile", 189 ) 190 } 191 192 func (g *FirewallObjectsGenerator) createDynamicUserGroupResources() []terraformutils.Resource { 193 return g.createResourcesFromListWithVsys( 194 getGeneric{g.client.(*pango.Firewall).Objects.DynamicUserGroup, []string{g.vsys}}, 195 g.vsys+":", "panos_dynamic_user_group", 196 ) 197 } 198 199 func (g *FirewallObjectsGenerator) createFileBlockingSecurityProfileResources() []terraformutils.Resource { 200 return g.createResourcesFromListWithVsys( 201 getGeneric{g.client.(*pango.Firewall).Objects.FileBlockingProfile, []string{g.vsys}}, 202 g.vsys+":", "panos_file_blocking_security_profile", 203 ) 204 } 205 206 func (g *FirewallObjectsGenerator) createURLFilteringSecurityProfileResources() []terraformutils.Resource { 207 return g.createResourcesFromListWithVsys( 208 getGeneric{g.client.(*pango.Firewall).Objects.UrlFilteringProfile, []string{g.vsys}}, 209 g.vsys+":", "panos_url_filtering_security_profile", 210 ) 211 } 212 213 func (g *FirewallObjectsGenerator) createVulnerabilitySecurityProfileResources() []terraformutils.Resource { 214 return g.createResourcesFromListWithVsys( 215 getGeneric{g.client.(*pango.Firewall).Objects.VulnerabilityProfile, []string{g.vsys}}, 216 g.vsys+":", "panos_vulnerability_security_profile", 217 ) 218 } 219 220 func (g *FirewallObjectsGenerator) createWildfireAnalysisSecurityProfileResources() []terraformutils.Resource { 221 return g.createResourcesFromListWithVsys( 222 getGeneric{g.client.(*pango.Firewall).Objects.WildfireAnalysisProfile, []string{g.vsys}}, 223 g.vsys+":", "panos_wildfire_analysis_security_profile", 224 ) 225 } 226 227 func (g *FirewallObjectsGenerator) InitResources() error { 228 if err := g.Initialize(); err != nil { 229 return err 230 } 231 232 g.Resources = append(g.Resources, g.createAddressGroupResources()...) 233 g.Resources = append(g.Resources, g.createAdministrativeTagResources()...) 234 g.Resources = append(g.Resources, g.createApplicationGroupResources()...) 235 g.Resources = append(g.Resources, g.createApplicationObjectResources()...) 236 g.Resources = append(g.Resources, g.createEDLResources()...) 237 g.Resources = append(g.Resources, g.createLogForwardingResources()...) 238 g.Resources = append(g.Resources, g.createServiceGroupResources()...) 239 g.Resources = append(g.Resources, g.createServiceObjectResources()...) 240 241 g.Resources = append(g.Resources, g.createAddressObjectResources()...) 242 g.Resources = append(g.Resources, g.createAntiSpywareSecurityProfileResources()...) 243 g.Resources = append(g.Resources, g.createAntivirusSecurityProfileResources()...) 244 g.Resources = append(g.Resources, g.createCustomDataPatternObjectResources()...) 245 g.Resources = append(g.Resources, g.createDataFilteringSecurityProfileResources()...) 246 g.Resources = append(g.Resources, g.createDOSProtectionProfileResources()...) 247 g.Resources = append(g.Resources, g.createDynamicUserGroupResources()...) 248 g.Resources = append(g.Resources, g.createFileBlockingSecurityProfileResources()...) 249 g.Resources = append(g.Resources, g.createURLFilteringSecurityProfileResources()...) 250 g.Resources = append(g.Resources, g.createVulnerabilitySecurityProfileResources()...) 251 g.Resources = append(g.Resources, g.createWildfireAnalysisSecurityProfileResources()...) 252 253 return nil 254 } 255 256 func (g *FirewallObjectsGenerator) PostConvertHook() error { 257 mapAddressObjectIDs := map[string]string{} 258 mapApplicationObjectIDs := map[string]string{} 259 mapServiceObjectIDs := map[string]string{} 260 261 for _, r := range g.Resources { 262 if r.InstanceInfo.Type == "panos_address_object" { 263 mapAddressObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 264 } 265 266 if r.InstanceInfo.Type == "panos_application_object" { 267 mapApplicationObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 268 } 269 270 if r.InstanceInfo.Type == "panos_service_object" { 271 mapServiceObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}" 272 } 273 } 274 275 for _, r := range g.Resources { 276 if r.InstanceInfo.Type == "panos_address_group" { 277 if _, ok := r.Item["static_addresses"]; ok { 278 staticAddresses := make([]string, len(r.Item["static_addresses"].([]interface{}))) 279 for k, staticAddress := range r.Item["static_addresses"].([]interface{}) { 280 staticAddresses[k] = mapAddressObjectIDs[staticAddress.(string)] 281 } 282 283 r.Item["static_addresses"] = staticAddresses 284 } 285 } 286 287 if r.InstanceInfo.Type == "panos_application_group" { 288 if _, ok := r.Item["applications"]; ok { 289 applications := make([]string, len(r.Item["applications"].([]interface{}))) 290 for k, application := range r.Item["applications"].([]interface{}) { 291 if _, ok := mapApplicationObjectIDs[application.(string)]; ok { 292 applications[k] = mapApplicationObjectIDs[application.(string)] 293 continue 294 } 295 applications[k] = application.(string) 296 } 297 298 r.Item["applications"] = applications 299 } 300 } 301 302 if r.InstanceInfo.Type == "panos_service_group" { 303 services := make([]string, len(r.Item["services"].([]interface{}))) 304 for k, service := range r.Item["services"].([]interface{}) { 305 services[k] = mapServiceObjectIDs[service.(string)] 306 } 307 308 r.Item["services"] = services 309 } 310 } 311 312 return nil 313 }