github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/panos/firewall_policy.go (about) 1 // Copyright 2018 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package panos 16 17 import ( 18 "encoding/base64" 19 "strconv" 20 21 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 22 "github.com/PaloAltoNetworks/pango" 23 "github.com/PaloAltoNetworks/pango/util" 24 ) 25 26 type FirewallPolicyGenerator struct { 27 PanosService 28 } 29 30 func (g *FirewallPolicyGenerator) createResourcesFromList(o getGeneric, terraformResourceName string) (resources []terraformutils.Resource) { 31 l, err := o.i.(getListWithOneArg).GetList(o.params[0]) 32 if err != nil || len(l) == 0 { 33 return []terraformutils.Resource{} 34 } 35 36 var positionReference string 37 id := g.vsys + ":" + strconv.Itoa(util.MoveTop) + "::" 38 39 for k, r := range l { 40 if k > 0 { 41 id = g.vsys + ":" + strconv.Itoa(util.MoveAfter) + ":" + positionReference + ":" 42 } 43 44 id += base64.StdEncoding.EncodeToString([]byte(r)) 45 positionReference = r 46 47 resources = append(resources, terraformutils.NewSimpleResource( 48 id, 49 normalizeResourceName(r), 50 terraformResourceName, 51 "panos", 52 []string{}, 53 )) 54 } 55 56 return resources 57 } 58 59 func (g *FirewallPolicyGenerator) createNATRuleGroupResources() []terraformutils.Resource { 60 return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Policies.Nat, []string{g.vsys}}, "panos_nat_rule_group") 61 } 62 63 func (g *FirewallPolicyGenerator) createPBFRuleGroupResources() []terraformutils.Resource { 64 return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Policies.PolicyBasedForwarding, []string{g.vsys}}, "panos_pbf_rule_group") 65 } 66 67 func (g *FirewallPolicyGenerator) createSecurityRuleGroupResources() []terraformutils.Resource { 68 return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Policies.Security, []string{g.vsys}}, "panos_security_rule_group") 69 } 70 71 func (g *FirewallPolicyGenerator) InitResources() error { 72 if err := g.Initialize(); err != nil { 73 return err 74 } 75 76 g.Resources = append(g.Resources, g.createNATRuleGroupResources()...) 77 g.Resources = append(g.Resources, g.createPBFRuleGroupResources()...) 78 g.Resources = append(g.Resources, g.createSecurityRuleGroupResources()...) 79 80 return nil 81 } 82 83 func (g *FirewallPolicyGenerator) PostConvertHook() error { 84 for _, res := range g.Resources { 85 if res.InstanceInfo.Type == "panos_nat_rule_group" { 86 for _, rule := range res.Item["rule"].([]interface{}) { 87 if _, ok := rule.(map[string]interface{})["translated_packet"]; ok { 88 a := rule.(map[string]interface{})["translated_packet"].([]interface{}) 89 for _, b := range a { 90 if _, okb := b.(map[string]interface{})["source"]; !okb { 91 b.(map[string]interface{})["source"] = make(map[string]interface{}) 92 } 93 } 94 95 for _, b := range a { 96 if _, okb := b.(map[string]interface{})["destination"]; !okb { 97 b.(map[string]interface{})["destination"] = make(map[string]interface{}) 98 } 99 } 100 } 101 } 102 } 103 104 if res.InstanceInfo.Type == "panos_security_rule_group" { 105 for _, rule := range res.Item["rule"].([]interface{}) { 106 if _, ok := rule.(map[string]interface{})["hip_profiles"]; !ok { 107 rule.(map[string]interface{})["hip_profiles"] = []string{"any"} 108 } 109 } 110 } 111 } 112 113 return nil 114 }