github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/panos/panorama_policy.go

github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/panos/panorama_policy.go (about)

     1  // Copyright 2018 The Terraformer Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package panos
    16  
    17  import (
    18  	"encoding/base64"
    19  	"strconv"
    20  
    21  	"github.com/GoogleCloudPlatform/terraformer/terraformutils"
    22  	"github.com/PaloAltoNetworks/pango"
    23  	"github.com/PaloAltoNetworks/pango/util"
    24  )
    25  
    26  type PanoramaPolicyGenerator struct {
    27  	PanosService
    28  }
    29  
    30  func (g *PanoramaPolicyGenerator) createResourcesFromList(o getGeneric, terraformResourceName string) (resources []terraformutils.Resource) {
    31  	l, err := o.i.(getListWithTwoArgs).GetList(o.params[0], o.params[1])
    32  	if err != nil || len(l) == 0 {
    33  		return []terraformutils.Resource{}
    34  	}
    35  
    36  	var positionReference string
    37  	id := o.params[0] + ":" + o.params[1] + ":" + strconv.Itoa(util.MoveTop) + "::"
    38  
    39  	for k, r := range l {
    40  		if k > 0 {
    41  			id = o.params[0] + ":" + o.params[1] + ":" + strconv.Itoa(util.MoveAfter) + ":" + positionReference + ":"
    42  		}
    43  
    44  		id += base64.StdEncoding.EncodeToString([]byte(r))
    45  		positionReference = r
    46  
    47  		resources = append(resources, terraformutils.NewSimpleResource(
    48  			id,
    49  			normalizeResourceName(o.params[0]+":"+o.params[1]+":"+r),
    50  			terraformResourceName,
    51  			"panos",
    52  			[]string{},
    53  		))
    54  	}
    55  
    56  	return resources
    57  }
    58  
    59  func (g *PanoramaPolicyGenerator) createNATRuleGroupResources(dg string) (resources []terraformutils.Resource) {
    60  	resources = append(resources, g.createResourcesFromList(
    61  		getGeneric{g.client.(*pango.Panorama).Policies.Nat, []string{dg, util.PreRulebase}},
    62  		"panos_panorama_nat_rule_group")...,
    63  	)
    64  
    65  	resources = append(resources, g.createResourcesFromList(
    66  		getGeneric{g.client.(*pango.Panorama).Policies.Nat, []string{dg, util.Rulebase}},
    67  		"panos_panorama_nat_rule_group")...,
    68  	)
    69  
    70  	resources = append(resources, g.createResourcesFromList(
    71  		getGeneric{g.client.(*pango.Panorama).Policies.Nat, []string{dg, util.PostRulebase}},
    72  		"panos_panorama_nat_rule_group")...,
    73  	)
    74  
    75  	return resources
    76  }
    77  
    78  func (g *PanoramaPolicyGenerator) createPBFRuleGroupResources(dg string) (resources []terraformutils.Resource) {
    79  	resources = append(resources, g.createResourcesFromList(
    80  		getGeneric{g.client.(*pango.Panorama).Policies.PolicyBasedForwarding, []string{dg, util.PreRulebase}},
    81  		"panos_panorama_pbf_rule_group")...,
    82  	)
    83  
    84  	resources = append(resources, g.createResourcesFromList(
    85  		getGeneric{g.client.(*pango.Panorama).Policies.PolicyBasedForwarding, []string{dg, util.Rulebase}},
    86  		"panos_panorama_pbf_rule_group")...,
    87  	)
    88  
    89  	resources = append(resources, g.createResourcesFromList(
    90  		getGeneric{g.client.(*pango.Panorama).Policies.PolicyBasedForwarding, []string{dg, util.PostRulebase}},
    91  		"panos_panorama_pbf_rule_group")...,
    92  	)
    93  
    94  	return resources
    95  }
    96  
    97  func (g *PanoramaPolicyGenerator) createSecurityRuleGroupRulebaseResources(dg, rulebase string) (resources []terraformutils.Resource) {
    98  	l, err := g.client.(*pango.Panorama).Policies.Security.GetList(dg, rulebase)
    99  	if err != nil || len(l) == 0 {
   100  		return []terraformutils.Resource{}
   101  	}
   102  
   103  	var positionReference string
   104  	id := dg + ":" + rulebase + ":" + strconv.Itoa(util.MoveTop) + "::"
   105  
   106  	for k, r := range l {
   107  		if k > 0 {
   108  			id = dg + ":" + rulebase + ":" + strconv.Itoa(util.MoveAfter) + ":" + positionReference + ":"
   109  		}
   110  
   111  		id += base64.StdEncoding.EncodeToString([]byte(r))
   112  		positionReference = r
   113  
   114  		resources = append(resources, terraformutils.NewResource(
   115  			id,
   116  			normalizeResourceName(dg+":"+rulebase+":"+r),
   117  			"panos_panorama_security_rule_group",
   118  			"panos",
   119  			map[string]string{
   120  				"device_group":    dg,
   121  				"rulebase":        rulebase,
   122  				"rule.#":          "1", // Add just enough attributes to make the refresh work...
   123  				"rule.0.name":     r,   // Add just enough attributes to make the refresh work...
   124  				"rule.0.target.#": "0", // Add just enough attributes to make the refresh work...
   125  			},
   126  			[]string{},
   127  			map[string]interface{}{},
   128  		))
   129  	}
   130  
   131  	return resources
   132  }
   133  
   134  func (g *PanoramaPolicyGenerator) createSecurityRuleGroupResources(dg string) (resources []terraformutils.Resource) {
   135  	resources = append(resources, g.createSecurityRuleGroupRulebaseResources(dg, util.PreRulebase)...)
   136  	resources = append(resources, g.createSecurityRuleGroupRulebaseResources(dg, util.Rulebase)...)
   137  	resources = append(resources, g.createSecurityRuleGroupRulebaseResources(dg, util.PostRulebase)...)
   138  
   139  	return resources
   140  }
   141  
   142  func (g *PanoramaPolicyGenerator) InitResources() error {
   143  	if err := g.Initialize(); err != nil {
   144  		return err
   145  	}
   146  
   147  	dg, err := g.client.(*pango.Panorama).Panorama.DeviceGroup.GetList()
   148  	if err != nil {
   149  		return err
   150  	}
   151  
   152  	for _, v := range dg {
   153  		g.Resources = append(g.Resources, g.createNATRuleGroupResources(v)...)
   154  		g.Resources = append(g.Resources, g.createPBFRuleGroupResources(v)...)
   155  		g.Resources = append(g.Resources, g.createSecurityRuleGroupResources(v)...)
   156  	}
   157  
   158  	return nil
   159  }
   160  
   161  func (g *PanoramaPolicyGenerator) PostConvertHook() error {
   162  	for _, res := range g.Resources {
   163  		if res.InstanceInfo.Type == "panos_panorama_nat_rule_group" {
   164  			for _, rule := range res.Item["rule"].([]interface{}) {
   165  				if _, ok := rule.(map[string]interface{})["translated_packet"]; ok {
   166  					a := rule.(map[string]interface{})["translated_packet"].([]interface{})
   167  					for _, b := range a {
   168  						if _, okb := b.(map[string]interface{})["source"]; !okb {
   169  							b.(map[string]interface{})["source"] = make(map[string]interface{})
   170  						}
   171  					}
   172  
   173  					for _, b := range a {
   174  						if _, okb := b.(map[string]interface{})["destination"]; !okb {
   175  							b.(map[string]interface{})["destination"] = make(map[string]interface{})
   176  						}
   177  					}
   178  				}
   179  			}
   180  		}
   181  
   182  		if res.InstanceInfo.Type == "panos_panorama_security_rule_group" {
   183  			for _, rule := range res.Item["rule"].([]interface{}) {
   184  				if _, ok := rule.(map[string]interface{})["hip_profiles"]; !ok {
   185  					rule.(map[string]interface{})["hip_profiles"] = []string{"any"}
   186  				}
   187  			}
   188  		}
   189  	}
   190  
   191  	return nil
   192  }