r/security: use new provider via framework

jeremmfr · Apr 26, 2023 · 68dd2c0 · 68dd2c0
1 parent e96e0de
commit 68dd2c0
Show file tree

Hide file tree

Showing 12 changed files with 4,741 additions and 2,778 deletions.
diff --git a/.changes/issue-458.md b/.changes/issue-458.md
@@ -0,0 +1,5 @@
+<!-- markdownlint-disable-file MD013 MD041 -->
+ENHANCEMENTS:
+
+* **resource/junos_security**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework) and some of config errors are now sent during Plan instead of during Apply (optional boolean attributes doesn't accept value *false*, optional string attributes doesn't accept *empty* value, the resource schema has been upgraded to have one-blocks in single mode instead of list)
diff --git a/docs/resources/security.md b/docs/resources/security.md
@@ -56,8 +56,10 @@ The following arguments are supported:
     See [below for nested schema](#file-arguments-for-ike_traceoptions).
   - **flag** (Optional, Set of String)  
     Tracing parameters for IKE.
+  - **no_remote_trace** (Optional, Boolean)  
+    Disable remote tracing.
   - **rate_limit** (Optional, Number)  
-    Limit the incoming rate of trace messages (0..4294967295)
+    Limit the incoming rate of trace messages (0..4294967295).
 - **log** (Optional, Block)  
   Declare `log` configuration.  
   See [below for nested schema](#log-arguments).
@@ -94,7 +96,7 @@ The following arguments are supported:
     Configuring feature-profile web-filtering type.  
     Need to be `juniper-enhanced`, `juniper-local`, `web-filtering-none` or `websense-redirect`.
   - **feature_profile_web_filtering_juniper_enhanced_server** (Optional, Block)  
-    Declare `server` configuration.  
+    Declare `utm feature-profile web-filtering juniper-enhanced server` configuration.  
     See [below for nested schema](#feature_profile_web_filtering_juniper_enhanced_server-arguments-for-utm).
 
 ---
@@ -143,20 +145,20 @@ The following arguments are supported:
 - **no_world_readable** (Optional, Boolean)  
   Don't allow any user to read the log file.
 - **size** (Optional, Number)  
-  Maximum trace file size (10240..1073741824)
+  Maximum trace file size (10240..1073741824).
 - **world_readable** (Optional, Boolean)  
-  Allow any user to read the log file
+  Allow any user to read the log file.
 
 ---
 
 ### flow arguments
 
 - **advanced_options** (Optional, Block)  
   Declare `flow advanced-options` configuration.
-  - **drop_matching_reserved_ip_address** (Optional, Boolean)  
-    Drop matching reserved source IP address.
   - **drop_matching_link_local_address** (Optional, Boolean)  
     Drop matching link local address.
+  - **drop_matching_reserved_ip_address** (Optional, Boolean)  
+    Drop matching reserved source IP address.
   - **reverse_route_packet_mode_vr** (Optional, Boolean)  
     Allow reverse route lookup with packet mode vr.
 - **aging** (Optional, Block)  
@@ -252,11 +254,11 @@ The following arguments are supported:
 - **inet6_mode** (Optional, String)  
   Forwarding mode for inet6 family.  
   Need to be `drop`, `flow-based` or `packet-based`.
+- **iso_mode_packet_based** (Optional, Boolean)  
+  Forwarding mode packet-based for iso family.
 - **mpls_mode** (Optional, String)  
   Forwarding mode for mpls family.  
   Need to be `flow-based` or `packet-based`.
-- **iso_mode_packet_based** (Optional, Boolean)  
-  Forwarding mode packet-based for iso family.
 
 ---
 
@@ -269,7 +271,7 @@ The following arguments are supported:
 - **automatic_start_time** (Optional, String)  
   Automatic start time `YYYY-MM-DD.HH:MM:SS`.
 - **install_ignore_version_check** (Optional, Boolean)  
-  Skip version check  when attack database gets installed.
+  Skip version check when attack database gets installed.
 - **proxy_profile** (Optional, String)  
   Proxy profile of security package download.
 - **source_address** (Optional, String)  
@@ -325,7 +327,7 @@ The following arguments are supported:
 - **facility_override** (Optional, String)  
   Alternate facility for logging to remote host.
 - **file** (Optional, Block)  
-  Declare `security log file` block.
+  Declare `security log file` configuration.
   - **files** (Optional, Number)  
     Maximum number of binary log files (2..10).
   - **name** (Optional, String)  
@@ -353,12 +355,12 @@ The following arguments are supported:
   Source interface used when exporting security logs.  
   Conflict with `source_address`.
 - **transport** (Optional, Block)  
-  Declare `security log transport` block.
+  Declare `security log transport` configuration.
   - **protocol** (Optional, String)  
     Set security log transport protocol for the device.  
     Need to be `tcp`, `tls` or `udp`.
   - **tcp_connections** (Optional, Number)  
-    Set tcp connection number per-stream (1..5)
+    Set tcp connection number per-stream (1..5).
   - **tls_profile** (Optional, String)  
     TLS profile.
 - **utc_timestamp** (Optional, Boolean)  

diff --git a/internal/junos/syslog.go b/internal/junos/syslog.go
@@ -0,0 +1,8 @@
+package junos
+
+func SyslogFacilities() []string {
+	return []string{
+		"authorization", "daemon", "ftp", "kernel", "user",
+		"local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7",
+	}
+}
diff --git a/internal/providerfwk/provider.go b/internal/providerfwk/provider.go
@@ -204,6 +204,7 @@ func (p *junosProvider) Resources(_ context.Context) []func() resource.Resource
 		newInterfaceSt0UnitResource,
 		newOamGretunnelInterfaceResource,
 		newRoutingInstanceResource,
+		newSecurityResource,
 		newSecurityAddressBookResource,
 		newSecurityGlobalPolicyResource,
 		newSecurityIkeGatewayResource,