diff --git a/internal/provider/acctest/resource_setting_ssl_inspection_test.go b/internal/provider/acctest/resource_setting_ssl_inspection_test.go new file mode 100644 index 0000000..06d2145 --- /dev/null +++ b/internal/provider/acctest/resource_setting_ssl_inspection_test.go @@ -0,0 +1,57 @@ +package acctest + +import ( + "fmt" + pt "github.com/filipowm/terraform-provider-unifi/internal/provider/testing" + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/plancheck" + "sync" + "testing" +) + +var settingSslInspectionLock = &sync.Mutex{} + +func TestAccSettingSslInspection(t *testing.T) { + AcceptanceTest(t, AcceptanceTestCase{ + VersionConstraint: ">= 8.2", + Lock: settingSslInspectionLock, + Steps: []resource.TestStep{ + { + Config: testAccSettingSslInspectionConfig("off"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("unifi_setting_ssl_inspection.test", "id"), + resource.TestCheckResourceAttr("unifi_setting_ssl_inspection.test", "site", "default"), + resource.TestCheckResourceAttr("unifi_setting_ssl_inspection.test", "state", "off"), + ), + ConfigPlanChecks: pt.CheckResourceActions("unifi_setting_ssl_inspection.test", plancheck.ResourceActionCreate), + }, + pt.ImportStepWithSite("unifi_setting_ssl_inspection.test"), + { + Config: testAccSettingSslInspectionConfig("simple"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("unifi_setting_ssl_inspection.test", "id"), + resource.TestCheckResourceAttr("unifi_setting_ssl_inspection.test", "site", "default"), + resource.TestCheckResourceAttr("unifi_setting_ssl_inspection.test", "state", "simple"), + ), + ConfigPlanChecks: pt.CheckResourceActions("unifi_setting_ssl_inspection.test", plancheck.ResourceActionUpdate), + }, + { + Config: testAccSettingSslInspectionConfig("advanced"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("unifi_setting_ssl_inspection.test", "id"), + resource.TestCheckResourceAttr("unifi_setting_ssl_inspection.test", "site", "default"), + resource.TestCheckResourceAttr("unifi_setting_ssl_inspection.test", "state", "advanced"), + ), + ConfigPlanChecks: pt.CheckResourceActions("unifi_setting_ssl_inspection.test", plancheck.ResourceActionUpdate), + }, + }, + }) +} + +func testAccSettingSslInspectionConfig(state string) string { + return fmt.Sprintf(` +resource "unifi_setting_ssl_inspection" "test" { + state = "%s" +} +`, state) +} diff --git a/internal/provider/provider_v2.go b/internal/provider/provider_v2.go index 42a7473..ed6d266 100644 --- a/internal/provider/provider_v2.go +++ b/internal/provider/provider_v2.go @@ -180,6 +180,7 @@ func (p *unifiProvider) Resources(_ context.Context) []func() resource.Resource settings.NewMagicSiteToSiteVpnResource, settings.NewNetworkOptimizationResource, settings.NewNtpResource, + settings.NewSslInspectionResource, } } diff --git a/internal/provider/settings/resource_setting_ssl_inspection.go b/internal/provider/settings/resource_setting_ssl_inspection.go new file mode 100644 index 0000000..329014b --- /dev/null +++ b/internal/provider/settings/resource_setting_ssl_inspection.go @@ -0,0 +1,88 @@ +package settings + +import ( + "context" + + "github.com/filipowm/go-unifi/unifi" + "github.com/filipowm/terraform-provider-unifi/internal/provider/base" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/diag" + "github.com/hashicorp/terraform-plugin-framework/resource" + "github.com/hashicorp/terraform-plugin-framework/resource/schema" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +type sslInspectionModel struct { + base.Model + State types.String `tfsdk:"state"` +} + +func (d *sslInspectionModel) AsUnifiModel() (interface{}, diag.Diagnostics) { + diags := diag.Diagnostics{} + + model := &unifi.SettingSslInspection{ + ID: d.ID.ValueString(), + State: d.State.ValueString(), + } + + return model, diags +} + +func (d *sslInspectionModel) Merge(other interface{}) diag.Diagnostics { + diags := diag.Diagnostics{} + + model, ok := other.(*unifi.SettingSslInspection) + if !ok { + diags.AddError("Cannot merge", "Cannot merge type that is not *unifi.SettingSslInspection") + return diags + } + + d.ID = types.StringValue(model.ID) + d.State = types.StringValue(model.State) + + return diags +} + +var ( + _ base.ResourceModel = &sslInspectionModel{} + _ resource.Resource = &sslInspectionResource{} + _ resource.ResourceWithConfigure = &sslInspectionResource{} + _ resource.ResourceWithImportState = &sslInspectionResource{} +) + +type sslInspectionResource struct { + *BaseSettingResource[*sslInspectionModel] +} + +func (r *sslInspectionResource) Schema(_ context.Context, _ resource.SchemaRequest, resp *resource.SchemaResponse) { + resp.Schema = schema.Schema{ + MarkdownDescription: "Manages SSL Inspection settings for a UniFi site. SSL inspection is a security feature that allows the UniFi Security Gateway (USG) to inspect encrypted traffic for security threats.", + Attributes: map[string]schema.Attribute{ + "id": base.ID(), + "site": base.SiteAttribute(), + "state": schema.StringAttribute{ + MarkdownDescription: "The mode of SSL inspection. Valid values are: `off`, `simple`, or `advanced`.", + Required: true, + Validators: []validator.String{ + stringvalidator.OneOf("off", "simple", "advanced"), + }, + }, + }, + } +} + +func NewSslInspectionResource() resource.Resource { + r := &sslInspectionResource{} + r.BaseSettingResource = NewBaseSettingResource( + "unifi_setting_ssl_inspection", + func() *sslInspectionModel { return &sslInspectionModel{} }, + func(ctx context.Context, client *base.Client, site string) (interface{}, error) { + return client.GetSettingSslInspection(ctx, site) + }, + func(ctx context.Context, client *base.Client, site string, body interface{}) (interface{}, error) { + return client.UpdateSettingSslInspection(ctx, site, body.(*unifi.SettingSslInspection)) + }, + ) + return r +}