From 61ff63c1d73cb093f1f96ebf198dd6af8fdeea55 Mon Sep 17 00:00:00 2001 From: shadyeip Date: Thu, 5 Feb 2026 13:26:32 -0500 Subject: [PATCH] feat: add destination.network_ids support to firewall zone policy - Add NetworkIDs and MatchOppositeNetworks to destination model - Add schema attributes for destination.network_ids - Handle NETWORK matching target in AsUnifiModel and mergeDestination - Fix Port type conversion (int32 to string) for API compatibility - Update go.mod to use local go-unifi with destination network support Fixes: destination.network_ids silently ignored on update --- .gitignore | 5 +- go.mod | 22 ++--- go.sum | 38 +++++---- .../firewall/resource_firewall_zone_policy.go | 80 +++++++++++++++---- 4 files changed, 99 insertions(+), 46 deletions(-) diff --git a/.gitignore b/.gitignore index dcfe6bd..241254e 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,7 @@ terraform-provider-unifi vendor/ .idea -*.iml \ No newline at end of file +*.iml +# Built binaries +terraform-provider-unifi_* +terraform-provider-unifi diff --git a/go.mod b/go.mod index f8b12fd..abcfc94 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/filipowm/terraform-provider-unifi go 1.23.5 -//replace github.com/filipowm/go-unifi v1.8.0 => ../go-unifi +// replace github.com/filipowm/go-unifi v1.8.0 => ../go-unifi // replace github.com/hashicorp/terraform-plugin-docs => ../../hashicorp/terraform-plugin-docs // replace github.com/hashicorp/terraform-plugin-sdk/v2 => ../../hashicorp/terraform-plugin-sdk @@ -144,7 +144,7 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.25.0 // indirect + github.com/go-playground/validator/v10 v10.26.0 // indirect github.com/go-sql-driver/mysql v1.8.1 // indirect github.com/go-test/deep v1.1.1 // indirect github.com/go-toolsmith/astcast v1.1.0 // indirect @@ -389,18 +389,18 @@ require ( go.uber.org/mock v0.5.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.36.0 // indirect + golang.org/x/crypto v0.39.0 // indirect golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa // indirect golang.org/x/exp/typeparams v0.0.0-20250218142911-aa4b98e5adaa // indirect - golang.org/x/mod v0.24.0 // indirect - golang.org/x/net v0.38.0 // indirect + golang.org/x/mod v0.25.0 // indirect + golang.org/x/net v0.41.0 // indirect golang.org/x/oauth2 v0.27.0 // indirect - golang.org/x/sync v0.12.0 // indirect - golang.org/x/sys v0.31.0 // indirect - golang.org/x/term v0.30.0 // indirect - golang.org/x/text v0.23.0 // indirect + golang.org/x/sync v0.15.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/term v0.32.0 // indirect + golang.org/x/text v0.26.0 // indirect golang.org/x/time v0.10.0 // indirect - golang.org/x/tools v0.31.0 // indirect + golang.org/x/tools v0.33.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250224174004-546df14abb99 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250224174004-546df14abb99 // indirect @@ -425,4 +425,4 @@ require ( sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect sigs.k8s.io/yaml v1.4.0 // indirect tags.cncf.io/container-device-interface v0.8.1 // indirect -) +) \ No newline at end of file diff --git a/go.sum b/go.sum index a6f157e..7754fc4 100644 --- a/go.sum +++ b/go.sum @@ -276,8 +276,6 @@ github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= -github.com/filipowm/go-unifi v1.8.0 h1:1AUMluDxVaiViQsk7zV5v3XxjqtLS1w7fQWHPuquNUg= -github.com/filipowm/go-unifi v1.8.0/go.mod h1:LwwNzM1idw0ORe+G2pI0qiWOH8xw8GjfjRw530QqWPI= github.com/firefart/nonamedreturns v1.0.5 h1:tM+Me2ZaXs8tfdDw3X6DOX++wMCOqzYUho6tUTYIdRA= github.com/firefart/nonamedreturns v1.0.5/go.mod h1:gHJjDqhGM4WyPt639SOZs+G89Ko7QKH5R5BhnO6xJhw= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= @@ -328,8 +326,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8= -github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= +github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k= +github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -1061,8 +1059,8 @@ golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= -golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= +golang.org/x/crypto v0.39.0 h1:SHs+kF4LP+f+p14esP5jAoDpHU8Gu/v9lFRK6IT5imM= +golang.org/x/crypto v0.39.0/go.mod h1:L+Xg3Wf6HoL4Bn4238Z6ft6KfEpN0tJGo53AAPC632U= golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa h1:t2QcU6V556bFjYgu4L6C+6VrCPyJZ+eyRsABUPs1mz4= golang.org/x/exp v0.0.0-20250218142911-aa4b98e5adaa/go.mod h1:BHOTPb3L19zxehTsLoJXVaTktb06DFgmdW6Wb9s8jqk= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= @@ -1080,8 +1078,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= -golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= +golang.org/x/mod v0.25.0 h1:n7a+ZbQKQA/Ysbyb0/6IbB1H/X41mKgbhfv7AfG/44w= +golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -1101,8 +1099,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= -golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= +golang.org/x/net v0.41.0 h1:vBTly1HeNPEn3wtREYfy4GZ/NECgw2Cnl+nK6Nz3uvw= +golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1117,8 +1115,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8= +golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1158,8 +1156,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= -golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1169,8 +1167,8 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= -golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= +golang.org/x/term v0.32.0 h1:DR4lr0TjUs3epypdhTOkMmuF5CDFJ/8pOnbzMZPQ7bg= +golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -1182,8 +1180,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= -golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= +golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M= +golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1206,8 +1204,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= -golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= -golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc= +golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/internal/provider/firewall/resource_firewall_zone_policy.go b/internal/provider/firewall/resource_firewall_zone_policy.go index 12dca98..2ce19ab 100644 --- a/internal/provider/firewall/resource_firewall_zone_policy.go +++ b/internal/provider/firewall/resource_firewall_zone_policy.go @@ -3,6 +3,8 @@ package firewall import ( "context" "fmt" + "strconv" + "github.com/filipowm/go-unifi/unifi" "github.com/filipowm/go-unifi/unifi/features" "github.com/filipowm/terraform-provider-unifi/internal/provider/base" @@ -107,18 +109,25 @@ func (m *FirewallPolicyTargetModel) AttributeTypes() map[string]attr.Type { } } -func NewFirewallPolicyTargetModel(ipGroupId string, ips []string, matchOppositeIps, matchOppositePorts bool, port int, portGroupId, zoneId string) *FirewallPolicyTargetModel { +func NewFirewallPolicyTargetModel(ipGroupId string, ips []string, matchOppositeIps, matchOppositePorts bool, port string, portGroupId, zoneId string) *FirewallPolicyTargetModel { diags := diag.Diagnostics{} m := &FirewallPolicyTargetModel{ IPGroupID: ut.StringOrNull(ipGroupId), IPs: types.ListNull(types.StringType), MatchOppositeIPs: types.BoolValue(matchOppositeIps), MatchOppositePorts: types.BoolValue(matchOppositePorts), - Port: ut.Int32OrNull(port), + Port: types.Int32Null(), PortGroupID: ut.StringOrNull(portGroupId), ZoneID: types.StringValue(zoneId), } + // Handle port - convert string to int32 if it's a simple port number + if port != "" { + if portInt, err := strconv.Atoi(port); err == nil { + m.Port = types.Int32Value(int32(portInt)) + } + } + // Handle IPs list if len(ips) > 0 { lIps, d := types.ListValueFrom(context.Background(), types.StringType, ips) @@ -159,10 +168,12 @@ func (m *FirewallZonePolicySourceModel) AttributeTypes() map[string]attr.Type { // FirewallZonePolicyDestinationModel represents the destination configuration for a firewall zone policy type FirewallZonePolicyDestinationModel struct { FirewallPolicyTargetModel - AppCategoryIDs types.List `tfsdk:"app_category_ids"` - AppIDs types.List `tfsdk:"app_ids"` - Regions types.List `tfsdk:"regions"` - WebDomains types.List `tfsdk:"web_domains"` + AppCategoryIDs types.List `tfsdk:"app_category_ids"` + AppIDs types.List `tfsdk:"app_ids"` + MatchOppositeNetworks types.Bool `tfsdk:"match_opposite_networks"` + NetworkIDs types.List `tfsdk:"network_ids"` + Regions types.List `tfsdk:"regions"` + WebDomains types.List `tfsdk:"web_domains"` } func (m *FirewallZonePolicyDestinationModel) AttributeTypes() map[string]attr.Type { @@ -173,6 +184,10 @@ func (m *FirewallZonePolicyDestinationModel) AttributeTypes() map[string]attr.Ty "app_ids": types.ListType{ ElemType: types.StringType, }, + "match_opposite_networks": types.BoolType, + "network_ids": types.ListType{ + ElemType: types.StringType, + }, "regions": types.ListType{ ElemType: types.StringType, }, @@ -286,7 +301,7 @@ func (m *FirewallZonePolicyModel) AsUnifiModel(ctx context.Context) (interface{} if ut.IsDefined(source.Port) { unifiSource.PortMatchingType = "SPECIFIC" - unifiSource.Port = int(source.Port.ValueInt32()) + unifiSource.Port = strconv.Itoa(int(source.Port.ValueInt32())) } if len(source.ClientMACs.Elements()) > 0 { @@ -324,11 +339,12 @@ func (m *FirewallZonePolicyModel) AsUnifiModel(ctx context.Context) (interface{} diags.Append(m.Destination.As(ctx, &destination, basetypes.ObjectAsOptions{})...) unifiDestination := &unifi.FirewallZonePolicyDestination{ - MatchOppositeIPs: destination.MatchOppositeIPs.ValueBool(), - MatchOppositePorts: destination.MatchOppositePorts.ValueBool(), - MatchingTarget: "ANY", - PortMatchingType: "ANY", - ZoneID: destination.ZoneID.ValueString(), + MatchOppositeIPs: destination.MatchOppositeIPs.ValueBool(), + MatchOppositeNetworks: destination.MatchOppositeNetworks.ValueBool(), + MatchOppositePorts: destination.MatchOppositePorts.ValueBool(), + MatchingTarget: "ANY", + PortMatchingType: "ANY", + ZoneID: destination.ZoneID.ValueString(), } if ut.IsDefined(destination.PortGroupID) { @@ -338,7 +354,7 @@ func (m *FirewallZonePolicyModel) AsUnifiModel(ctx context.Context) (interface{} if ut.IsDefined(destination.Port) { unifiDestination.PortMatchingType = "SPECIFIC" - unifiDestination.Port = int(destination.Port.ValueInt32()) + unifiDestination.Port = strconv.Itoa(int(destination.Port.ValueInt32())) } if len(destination.AppCategoryIDs.Elements()) > 0 { @@ -371,6 +387,11 @@ func (m *FirewallZonePolicyModel) AsUnifiModel(ctx context.Context) (interface{} unifiDestination.MatchingTarget = "WEB" unifiDestination.MatchingTargetType = "SPECIFIC" } + if len(destination.NetworkIDs.Elements()) > 0 { + diags.Append(ut.ListElementsAs(destination.NetworkIDs, &unifiDestination.NetworkIDs)...) + unifiDestination.MatchingTarget = "NETWORK" + unifiDestination.MatchingTargetType = "SPECIFIC" + } model.Destination = *unifiDestination } @@ -444,6 +465,8 @@ func (m *FirewallZonePolicyModel) mergeDestination(ctx context.Context, model *u FirewallPolicyTargetModel: *NewFirewallPolicyTargetModel(model.Destination.IPGroupID, model.Destination.IPs, model.Destination.MatchOppositeIPs, model.Destination.MatchOppositePorts, model.Destination.Port, model.Destination.PortGroupID, model.Destination.ZoneID), AppCategoryIDs: types.ListNull(types.StringType), AppIDs: types.ListNull(types.StringType), + MatchOppositeNetworks: types.BoolValue(model.Destination.MatchOppositeNetworks), + NetworkIDs: types.ListNull(types.StringType), Regions: types.ListNull(types.StringType), WebDomains: types.ListNull(types.StringType), } @@ -456,6 +479,10 @@ func (m *FirewallZonePolicyModel) mergeDestination(ctx context.Context, model *u apps, d := types.ListValueFrom(ctx, types.StringType, model.Destination.AppIDs) diags.Append(d...) destModel.AppIDs = apps + case "NETWORK": + networks, d := types.ListValueFrom(ctx, types.StringType, model.Destination.NetworkIDs) + diags.Append(d...) + destModel.NetworkIDs = networks case "REGION": regions, d := types.ListValueFrom(ctx, types.StringType, model.Destination.Regions) diags.Append(d...) @@ -468,7 +495,7 @@ func (m *FirewallZonePolicyModel) mergeDestination(ctx context.Context, model *u case "ANY": // do nothing as handled commonly default: - diags.AddWarning("Unexpected matching target", fmt.Sprintf("Destination matching target is %s, which is not supported by the provider", model.Source.MatchingTarget)) + diags.AddWarning("Unexpected matching target", fmt.Sprintf("Destination matching target is %s, which is not supported by the provider", model.Destination.MatchingTarget)) } // Create object value from source model @@ -790,6 +817,7 @@ func (r *firewallZonePolicyResource) Schema(ctx context.Context, _ resource.Sche listvalidator.ConflictsWith( path.MatchRoot("destination").AtName("app_ids"), path.MatchRoot("destination").AtName("ips"), + path.MatchRoot("destination").AtName("network_ids"), path.MatchRoot("destination").AtName("regions"), path.MatchRoot("destination").AtName("web_domains"), ), @@ -804,6 +832,28 @@ func (r *firewallZonePolicyResource) Schema(ctx context.Context, _ resource.Sche listvalidator.ConflictsWith( path.MatchRoot("destination").AtName("app_category_ids"), path.MatchRoot("destination").AtName("ips"), + path.MatchRoot("destination").AtName("network_ids"), + path.MatchRoot("destination").AtName("regions"), + path.MatchRoot("destination").AtName("web_domains"), + ), + }, + }, + "match_opposite_networks": schema.BoolAttribute{ + MarkdownDescription: "Whether to match opposite networks.", + Optional: true, + Computed: true, + Default: booldefault.StaticBool(false), + }, + "network_ids": schema.ListAttribute{ + MarkdownDescription: "List of network IDs.", + Optional: true, + ElementType: types.StringType, + Validators: []validator.List{ + listvalidator.SizeAtLeast(1), + listvalidator.ConflictsWith( + path.MatchRoot("destination").AtName("app_category_ids"), + path.MatchRoot("destination").AtName("app_ids"), + path.MatchRoot("destination").AtName("ips"), path.MatchRoot("destination").AtName("regions"), path.MatchRoot("destination").AtName("web_domains"), ), @@ -820,6 +870,7 @@ func (r *firewallZonePolicyResource) Schema(ctx context.Context, _ resource.Sche path.MatchRoot("destination").AtName("app_category_ids"), path.MatchRoot("destination").AtName("app_ids"), path.MatchRoot("destination").AtName("ips"), + path.MatchRoot("destination").AtName("network_ids"), path.MatchRoot("destination").AtName("web_domains"), ), }, @@ -837,6 +888,7 @@ func (r *firewallZonePolicyResource) Schema(ctx context.Context, _ resource.Sche path.MatchRoot("destination").AtName("app_category_ids"), path.MatchRoot("destination").AtName("app_ids"), path.MatchRoot("destination").AtName("ips"), + path.MatchRoot("destination").AtName("network_ids"), path.MatchRoot("destination").AtName("regions"), ), },