github/terraform-provider-unifi
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: github:fix/destination-network-ids-clean
Branches Tags
github:main github:ci/auto-release-on-main github:ci/improve-workflows github:fix/destination-network-ids-clean github:fix/firewall-zone-policy-bugs
github:v2026.02.09
...
compare: github:v2026.02.09
Branches Tags
github:main github:ci/auto-release-on-main github:ci/improve-workflows github:fix/destination-network-ids-clean github:fix/firewall-zone-policy-bugs
github:v2026.02.09

10 Commits
fix/destin ... v2026.02.0

Author SHA1 Message Date
Adam Nadrowski
75506536fa Merge pull request #3 from shadyeip/ci/auto-release-on-main 
ci: auto-release with date-based versioning on merge to main
 2026-02-09 12:48:03 -05:00
Adam Nadrowski
a65f546776 ci: auto-release with date-based versioning on merge to main 
Release workflow now triggers on push to main and auto-generates
date-based version tags (v2026.02.09, v2026.02.09.1, etc.).
Manual dispatch and explicit v* tags still work.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 12:47:36 -05:00
Adam Nadrowski
a9d8e8005e Merge pull request #2 from shadyeip/ci/improve-workflows 
ci: restrict acceptance tests to manual dispatch only
 2026-02-09 12:43:56 -05:00
Adam Nadrowski
32510c0a75 ci: restrict acceptance tests to manual dispatch only 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 12:42:01 -05:00
Adam Nadrowski
d9f0c626d5 Merge pull request #1 from shadyeip/ci/improve-workflows 
ci: add PR validation and fix workflows for go-unifi dependency
 2026-02-09 12:41:07 -05:00
Adam Nadrowski
fb2d9762d8 ci: remove PR trigger from acceptance tests 
Acceptance tests require a running UniFi controller and are too
heavyweight to run on every PR. They still run on push to main,
daily schedule, and manual workflow_dispatch.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 12:34:52 -05:00
Adam Nadrowski
ff67359ba4 ci: add PR validation checks and fix workflows for go-unifi dependency 
- CI: run gofmt, go vet, and golangci-lint on PRs; full build on merge to main
- Release: checkout go-unifi alongside provider, add manual dispatch trigger,
  make GPG signing optional

Both workflows now checkout shadyeip/go-unifi to satisfy the replace directive
in go.mod.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-09 12:29:37 -05:00
Adam Nadrowski
a56df16830 fix: use local go-unifi with omitempty fix for zone policy bug 
Switch go-unifi dependency from remote fork to local module which includes
the fix for empty string fields (firewall_zone_id, etc.) being sent in
network API requests, causing all zone policies to disappear from the UI.

Also updates Makefile with cross-compile and deploy targets, and README
with self-contained build/install instructions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-06 23:00:11 -05:00
shadyeip
13da1c0347 docs: add installation instructions for fork 2026-02-05 15:33:33 -05:00
shadyeip
4de7c8c5ec feat: add destination.network_ids support to unifi_firewall_zone_policy 
- Add NetworkIDs and MatchOppositeNetworks to destination model
  - Add network_ids schema attribute to destination block
  - Handle NETWORK matching target in AsUnifiModel and mergeDestination
  - Update go.mod to use shadyeip/go-unifi fork with destination network support
 2026-02-05 15:30:21 -05:00
6 changed files with 233 additions and 54 deletions
Expand all files Collapse all files

27
.github/workflows/acctest.yml vendored
View File

@@ -1,32 +1,5 @@
name: Acceptance Tests
on:
pull_request:
branches:
- "*"
# paths:
# - "internal/**"
# - "scripts/**"
# - "tools/**"
# - "main.go"
# - "docker-compose.yaml"
# - ".github/workflows/acctest.yml"
# - "Makefile"
# - "go.mod"
push:
branches:
- "main"
tags:
- "v*"
paths:
- "internal/**"
- "scripts/**"
- "tools/**"
- "main.go"
- "docker-compose.yaml"
- ".github/workflows/acctest.yml"
- "Makefile"
schedule:
- cron: "0 13 * * *"
workflow_dispatch:

81
.github/workflows/ci.yaml vendored
View File

@@ -1,34 +1,79 @@
---
name: ci
on:
pull_request: {}
push:
branches:
- "main"
tags:
- "v*"
- main
jobs:
build:
runs-on: "ubuntu-latest"
# Runs on PRs: fast validation checks
validate:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- name: Checkout provider
uses: actions/checkout@v4
with:
go-version-file: "go.mod"
path: terraform-provider-unifi
- name: Checkout go-unifi dependency
uses: actions/checkout@v4
with:
repository: shadyeip/go-unifi
path: go-unifi
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: terraform-provider-unifi/go.mod
cache: true
check-latest: true
- run: "go build ./..."
- name: Check formatting
working-directory: terraform-provider-unifi
run: |
unformatted=$(gofmt -l .)
if [ -n "$unformatted" ]; then
echo "::error::Files not formatted with gofmt:"
echo "$unformatted"
exit 1
fi
lint:
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v4
- uses: actions/setup-go@v5
- name: Vet
working-directory: terraform-provider-unifi
run: go vet ./...
- name: Lint
uses: golangci/golangci-lint-action@v6.5.2
with:
go-version-file: "go.mod"
working-directory: terraform-provider-unifi
skip-pkg-cache: true
# Runs on merge to main: full build
build:
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Checkout provider
uses: actions/checkout@v4
with:
path: terraform-provider-unifi
- name: Checkout go-unifi dependency
uses: actions/checkout@v4
with:
repository: shadyeip/go-unifi
path: go-unifi
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: terraform-provider-unifi/go.mod
cache: true
check-latest: true
- uses: "golangci/golangci-lint-action@v6.5.2"
with:
skip-pkg-cache: true
- name: Build
working-directory: terraform-provider-unifi
run: go build ./...

62
.github/workflows/release.yml vendored
View File

@@ -1,35 +1,87 @@
name: goreleaser
name: release
on:
push:
branches:
- main
tags:
- "v*"
workflow_dispatch:
inputs:
tag:
description: "Version tag to release (e.g. v2026.02.09)"
required: false
type: string
jobs:
goreleaser:
release:
runs-on: ubuntu-latest
concurrency: release
permissions:
contents: write
steps:
- name: Checkout
- name: Checkout provider
uses: actions/checkout@v4
with:
fetch-depth: 0
path: terraform-provider-unifi
- name: Checkout go-unifi dependency
uses: actions/checkout@v4
with:
repository: shadyeip/go-unifi
path: go-unifi
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
go-version-file: "terraform-provider-unifi/go.mod"
check-latest: false
- name: Determine version
id: version
working-directory: terraform-provider-unifi
run: |
if [ -n "${{ inputs.tag }}" ]; then
TAG="${{ inputs.tag }}"
elif [[ "$GITHUB_REF" == refs/tags/* ]]; then
TAG="${GITHUB_REF#refs/tags/}"
else
# Date-based version: v2026.02.09, v2026.02.09.1, v2026.02.09.2, ...
DATE_TAG="v$(date -u +'%Y.%m.%d')"
SUFFIX=0
TAG="$DATE_TAG"
while git rev-parse "$TAG" >/dev/null 2>&1; do
SUFFIX=$((SUFFIX + 1))
TAG="${DATE_TAG}.${SUFFIX}"
done
fi
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
- name: Create and push tag
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
working-directory: terraform-provider-unifi
run: |
git tag "${{ steps.version.outputs.tag }}"
git push origin "${{ steps.version.outputs.tag }}"
- name: Import GPG key
if: env.GPG_PRIVATE_KEY != ''
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
with:
version: latest
args: release --parallelism 2 --clean
args: >-
release --parallelism 2 --clean
${{ steps.import_gpg.outputs.fingerprint == '' && '--skip=sign' || '' }}
workdir: terraform-provider-unifi
env:
GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

47
Makefile
View File

@@ -3,14 +3,59 @@ TESTARGS ?=
TEST_COUNT ?= 1
TEST_TIMEOUT ?= 20m
BINARY = terraform-provider-unifi
VERSION = 99.0.0
PLUGIN_DIR = registry.terraform.io/filipowm/unifi/$(VERSION)
LOCAL_OS = $(shell go env GOOS)
LOCAL_ARCH = $(shell go env GOARCH)
LOCAL_PLATFORM = $(LOCAL_OS)_$(LOCAL_ARCH)
DEPLOY_HOST ?=
TF_DIR ?=
.PHONY: default
default: build
# Build for the local platform
.PHONY: build
build:
go install
go build -o $(BINARY) .
# Build and install into local Terraform plugin directory
.PHONY: install
install: build
mkdir -p ~/.terraform.d/plugins/$(PLUGIN_DIR)/$(LOCAL_PLATFORM)
cp $(BINARY) ~/.terraform.d/plugins/$(PLUGIN_DIR)/$(LOCAL_PLATFORM)/$(BINARY)
# Cross-compile for Linux ARM64 (UDM-SE, docker-host, etc.)
.PHONY: build-linux-arm64
build-linux-arm64:
GOOS=linux GOARCH=arm64 go build -o $(BINARY)_linux_arm64 .
# Cross-compile for Linux AMD64
.PHONY: build-linux-amd64
build-linux-amd64:
GOOS=linux GOARCH=amd64 go build -o $(BINARY)_linux_amd64 .
# Deploy to a remote host via scp
# Usage: make deploy DEPLOY_HOST=root@192.168.1.1
# make deploy DEPLOY_HOST=root@192.168.1.1 TF_DIR=/root/terraform
.PHONY: deploy
deploy: build-linux-arm64
@if [ -z "$(DEPLOY_HOST)" ]; then echo "Error: set DEPLOY_HOST (e.g. make deploy DEPLOY_HOST=root@192.168.1.1)"; exit 1; fi
ssh $(DEPLOY_HOST) 'mkdir -p ~/.terraform.d/plugins/$(PLUGIN_DIR)/linux_arm64'
scp $(BINARY)_linux_arm64 $(DEPLOY_HOST):~/.terraform.d/plugins/$(PLUGIN_DIR)/linux_arm64/$(BINARY)
@if [ -n "$(TF_DIR)" ]; then \
echo "Reinitializing Terraform on $(DEPLOY_HOST)..."; \
ssh $(DEPLOY_HOST) 'cd $(TF_DIR) && rm -f .terraform.lock.hcl && terraform init'; \
fi
.PHONY: testacc
testacc:
go build ./...
TF_ACC=1 go test $(TEST) -v -count $(TEST_COUNT) -timeout $(TEST_TIMEOUT) $(TESTARGS)
.PHONY: clean
clean:
rm -f $(BINARY) $(BINARY)_linux_arm64 $(BINARY)_linux_amd64

66
README.md
View File

@@ -26,14 +26,76 @@ Use a hard-wired connection to your controller to use this provider.
## Installation
The provider is available in the [Terraform Registry](https://registry.terraform.io/providers/filipowm/unifi/latest). To use it in your Terraform configuration:
### Building from Source
This repo includes the `go-unifi` SDK as a local module (in `../go-unifi`). Both are built together — no external repo references needed.
**Prerequisites:** Go 1.23+, Terraform 1.0+
#### Build and install locally (macOS)
```bash
make install
```
This builds the provider and installs it to `~/.terraform.d/plugins/` for local use.
#### Cross-compile for a remote host (e.g. UDM-SE, Linux ARM64 docker-host)
```bash
make build-linux-arm64
```
Then deploy to the remote host:
```bash
make deploy DEPLOY_HOST=root@<your-udm-ip>
```
Or manually:
```bash
scp terraform-provider-unifi_linux_arm64 root@<host>:~/.terraform.d/plugins/registry.terraform.io/filipowm/unifi/99.0.0/linux_arm64/terraform-provider-unifi
```
#### All-in-one: build, deploy, and init on remote host
```bash
make deploy DEPLOY_HOST=root@<your-udm-ip> TF_DIR=/path/to/terraform/configs
```
### Terraform Configuration
Configure your `versions.tf` to use the local provider:
```hcl
terraform {
required_providers {
unifi = {
source = "filipowm/unifi"
version = "~> 1.0.0" # Use the latest version
version = "= 99.0.0"
}
}
}
```
After building/deploying, initialize Terraform:
```bash
rm -f .terraform.lock.hcl
terraform init
```
### From Terraform Registry
The upstream provider is available in the [Terraform Registry](https://registry.terraform.io/providers/filipowm/unifi/latest):
```hcl
terraform {
required_providers {
unifi = {
source = "filipowm/unifi"
version = "~> 1.0.0"
}
}
}

4
go.mod
View File

@@ -425,4 +425,6 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
tags.cncf.io/container-device-interface v0.8.1 // indirect
)
)
replace github.com/filipowm/go-unifi => ../go-unifi