From 0952ccfbc87ae63b74b17a952cde588022084a7f Mon Sep 17 00:00:00 2001 From: "GRECO, FRANK" Date: Wed, 5 Jan 2022 20:49:29 -0800 Subject: [PATCH] enhance generation check by moving schemas to separate files --- Makefile | 2 +- docs-generate.sum | 14 +- .../resource_firewall_address_group.go | 30 +-- .../provider/resource_firewall_port_group.go | 54 +----- .../provider/resource_firewall_ruleset.go | 174 +---------------- .../resource_firewall_ruleset_attachment.go | 28 +-- .../provider/schema_firewall_address_group.go | 38 ++++ .../provider/schema_firewall_port_group.go | 62 ++++++ internal/provider/schema_firewall_ruleset.go | 179 ++++++++++++++++++ .../schema_firewall_ruleset_attachment.go | 35 ++++ 10 files changed, 328 insertions(+), 288 deletions(-) create mode 100644 internal/provider/schema_firewall_address_group.go create mode 100644 internal/provider/schema_firewall_port_group.go create mode 100644 internal/provider/schema_firewall_ruleset.go create mode 100644 internal/provider/schema_firewall_ruleset_attachment.go diff --git a/Makefile b/Makefile index cea272f..8c1ffd7 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ fmt: define docs-generate-sum rm -f $@; \ ( \ - find internal/provider examples -type f -not -ipath '*terraform*' -print0 | xargs -0 sha256sum; \ + find templates internal/provider examples -name '*schema_*' -o -path '*examples*' -not -path '*.terraform*' -not -path 'examples/guides/*/provider.tf' -type f -o -path '*templates*' -type f | xargs sha256sum; \ ) | sort -k 2 > $@ endef diff --git a/docs-generate.sum b/docs-generate.sum index 3433922..28a210c 100644 --- a/docs-generate.sum +++ b/docs-generate.sum @@ -1,14 +1,14 @@ f741a688e5973f20960b5de956c20a096d66cd50281f0261c59beb8826b419d3 examples/guides/firewall/main.tf -eab1a030f9c109d699a611e154f311dbf86809cb8183f030f7461b317817885f examples/guides/firewall/provider.tf +b866dbd54e08d98fa109ee5b9eaf68dae55b5eacfec9108e99b43b834077cd55 examples/guides/firewall/terraform.tfstate +ed086d1f8ac60aaa6ef423096591c4683bfdf990145e52151067ff0d8e80c25f examples/guides/firewall/terraform.tfstate.backup eda7df5a60670b66c70593ed249e00c2fa8c5689b1c4f968b4f4935e698b4a4e examples/provider/provider.tf b4adaf9436fc082f07eff9034c2c2724690f878dede27f67ea9cee2670f9c781 examples/provider/variables.tf 7a5b822b354000fc42a33422d9cb1a5876c48e85ba8cae1b1c7634aeda2a90a8 examples/resources/edge_firewall_address_group/resource.tf 9504ac84127e30cf43b7d70f778cd2381f9a50e4f5e5af738a6cc3c723be994b examples/resources/edge_firewall_port_group/resource.tf b1f2408d091ce25db324114e0f39d31e2c6d3951224b40ad36c8a95fec0f96bb examples/resources/edge_firewall_ruleset/resource.tf 8d60606a0462636c3aee7b4124b512b2b508fbb64cc7ffcbceaed096c69b4891 examples/resources/edge_firewall_ruleset_attachment/resource.tf -b2420f099cf97751d48792aba9eb1100af5b96004f9d1a89c09f66878fc5cf88 internal/provider/data_interface_ethernet.go -7b2a75eebbabb42c7c882cfdc52df88dd7ce584f882633e3438b965f3808f628 internal/provider/provider.go -0bc5533d48fcc9ea468717a7fdf9315452a1cb1fcffcbedb199c991d0b09dd09 internal/provider/resource_firewall_address_group.go -b37b3f5d2f78559d49bf87b17f017f0ac6a1efd2dc94e5b06f61d424bc91d74a internal/provider/resource_firewall_port_group.go -8d5cce735e7fe51a4e806b4342db39d59c599e95120ea25d94f29b805eaef2b2 internal/provider/resource_firewall_ruleset.go -0d6acb6d48a3def6e2fd18e11998264895a395eb6d754be1184d36a28506d72f internal/provider/resource_firewall_ruleset_attachment.go +99ce1fa0ad604f1968423cb2a64f20d57355f672a3f84d2eb203a185ad151d1f internal/provider/schema_firewall_address_group.go +f9e8a309f8e515c9860c2bcf7c42bc6faad8a22e73cee177a320ef0007d85646 internal/provider/schema_firewall_port_group.go +039e78b2514628316d094d0938cb186825816aedd2abe23b86a03dd69988bf2a internal/provider/schema_firewall_ruleset.go +3b354ebd52c954994208fc87ebf44117f81547d1d70eff0fde65a84c1f3253c5 internal/provider/schema_firewall_ruleset_attachment.go +cc1e815020918c121b4cf145865aacaeada4c32d278fcab44a3b6b76759e5ce6 templates/guides/firewall.md.tmpl diff --git a/internal/provider/resource_firewall_address_group.go b/internal/provider/resource_firewall_address_group.go index bfc911c..fa05960 100644 --- a/internal/provider/resource_firewall_address_group.go +++ b/internal/provider/resource_firewall_address_group.go @@ -4,46 +4,18 @@ import ( "context" "github.com/frankgreco/edge-sdk-go/types" - "github.com/frankgreco/terraform-helpers/validators" "github.com/mattbaird/jsonpatch" "terraform-provider-edge/internal/utils" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/tfsdk" - tfftypes "github.com/hashicorp/terraform-plugin-framework/types" ) type resourceFirewallAddressGroupType struct{} func (r resourceFirewallAddressGroupType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) { - return tfsdk.Schema{ - Description: "A logical grouping of addresses.", - Attributes: map[string]tfsdk.Attribute{ - "name": { - Type: tfftypes.StringType, - Required: true, - PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, - Description: "A unique, human readable name for this address group.", - Validators: []tfsdk.AttributeValidator{ - validators.NoWhitespace(), - }, - }, - "description": { - Type: tfftypes.StringType, - Optional: true, - Description: "A human readable description for this address group.", - }, - "cidrs": { - Type: tfftypes.ListType{ElemType: tfftypes.StringType}, - Optional: true, - Description: "A non-overlapping list of cidrs.", - Validators: []tfsdk.AttributeValidator{ - validators.NoOverlappingCIDRs(), - }, - }, - }, - }, nil + return schemaFirewallAddressGroup(), nil } func (r resourceFirewallAddressGroupType) NewResource(_ context.Context, p tfsdk.Provider) (tfsdk.Resource, diag.Diagnostics) { diff --git a/internal/provider/resource_firewall_port_group.go b/internal/provider/resource_firewall_port_group.go index 213a84d..51cd2ec 100644 --- a/internal/provider/resource_firewall_port_group.go +++ b/internal/provider/resource_firewall_port_group.go @@ -4,70 +4,18 @@ import ( "context" "github.com/frankgreco/edge-sdk-go/types" - "github.com/frankgreco/terraform-helpers/validators" "github.com/mattbaird/jsonpatch" "terraform-provider-edge/internal/utils" "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/tfsdk" - tfftypes "github.com/hashicorp/terraform-plugin-framework/types" ) type resourceFirewallPortGroupType struct{} func (r resourceFirewallPortGroupType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) { - return tfsdk.Schema{ - Description: "A logical grouping of ports.", - Attributes: map[string]tfsdk.Attribute{ - "name": { - Type: tfftypes.StringType, - Required: true, - PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, - Description: "A unique, human readable name for this port group.", - Validators: []tfsdk.AttributeValidator{ - validators.NoWhitespace(), - }, - }, - "description": { - Type: tfftypes.StringType, - Optional: true, - Description: "A human readable description for this port group.", - }, - "port_ranges": { - Attributes: tfsdk.ListNestedAttributes(map[string]tfsdk.Attribute{ - "from": { - Type: tfftypes.NumberType, - Required: true, - Validators: []tfsdk.AttributeValidator{ - validators.Range(float64(1), float64(65535.0)), - validators.Compare(validators.ComparatorLessThan, "to"), - }, - }, - "to": { - Type: tfftypes.NumberType, - Required: true, - Validators: []tfsdk.AttributeValidator{ - validators.Range(float64(1), float64(65535.0)), - }, - }, - }, tfsdk.ListNestedAttributesOptions{}), - Optional: true, - Description: "A list of port ranges.", - Validators: []tfsdk.AttributeValidator{ - validators.NoOverlap(), - }, - }, - "ports": { - Type: tfftypes.ListType{ElemType: tfftypes.NumberType}, - Optional: true, - Description: "A list of port numbers.", - Validators: []tfsdk.AttributeValidator{ - validators.NoOverlap(), - }, - }, - }, - }, nil + return schemaFirewallPortGroup(), nil } func (r resourceFirewallPortGroupType) NewResource(_ context.Context, p tfsdk.Provider) (tfsdk.Resource, diag.Diagnostics) { diff --git a/internal/provider/resource_firewall_ruleset.go b/internal/provider/resource_firewall_ruleset.go index 2df6e1c..5e1bb19 100644 --- a/internal/provider/resource_firewall_ruleset.go +++ b/internal/provider/resource_firewall_ruleset.go @@ -6,184 +6,16 @@ import ( "terraform-provider-edge/internal/utils" "github.com/frankgreco/edge-sdk-go/types" - "github.com/frankgreco/terraform-helpers/validators" + "github.com/mattbaird/jsonpatch" + "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/tfsdk" - tftypes "github.com/hashicorp/terraform-plugin-framework/types" - "github.com/mattbaird/jsonpatch" ) type resourceFirewallRulesetType struct{} func (r resourceFirewallRulesetType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) { - port := tfsdk.Attribute{ - Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ - "from": { - Type: tftypes.NumberType, - Required: true, - Validators: []tfsdk.AttributeValidator{ - validators.Range(float64(1), float64(65535.0)), - validators.Compare(validators.ComparatorLessThanEqual, "to"), - }, - }, - "to": { - Type: tftypes.NumberType, - Required: true, - Validators: []tfsdk.AttributeValidator{ - validators.Range(float64(1), float64(65535.0)), - }, - }, - }), - Optional: true, - Description: "A port range. Conflicts with `port_group`.", - Validators: []tfsdk.AttributeValidator{ - validators.ConflictsWith("port_group"), - }, - } - - portGroup := tfsdk.Attribute{ - Type: tftypes.StringType, - Optional: true, - Description: "The port group this rule applies to. If not provided, all ports will be matched. Conflicts with `port`.", - Validators: []tfsdk.AttributeValidator{ - validators.ConflictsWith("port"), - }, - } - - address := tfsdk.Attribute{ - Type: tftypes.StringType, - Optional: true, - Description: "The cidr this rule applies to. If not provided, it is treated as `0.0.0.0/0`. Conflicts with `address_group`.", - Validators: []tfsdk.AttributeValidator{ - validators.Cidr(), - validators.ConflictsWith("address_group"), - }, - } - - addressGroup := tfsdk.Attribute{ - Type: tftypes.StringType, - Optional: true, - Description: "The address group this rule applies to. If not provided, all addresses will be matched. Conflicts with `address`.", - Validators: []tfsdk.AttributeValidator{ - validators.ConflictsWith("address"), - }, - } - - return tfsdk.Schema{ - Description: "A grouping of firewall rules. The firewall is not enforced unless attached to an interface which can be done with the `firewall_ruleset_attachment` resource.", - Attributes: map[string]tfsdk.Attribute{ - "name": { - Description: "A unique, human readable name for this ruleset.", - Type: tftypes.StringType, - Required: true, - Validators: []tfsdk.AttributeValidator{ - validators.NoWhitespace(), - }, - PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, - }, - "description": { - Description: "A human readable description for this ruleset.", - Type: tftypes.StringType, - Optional: true, - }, - "default_action": { - Description: "The default action to take if traffic is not matched by one of the rules in the ruleset. Must be one of `reject`, `drop`, `accept`.", - Type: tftypes.StringType, - Required: true, - Validators: []tfsdk.AttributeValidator{ - validators.StringInSlice(true, "reject", "drop", "accept"), - }, - }, - }, - Blocks: map[string]tfsdk.Block{ - "rule": { - Validators: []tfsdk.AttributeValidator{ - validators.Unique("priority"), - }, - NestingMode: tfsdk.BlockNestingModeSet, - Attributes: map[string]tfsdk.Attribute{ - "priority": { - Type: tftypes.NumberType, - Required: true, - Description: "The priority of this rule. The higher the priority, the higher the precedence.", - }, - "description": { - Type: tftypes.StringType, - Optional: true, - Description: "A human readable description for this rule.", - }, - "action": { - Type: tftypes.StringType, - Required: true, - Description: "The action to take on traffic that matches this rule. Must be one of `reject`, `drop`, `accept`.", - Validators: []tfsdk.AttributeValidator{ - validators.StringInSlice(true, "drop", "reject", "accept"), - }, - }, - "protocol": { - Type: tftypes.StringType, - Optional: true, - Description: "The protocol this rule applies to. If not specified, this rule applies to all protcols. Must be one of `tcp`, `udp`, `tcp_udp`.", - Validators: []tfsdk.AttributeValidator{ - validators.StringInSlice(true, "tcp", "udp", "tcp_udp", "all", "*"), - }, - }, - "state": { - Description: "This describes the connection state of a packet.", - Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ - "established": { - Type: tftypes.BoolType, - Optional: true, - Description: "Match packets that are part of a two-way connection.", - }, - "new": { - Type: tftypes.BoolType, - Optional: true, - Description: "Match packets creating a new connection.", - }, - "related": { - Type: tftypes.BoolType, - Optional: true, - Description: "Match packets related to established connections.", - }, - "invalid": { - Type: tftypes.BoolType, - Optional: true, - Description: "Match packets that cannot be identified.", - }, - }), - Optional: true, - }, - "destination": { - Description: "Details about the traffic's destination. If not specified, all sources will be evaluated.", - Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ - "address": address, - "port": port, - "address_group": addressGroup, - "port_group": portGroup, - }), - Optional: true, - // Need a validator to ensure address conflicts with address_group and port conflicts with port_group. - }, - "source": { - Description: "Details about the traffic's source. If not specified, all sources will be evaluated.", - Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ - "address": address, - "port": port, - "address_group": addressGroup, - "port_group": portGroup, - "mac": { - Type: tftypes.StringType, - Optional: true, - }, - }), - Optional: true, - // Need a validator to ensure address conflicts with address_group and port conflicts with port_group. - }, - }, - }, - }, - }, nil + return schemaFirewallRuleset(), nil } func (r resourceFirewallRulesetType) NewResource(_ context.Context, p tfsdk.Provider) (tfsdk.Resource, diag.Diagnostics) { diff --git a/internal/provider/resource_firewall_ruleset_attachment.go b/internal/provider/resource_firewall_ruleset_attachment.go index 1c8ea49..a09e12e 100644 --- a/internal/provider/resource_firewall_ruleset_attachment.go +++ b/internal/provider/resource_firewall_ruleset_attachment.go @@ -10,38 +10,12 @@ import ( "github.com/hashicorp/terraform-plugin-framework/diag" "github.com/hashicorp/terraform-plugin-framework/tfsdk" - tfftypes "github.com/hashicorp/terraform-plugin-framework/types" ) type resourceFirewallRulesetAttachmentType struct{} func (r resourceFirewallRulesetAttachmentType) GetSchema(_ context.Context) (tfsdk.Schema, diag.Diagnostics) { - return tfsdk.Schema{ - Description: "Attach a firewall ruleset to inbound, outbound, and local traffic.", - Attributes: map[string]tfsdk.Attribute{ - "interface": { - Type: tfftypes.StringType, - Required: true, - PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, - Description: "The interface to attach firewall rules to.", - }, - "in": { - Type: tfftypes.StringType, - Optional: true, - Description: "Match inbound packets.", - }, - "out": { - Type: tfftypes.StringType, - Optional: true, - Description: "Match outbound packets.", - }, - "local": { - Type: tfftypes.StringType, - Optional: true, - Description: "Match local packets.", - }, - }, - }, nil + return schemaFirewallRulesetAttachment(), nil } func (r resourceFirewallRulesetAttachmentType) NewResource(_ context.Context, p tfsdk.Provider) (tfsdk.Resource, diag.Diagnostics) { diff --git a/internal/provider/schema_firewall_address_group.go b/internal/provider/schema_firewall_address_group.go new file mode 100644 index 0000000..fca2305 --- /dev/null +++ b/internal/provider/schema_firewall_address_group.go @@ -0,0 +1,38 @@ +package provider + +import ( + "github.com/frankgreco/terraform-helpers/validators" + + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +func schemaFirewallAddressGroup() tfsdk.Schema { + return tfsdk.Schema{ + Description: "A logical grouping of addresses.", + Attributes: map[string]tfsdk.Attribute{ + "name": { + Type: types.StringType, + Required: true, + PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, + Description: "A unique, human readable name for this address group.", + Validators: []tfsdk.AttributeValidator{ + validators.NoWhitespace(), + }, + }, + "description": { + Type: types.StringType, + Optional: true, + Description: "A human readable description for this address group.", + }, + "cidrs": { + Type: types.ListType{ElemType: types.StringType}, + Optional: true, + Description: "A non-overlapping list of cidrs.", + Validators: []tfsdk.AttributeValidator{ + validators.NoOverlappingCIDRs(), + }, + }, + }, + } +} diff --git a/internal/provider/schema_firewall_port_group.go b/internal/provider/schema_firewall_port_group.go new file mode 100644 index 0000000..0a55869 --- /dev/null +++ b/internal/provider/schema_firewall_port_group.go @@ -0,0 +1,62 @@ +package provider + +import ( + "github.com/frankgreco/terraform-helpers/validators" + + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +func schemaFirewallPortGroup() tfsdk.Schema { + return tfsdk.Schema{ + Description: "A logical grouping of ports.", + Attributes: map[string]tfsdk.Attribute{ + "name": { + Type: types.StringType, + Required: true, + PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, + Description: "A unique, human readable name for this port group.", + Validators: []tfsdk.AttributeValidator{ + validators.NoWhitespace(), + }, + }, + "description": { + Type: types.StringType, + Optional: true, + Description: "A human readable description for this port group.", + }, + "port_ranges": { + Attributes: tfsdk.ListNestedAttributes(map[string]tfsdk.Attribute{ + "from": { + Type: types.NumberType, + Required: true, + Validators: []tfsdk.AttributeValidator{ + validators.Range(float64(1), float64(65535.0)), + validators.Compare(validators.ComparatorLessThan, "to"), + }, + }, + "to": { + Type: types.NumberType, + Required: true, + Validators: []tfsdk.AttributeValidator{ + validators.Range(float64(1), float64(65535.0)), + }, + }, + }, tfsdk.ListNestedAttributesOptions{}), + Optional: true, + Description: "A list of port ranges.", + Validators: []tfsdk.AttributeValidator{ + validators.NoOverlap(), + }, + }, + "ports": { + Type: types.ListType{ElemType: types.NumberType}, + Optional: true, + Description: "A list of port numbers.", + Validators: []tfsdk.AttributeValidator{ + validators.NoOverlap(), + }, + }, + }, + } +} diff --git a/internal/provider/schema_firewall_ruleset.go b/internal/provider/schema_firewall_ruleset.go new file mode 100644 index 0000000..cffbeee --- /dev/null +++ b/internal/provider/schema_firewall_ruleset.go @@ -0,0 +1,179 @@ +package provider + +import ( + "github.com/frankgreco/terraform-helpers/validators" + + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +func schemaFirewallRuleset() tfsdk.Schema { + port := tfsdk.Attribute{ + Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ + "from": { + Type: types.NumberType, + Required: true, + Validators: []tfsdk.AttributeValidator{ + validators.Range(float64(1), float64(65535.0)), + validators.Compare(validators.ComparatorLessThanEqual, "to"), + }, + }, + "to": { + Type: types.NumberType, + Required: true, + Validators: []tfsdk.AttributeValidator{ + validators.Range(float64(1), float64(65535.0)), + }, + }, + }), + Optional: true, + Description: "A port range. Conflicts with `port_group`.", + Validators: []tfsdk.AttributeValidator{ + validators.ConflictsWith("port_group"), + }, + } + + portGroup := tfsdk.Attribute{ + Type: types.StringType, + Optional: true, + Description: "The port group this rule applies to. If not provided, all ports will be matched. Conflicts with `port`.", + Validators: []tfsdk.AttributeValidator{ + validators.ConflictsWith("port"), + }, + } + + address := tfsdk.Attribute{ + Type: types.StringType, + Optional: true, + Description: "The cidr this rule applies to. If not provided, it is treated as `0.0.0.0/0`. Conflicts with `address_group`.", + Validators: []tfsdk.AttributeValidator{ + validators.Cidr(), + validators.ConflictsWith("address_group"), + }, + } + + addressGroup := tfsdk.Attribute{ + Type: types.StringType, + Optional: true, + Description: "The address group this rule applies to. If not provided, all addresses will be matched. Conflicts with `address`.", + Validators: []tfsdk.AttributeValidator{ + validators.ConflictsWith("address"), + }, + } + + return tfsdk.Schema{ + Description: "A grouping of firewall rules. The firewall is not enforced unless attached to an interface which can be done with the `firewall_ruleset_attachment` resource.", + Attributes: map[string]tfsdk.Attribute{ + "name": { + Description: "A unique, human readable name for this ruleset.", + Type: types.StringType, + Required: true, + Validators: []tfsdk.AttributeValidator{ + validators.NoWhitespace(), + }, + PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, + }, + "description": { + Description: "A human readable description for this ruleset.", + Type: types.StringType, + Optional: true, + }, + "default_action": { + Description: "The default action to take if traffic is not matched by one of the rules in the ruleset. Must be one of `reject`, `drop`, `accept`.", + Type: types.StringType, + Required: true, + Validators: []tfsdk.AttributeValidator{ + validators.StringInSlice(true, "reject", "drop", "accept"), + }, + }, + }, + Blocks: map[string]tfsdk.Block{ + "rule": { + Validators: []tfsdk.AttributeValidator{ + validators.Unique("priority"), + }, + NestingMode: tfsdk.BlockNestingModeSet, + Attributes: map[string]tfsdk.Attribute{ + "priority": { + Type: types.NumberType, + Required: true, + Description: "The priority of this rule. The higher the priority, the higher the precedence.", + }, + "description": { + Type: types.StringType, + Optional: true, + Description: "A human readable description for this rule.", + }, + "action": { + Type: types.StringType, + Required: true, + Description: "The action to take on traffic that matches this rule. Must be one of `reject`, `drop`, `accept`.", + Validators: []tfsdk.AttributeValidator{ + validators.StringInSlice(true, "drop", "reject", "accept"), + }, + }, + "protocol": { + Type: types.StringType, + Optional: true, + Description: "The protocol this rule applies to. If not specified, this rule applies to all protcols. Must be one of `tcp`, `udp`, `tcp_udp`.", + Validators: []tfsdk.AttributeValidator{ + validators.StringInSlice(true, "tcp", "udp", "tcp_udp", "all", "*"), + }, + }, + "state": { + Description: "This describes the connection state of a packet.", + Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ + "established": { + Type: types.BoolType, + Optional: true, + Description: "Match packets that are part of a two-way connection.", + }, + "new": { + Type: types.BoolType, + Optional: true, + Description: "Match packets creating a new connection.", + }, + "related": { + Type: types.BoolType, + Optional: true, + Description: "Match packets related to established connections.", + }, + "invalid": { + Type: types.BoolType, + Optional: true, + Description: "Match packets that cannot be identified.", + }, + }), + Optional: true, + }, + "destination": { + Description: "Details about the traffic's destination. If not specified, all sources will be evaluated.", + Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ + "address": address, + "port": port, + "address_group": addressGroup, + "port_group": portGroup, + }), + Optional: true, + // Need a validator to ensure address conflicts with address_group and port conflicts with port_group. + }, + "source": { + Description: "Details about the traffic's source. If not specified, all sources will be evaluated.", + Attributes: tfsdk.SingleNestedAttributes(map[string]tfsdk.Attribute{ + "address": address, + "port": port, + "address_group": addressGroup, + "port_group": portGroup, + "mac": { + Type: types.StringType, + Optional: true, + }, + }), + Optional: true, + // Need a validator to ensure address conflicts with address_group and port conflicts with port_group. + }, + }, + }, + }, + } +} diff --git a/internal/provider/schema_firewall_ruleset_attachment.go b/internal/provider/schema_firewall_ruleset_attachment.go new file mode 100644 index 0000000..4ea5bd5 --- /dev/null +++ b/internal/provider/schema_firewall_ruleset_attachment.go @@ -0,0 +1,35 @@ +package provider + +import ( + "github.com/hashicorp/terraform-plugin-framework/tfsdk" + "github.com/hashicorp/terraform-plugin-framework/types" +) + +func schemaFirewallRulesetAttachment() tfsdk.Schema { + return tfsdk.Schema{ + Description: "Attach a firewall ruleset to inbound, outbound, and local traffic.", + Attributes: map[string]tfsdk.Attribute{ + "interface": { + Type: types.StringType, + Required: true, + PlanModifiers: []tfsdk.AttributePlanModifier{tfsdk.RequiresReplace()}, + Description: "The interface to attach firewall rules to.", + }, + "in": { + Type: types.StringType, + Optional: true, + Description: "Match inbound packets.", + }, + "out": { + Type: types.StringType, + Optional: true, + Description: "Match outbound packets.", + }, + "local": { + Type: types.StringType, + Optional: true, + Description: "Match local packets.", + }, + }, + } +}