From f4227edc18f02d651c2a13c5053ad5b1b133cf9f Mon Sep 17 00:00:00 2001 From: Neil Ye Date: Thu, 1 Feb 2024 04:10:38 +0800 Subject: [PATCH] `azurerm_palo_alto_next_generation_firewall_*` - support the property `trustedRanges` (#24459) * azurerm_palo_alto_next_generation_firewall_* - support the property trustedRanges * update code * update code * update code * update code * update code --- ...wall_vhub_local_rulestack_resource_test.go | 2 + ...on_firewall_vhub_panorama_resource_test.go | 1 + ...wall_vnet_local_rulestack_resource_test.go | 2 + ...on_firewall_vnet_panorama_resource_test.go | 1 + .../paloalto/schema/network_profile.go | 49 +++++++++++++++++++ ...irewall_vhub_local_rulestack.html.markdown | 2 + ...ation_firewall_vhub_panorama.html.markdown | 2 + ...tual_network_local_rulestack.html.markdown | 2 + ...all_virtual_network_panorama.html.markdown | 2 + 9 files changed, 63 insertions(+) diff --git a/internal/services/paloalto/next_generation_firewall_vhub_local_rulestack_resource_test.go b/internal/services/paloalto/next_generation_firewall_vhub_local_rulestack_resource_test.go index de7c8f2fbc66..b996e6f7ccae 100644 --- a/internal/services/paloalto/next_generation_firewall_vhub_local_rulestack_resource_test.go +++ b/internal/services/paloalto/next_generation_firewall_vhub_local_rulestack_resource_test.go @@ -188,6 +188,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_local_rulestack network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id public_ip_address_ids = [azurerm_public_ip.test.id] egress_nat_ip_address_ids = [azurerm_public_ip.egress.id] + trusted_address_ranges = ["20.22.92.11"] } dns_settings { @@ -240,6 +241,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_local_rulestack virtual_hub_id = azurerm_virtual_hub.test.id network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id public_ip_address_ids = [azurerm_public_ip.test.id] + trusted_address_ranges = ["20.22.92.11", "20.23.92.11"] } dns_settings { diff --git a/internal/services/paloalto/next_generation_firewall_vhub_panorama_resource_test.go b/internal/services/paloalto/next_generation_firewall_vhub_panorama_resource_test.go index 6a696e13f97b..d0dd7eb39f17 100644 --- a/internal/services/paloalto/next_generation_firewall_vhub_panorama_resource_test.go +++ b/internal/services/paloalto/next_generation_firewall_vhub_panorama_resource_test.go @@ -152,6 +152,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_hub_panorama" "test network_virtual_appliance_id = azurerm_palo_alto_virtual_network_appliance.test.id public_ip_address_ids = [azurerm_public_ip.test.id] egress_nat_ip_address_ids = [azurerm_public_ip.egress.id] + trusted_address_ranges = ["20.22.92.11"] } dns_settings { diff --git a/internal/services/paloalto/next_generation_firewall_vnet_local_rulestack_resource_test.go b/internal/services/paloalto/next_generation_firewall_vnet_local_rulestack_resource_test.go index 254c824d7b90..3df22aa2ffce 100644 --- a/internal/services/paloalto/next_generation_firewall_vnet_local_rulestack_resource_test.go +++ b/internal/services/paloalto/next_generation_firewall_vnet_local_rulestack_resource_test.go @@ -188,6 +188,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_local_rules network_profile { public_ip_address_ids = [azurerm_public_ip.test.id] egress_nat_ip_address_ids = [azurerm_public_ip.egress.id] + trusted_address_ranges = ["20.22.92.11", "20.23.92.11"] vnet_configuration { virtual_network_id = azurerm_virtual_network.test.id @@ -245,6 +246,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_local_rules network_profile { public_ip_address_ids = [azurerm_public_ip.test.id] egress_nat_ip_address_ids = [azurerm_public_ip.egress.id] + trusted_address_ranges = ["20.22.92.11", "20.23.92.11"] vnet_configuration { virtual_network_id = azurerm_virtual_network.test.id diff --git a/internal/services/paloalto/next_generation_firewall_vnet_panorama_resource_test.go b/internal/services/paloalto/next_generation_firewall_vnet_panorama_resource_test.go index ee1b241409a9..d7665ccb3069 100644 --- a/internal/services/paloalto/next_generation_firewall_vnet_panorama_resource_test.go +++ b/internal/services/paloalto/next_generation_firewall_vnet_panorama_resource_test.go @@ -155,6 +155,7 @@ resource "azurerm_palo_alto_next_generation_firewall_virtual_network_panorama" " network_profile { public_ip_address_ids = [azurerm_public_ip.test.id] egress_nat_ip_address_ids = [azurerm_public_ip.egress.id] + trusted_address_ranges = ["20.22.92.11"] vnet_configuration { virtual_network_id = azurerm_virtual_network.test.id diff --git a/internal/services/paloalto/schema/network_profile.go b/internal/services/paloalto/schema/network_profile.go index 70247d0b99e2..08d82d5faa22 100644 --- a/internal/services/paloalto/schema/network_profile.go +++ b/internal/services/paloalto/schema/network_profile.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-azure-sdk/resource-manager/paloaltonetworks/2023-09-01/firewalls" networkValidate "github.com/hashicorp/terraform-provider-azurerm/internal/services/network/validate" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" + "github.com/hashicorp/terraform-provider-azurerm/internal/tf/validation" ) type NetworkProfileVnet struct { @@ -17,6 +18,7 @@ type NetworkProfileVnet struct { // Optional EgressNatIPIDs []string `tfschema:"egress_nat_ip_address_ids"` + TrustedRanges []string `tfschema:"trusted_address_ranges"` VnetConfiguration []VnetConfiguration `tfschema:"vnet_configuration"` // Computed @@ -30,6 +32,7 @@ type NetworkProfileVHub struct { // Optional EgressNatIPIDs []string `tfschema:"egress_nat_ip_address_ids"` + TrustedRanges []string `tfschema:"trusted_address_ranges"` // Computed PublicIPs []string `tfschema:"public_ip_addresses"` @@ -67,6 +70,18 @@ func VnetNetworkProfileSchema() *pluginsdk.Schema { }, }, + "trusted_address_ranges": { + Type: pluginsdk.TypeList, + Optional: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: validation.Any( + validation.IsCIDR, + validation.IsIPv4Address, + ), + }, + }, + "vnet_configuration": VnetConfigurationSchema(), // Computed @@ -95,6 +110,7 @@ func ExpandNetworkProfileVnet(input []NetworkProfileVnet) firewalls.NetworkProfi result := firewalls.NetworkProfile{ EnableEgressNat: firewalls.EgressNatDISABLED, NetworkType: firewalls.NetworkTypeVNET, + TrustedRanges: &[]string{}, } if len(input) == 0 { @@ -124,6 +140,10 @@ func ExpandNetworkProfileVnet(input []NetworkProfileVnet) firewalls.NetworkProfi result.EgressNatIP = pointer.To(egressNatIPs) } + if len(profile.TrustedRanges) > 0 { + result.TrustedRanges = pointer.To(profile.TrustedRanges) + } + vnet := profile.VnetConfiguration[0] result.VnetConfiguration = &firewalls.VnetConfiguration{ TrustSubnet: firewalls.IPAddressSpace{ @@ -171,6 +191,12 @@ func FlattenNetworkProfileVnet(input firewalls.NetworkProfile) []NetworkProfileV result.EgressNatIPIDs = egressIds result.EgressNatIP = egressIPs + trustedRanges := make([]string, 0) + if v := input.TrustedRanges; v != nil { + trustedRanges = pointer.From(v) + } + result.TrustedRanges = trustedRanges + if v := input.VnetConfiguration; v != nil { vNet := VnetConfiguration{} @@ -229,6 +255,18 @@ func VHubNetworkProfileSchema() *pluginsdk.Schema { }, }, + "trusted_address_ranges": { + Type: pluginsdk.TypeList, + Optional: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: validation.Any( + validation.IsCIDR, + validation.IsIPv4Address, + ), + }, + }, + "trusted_subnet_id": { Type: pluginsdk.TypeString, Computed: true, @@ -268,6 +306,7 @@ func ExpandNetworkProfileVHub(input []NetworkProfileVHub) firewalls.NetworkProfi result := firewalls.NetworkProfile{ EnableEgressNat: firewalls.EgressNatDISABLED, EgressNatIP: &[]firewalls.IPAddress{}, + TrustedRanges: &[]string{}, } if len(input) == 0 { return result @@ -297,6 +336,10 @@ func ExpandNetworkProfileVHub(input []NetworkProfileVHub) firewalls.NetworkProfi result.EgressNatIP = pointer.To(egressNatIPs) } + if len(profile.TrustedRanges) > 0 { + result.TrustedRanges = pointer.To(profile.TrustedRanges) + } + result.NetworkType = firewalls.NetworkTypeVWAN result.VwanConfiguration = &firewalls.VwanConfiguration{ @@ -340,6 +383,12 @@ func FlattenNetworkProfileVHub(input firewalls.NetworkProfile) (*NetworkProfileV result.EgressNatIPIDs = egressIds result.EgressNatIP = egressIPs + trustedRanges := make([]string, 0) + if v := input.TrustedRanges; v != nil { + trustedRanges = pointer.From(v) + } + result.TrustedRanges = trustedRanges + if v := input.VwanConfiguration; v != nil { result.VHubID = pointer.From(v.VHub.ResourceId) diff --git a/website/docs/r/palo_alto_next_generation_firewall_vhub_local_rulestack.html.markdown b/website/docs/r/palo_alto_next_generation_firewall_vhub_local_rulestack.html.markdown index cad373543021..2ebd9b5f2997 100644 --- a/website/docs/r/palo_alto_next_generation_firewall_vhub_local_rulestack.html.markdown +++ b/website/docs/r/palo_alto_next_generation_firewall_vhub_local_rulestack.html.markdown @@ -132,6 +132,8 @@ A `network_profile` block supports the following: * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Public IP IDs to use for Egress NAT. +* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network. + ## Attributes Reference In addition to the Arguments listed above - the following Attributes are exported: diff --git a/website/docs/r/palo_alto_next_generation_firewall_vhub_panorama.html.markdown b/website/docs/r/palo_alto_next_generation_firewall_vhub_panorama.html.markdown index a98a007b469a..31bdaf638add 100644 --- a/website/docs/r/palo_alto_next_generation_firewall_vhub_panorama.html.markdown +++ b/website/docs/r/palo_alto_next_generation_firewall_vhub_panorama.html.markdown @@ -137,6 +137,8 @@ A `network_profile` block supports the following: * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Public IP IDs to use for Egress NAT. +* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network. + ## Attributes Reference In addition to the Arguments listed above - the following Attributes are exported: diff --git a/website/docs/r/palo_alto_next_generation_firewall_virtual_network_local_rulestack.html.markdown b/website/docs/r/palo_alto_next_generation_firewall_virtual_network_local_rulestack.html.markdown index 04288e8663e9..7649d3cbfc88 100644 --- a/website/docs/r/palo_alto_next_generation_firewall_virtual_network_local_rulestack.html.markdown +++ b/website/docs/r/palo_alto_next_generation_firewall_virtual_network_local_rulestack.html.markdown @@ -197,6 +197,8 @@ A `network_profile` block supports the following: * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation. +* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network. + --- A `vnet_configuration` block supports the following: diff --git a/website/docs/r/palo_alto_next_generation_firewall_virtual_network_panorama.html.markdown b/website/docs/r/palo_alto_next_generation_firewall_virtual_network_panorama.html.markdown index af8e8b481e1c..accecaf98585 100644 --- a/website/docs/r/palo_alto_next_generation_firewall_virtual_network_panorama.html.markdown +++ b/website/docs/r/palo_alto_next_generation_firewall_virtual_network_panorama.html.markdown @@ -177,6 +177,8 @@ A `network_profile` block supports the following: * `egress_nat_ip_address_ids` - (Optional) Specifies a list of Azure Public IP Address IDs that can be used for Egress (Source) Network Address Translation. +* `trusted_address_ranges` - (Optional) Specifies a list of trusted ranges to use for the Network. + --- A `vnet_configuration` block supports the following: