Add support to CME API v1.2 (#177)

CheckPointSW · Sep 10, 2024 · 274b82a · 274b82a
1 parent a38355f
commit 274b82a
Show file tree

Hide file tree

Showing 39 changed files with 514 additions and 81 deletions.
diff --git a/checkpoint/cme_utils.go b/checkpoint/cme_utils.go
@@ -6,7 +6,7 @@ import (
 )
 
 const (
-	CmeApiVersion = "v1.1"
+	CmeApiVersion = "v1.2"
 	CmeApiPath    = "cme-api/" + CmeApiVersion
 )
 

diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go b/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go
@@ -60,6 +60,11 @@ func dataSourceManagementCMEAccountsAzure() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"environment": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The Azure account environment.",
+			},
 		},
 	}
 }
@@ -108,5 +113,7 @@ func dataSourceManagementCMEAccountsAzureRead(d *schema.ResourceData, m interfac
 
 	_ = d.Set("gw_configurations", AzureAccount["gw_configurations"])
 
+	_ = d.Set("environment", AzureAccount["environment"])
+
 	return nil
 }
diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go
@@ -29,6 +29,9 @@ func TestAccDataSourceCheckpointManagementCMEAccountsAzure_basic(t *testing.T) {
 					resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "directory_id", resourceName, "directory_id"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "subscription", resourceName, "subscription"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "application_id", resourceName, "application_id"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "environment", resourceName, "environment"),
+
 				),
 			},
 		},
@@ -43,6 +46,7 @@ resource "checkpoint_management_cme_accounts_azure" "test" {
   application_id = "46707d92-02f4-4817-8116-a4c3b23e6266"
   client_secret = "mySecret"
   subscription = "46707d92-02f4-4817-8116-a4c3b23e6267"
+  environment = "AzureCloud"
 }
 
 data "checkpoint_management_cme_accounts_azure" "data_test"{

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go
@@ -38,6 +38,27 @@ func dataSourceManagementCMEGWConfigurations() *schema.Resource {
 							Computed:    true,
 							Description: "Configuration policy.",
 						},
+						"section_name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.",
+						},
+						"x_forwarded_for": {
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Enable XFF headers in HTTP / HTTPS requests.",
+						},
+						"color": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Color of the gateways objects in SmartConsole.",
+						},
+						"communication_with_servers_behind_nat": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Gateway behind NAT communications settings with the Check Point Servers" +
+								"(Management, Multi-Domain, Log Servers).",
+						},
 						"related_account": {
 							Type:        schema.TypeString,
 							Computed:    true,
@@ -202,6 +223,10 @@ func dataSourceManagementCMEGWConfigurationsRead(d *schema.ResourceData, m inter
 			tempObject["sic_key"] = singleGWConfiguration["sic_key"]
 			tempObject["policy"] = singleGWConfiguration["policy"]
 			tempObject["related_account"] = singleGWConfiguration["related_account"]
+			tempObject["section_name"] = singleGWConfiguration["section_name"]
+			tempObject["x_forwarded_for"] = singleGWConfiguration["x_forwarded_for"]
+			tempObject["color"] = singleGWConfiguration["color"]
+			tempObject["communication_with_servers_behind_nat"] = singleGWConfiguration["communication-with-servers-behind-nat"]
 
 			var bladesListToReturn []map[string]interface{}
 			bladesMapToAdd := make(map[string]interface{})

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go
@@ -38,6 +38,27 @@ func dataSourceManagementCMEGWConfigurationsAWS() *schema.Resource {
 				Computed:    true,
 				Description: "Related account name (aws/azure/gcp accounts)",
 			},
+			"section_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.",
+			},
+			"x_forwarded_for": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Enable XFF headers in HTTP / HTTPS requests.",
+			},
+			"color": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Color of the gateways objects in SmartConsole.",
+			},
+			"communication_with_servers_behind_nat": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: "Gateway behind NAT communications settings with the Check Point Servers" +
+					"(Management, Multi-Domain, Log Servers).",
+			},
 			"blades": {
 				Type:        schema.TypeList,
 				MaxItems:    1,
@@ -307,5 +328,13 @@ func dataSourceManagementCMEGWConfigurationsAWSRead(d *schema.ResourceData, m in
 
 	_ = d.Set("send_alerts_to_server", AWSGWConfiguration["send-alerts-to-server"])
 
+	_ = d.Set("section_name", AWSGWConfiguration["section_name"])
+
+	_ = d.Set("x_forwarded_for", AWSGWConfiguration["x_forwarded_for"])
+
+	_ = d.Set("color", AWSGWConfiguration["color"])
+
+	_ = d.Set("communication_with_servers_behind_nat", AWSGWConfiguration["communication-with-servers-behind-nat"])
+
 	return nil
 }
diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go
@@ -30,6 +30,9 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAWS_basic(t *testin
 					resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"),
 				),
 			},
 		},
@@ -50,6 +53,9 @@ resource "checkpoint_management_cme_gw_configurations_aws" "test" {
   version         = "R81"
   base64_sic_key  = "MTIzNDU2Nzg="
   policy          = "Standard"
+  x_forwarded_for = true
+  color           = "black"
+  communication_with_servers_behind_nat = "translated-ip-only"
   blades {
 	ips                          = false
 	anti_bot                     = false

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go
@@ -157,6 +157,32 @@ func dataSourceManagementCMEGWConfigurationsAzure() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"ipv6": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Indicates if the GW is configured to support IPv6.",
+			},
+			"section_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.",
+			},
+			"x_forwarded_for": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Enable XFF headers in HTTP / HTTPS requests.",
+			},
+			"color": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Color of the gateways objects in SmartConsole.",
+			},
+			"communication_with_servers_behind_nat": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Gateway behind NAT communications settings with the Check Point Servers" +
+					"(Management, Multi-Domain, Log Servers).",
+			},
 		},
 	}
 }
@@ -258,5 +284,15 @@ func dataSourceManagementCMEGWConfigurationsAzureRead(d *schema.ResourceData, m
 
 	_ = d.Set("send_alerts_to_server", AzureGWConfiguration["send-alerts-to-server"])
 
+	_ = d.Set("ipv6", AzureGWConfiguration["ipv6"])
+
+	_ = d.Set("section_name", AzureGWConfiguration["section_name"])
+
+	_ = d.Set("x_forwarded_for", AzureGWConfiguration["x_forwarded_for"])
+
+	_ = d.Set("color", AzureGWConfiguration["color"])
+
+	_ = d.Set("communication_with_servers_behind_nat", AzureGWConfiguration["communication-with-servers-behind-nat"])
+
 	return nil
 }
diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go
@@ -30,6 +30,10 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAzure_basic(t *test
 					resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "ipv6", resourceName, "ipv6"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"),
 				),
 			},
 		},
@@ -52,6 +56,10 @@ resource "checkpoint_management_cme_gw_configurations_azure" "test" {
   version         = "R81"
   base64_sic_key  = "MTIzNDU2Nzg="
   policy          = "Standard"
+  ipv6			= true
+  x_forwarded_for = true
+  color           = "black"
+  communication_with_servers_behind_nat = "translated-ip-only"
   blades {
 	ips                          = false
 	anti_bot                     = false

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go
@@ -37,6 +37,27 @@ func dataSourceManagementCMEGWConfigurationsGCP() *schema.Resource {
 				Computed:    true,
 				Description: "Related account name (aws/azure/gcp accounts)",
 			},
+			"section_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.",
+			},
+			"x_forwarded_for": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Enable XFF headers in HTTP / HTTPS requests.",
+			},
+			"color": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Color of the gateways objects in SmartConsole.",
+			},
+			"communication_with_servers_behind_nat": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Gateway behind NAT communications settings with the Check Point Servers" +
+					"(Management, Multi-Domain, Log Servers).",
+			},
 			"blades": {
 				Type:        schema.TypeList,
 				MaxItems:    1,
@@ -258,5 +279,13 @@ func dataSourceManagementCMEGWConfigurationsGCPRead(d *schema.ResourceData, m in
 
 	_ = d.Set("send_alerts_to_server", GCPGWConfiguration["send-alerts-to-server"])
 
+	_ = d.Set("section_name", GCPGWConfiguration["section_name"])
+
+	_ = d.Set("x_forwarded_for", GCPGWConfiguration["x_forwarded_for"])
+
+	_ = d.Set("color", GCPGWConfiguration["color"])
+
+	_ = d.Set("communication_with_servers_behind_nat", GCPGWConfiguration["communication-with-servers-behind-nat"])
+
 	return nil
 }
diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go
@@ -30,6 +30,9 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsGCP_basic(t *testin
 					resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"),
 				),
 			},
 		},
@@ -50,6 +53,9 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "test" {
   version         = "R81"
   base64_sic_key  = "MTIzNDU2Nzg="
   policy          = "Standard"
+  x_forwarded_for = true
+  color           = "black"
+  communication_with_servers_behind_nat = "translated-ip-only"
   blades {
 	ips                          = false
 	anti_bot                     = false

diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_azure.go b/checkpoint/resource_checkpoint_management_cme_accounts_azure.go
@@ -68,6 +68,11 @@ func resourceManagementCMEAccountsAzure() *schema.Resource {
 					Type: schema.TypeString,
 				},
 			},
+			"environment": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The Azure account environment.",
+			},
 		},
 	}
 }
@@ -144,6 +149,8 @@ func readManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) error
 
 	_ = d.Set("gw_configurations", AzureAccount["gw_configurations"])
 
+	_ = d.Set("environment", AzureAccount["environment"])
+
 	return nil
 }
 
@@ -172,6 +179,9 @@ func createManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) err
 	if v, ok := d.GetOk("name"); ok {
 		payload["name"] = v.(string)
 	}
+	if v, ok := d.GetOk("environment"); ok {
+		payload["environment"] = v.(string)
+	}
 	log.Println("Create cme Azure account - name = ", payload["name"])
 
 	url := CmeApiPath + "/accounts/azure"
@@ -214,6 +224,9 @@ func updateManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) err
 	if d.HasChange("domain") {
 		payload["domain"] = d.Get("domain")
 	}
+	if d.HasChange("environment") {
+		payload["environment"] = d.Get("environment")
+	}
 
 	var name string
 

diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go b/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go
@@ -17,6 +17,7 @@ func TestAccCheckpointManagementCMEAccountsAzure_basic(t *testing.T) {
 	applicationId := "46707d92-02f4-4817-8116-a4c3b23e6266"
 	clientSecret := "mySecret"
 	subscription := "46707d92-02f4-4817-8116-a4c3b23e6267"
+	environment := "AzureCloud"
 
 	context := os.Getenv("CHECKPOINT_CONTEXT")
 	if context == "" {
@@ -31,11 +32,11 @@ func TestAccCheckpointManagementCMEAccountsAzure_basic(t *testing.T) {
 		CheckDestroy: testAccCheckpointManagementCMEAccountAzureDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccManagementCMEAccountsAzureConfig(accountName, directoryId, applicationId, clientSecret, subscription),
+				Config: testAccManagementCMEAccountsAzureConfig(accountName, directoryId, applicationId, clientSecret, subscription, environment),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceName, &azureAccount),
 					testAccCheckCheckpointManagementCMEAccountsAzureAttributes(&azureAccount, accountName, directoryId, applicationId,
-						subscription, 3),
+						subscription, 3, environment),
 				),
 			},
 		},
@@ -63,16 +64,17 @@ func testAccCheckpointManagementCMEAccountAzureDestroy(s *terraform.State) error
 	return nil
 }
 
-func testAccManagementCMEAccountsAzureConfig(accountName string, directoryId string, applicationId string, clientSecret string, subscription string) string {
+func testAccManagementCMEAccountsAzureConfig(accountName string, directoryId string, applicationId string, clientSecret string, subscription string, environment string) string {
 	return fmt.Sprintf(`
 resource "checkpoint_management_cme_accounts_azure" "test" {
   name           = "%s"
   directory_id   = "%s"
   application_id = "%s"
   client_secret  = "%s"
   subscription   = "%s"
+  environment    = "%s"
 }
-`, accountName, directoryId, applicationId, clientSecret, subscription)
+`, accountName, directoryId, applicationId, clientSecret, subscription, environment)
 }
 
 func testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc {
@@ -103,7 +105,7 @@ func testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceTfName strin
 }
 
 func testAccCheckCheckpointManagementCMEAccountsAzureAttributes(azureAccount *map[string]interface{}, name string,
-	directoryId string, applicationId string, subscription string, expectedDeletionTolerance int) resource.TestCheckFunc {
+	directoryId string, applicationId string, subscription string, expectedDeletionTolerance int, environment string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		account := (*azureAccount)["result"].(map[string]interface{})
 		if account["name"] != name {
@@ -122,6 +124,9 @@ func testAccCheckCheckpointManagementCMEAccountsAzureAttributes(azureAccount *ma
 		if deletionTolerance != expectedDeletionTolerance {
 			return fmt.Errorf("deletion_tolerance is %d, expected %d", deletionTolerance, expectedDeletionTolerance)
 		}
+		if account["environment"] != environment {
+			return fmt.Errorf("environment is %s, expected %s", account["environment"], environment)
+		}
 		return nil
 	}
 }