Add provider support for CME (#166)

checkpoint/cme_utils.go

@@ -0,0 +1,58 @@
+package checkpoint
+
+import (
+	"math"
+	"strconv"
+)
+
+const (
+	CmeApiVersion = "v1.1"
+	CmeApiPath    = "cme-api/" + CmeApiVersion
+)
+
+func checkIfRequestFailed(resJson map[string]interface{}) bool {
+
+	if resJson["status-code"] != nil {
+		statusCode := resJson["status-code"].(float64)
+		if int(math.Round(statusCode)) != 200 {
+			return true
+		}
+	}
+	return false
+}
+
+func buildErrorMessage(resJson map[string]interface{}) string {
+	errMessage := ""
+	if resJson["error"] != nil {
+		errorResultJson := resJson["error"].(map[string]interface{})
+		if v := errorResultJson["message"]; v != nil {
+			errMessage = "Message: " + v.(string)
+		}
+		if v := errorResultJson["details"]; v != nil {
+			errMessage += ". Details: " + v.(string)
+		}
+		if v := errorResultJson["error-code"]; v != nil {
+			errMessage += " (Error code: " + strconv.Itoa(int(math.Round(v.(float64)))) + ")"
+		}
+	}
+	if errMessage == "" {
+		errMessage = "Request failed. For more details check cme_api logger on the management server"
+	}
+	return errMessage
+}
+
+func cmeObjectNotFound(resJson map[string]interface{}) bool {
+	NotFoundErrorCode := []int{800, 802}
+	if resJson["error"] != nil {
+		errorResultJson := resJson["error"].(map[string]interface{})
+		if v := errorResultJson["error-code"]; v != nil {
+			errorCode := int(math.Round(v.(float64)))
+			for i := range NotFoundErrorCode {
+				if errorCode == NotFoundErrorCode[i] {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}

checkpoint/data_source_checkpoint_management_cme_accounts.go

@@ -0,0 +1,92 @@
+package checkpoint
+
+import (
+	"fmt"
+	checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"log"
+)
+
+func dataSourceManagementCMEAccounts() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceManagementCMEAccountsRead,
+		Schema: map[string]*schema.Schema{
+			"result": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Response data - contains all accounts",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Unique account name for identification.",
+						},
+						"platform": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The platform of the account.",
+						},
+						"gw_configurations": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "A list of GW configurations attached to the account",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+						"deletion_tolerance": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.",
+						},
+						"domain": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The account's domain name in MDS environment.",
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceManagementCMEAccountsRead(d *schema.ResourceData, m interface{}) error {
+	client := m.(*checkpoint.ApiClient)
+
+	log.Println("Read cme accounts")
+
+	url := CmeApiPath + "/accounts"
+	AccountsRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET")
+
+	if err != nil {
+		return fmt.Errorf(err.Error())
+	}
+	data := AccountsRes.GetData()
+	if checkIfRequestFailed(data) {
+		errMessage := buildErrorMessage(data)
+		return fmt.Errorf(errMessage)
+	}
+	d.SetId("cme-accounts-" + acctest.RandString(10))
+
+	accountsList := data["result"].([]interface{})
+	var accountsListToReturn []map[string]interface{}
+	if len(accountsList) > 0 {
+		for i := range accountsList {
+			singleAccount := accountsList[i].(map[string]interface{})
+			tempObject := make(map[string]interface{})
+			tempObject["name"] = singleAccount["name"]
+			tempObject["platform"] = singleAccount["platform"]
+			tempObject["gw_configurations"] = singleAccount["gw_configurations"]
+			tempObject["deletion_tolerance"] = singleAccount["deletion_tolerance"]
+			tempObject["domain"] = singleAccount["domain"]
+			accountsListToReturn = append(accountsListToReturn, tempObject)
+		}
+		_ = d.Set("result", accountsListToReturn)
+	} else {
+		_ = d.Set("result", []interface{}{})
+	}
+	return nil
+}

checkpoint/data_source_checkpoint_management_cme_accounts_aws.go

@@ -0,0 +1,232 @@
+package checkpoint
+
+import (
+	"fmt"
+	checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+	"log"
+)
+
+func dataSourceManagementCMEAccountsAWS() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceManagementCMEAccountsAWSRead,
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "Unique account name for identification.",
+			},
+			"platform": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The platform of the account.",
+			},
+			"regions": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "Comma-separated list of AWS regions, in which the gateways are being deployed.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"gw_configurations": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "A list of GW configurations attached to the account",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"credentials_file": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The credentials file.",
+			},
+			"deletion_tolerance": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.",
+			},
+			"access_key": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "AWS access key.",
+			},
+			"secret_key": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "AWS secret key.",
+			},
+			"sts_role": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "AWS sts role.",
+			},
+			"sts_external_id": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "AWS sts external id, must exist with sts role.",
+			},
+			"scan_gateways": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Set true in order to scan gateways with AWS TGW.",
+			},
+			"scan_vpn": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Set true in order to scan vpn with AWS TGW.",
+			},
+			"scan_load_balancers": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Set true in order to scan load balancers access and NAT rules with AWS TGW.",
+			},
+			"scan_subnets": {
+				Type:        schema.TypeBool,
+				Computed:    true,
+				Description: "Set true in order to scan subnets with AWS GWLB.",
+			},
+			"communities": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "AWS communities.",
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
+			"sub_accounts": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "AWS sub accounts.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Unique account name for identification.",
+						},
+						"credentials_file": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "The credentials file.",
+						},
+						"access_key": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "AWS access key.",
+						},
+						"secret_key": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "AWS secret key.",
+						},
+						"sts_role": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "AWS sts role.",
+						},
+						"sts_external_id": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "AWS sts external id, must exist with sts role.",
+						},
+					},
+				},
+			},
+			"domain": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "The account's domain name in MDS environment.",
+			},
+		},
+	}
+}
+
+func dataSourceManagementCMEAccountsAWSRead(d *schema.ResourceData, m interface{}) error {
+	client := m.(*checkpoint.ApiClient)
+
+	var name string
+
+	if v, ok := d.GetOk("name"); ok {
+		name = v.(string)
+	}
+	log.Println("Read cme AWS account - name = ", name)
+
+	url := CmeApiPath + "/accounts/" + name
+
+	AWSAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET")
+
+	if err != nil {
+		return fmt.Errorf(err.Error())
+	}
+	account := AWSAccountRes.GetData()
+	if checkIfRequestFailed(account) {
+		errMessage := buildErrorMessage(account)
+		return fmt.Errorf(errMessage)
+	}
+
+	d.SetId("cme-aws-account-" + name + "-" + acctest.RandString(10))
+
+	AWSAccount := account["result"].(map[string]interface{})
+
+	_ = d.Set("name", AWSAccount["name"])
+
+	_ = d.Set("platform", AWSAccount["platform"])
+
+	_ = d.Set("regions", AWSAccount["regions"])
+
+	_ = d.Set("gw_configurations", AWSAccount["gw_configurations"])
+
+	_ = d.Set("credentials_file", AWSAccount["credentials_file"])
+
+	_ = d.Set("deletion_tolerance", AWSAccount["deletion_tolerance"])
+
+	_ = d.Set("access_key", AWSAccount["access_key"])
+
+	_ = d.Set("secret_key", AWSAccount["secret_key"])
+
+	_ = d.Set("sts_role", AWSAccount["sts_role"])
+
+	_ = d.Set("sts_external_id", AWSAccount["sts_external_id"])
+
+	if AWSAccount["sync"] != nil {
+		syncMap := AWSAccount["sync"].(map[string]interface{})
+		_ = d.Set("scan_gateways", syncMap["gateway"])
+		_ = d.Set("scan_vpn", syncMap["vpn"])
+		_ = d.Set("scan_load_balancers", syncMap["lb"])
+		_ = d.Set("scan_subnets", syncMap["scan-subnets"])
+	} else {
+		_ = d.Set("scan_gateways", nil)
+		_ = d.Set("scan_vpn", nil)
+		_ = d.Set("scan_load_balancers", nil)
+		_ = d.Set("scan_subnets", nil)
+	}
+	_ = d.Set("communities", AWSAccount["communities"])
+
+	if AWSAccount["sub_accounts"] != nil {
+		subAccountsMap := AWSAccount["sub_accounts"].(map[string]interface{})
+		if len(subAccountsMap) > 0 {
+			var subAccountsListToReturn []map[string]interface{}
+			for key, value := range subAccountsMap {
+				subAccountMap := value.(map[string]interface{})
+				subAccountMapToAdd := make(map[string]interface{})
+				subAccountMapToAdd["name"] = key
+				subAccountMapToAdd["credentials_file"] = subAccountMap["credentials_file"]
+				subAccountMapToAdd["access_key"] = subAccountMap["access_key"]
+				subAccountMapToAdd["secret_key"] = subAccountMap["secret_key"]
+				subAccountMapToAdd["sts_role"] = subAccountMap["sts_role"]
+				subAccountMapToAdd["sts_external_id"] = subAccountMap["sts_external_id"]
+				subAccountsListToReturn = append(subAccountsListToReturn, subAccountMapToAdd)
+			}
+			_ = d.Set("sub_accounts", subAccountsListToReturn)
+		} else {
+			_ = d.Set("sub_accounts", []interface{}{})
+		}
+	} else {
+		_ = d.Set("sub_accounts", nil)
+	}
+	_ = d.Set("domain", AWSAccount["domain"])
+	return nil
+}