diff --git a/checkpoint/cme_utils.go b/checkpoint/cme_utils.go new file mode 100755 index 00000000..7eaa3f29 --- /dev/null +++ b/checkpoint/cme_utils.go @@ -0,0 +1,58 @@ +package checkpoint + +import ( + "math" + "strconv" +) + +const ( + CmeApiVersion = "v1.1" + CmeApiPath = "cme-api/" + CmeApiVersion +) + +func checkIfRequestFailed(resJson map[string]interface{}) bool { + + if resJson["status-code"] != nil { + statusCode := resJson["status-code"].(float64) + if int(math.Round(statusCode)) != 200 { + return true + } + } + return false +} + +func buildErrorMessage(resJson map[string]interface{}) string { + errMessage := "" + if resJson["error"] != nil { + errorResultJson := resJson["error"].(map[string]interface{}) + if v := errorResultJson["message"]; v != nil { + errMessage = "Message: " + v.(string) + } + if v := errorResultJson["details"]; v != nil { + errMessage += ". Details: " + v.(string) + } + if v := errorResultJson["error-code"]; v != nil { + errMessage += " (Error code: " + strconv.Itoa(int(math.Round(v.(float64)))) + ")" + } + } + if errMessage == "" { + errMessage = "Request failed. For more details check cme_api logger on the management server" + } + return errMessage +} + +func cmeObjectNotFound(resJson map[string]interface{}) bool { + NotFoundErrorCode := []int{800, 802} + if resJson["error"] != nil { + errorResultJson := resJson["error"].(map[string]interface{}) + if v := errorResultJson["error-code"]; v != nil { + errorCode := int(math.Round(v.(float64))) + for i := range NotFoundErrorCode { + if errorCode == NotFoundErrorCode[i] { + return true + } + } + } + } + return false +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts.go b/checkpoint/data_source_checkpoint_management_cme_accounts.go new file mode 100755 index 00000000..48f28266 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts.go @@ -0,0 +1,92 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEAccounts() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEAccountsRead, + Schema: map[string]*schema.Schema{ + "result": { + Type: schema.TypeList, + Computed: true, + Description: "Response data - contains all accounts", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Unique account name for identification.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Computed: true, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "domain": { + Type: schema.TypeString, + Computed: true, + Description: "The account's domain name in MDS environment.", + }, + }, + }, + }, + }, + } +} + +func dataSourceManagementCMEAccountsRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme accounts") + + url := CmeApiPath + "/accounts" + AccountsRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + data := AccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + d.SetId("cme-accounts-" + acctest.RandString(10)) + + accountsList := data["result"].([]interface{}) + var accountsListToReturn []map[string]interface{} + if len(accountsList) > 0 { + for i := range accountsList { + singleAccount := accountsList[i].(map[string]interface{}) + tempObject := make(map[string]interface{}) + tempObject["name"] = singleAccount["name"] + tempObject["platform"] = singleAccount["platform"] + tempObject["gw_configurations"] = singleAccount["gw_configurations"] + tempObject["deletion_tolerance"] = singleAccount["deletion_tolerance"] + tempObject["domain"] = singleAccount["domain"] + accountsListToReturn = append(accountsListToReturn, tempObject) + } + _ = d.Set("result", accountsListToReturn) + } else { + _ = d.Set("result", []interface{}{}) + } + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_aws.go b/checkpoint/data_source_checkpoint_management_cme_accounts_aws.go new file mode 100644 index 00000000..6ca85416 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_aws.go @@ -0,0 +1,232 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEAccountsAWS() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEAccountsAWSRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Unique account name for identification.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "regions": { + Type: schema.TypeList, + Computed: true, + Description: "Comma-separated list of AWS regions, in which the gateways are being deployed.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "credentials_file": { + Type: schema.TypeString, + Computed: true, + Description: "The credentials file.", + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Computed: true, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "access_key": { + Type: schema.TypeString, + Computed: true, + Description: "AWS access key.", + }, + "secret_key": { + Type: schema.TypeString, + Computed: true, + Description: "AWS secret key.", + }, + "sts_role": { + Type: schema.TypeString, + Computed: true, + Description: "AWS sts role.", + }, + "sts_external_id": { + Type: schema.TypeString, + Computed: true, + Description: "AWS sts external id, must exist with sts role.", + }, + "scan_gateways": { + Type: schema.TypeBool, + Computed: true, + Description: "Set true in order to scan gateways with AWS TGW.", + }, + "scan_vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "Set true in order to scan vpn with AWS TGW.", + }, + "scan_load_balancers": { + Type: schema.TypeBool, + Computed: true, + Description: "Set true in order to scan load balancers access and NAT rules with AWS TGW.", + }, + "scan_subnets": { + Type: schema.TypeBool, + Computed: true, + Description: "Set true in order to scan subnets with AWS GWLB.", + }, + "communities": { + Type: schema.TypeList, + Computed: true, + Description: "AWS communities.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "sub_accounts": { + Type: schema.TypeList, + Computed: true, + Description: "AWS sub accounts.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Unique account name for identification.", + }, + "credentials_file": { + Type: schema.TypeString, + Computed: true, + Description: "The credentials file.", + }, + "access_key": { + Type: schema.TypeString, + Computed: true, + Description: "AWS access key.", + }, + "secret_key": { + Type: schema.TypeString, + Computed: true, + Description: "AWS secret key.", + }, + "sts_role": { + Type: schema.TypeString, + Computed: true, + Description: "AWS sts role.", + }, + "sts_external_id": { + Type: schema.TypeString, + Computed: true, + Description: "AWS sts external id, must exist with sts role.", + }, + }, + }, + }, + "domain": { + Type: schema.TypeString, + Computed: true, + Description: "The account's domain name in MDS environment.", + }, + }, + } +} + +func dataSourceManagementCMEAccountsAWSRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme AWS account - name = ", name) + + url := CmeApiPath + "/accounts/" + name + + AWSAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + account := AWSAccountRes.GetData() + if checkIfRequestFailed(account) { + errMessage := buildErrorMessage(account) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-aws-account-" + name + "-" + acctest.RandString(10)) + + AWSAccount := account["result"].(map[string]interface{}) + + _ = d.Set("name", AWSAccount["name"]) + + _ = d.Set("platform", AWSAccount["platform"]) + + _ = d.Set("regions", AWSAccount["regions"]) + + _ = d.Set("gw_configurations", AWSAccount["gw_configurations"]) + + _ = d.Set("credentials_file", AWSAccount["credentials_file"]) + + _ = d.Set("deletion_tolerance", AWSAccount["deletion_tolerance"]) + + _ = d.Set("access_key", AWSAccount["access_key"]) + + _ = d.Set("secret_key", AWSAccount["secret_key"]) + + _ = d.Set("sts_role", AWSAccount["sts_role"]) + + _ = d.Set("sts_external_id", AWSAccount["sts_external_id"]) + + if AWSAccount["sync"] != nil { + syncMap := AWSAccount["sync"].(map[string]interface{}) + _ = d.Set("scan_gateways", syncMap["gateway"]) + _ = d.Set("scan_vpn", syncMap["vpn"]) + _ = d.Set("scan_load_balancers", syncMap["lb"]) + _ = d.Set("scan_subnets", syncMap["scan-subnets"]) + } else { + _ = d.Set("scan_gateways", nil) + _ = d.Set("scan_vpn", nil) + _ = d.Set("scan_load_balancers", nil) + _ = d.Set("scan_subnets", nil) + } + _ = d.Set("communities", AWSAccount["communities"]) + + if AWSAccount["sub_accounts"] != nil { + subAccountsMap := AWSAccount["sub_accounts"].(map[string]interface{}) + if len(subAccountsMap) > 0 { + var subAccountsListToReturn []map[string]interface{} + for key, value := range subAccountsMap { + subAccountMap := value.(map[string]interface{}) + subAccountMapToAdd := make(map[string]interface{}) + subAccountMapToAdd["name"] = key + subAccountMapToAdd["credentials_file"] = subAccountMap["credentials_file"] + subAccountMapToAdd["access_key"] = subAccountMap["access_key"] + subAccountMapToAdd["secret_key"] = subAccountMap["secret_key"] + subAccountMapToAdd["sts_role"] = subAccountMap["sts_role"] + subAccountMapToAdd["sts_external_id"] = subAccountMap["sts_external_id"] + subAccountsListToReturn = append(subAccountsListToReturn, subAccountMapToAdd) + } + _ = d.Set("sub_accounts", subAccountsListToReturn) + } else { + _ = d.Set("sub_accounts", []interface{}{}) + } + } else { + _ = d.Set("sub_accounts", nil) + } + _ = d.Set("domain", AWSAccount["domain"]) + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_aws_test.go b/checkpoint/data_source_checkpoint_management_cme_accounts_aws_test.go new file mode 100644 index 00000000..656571ec --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_aws_test.go @@ -0,0 +1,50 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEAccountsAWS_basic(t *testing.T) { + resourceName := "checkpoint_management_cme_accounts_aws.test" + dataSourceName := "data.checkpoint_management_cme_accounts_aws.data_test" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEAccountsAWSConfig(accountName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "regions", resourceName, "regions"), + resource.TestCheckResourceAttrPair(dataSourceName, "credentials_file", resourceName, "credentials_file"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEAccountsAWSConfig(accountName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_aws" "test" { + name = "%s" + regions = ["us-east-1"] + credentials_file = "IAM" +} + +data "checkpoint_management_cme_accounts_aws" "data_test"{ + name = "${checkpoint_management_cme_accounts_aws.test.name}" +} +`, accountName) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go b/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go new file mode 100644 index 00000000..1ec26c84 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go @@ -0,0 +1,112 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEAccountsAzure() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEAccountsAzureRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Unique account name for identification.", + }, + "subscription": { + Type: schema.TypeString, + Computed: true, + Description: "Azure subscription ID.", + }, + "directory_id": { + Type: schema.TypeString, + Computed: true, + Description: "Azure Active Directory tenant ID.", + }, + "application_id": { + Type: schema.TypeString, + Computed: true, + Description: "The application ID with which the service principal is associated.", + }, + "client_secret": { + Type: schema.TypeString, + Computed: true, + Description: "The service principal's client secret.", + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Computed: true, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "domain": { + Type: schema.TypeString, + Computed: true, + Description: "The account's domain name in MDS environment.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementCMEAccountsAzureRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + + log.Println("Read cme Azure account - name = ", name) + url := CmeApiPath + "/accounts/" + name + + AzureAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + account := AzureAccountRes.GetData() + if checkIfRequestFailed(account) { + errMessage := buildErrorMessage(account) + return fmt.Errorf(errMessage) + } + d.SetId("cme-azure-account-" + name + "-" + acctest.RandString(10)) + + AzureAccount := account["result"].(map[string]interface{}) + + _ = d.Set("name", AzureAccount["name"]) + + _ = d.Set("subscription", AzureAccount["subscription"]) + + _ = d.Set("directory_id", AzureAccount["directory_id"]) + + _ = d.Set("application_id", AzureAccount["application_id"]) + + _ = d.Set("client_secret", AzureAccount["client_secret"]) + + _ = d.Set("deletion_tolerance", AzureAccount["deletion_tolerance"]) + + _ = d.Set("domain", AzureAccount["domain"]) + + _ = d.Set("platform", AzureAccount["platform"]) + + _ = d.Set("gw_configurations", AzureAccount["gw_configurations"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go new file mode 100644 index 00000000..7cb743d0 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go @@ -0,0 +1,52 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEAccountsAzure_basic(t *testing.T) { + resourceName := "checkpoint_management_cme_accounts_azure.test" + dataSourceName := "data.checkpoint_management_cme_accounts_azure.data_test" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEAccountsAzureConfig(accountName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "directory_id", resourceName, "directory_id"), + resource.TestCheckResourceAttrPair(dataSourceName, "subscription", resourceName, "subscription"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEAccountsAzureConfig(accountName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_azure" "test" { + name = "%s" + directory_id = "46707d92-02f4-4817-8116-a4c3b23e6266" + application_id = "46707d92-02f4-4817-8116-a4c3b23e6266" + client_secret = "mySecret" + subscription = "46707d92-02f4-4817-8116-a4c3b23e6267" +} + +data "checkpoint_management_cme_accounts_azure" "data_test"{ + name = "${checkpoint_management_cme_accounts_azure.test.name}" +} +`, accountName) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_gcp.go b/checkpoint/data_source_checkpoint_management_cme_accounts_gcp.go new file mode 100644 index 00000000..1fdf59a4 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_gcp.go @@ -0,0 +1,105 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEAccountsGCP() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEAccountsGCPRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Unique account name for identification.", + }, + "project_id": { + Type: schema.TypeString, + Computed: true, + Description: "The project id.", + }, + "credentials_file": { + Type: schema.TypeString, + Computed: true, + Description: "The credentials file.", + }, + "credentials_data": { + Type: schema.TypeString, + Computed: true, + Description: "Base64 encoded string that represents the content of the credentials file.", + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Computed: true, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "domain": { + Type: schema.TypeString, + Computed: true, + Description: "The account's domain name in MDS environment.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementCMEAccountsGCPRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + + log.Println("Read cme GCP account - name = ", name) + url := CmeApiPath + "/accounts/" + name + + GCPAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + account := GCPAccountRes.GetData() + if checkIfRequestFailed(account) { + errMessage := buildErrorMessage(account) + return fmt.Errorf(errMessage) + } + d.SetId("cme-gcp-account-" + name + "-" + acctest.RandString(10)) + + GCPAccount := account["result"].(map[string]interface{}) + + _ = d.Set("name", GCPAccount["name"]) + + _ = d.Set("project_id", GCPAccount["project_id"]) + + _ = d.Set("credentials_file", GCPAccount["credentials_file"]) + + _ = d.Set("credentials_data", GCPAccount["credentials_data"]) + + _ = d.Set("deletion_tolerance", GCPAccount["deletion_tolerance"]) + + _ = d.Set("domain", GCPAccount["domain"]) + + _ = d.Set("platform", GCPAccount["platform"]) + + _ = d.Set("gw_configurations", GCPAccount["gw_configurations"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_gcp_test.go b/checkpoint/data_source_checkpoint_management_cme_accounts_gcp_test.go new file mode 100644 index 00000000..9a679969 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_gcp_test.go @@ -0,0 +1,49 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEAccountsGCP_basic(t *testing.T) { + resourceName := "checkpoint_management_cme_accounts_gcp.test" + dataSourceName := "data.checkpoint_management_cme_accounts_gcp.data_test" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEAccountsGCPConfig(accountName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "project_id", resourceName, "project_id"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEAccountsGCPConfig(accountName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_gcp" "test" { + name = "%s" + project_id = "my-project-1" + credentials_file = "LocalGWSetMap.json" +} + +data "checkpoint_management_cme_accounts_gcp" "data_test"{ + name = "${checkpoint_management_cme_accounts_gcp.test.name}" +} +`, accountName) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_test.go b/checkpoint/data_source_checkpoint_management_cme_accounts_test.go new file mode 100644 index 00000000..ad3d500c --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_test.go @@ -0,0 +1,38 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEAccounts_basic(t *testing.T) { + dataSourceName := "data.checkpoint_management_cme_accounts.data_test" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEAccountsConfig(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "result.#"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEAccountsConfig() string { + return fmt.Sprintf(` +data "checkpoint_management_cme_accounts" "data_test"{ +} +`) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_api_versions.go b/checkpoint/data_source_checkpoint_management_cme_api_versions.go new file mode 100644 index 00000000..123ad297 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_api_versions.go @@ -0,0 +1,59 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEAPIVersions() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEAPIVersionsRead, + Schema: map[string]*schema.Schema{ + "current_version": { + Type: schema.TypeString, + Computed: true, + Description: "Current CME API version.", + }, + "supported_versions": { + Type: schema.TypeList, + Computed: true, + Description: "Supported CME API versions.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementCMEAPIVersionsRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme api versions") + url := CmeApiPath + "/api-versions" + + cmeVersionRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + cmeAPIVersionsJson := cmeVersionRes.GetData() + if checkIfRequestFailed(cmeAPIVersionsJson) { + errMessage := buildErrorMessage(cmeAPIVersionsJson) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-api-versions-" + acctest.RandString(10)) + + cmeAPIVersions := cmeAPIVersionsJson["result"].(map[string]interface{}) + + _ = d.Set("current_version", cmeAPIVersions["current_version"]) + + _ = d.Set("supported_versions", cmeAPIVersions["supported_versions"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_api_versions_test.go b/checkpoint/data_source_checkpoint_management_cme_api_versions_test.go new file mode 100644 index 00000000..89b6cc66 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_api_versions_test.go @@ -0,0 +1,40 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEAPIVersions_basic(t *testing.T) { + dataSourceName := "data.checkpoint_management_cme_api_versions.test" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEAPIVersionsConfig(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "current_version"), + resource.TestCheckResourceAttrSet(dataSourceName, "supported_versions.#"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEAPIVersionsConfig() string { + return fmt.Sprintf(` +data "checkpoint_management_cme_api_versions" "test"{ +} +`) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_delay_cycle.go b/checkpoint/data_source_checkpoint_management_cme_delay_cycle.go new file mode 100755 index 00000000..60d30305 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_delay_cycle.go @@ -0,0 +1,49 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEDelayCycle() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEDelayCycleRead, + Schema: map[string]*schema.Schema{ + "delay_cycle": { + Type: schema.TypeInt, + Computed: true, + Description: "Time to wait in seconds after each poll cycle.", + }, + }, + } +} + +func dataSourceManagementCMEDelayCycleRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme delay cycle") + url := CmeApiPath + "/generalConfiguration/delayCycle" + + cmeDelayCycleRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeDelayCycleRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-delay-cycle-" + acctest.RandString(10)) + + cmeDelayCycleData := data["result"].(map[string]interface{}) + + _ = d.Set("delay_cycle", cmeDelayCycleData["delay_cycle"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_delay_cycle_test.go b/checkpoint/data_source_checkpoint_management_cme_delay_cycle_test.go new file mode 100644 index 00000000..1c5ab654 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_delay_cycle_test.go @@ -0,0 +1,39 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEDelayCycle_basic(t *testing.T) { + dataSourceName := "data.checkpoint_management_cme_delay_cycle.test" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEDelayCycleConfig(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "delay_cycle"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEDelayCycleConfig() string { + return fmt.Sprintf(` +data "checkpoint_management_cme_delay_cycle" "test"{ +} +`) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go new file mode 100755 index 00000000..6ee6ff6d --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go @@ -0,0 +1,267 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEGWConfigurations() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEGWConfigurationsRead, + Schema: map[string]*schema.Schema{ + "result": { + Type: schema.TypeList, + Computed: true, + Description: "Response data - contains all GW configurations", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "The name of the configuration.", + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "The GW version.", + }, + "sic_key": { + Type: schema.TypeString, + Computed: true, + Description: "The configuration sic key.", + }, + "policy": { + Type: schema.TypeString, + Computed: true, + Description: "Configuration policy.", + }, + "related_account": { + Type: schema.TypeString, + Computed: true, + Description: "Related account name (aws/azure/gcp accounts)", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Computed: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Computed: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Computed: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Computed: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Computed: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Computed: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Computed: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Computed: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Computed: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, + }, + } +} + +func dataSourceManagementCMEGWConfigurationsRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme GW configurations") + + url := CmeApiPath + "/gwConfigurations" + + cmeGWConfigurationsRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + gwConfigurations := cmeGWConfigurationsRes.GetData() + if checkIfRequestFailed(gwConfigurations) { + errMessage := buildErrorMessage(gwConfigurations) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-gw-configurations-" + acctest.RandString(10)) + + gwConfigurationsList := gwConfigurations["result"].([]interface{}) + var gwConfigurationsListToReturn []map[string]interface{} + if len(gwConfigurationsList) > 0 { + for i := range gwConfigurationsList { + singleGWConfiguration := gwConfigurationsList[i].(map[string]interface{}) + tempObject := make(map[string]interface{}) + tempObject["name"] = singleGWConfiguration["name"] + tempObject["version"] = singleGWConfiguration["version"] + tempObject["sic_key"] = singleGWConfiguration["sic_key"] + tempObject["policy"] = singleGWConfiguration["policy"] + tempObject["related_account"] = singleGWConfiguration["related_account"] + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if singleGWConfiguration["blades"] != nil { + bladesMap := singleGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + tempObject["blades"] = bladesListToReturn + + if singleGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := singleGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + tempObject["repository_gateway_scripts"] = scriptsListToReturn + } else { + tempObject["repository_gateway_scripts"] = scriptsList + } + } + tempObject["send_logs_to_server"] = singleGWConfiguration["send-logs-to-server"] + tempObject["send_logs_to_backup_server"] = singleGWConfiguration["send-logs-to-backup-server"] + tempObject["send_alerts_to_server"] = singleGWConfiguration["send-alerts-to-server"] + + gwConfigurationsListToReturn = append(gwConfigurationsListToReturn, tempObject) + } + _ = d.Set("result", gwConfigurationsListToReturn) + } else { + _ = d.Set("result", []interface{}{}) + } + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go new file mode 100644 index 00000000..1607f35f --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go @@ -0,0 +1,311 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strings" +) + +func dataSourceManagementCMEGWConfigurationsAWS() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEGWConfigurationsAWSRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The name of the configuration.", + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "The GW version.", + }, + "sic_key": { + Type: schema.TypeString, + Computed: true, + Description: "The configuration sic key.", + }, + "policy": { + Type: schema.TypeString, + Computed: true, + Description: "Configuration policy.", + }, + "related_account": { + Type: schema.TypeString, + Computed: true, + Description: "Related account name (aws/azure/gcp accounts)", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Computed: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Computed: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Computed: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Computed: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Computed: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Computed: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Computed: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Computed: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "vpn_domain": { + Type: schema.TypeString, + Computed: true, + Description: "The group object to be set as the VPN domain for the VPN gateway." + + " An empty string will automatically set an empty group as the encryption domain." + + " Always empty string for 'TGW' deployment type.", + }, + "vpn_community": { + Type: schema.TypeString, + Computed: true, + Description: "A star community in which to place the VPN gateway as center.", + }, + "deployment_type": { + Type: schema.TypeString, + Computed: true, + Description: "The deployment type of the CloudGuard Security Gateways.", + }, + "tgw_static_routes": { + Type: schema.TypeList, + Computed: true, + Description: "Comma separated list of cidrs, for each cidr a static route will be created on each" + + " gateway of the TGW auto scaling group.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "tgw_spoke_routes": { + Type: schema.TypeList, + Computed: true, + Description: "Comma separated list of spoke cidrs, each spoke cidr that was learned from the TGW over" + + " bgp will be re-advertised by the gateways of the TGW auto scaling group to the AWS TGW.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Computed: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementCMEGWConfigurationsAWSRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme AWS GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/" + name + + AWSGWConfigurationRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + gwConfiguration := AWSGWConfigurationRes.GetData() + if checkIfRequestFailed(gwConfiguration) { + errMessage := buildErrorMessage(gwConfiguration) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-aws-gw-configuration-" + name + "-" + acctest.RandString(10)) + + AWSGWConfiguration := gwConfiguration["result"].(map[string]interface{}) + + _ = d.Set("name", AWSGWConfiguration["name"]) + + _ = d.Set("version", AWSGWConfiguration["version"]) + + _ = d.Set("sic_key", AWSGWConfiguration["sic_key"]) + + _ = d.Set("policy", AWSGWConfiguration["policy"]) + + _ = d.Set("related_account", AWSGWConfiguration["related_account"]) + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if AWSGWConfiguration["blades"] != nil { + bladesMap := AWSGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + _ = d.Set("blades", bladesListToReturn) + + if AWSGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := AWSGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + _ = d.Set("repository_gateway_scripts", scriptsListToReturn) + } else { + _ = d.Set("repository_gateway_scripts", scriptsList) + } + } else { + _ = d.Set("repository_gateway_scripts", nil) + } + _ = d.Set("vpn_domain", AWSGWConfiguration["vpn_domain"]) + + _ = d.Set("vpn_community", AWSGWConfiguration["vpn_community"]) + + _ = d.Set("deployment_type", AWSGWConfiguration["deployment_type"]) + + if tgwStaticRoutes, ok := AWSGWConfiguration["tgw_static_routes"].(string); ok { + _ = d.Set("tgw_static_routes", strings.Split(tgwStaticRoutes, ",")) + } + + if tgwSpokeRoutes, ok := AWSGWConfiguration["tgw_spoke_routes"].(string); ok { + _ = d.Set("tgw_spoke_routes", strings.Split(tgwSpokeRoutes, ",")) + } + + _ = d.Set("send_logs_to_server", AWSGWConfiguration["send-logs-to-server"]) + + _ = d.Set("send_logs_to_backup_server", AWSGWConfiguration["send-logs-to-backup-server"]) + + _ = d.Set("send_alerts_to_server", AWSGWConfiguration["send-alerts-to-server"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go new file mode 100644 index 00000000..3d7b20b4 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go @@ -0,0 +1,73 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAWS_basic(t *testing.T) { + resourceName := "checkpoint_management_cme_gw_configurations_aws.test" + dataSourceName := "data.checkpoint_management_cme_gw_configurations_aws.data_test" + gwConfigurationName := "test-gw-configuration" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEGWConfigurationsAWSConfig(accountName, gwConfigurationName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"), + resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEGWConfigurationsAWSConfig(accountName string, gwConfigurationName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_aws" "aws_account" { + name = "%s" + regions = ["us-east-1"] + credentials_file = "IAM" +} + +resource "checkpoint_management_cme_gw_configurations_aws" "test" { + name = "%s" + related_account = "${checkpoint_management_cme_accounts_aws.aws_account.name}" + version = "R81" + base64_sic_key = "MTIzNDU2Nzg=" + policy = "Standard" + blades { + ips = false + anti_bot = false + anti_virus = false + https_inspection = false + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} + +data "checkpoint_management_cme_gw_configurations_aws" "data_test" { + name = "${checkpoint_management_cme_gw_configurations_aws.test.name}" +} +`, accountName, gwConfigurationName) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go new file mode 100644 index 00000000..42634902 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go @@ -0,0 +1,262 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEGWConfigurationsAzure() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEGWConfigurationsAzureRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The name of the configuration.", + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "The GW version.", + }, + "sic_key": { + Type: schema.TypeString, + Computed: true, + Description: "The configuration sic key.", + }, + "policy": { + Type: schema.TypeString, + Computed: true, + Description: "Configuration policy.", + }, + "related_account": { + Type: schema.TypeString, + Computed: true, + Description: "Related account name (aws/azure/gcp accounts)", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Computed: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Computed: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Computed: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Computed: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Computed: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Computed: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Computed: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Computed: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Computed: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementCMEGWConfigurationsAzureRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme Azure GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/" + name + + AzureGWConfigurationRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + gwConfiguration := AzureGWConfigurationRes.GetData() + if checkIfRequestFailed(gwConfiguration) { + errMessage := buildErrorMessage(gwConfiguration) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-azure-gw-configuration-" + name + "-" + acctest.RandString(10)) + + AzureGWConfiguration := gwConfiguration["result"].(map[string]interface{}) + + _ = d.Set("name", AzureGWConfiguration["name"]) + + _ = d.Set("version", AzureGWConfiguration["version"]) + + _ = d.Set("sic_key", AzureGWConfiguration["sic_key"]) + + _ = d.Set("policy", AzureGWConfiguration["policy"]) + + _ = d.Set("related_account", AzureGWConfiguration["related_account"]) + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if AzureGWConfiguration["blades"] != nil { + bladesMap := AzureGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + _ = d.Set("blades", bladesListToReturn) + + if AzureGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := AzureGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + _ = d.Set("repository_gateway_scripts", scriptsListToReturn) + } else { + _ = d.Set("repository_gateway_scripts", scriptsList) + } + } else { + _ = d.Set("repository_gateway_scripts", nil) + } + + _ = d.Set("send_logs_to_server", AzureGWConfiguration["send-logs-to-server"]) + + _ = d.Set("send_logs_to_backup_server", AzureGWConfiguration["send-logs-to-backup-server"]) + + _ = d.Set("send_alerts_to_server", AzureGWConfiguration["send-alerts-to-server"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go new file mode 100644 index 00000000..5d6a23d3 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go @@ -0,0 +1,75 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAzure_basic(t *testing.T) { + resourceName := "checkpoint_management_cme_gw_configurations_azure.test" + dataSourceName := "data.checkpoint_management_cme_gw_configurations_azure.data_test" + gwConfigurationName := "test-gw-configuration" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEGWConfigurationsAzureConfig(accountName, gwConfigurationName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"), + resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEGWConfigurationsAzureConfig(accountName string, gwConfigurationName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_azure" "azure_account" { + name = "%s" + directory_id = "46707d92-02f4-4817-8116-a4c3b23e6266" + application_id = "46707d92-02f4-4817-8116-a4c3b23e6266" + client_secret = "mySecret" + subscription = "46707d92-02f4-4817-8116-a4c3b23e6267" +} + +resource "checkpoint_management_cme_gw_configurations_azure" "test" { + name = "%s" + related_account = "${checkpoint_management_cme_accounts_azure.azure_account.name}" + version = "R81" + base64_sic_key = "MTIzNDU2Nzg=" + policy = "Standard" + blades { + ips = false + anti_bot = false + anti_virus = false + https_inspection = false + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} + +data "checkpoint_management_cme_gw_configurations_azure" "data_test" { + name = "${checkpoint_management_cme_gw_configurations_azure.test.name}" +} +`, accountName, gwConfigurationName) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go new file mode 100644 index 00000000..81104b23 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go @@ -0,0 +1,262 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEGWConfigurationsGCP() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEGWConfigurationsGCPRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The name of the configuration.", + }, + "version": { + Type: schema.TypeString, + Computed: true, + Description: "The GW version.", + }, + "sic_key": { + Type: schema.TypeString, + Computed: true, + Description: "The configuration sic key.", + }, + "policy": { + Type: schema.TypeString, + Computed: true, + Description: "Configuration policy.", + }, + "related_account": { + Type: schema.TypeString, + Computed: true, + Description: "Related account name (aws/azure/gcp accounts)", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Computed: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Computed: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Computed: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Computed: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Computed: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Computed: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Computed: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Computed: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Computed: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Computed: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Computed: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Computed: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Computed: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func dataSourceManagementCMEGWConfigurationsGCPRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme GCP GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/" + name + + GCPGWConfigurationRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + gwConfiguration := GCPGWConfigurationRes.GetData() + if checkIfRequestFailed(gwConfiguration) { + errMessage := buildErrorMessage(gwConfiguration) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-gcp-gw-configuration-" + name + "-" + acctest.RandString(10)) + + GCPGWConfiguration := gwConfiguration["result"].(map[string]interface{}) + + _ = d.Set("name", GCPGWConfiguration["name"]) + + _ = d.Set("version", GCPGWConfiguration["version"]) + + _ = d.Set("sic_key", GCPGWConfiguration["sic_key"]) + + _ = d.Set("policy", GCPGWConfiguration["policy"]) + + _ = d.Set("related_account", GCPGWConfiguration["related_account"]) + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if GCPGWConfiguration["blades"] != nil { + bladesMap := GCPGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + _ = d.Set("blades", bladesListToReturn) + + if GCPGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := GCPGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + _ = d.Set("repository_gateway_scripts", scriptsListToReturn) + } else { + _ = d.Set("repository_gateway_scripts", scriptsList) + } + } else { + _ = d.Set("repository_gateway_scripts", nil) + } + + _ = d.Set("send_logs_to_server", GCPGWConfiguration["send-logs-to-server"]) + + _ = d.Set("send_logs_to_backup_server", GCPGWConfiguration["send-logs-to-backup-server"]) + + _ = d.Set("send_alerts_to_server", GCPGWConfiguration["send-alerts-to-server"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go new file mode 100644 index 00000000..98025971 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go @@ -0,0 +1,73 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEGWConfigurationsGCP_basic(t *testing.T) { + resourceName := "checkpoint_management_cme_gw_configurations_gcp.test" + dataSourceName := "data.checkpoint_management_cme_gw_configurations_gcp.data_test" + gwConfigurationName := "test-gw-configuration" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEGWConfigurationsGCPConfig(accountName, gwConfigurationName), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), + resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"), + resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEGWConfigurationsGCPConfig(accountName string, gwConfigurationName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_gcp" "gcp_account" { + name = "%s" + project_id = "my-project-1" + credentials_file = "LocalGWSetMap.json" +} + +resource "checkpoint_management_cme_gw_configurations_gcp" "test" { + name = "%s" + related_account = "${checkpoint_management_cme_accounts_gcp.gcp_account.name}" + version = "R81" + base64_sic_key = "MTIzNDU2Nzg=" + policy = "Standard" + blades { + ips = false + anti_bot = false + anti_virus = false + https_inspection = false + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} + +data "checkpoint_management_cme_gw_configurations_gcp" "data_test" { + name = "${checkpoint_management_cme_gw_configurations_gcp.test.name}" +} +`, accountName, gwConfigurationName) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_test.go new file mode 100644 index 00000000..d604d256 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_test.go @@ -0,0 +1,39 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEGWConfigurations_basic(t *testing.T) { + dataSourceName := "data.checkpoint_management_cme_gw_configurations.data_test" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEGWConfigurationsConfig(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "result.#"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEGWConfigurationsConfig() string { + return fmt.Sprintf(` +data "checkpoint_management_cme_gw_configurations" "data_test"{ +} +`) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_management.go b/checkpoint/data_source_checkpoint_management_cme_management.go new file mode 100755 index 00000000..c1fad00e --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_management.go @@ -0,0 +1,63 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEManagement() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEManagementRead, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Computed: true, + Description: "The name of the management server.", + }, + "domain": { + Type: schema.TypeString, + Computed: true, + Description: "The management's domain name in MDS environment.", + }, + "host": { + Type: schema.TypeString, + Computed: true, + Description: "The host of the management server.", + }, + }, + } +} + +func dataSourceManagementCMEManagementRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme management") + url := CmeApiPath + "/management" + + cmeManagementRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeManagementRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-management-" + acctest.RandString(10)) + + cmeManagementData := data["result"].(map[string]interface{}) + + _ = d.Set("name", cmeManagementData["name"]) + + _ = d.Set("domain", cmeManagementData["domain"]) + + _ = d.Set("host", cmeManagementData["host"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_management_test.go b/checkpoint/data_source_checkpoint_management_cme_management_test.go new file mode 100644 index 00000000..64a3f412 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_management_test.go @@ -0,0 +1,40 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEManagement_basic(t *testing.T) { + dataSourceName := "data.checkpoint_management_cme_management.test" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEManagementConfig(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "name"), + resource.TestCheckResourceAttrSet(dataSourceName, "host"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEManagementConfig() string { + return fmt.Sprintf(` +data "checkpoint_management_cme_management" "test"{ +} +`) +} diff --git a/checkpoint/data_source_checkpoint_management_cme_version.go b/checkpoint/data_source_checkpoint_management_cme_version.go new file mode 100755 index 00000000..45087242 --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_version.go @@ -0,0 +1,49 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func dataSourceManagementCMEVersion() *schema.Resource { + return &schema.Resource{ + Read: dataSourceManagementCMEVersionRead, + Schema: map[string]*schema.Schema{ + "take": { + Type: schema.TypeInt, + Computed: true, + Description: "CME take number.", + }, + }, + } +} + +func dataSourceManagementCMEVersionRead(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme version") + url := CmeApiPath + "/generalConfiguration/cmeVersion" + + cmeVersionRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + cmeVersionJson := cmeVersionRes.GetData() + if checkIfRequestFailed(cmeVersionJson) { + errMessage := buildErrorMessage(cmeVersionJson) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-version-" + acctest.RandString(10)) + + cmeVersion := cmeVersionJson["result"].(map[string]interface{}) + + _ = d.Set("take", cmeVersion["take"]) + + return nil +} diff --git a/checkpoint/data_source_checkpoint_management_cme_version_test.go b/checkpoint/data_source_checkpoint_management_cme_version_test.go new file mode 100644 index 00000000..7e9f6b9d --- /dev/null +++ b/checkpoint/data_source_checkpoint_management_cme_version_test.go @@ -0,0 +1,39 @@ +package checkpoint + +import ( + "fmt" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "os" + "testing" +) + +func TestAccDataSourceCheckpointManagementCMEVersion_basic(t *testing.T) { + dataSourceName := "data.checkpoint_management_cme_version.test" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceManagementCMEVersionConfig(), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet(dataSourceName, "take"), + ), + }, + }, + }) +} + +func testAccDataSourceManagementCMEVersionConfig() string { + return fmt.Sprintf(` +data "checkpoint_management_cme_version" "test"{ +} +`) +} diff --git a/checkpoint/provider.go b/checkpoint/provider.go index 71ba5f35..7fb7f377 100644 --- a/checkpoint/provider.go +++ b/checkpoint/provider.go @@ -281,6 +281,14 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_gaia_best_practice": resourceManagementGaiaBestPractice(), "checkpoint_management_dynamic_global_network_object": resourceManagementDynamicGlobalNetworkObject(), "checkpoint_management_global_assignment": resourceManagementGlobalAssignment(), + "checkpoint_management_cme_delay_cycle": resourceManagementCMEDelayCycle(), + "checkpoint_management_cme_management": resourceManagementCMEManagement(), + "checkpoint_management_cme_accounts_azure": resourceManagementCMEAccountsAzure(), + "checkpoint_management_cme_accounts_gcp": resourceManagementCMEAccountsGCP(), + "checkpoint_management_cme_accounts_aws": resourceManagementCMEAccountsAWS(), + "checkpoint_management_cme_gw_configurations_aws": resourceManagementCMEGWConfigurationsAWS(), + "checkpoint_management_cme_gw_configurations_azure": resourceManagementCMEGWConfigurationsAzure(), + "checkpoint_management_cme_gw_configurations_gcp": resourceManagementCMEGWConfigurationsGCP(), }, DataSourcesMap: map[string]*schema.Resource{ "checkpoint_management_updatable_object": dataSourceManagementShowUpdatableObject(), @@ -407,6 +415,18 @@ func Provider() terraform.ResourceProvider { "checkpoint_management_gaia_best_practice": dataSourceManagementGaiaBestPractice(), "checkpoint_management_dynamic_global_network_object": dataSourceManagementDynamicGlobalNetworkObject(), "checkpoint_management_global_assignment": dataSourceManagementGlobalAssignment(), + "checkpoint_management_cme_version": dataSourceManagementCMEVersion(), + "checkpoint_management_cme_api_versions": dataSourceManagementCMEAPIVersions(), + "checkpoint_management_cme_delay_cycle": dataSourceManagementCMEDelayCycle(), + "checkpoint_management_cme_management": dataSourceManagementCMEManagement(), + "checkpoint_management_cme_accounts": dataSourceManagementCMEAccounts(), + "checkpoint_management_cme_accounts_aws": dataSourceManagementCMEAccountsAWS(), + "checkpoint_management_cme_accounts_azure": dataSourceManagementCMEAccountsAzure(), + "checkpoint_management_cme_accounts_gcp": dataSourceManagementCMEAccountsGCP(), + "checkpoint_management_cme_gw_configurations": dataSourceManagementCMEGWConfigurations(), + "checkpoint_management_cme_gw_configurations_aws": dataSourceManagementCMEGWConfigurationsAWS(), + "checkpoint_management_cme_gw_configurations_azure": dataSourceManagementCMEGWConfigurationsAzure(), + "checkpoint_management_cme_gw_configurations_gcp": dataSourceManagementCMEGWConfigurationsGCP(), }, ConfigureFunc: providerConfigure, } diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_aws.go b/checkpoint/resource_checkpoint_management_cme_accounts_aws.go new file mode 100755 index 00000000..e23c4f92 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_accounts_aws.go @@ -0,0 +1,486 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strconv" +) + +func resourceManagementCMEAccountsAWS() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEAccountsAWS, + Update: updateManagementCMEAccountsAWS, + Read: readManagementCMEAccountsAWS, + Delete: deleteManagementCMEAccountsAWS, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Unique account name for identification.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "regions": { + Type: schema.TypeList, + Required: true, + Description: "Comma-separated list of AWS regions, in which the gateways are being deployed.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "credentials_file": { + Type: schema.TypeString, + Optional: true, + Description: "The credentials file.", + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Optional: true, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "access_key": { + Type: schema.TypeString, + Optional: true, + Description: "AWS access key.", + }, + "secret_key": { + Type: schema.TypeString, + Optional: true, + Description: "AWS secret key.", + Sensitive: true, + }, + "sts_role": { + Type: schema.TypeString, + Optional: true, + Description: "AWS sts role.", + }, + "sts_external_id": { + Type: schema.TypeString, + Optional: true, + Description: "AWS sts external id, must exist with sts role.", + }, + "scan_gateways": { + Type: schema.TypeBool, + Optional: true, + Description: "Set true in order to scan gateways with AWS TGW.", + }, + "scan_vpn": { + Type: schema.TypeBool, + Optional: true, + Description: "Set true in order to scan vpn with AWS TGW.", + }, + "scan_load_balancers": { + Type: schema.TypeBool, + Optional: true, + Description: "Set true in order to scan load balancers access and NAT rules with AWS TGW.", + }, + "scan_subnets": { + Type: schema.TypeBool, + Optional: true, + Description: "Set true in order to scan subnets with AWS GWLB.", + }, + "communities": { + Type: schema.TypeList, + Optional: true, + Description: "AWS communities.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "sub_accounts": { + Type: schema.TypeList, + Optional: true, + Description: "AWS sub accounts.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Unique account name for identification.", + }, + "credentials_file": { + Type: schema.TypeString, + Optional: true, + Description: "The credentials file.", + }, + "access_key": { + Type: schema.TypeString, + Optional: true, + Description: "AWS access key.", + }, + "secret_key": { + Type: schema.TypeString, + Optional: true, + Description: "AWS secret key.", + Sensitive: true, + }, + "sts_role": { + Type: schema.TypeString, + Optional: true, + Description: "AWS sts role.", + }, + "sts_external_id": { + Type: schema.TypeString, + Optional: true, + Description: "AWS sts external id, must exist with sts role.", + }, + }, + }, + }, + "domain": { + Type: schema.TypeString, + Optional: true, + Description: "The account's domain name in MDS environment.", + }, + }, + } +} + +func readManagementCMEAccountsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme AWS account - name = ", name) + + url := CmeApiPath + "/accounts/" + name + + AWSAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + account := AWSAccountRes.GetData() + if checkIfRequestFailed(account) { + if cmeObjectNotFound(account) { + d.SetId("") + return nil + } + errMessage := buildErrorMessage(account) + return fmt.Errorf(errMessage) + } + + AWSAccount := account["result"].(map[string]interface{}) + + _ = d.Set("name", AWSAccount["name"]) + + _ = d.Set("platform", AWSAccount["platform"]) + + _ = d.Set("regions", AWSAccount["regions"]) + + _ = d.Set("gw_configurations", AWSAccount["gw_configurations"]) + + _ = d.Set("credentials_file", AWSAccount["credentials_file"]) + + _ = d.Set("deletion_tolerance", AWSAccount["deletion_tolerance"]) + + _ = d.Set("access_key", AWSAccount["access_key"]) + + _ = d.Set("sts_role", AWSAccount["sts_role"]) + + _ = d.Set("sts_external_id", AWSAccount["sts_external_id"]) + + if AWSAccount["sync"] != nil { + syncMap := AWSAccount["sync"].(map[string]interface{}) + _ = d.Set("scan_gateways", syncMap["gateway"]) + _ = d.Set("scan_vpn", syncMap["vpn"]) + _ = d.Set("scan_load_balancers", syncMap["lb"]) + _ = d.Set("scan_subnets", syncMap["scan-subnets"]) + } else { + _ = d.Set("scan_gateways", nil) + _ = d.Set("scan_vpn", nil) + _ = d.Set("scan_load_balancers", nil) + _ = d.Set("scan_subnets", nil) + } + _ = d.Set("communities", AWSAccount["communities"]) + + if AWSAccount["sub_accounts"] != nil { + subAccountsMap := AWSAccount["sub_accounts"].(map[string]interface{}) + if len(subAccountsMap) > 0 { + var subAccountsListToReturn []map[string]interface{} + for key, value := range subAccountsMap { + subAccountMap := value.(map[string]interface{}) + subAccountMapToAdd := make(map[string]interface{}) + subAccountMapToAdd["name"] = key + subAccountMapToAdd["credentials_file"] = subAccountMap["credentials_file"] + subAccountMapToAdd["access_key"] = subAccountMap["access_key"] + if v, _ := subAccountMap["secret_key"]; v != nil { + if v, ok := d.GetOk("sub_accounts"); ok { + subAccountsList := v.([]interface{}) + if len(subAccountsList) > 0 { + for i := range subAccountsList { + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".name"); ok { + if key == v.(string) { + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".secret_key"); ok { + subAccountMapToAdd["secret_key"] = v + break + } + } + } + } + } + } + } else { + subAccountMapToAdd["secret_key"] = nil + } + subAccountMapToAdd["sts_role"] = subAccountMap["sts_role"] + subAccountMapToAdd["sts_external_id"] = subAccountMap["sts_external_id"] + subAccountsListToReturn = append(subAccountsListToReturn, subAccountMapToAdd) + } + _ = d.Set("sub_accounts", subAccountsListToReturn) + } else { + _ = d.Set("sub_accounts", []interface{}{}) + } + } else { + _ = d.Set("sub_accounts", nil) + } + _ = d.Set("domain", AWSAccount["domain"]) + + return nil +} + +func createManagementCMEAccountsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + if v, ok := d.GetOk("scan_gateways"); ok { + payload["scan_gateways"] = v.(bool) + } + if v, ok := d.GetOk("scan_vpn"); ok { + payload["scan_vpn"] = v.(bool) + } + if v, ok := d.GetOk("scan_load_balancers"); ok { + payload["scan_load_balancers"] = v.(bool) + } + if v, ok := d.GetOk("scan_subnets"); ok { + payload["scan_subnets"] = v.(bool) + } + if v, ok := d.GetOk("regions"); ok { + payload["regions"] = v.([]interface{}) + } + if v, ok := d.GetOk("credentials_file"); ok { + payload["credentials_file"] = v.(string) + } + if v, ok := d.GetOk("deletion_tolerance"); ok { + payload["deletion_tolerance"] = v.(int) + } + if v, ok := d.GetOk("access_key"); ok { + payload["access_key"] = v.(string) + } + if v, ok := d.GetOk("secret_key"); ok { + payload["secret_key"] = v.(string) + } + if v, ok := d.GetOk("sts_role"); ok { + payload["sts_role"] = v.(string) + } + if v, ok := d.GetOk("sts_external_id"); ok { + payload["sts_external_id"] = v.(string) + } + if v, ok := d.GetOk("communities"); ok { + payload["communities"] = v.([]interface{}) + } + if v, ok := d.GetOk("sub_accounts"); ok { + subAccountsList := v.([]interface{}) + if len(subAccountsList) > 0 { + var subAccountsPayload []map[string]interface{} + for i := range subAccountsList { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".credentials_file"); ok { + tempObject["credentials_file"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".access_key"); ok { + tempObject["access_key"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".secret_key"); ok { + tempObject["secret_key"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".sts_role"); ok { + tempObject["sts_role"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".sts_external_id"); ok { + tempObject["sts_external_id"] = v.(string) + } + subAccountsPayload = append(subAccountsPayload, tempObject) + } + payload["sub_accounts"] = subAccountsPayload + } else { + payload["sub_accounts"] = subAccountsList + } + } + if v, ok := d.GetOk("domain"); ok { + payload["domain"] = v.(string) + } + log.Println("Create cme AWS account - name = ", payload["name"]) + + url := CmeApiPath + "/accounts/aws" + + cmeAccountsRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed()) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeAccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-aws-account-" + d.Get("name").(string) + "-" + acctest.RandString(10)) + + return readManagementCMEAccountsAWS(d, m) +} + +func updateManagementCMEAccountsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if d.HasChange("scan_gateways") { + payload["scan_gateways"] = d.Get("scan_gateways") + } + if d.HasChange("scan_vpn") { + payload["scan_vpn"] = d.Get("scan_vpn") + } + if d.HasChange("scan_load_balancers") { + payload["scan_load_balancers"] = d.Get("scan_load_balancers") + } + if d.HasChange("scan_subnets") { + payload["scan_subnets"] = d.Get("scan_subnets") + } + if d.HasChange("regions") { + payload["regions"] = d.Get("regions") + } + if d.HasChange("credentials_file") { + payload["credentials_file"] = d.Get("credentials_file") + } + if d.HasChange("deletion_tolerance") { + payload["deletion_tolerance"] = d.Get("deletion_tolerance") + } + if d.HasChange("access_key") { + payload["access_key"] = d.Get("access_key") + } + if d.HasChange("secret_key") { + payload["secret_key"] = d.Get("secret_key") + } + if d.HasChange("sts_role") { + payload["sts_role"] = d.Get("sts_role") + } + if d.HasChange("sts_external_id") { + payload["sts_external_id"] = d.Get("sts_external_id") + } + if d.HasChange("communities") { + payload["communities"] = d.Get("communities") + } + if d.HasChange("sub_accounts") { + if v, ok := d.GetOk("sub_accounts"); ok { + subAccountsList := v.([]interface{}) + if len(subAccountsList) > 0 { + var subAccountsPayload []map[string]interface{} + for i := range subAccountsList { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".credentials_file"); ok { + tempObject["credentials_file"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".access_key"); ok { + tempObject["access_key"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".secret_key"); ok { + tempObject["secret_key"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".sts_role"); ok { + tempObject["sts_role"] = v.(string) + } + if v, ok := d.GetOk("sub_accounts." + strconv.Itoa(i) + ".sts_external_id"); ok { + tempObject["sts_external_id"] = v.(string) + } + subAccountsPayload = append(subAccountsPayload, tempObject) + } + payload["sub_accounts"] = subAccountsPayload + } else { + payload["sub_accounts"] = subAccountsList + } + } else { + payload["sub_accounts"] = v.([]interface{}) + } + } + if d.HasChange("domain") { + payload["domain"] = d.Get("domain") + } + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Set cme AWS account - name = ", name) + + url := CmeApiPath + "/accounts/aws/" + name + cmeAccountsRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeAccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + return readManagementCMEAccountsAWS(d, m) +} + +func deleteManagementCMEAccountsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Delete cme AWS account - name = ", name) + + url := CmeApiPath + "/accounts/" + name + + res, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "DELETE") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := res.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_aws_test.go b/checkpoint/resource_checkpoint_management_cme_accounts_aws_test.go new file mode 100644 index 00000000..bc28fb8e --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_accounts_aws_test.go @@ -0,0 +1,158 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "reflect" + "testing" +) + +func TestAccCheckpointManagementCMEAccountsAWS_basic(t *testing.T) { + var awsAccount map[string]interface{} + resourceName := "checkpoint_management_cme_accounts_aws.test" + accountName := "test-account" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementCMEAccountAWSDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEAccountsAWSConfig(accountName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEAccountsAWSExists(resourceName, &awsAccount), + testAccCheckCheckpointManagementCMEAccountsAWSAttributes(&awsAccount, accountName, []interface{}{"us-east-1"}, + "IAM", true, true, + []map[string]interface{}{{"name": "sub_account_a", "access_key": "abcdeaaaaaaaaaaahaa", "secret_key": "1", + "sts_role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "sts_external_id": "xyzx"}}, 0), + ), + }, + }, + }) +} +func testAccCheckpointManagementCMEAccountAWSDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_cme_accounts_aws" { + continue + } + if rs.Primary.ID != "" { + url := CmeApiPath + "/accounts/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + res := response.GetData() + if !checkIfRequestFailed(res) { + return fmt.Errorf("AWS account (%s) still exists", rs.Primary.Attributes["name"]) + } + } + return nil + } + return nil +} + +func testAccManagementCMEAccountsAWSConfig(accountName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_aws" "test" { + name = "%s" + regions = ["us-east-1"] + credentials_file = "IAM" + scan_vpn = true + scan_load_balancers = true + sub_accounts { + name = "sub_account_a" + access_key = "abcdeaaaaaaaaaaahaa" + secret_key = "1" + sts_role = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + sts_external_id = "xyzx" + } +} +`, accountName) +} + +func testAccCheckCheckpointManagementCMEAccountsAWSExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/accounts/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEAccountsAWSAttributes(awsAccount *map[string]interface{}, name string, regions []interface{}, + credFile string, scanVpn bool, scanLoadBalancers bool, subAccounts []map[string]interface{}, expectedDeletionTolerance int) resource.TestCheckFunc { + return func(s *terraform.State) error { + account := (*awsAccount)["result"].(map[string]interface{}) + if account["name"] != name { + return fmt.Errorf("name is %s, expected %s", account["name"], name) + } + if !reflect.DeepEqual(account["regions"], regions) { + return fmt.Errorf("regions are %v, expected %v", account["regions"], regions) + } + if account["credentials_file"] != credFile { + return fmt.Errorf("credentials_file is %s, expected %s", account["credentials_file"], credFile) + } + deletionTolerance := int(account["deletion_tolerance"].(float64)) + if deletionTolerance != expectedDeletionTolerance { + return fmt.Errorf("deletion_tolerance is %d, expected %d", deletionTolerance, expectedDeletionTolerance) + } + vpnFlag := account["sync"].(map[string]interface{})["vpn"] + if vpnFlag != scanVpn { + return fmt.Errorf("scan_vpn is %t, expected %t", vpnFlag, scanVpn) + } + lbFlag := account["sync"].(map[string]interface{})["lb"] + if lbFlag != scanLoadBalancers { + return fmt.Errorf("scan_load_balancers is %t, expected %t", lbFlag, scanLoadBalancers) + } + subAccountsMap := account["sub_accounts"].(map[string]interface{}) + if len(subAccountsMap) != len(subAccounts) { + return fmt.Errorf("sub accounts list length is %d, expected %d", len(subAccountsMap), len(subAccounts)) + } + for key, value := range subAccountsMap { + subAccountMap := value.(map[string]interface{}) + subAccountInput := subAccounts[0] + if key != subAccountInput["name"] { + return fmt.Errorf("sub account name is %s, expected %s", key, subAccountInput["name"]) + } + if subAccountMap["access_key"] != subAccountInput["access_key"] { + return fmt.Errorf("sub account access key is %s, expected %s", subAccountMap["access_key"], subAccountInput["access_key"]) + } + if subAccountMap["sts_role"] != subAccountInput["sts_role"] { + return fmt.Errorf("sub account sts role is %s, expected %s", subAccountMap["sts_role"], subAccountInput["sts_role"]) + } + if subAccountMap["sts_external_id"] != subAccountInput["sts_external_id"] { + return fmt.Errorf("sub account sts external id is %s, expected %s", subAccountMap["sts_external_id"], subAccountInput["sts_external_id"]) + } + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_azure.go b/checkpoint/resource_checkpoint_management_cme_accounts_azure.go new file mode 100755 index 00000000..4ec4fc48 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_accounts_azure.go @@ -0,0 +1,239 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementCMEAccountsAzure() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEAccountsAzure, + Update: updateManagementCMEAccountsAzure, + Read: readManagementCMEAccountsAzure, + Delete: deleteManagementCMEAccountsAzure, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Unique account name for identification.", + }, + "subscription": { + Type: schema.TypeString, + Required: true, + Description: "Azure subscription ID.", + }, + "directory_id": { + Type: schema.TypeString, + Required: true, + Description: "Azure Active Directory tenant ID.", + }, + "application_id": { + Type: schema.TypeString, + Required: true, + Description: "The application ID with which the service principal is associated.", + }, + "client_secret": { + Type: schema.TypeString, + Required: true, + Description: "The service principal's client secret.", + Sensitive: true, + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Optional: true, + Default: 3, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "domain": { + Type: schema.TypeString, + Optional: true, + Description: "The account's domain name in MDS environment.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func deleteManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + + log.Println("Delete cme Azure account - name = ", name) + url := CmeApiPath + "/accounts/" + name + + res, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "DELETE") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := res.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("") + return nil +} + +func readManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + + log.Println("Read cme Azure account - name = ", name) + url := CmeApiPath + "/accounts/" + name + + AzureAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + account := AzureAccountRes.GetData() + if checkIfRequestFailed(account) { + if cmeObjectNotFound(account) { + d.SetId("") + return nil + } + errMessage := buildErrorMessage(account) + return fmt.Errorf(errMessage) + } + + AzureAccount := account["result"].(map[string]interface{}) + + _ = d.Set("name", AzureAccount["name"]) + + _ = d.Set("subscription", AzureAccount["subscription"]) + + _ = d.Set("directory_id", AzureAccount["directory_id"]) + + _ = d.Set("application_id", AzureAccount["application_id"]) + + _ = d.Set("deletion_tolerance", AzureAccount["deletion_tolerance"]) + + _ = d.Set("domain", AzureAccount["domain"]) + + _ = d.Set("platform", AzureAccount["platform"]) + + _ = d.Set("gw_configurations", AzureAccount["gw_configurations"]) + + return nil +} + +func createManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if v, ok := d.GetOk("subscription"); ok { + payload["subscription"] = v.(string) + } + if v, ok := d.GetOk("directory_id"); ok { + payload["directory_id"] = v.(string) + } + if v, ok := d.GetOk("application_id"); ok { + payload["application_id"] = v.(string) + } + if v, ok := d.GetOk("client_secret"); ok { + payload["client_secret"] = v.(string) + } + if v, ok := d.GetOk("deletion_tolerance"); ok { + payload["deletion_tolerance"] = v.(int) + } + if v, ok := d.GetOk("domain"); ok { + payload["domain"] = v.(string) + } + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + log.Println("Create cme Azure account - name = ", payload["name"]) + + url := CmeApiPath + "/accounts/azure" + + cmeAccountsRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed()) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeAccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + d.SetId("cme-azure-account-" + d.Get("name").(string) + "-" + acctest.RandString(10)) + + return readManagementCMEAccountsAzure(d, m) +} + +func updateManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if d.HasChange("subscription") { + payload["subscription"] = d.Get("subscription") + } + if d.HasChange("directory_id") { + payload["directory_id"] = d.Get("directory_id") + } + if d.HasChange("application_id") { + payload["application_id"] = d.Get("application_id") + } + if d.HasChange("client_secret") { + payload["client_secret"] = d.Get("client_secret") + } + if d.HasChange("deletion_tolerance") { + payload["deletion_tolerance"] = d.Get("deletion_tolerance") + } + if d.HasChange("domain") { + payload["domain"] = d.Get("domain") + } + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Set cme Azure account - name = ", name) + + url := CmeApiPath + "/accounts/azure/" + name + cmeAccountsRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeAccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + return readManagementCMEAccountsAzure(d, m) +} diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go b/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go new file mode 100644 index 00000000..60af36b1 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go @@ -0,0 +1,127 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEAccountsAzure_basic(t *testing.T) { + var azureAccount map[string]interface{} + resourceName := "checkpoint_management_cme_accounts_azure.test" + accountName := "test-account" + directoryId := "46707d92-02f4-4817-8116-a4c3b23e6266" + applicationId := "46707d92-02f4-4817-8116-a4c3b23e6266" + clientSecret := "mySecret" + subscription := "46707d92-02f4-4817-8116-a4c3b23e6267" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementCMEAccountAzureDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEAccountsAzureConfig(accountName, directoryId, applicationId, clientSecret, subscription), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceName, &azureAccount), + testAccCheckCheckpointManagementCMEAccountsAzureAttributes(&azureAccount, accountName, directoryId, applicationId, + subscription, 3), + ), + }, + }, + }) +} +func testAccCheckpointManagementCMEAccountAzureDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_cme_accounts_azure" { + continue + } + if rs.Primary.ID != "" { + url := CmeApiPath + "/accounts/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + res := response.GetData() + if !checkIfRequestFailed(res) { + return fmt.Errorf("Azure account (%s) still exists", rs.Primary.Attributes["name"]) + } + } + return nil + } + return nil +} + +func testAccManagementCMEAccountsAzureConfig(accountName string, directoryId string, applicationId string, clientSecret string, subscription string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_azure" "test" { + name = "%s" + directory_id = "%s" + application_id = "%s" + client_secret = "%s" + subscription = "%s" +} +`, accountName, directoryId, applicationId, clientSecret, subscription) +} + +func testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/accounts/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEAccountsAzureAttributes(azureAccount *map[string]interface{}, name string, + directoryId string, applicationId string, subscription string, expectedDeletionTolerance int) resource.TestCheckFunc { + return func(s *terraform.State) error { + account := (*azureAccount)["result"].(map[string]interface{}) + if account["name"] != name { + return fmt.Errorf("name is %s, expected %s", account["name"], name) + } + if account["directory_id"] != directoryId { + return fmt.Errorf("directory_id is %s, expected %s", account["directory_id"], directoryId) + } + if account["application_id"] != applicationId { + return fmt.Errorf("application_id is %s, expected %s", account["application_id"], applicationId) + } + if account["subscription"] != subscription { + return fmt.Errorf("subscription is %s, expected %s", account["subscription"], subscription) + } + deletionTolerance := int(account["deletion_tolerance"].(float64)) + if deletionTolerance != expectedDeletionTolerance { + return fmt.Errorf("deletion_tolerance is %d, expected %d", deletionTolerance, expectedDeletionTolerance) + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_gcp.go b/checkpoint/resource_checkpoint_management_cme_accounts_gcp.go new file mode 100755 index 00000000..a74f3f67 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_accounts_gcp.go @@ -0,0 +1,229 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strings" +) + +func resourceManagementCMEAccountsGCP() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEAccountsGCP, + Update: updateManagementCMEAccountsGCP, + Read: readManagementCMEAccountsGCP, + Delete: deleteManagementCMEAccountsGCP, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The account name.", + }, + "project_id": { + Type: schema.TypeString, + Required: true, + Description: "The project id.", + }, + "credentials_file": { + Type: schema.TypeString, + Optional: true, + Description: "The credentials file.", + }, + "credentials_data": { + Type: schema.TypeString, + Optional: true, + Description: "Base64 encoded string that represents the content of the credentials file.", + }, + "deletion_tolerance": { + Type: schema.TypeInt, + Optional: true, + Description: "The number of CME cycles to wait when the cloud provider does not return a GW until its deletion.", + }, + "domain": { + Type: schema.TypeString, + Optional: true, + Description: "The account's domain name in MDS environment.", + }, + "platform": { + Type: schema.TypeString, + Computed: true, + Description: "The platform of the account.", + }, + "gw_configurations": { + Type: schema.TypeList, + Computed: true, + Description: "A list of GW configurations attached to the account", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func deleteManagementCMEAccountsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + + log.Println("Delete cme GCP account - name = ", name) + url := CmeApiPath + "/accounts/" + name + + res, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "DELETE") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := res.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("") + return nil +} + +func readManagementCMEAccountsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + + log.Println("Read cme GCP account - name = ", name) + url := CmeApiPath + "/accounts/" + name + + GCPAccountRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + account := GCPAccountRes.GetData() + if checkIfRequestFailed(account) { + if cmeObjectNotFound(account) { + d.SetId("") + return nil + } + errMessage := buildErrorMessage(account) + return fmt.Errorf(errMessage) + } + + GCPAccount := account["result"].(map[string]interface{}) + + _ = d.Set("name", GCPAccount["name"]) + + _ = d.Set("project_id", GCPAccount["project_id"]) + + credFile := strings.TrimPrefix(GCPAccount["credentials_file"].(string), "$FWDIR/conf/") + _ = d.Set("credentials_file", credFile) + + _ = d.Set("credentials_data", GCPAccount["credentials_data"]) + + _ = d.Set("deletion_tolerance", GCPAccount["deletion_tolerance"]) + + _ = d.Set("domain", GCPAccount["domain"]) + + _ = d.Set("platform", GCPAccount["platform"]) + + _ = d.Set("gw_configurations", GCPAccount["gw_configurations"]) + + return nil + +} + +func createManagementCMEAccountsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if v, ok := d.GetOk("project_id"); ok { + payload["project_id"] = v.(string) + } + if v, ok := d.GetOk("credentials_file"); ok { + payload["credentials_file"] = v.(string) + } + if v, ok := d.GetOk("credentials_data"); ok { + payload["credentials_data"] = v.(string) + } + if v, ok := d.GetOk("deletion_tolerance"); ok { + payload["deletion_tolerance"] = v.(int) + } + if v, ok := d.GetOk("domain"); ok { + payload["domain"] = v.(string) + } + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + log.Println("Create cme GCP account - name = ", payload["name"]) + + url := CmeApiPath + "/accounts/gcp" + + cmeAccountsRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed()) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeAccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + d.SetId("cme-gcp-account-" + d.Get("name").(string) + "-" + acctest.RandString(10)) + + return readManagementCMEAccountsGCP(d, m) +} + +func updateManagementCMEAccountsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if d.HasChange("project_id") { + payload["project_id"] = d.Get("project_id") + } + if d.HasChange("credentials_file") { + payload["credentials_file"] = d.Get("credentials_file") + } + if d.HasChange("credentials_data") { + payload["credentials_data"] = d.Get("credentials_data") + } + if d.HasChange("deletion_tolerance") { + payload["deletion_tolerance"] = d.Get("deletion_tolerance") + } + if d.HasChange("domain") { + payload["domain"] = d.Get("domain") + } + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Set cme GCP account - name = ", name) + + url := CmeApiPath + "/accounts/gcp/" + name + cmeAccountsRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeAccountsRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + return readManagementCMEAccountsGCP(d, m) +} diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_gcp_test.go b/checkpoint/resource_checkpoint_management_cme_accounts_gcp_test.go new file mode 100644 index 00000000..aa840c6b --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_accounts_gcp_test.go @@ -0,0 +1,116 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEAccountsGCP_basic(t *testing.T) { + var gcpAccount map[string]interface{} + resourceName := "checkpoint_management_cme_accounts_gcp.test" + accountName := "test-account" + projectId := "my-project-1" + credentialsFile := "LocalGWSetMap.json" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementCMEAccountGCPDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEAccountsGCPConfig(accountName, projectId, credentialsFile), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEAccountsGCPExists(resourceName, &gcpAccount), + testAccCheckCheckpointManagementCMEAccountsGCPAttributes(&gcpAccount, accountName, projectId, 0), + ), + }, + }, + }) +} +func testAccCheckpointManagementCMEAccountGCPDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_cme_accounts_gcp" { + continue + } + if rs.Primary.ID != "" { + url := CmeApiPath + "/accounts/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + res := response.GetData() + if !checkIfRequestFailed(res) { + return fmt.Errorf("GCP account (%s) still exists", rs.Primary.Attributes["name"]) + } + } + return nil + } + return nil +} + +func testAccManagementCMEAccountsGCPConfig(accountName string, projectId string, credentialsFile string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_gcp" "test" { + name = "%s" + project_id = "%s" + credentials_file = "%s" +} +`, accountName, projectId, credentialsFile) +} + +func testAccCheckCheckpointManagementCMEAccountsGCPExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/accounts/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEAccountsGCPAttributes(gcpAccount *map[string]interface{}, name string, + projectId string, expectedDeletionTolerance int) resource.TestCheckFunc { + return func(s *terraform.State) error { + account := (*gcpAccount)["result"].(map[string]interface{}) + if account["name"] != name { + return fmt.Errorf("name is %s, expected %s", account["name"], name) + } + if account["project_id"] != projectId { + return fmt.Errorf("project_id is %s, expected %s", account["project_id"], projectId) + } + deletionTolerance := int(account["deletion_tolerance"].(float64)) + if deletionTolerance != expectedDeletionTolerance { + return fmt.Errorf("deletion_tolerance is %d, expected %d", deletionTolerance, expectedDeletionTolerance) + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_delay_cycle.go b/checkpoint/resource_checkpoint_management_cme_delay_cycle.go new file mode 100755 index 00000000..a820fe3c --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_delay_cycle.go @@ -0,0 +1,101 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementCMEDelayCycle() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEDelayCycle, + Update: updateManagementCMEDelayCycle, + Read: readManagementCMEDelayCycle, + Delete: deleteManagementCMEDelayCycle, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "delay_cycle": { + Type: schema.TypeInt, + Required: true, + Description: "Time to wait in seconds after each poll cycle.", + }, + }, + } +} + +func createManagementCMEDelayCycle(d *schema.ResourceData, m interface{}) error { + err := createUpdateManagementCMEDelayCycle(d, m) + if err != nil { + return err + } + d.SetId("cme-delay-cycle-" + acctest.RandString(10)) + return readManagementCMEDelayCycle(d, m) +} + +func updateManagementCMEDelayCycle(d *schema.ResourceData, m interface{}) error { + err := createUpdateManagementCMEDelayCycle(d, m) + if err != nil { + return err + } + return readManagementCMEDelayCycle(d, m) +} + +func createUpdateManagementCMEDelayCycle(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + payload := make(map[string]interface{}) + if v, ok := d.GetOk("delay_cycle"); ok { + payload["delay_cycle"] = v.(int) + } + + log.Println("Update cme delay cycle - payload = ", payload) + + url := CmeApiPath + "/generalConfiguration/delayCycle" + + cmeDelayCycleRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeDelayCycleRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + return nil +} + +func readManagementCMEDelayCycle(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme delay cycle") + url := CmeApiPath + "/generalConfiguration/delayCycle" + + cmeDelayCycleRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeDelayCycleRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + cmeDelayCycleData := data["result"].(map[string]interface{}) + + _ = d.Set("delay_cycle", cmeDelayCycleData["delay_cycle"]) + + return nil +} + +func deleteManagementCMEDelayCycle(d *schema.ResourceData, m interface{}) error { + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_cme_delay_cycle_test.go b/checkpoint/resource_checkpoint_management_cme_delay_cycle_test.go new file mode 100644 index 00000000..b3bb7626 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_delay_cycle_test.go @@ -0,0 +1,90 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEDelayCycle_basic(t *testing.T) { + var delayCycleObject map[string]interface{} + DefaultDelayCycle := 30 + resourceName := "checkpoint_management_cme_delay_cycle.test" + delayCycleVal := 20 + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEDelayCycleConfig(delayCycleVal), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEDelayCycleExists(resourceName, &delayCycleObject), + testAccCheckCheckpointManagementCMEDelayCycleAttributes(&delayCycleObject, delayCycleVal), + ), + }, + { + Config: testAccManagementCMEDelayCycleConfig(DefaultDelayCycle), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEDelayCycleExists(resourceName, &delayCycleObject), + testAccCheckCheckpointManagementCMEDelayCycleAttributes(&delayCycleObject, DefaultDelayCycle), + ), + }, + }, + }) +} + +func testAccManagementCMEDelayCycleConfig(delayCycleVal int) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_delay_cycle" "test" { + delay_cycle = "%v" +} +`, delayCycleVal) +} + +func testAccCheckCheckpointManagementCMEDelayCycleExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/generalConfiguration/delayCycle" + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEDelayCycleAttributes(delayCycleObject *map[string]interface{}, delayCycleVal int) resource.TestCheckFunc { + return func(s *terraform.State) error { + DelayCycleData := (*delayCycleObject)["result"].(map[string]interface{}) + if int(DelayCycleData["delay_cycle"].(float64)) != delayCycleVal { + return fmt.Errorf("delay cycle value is %v, expected %v", DelayCycleData["delay_cycle"], delayCycleVal) + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go new file mode 100644 index 00000000..67df3add --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go @@ -0,0 +1,603 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strconv" + "strings" +) + +func resourceManagementCMEGWConfigurationsAWS() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEGWConfigurationsAWS, + Update: updateManagementCMEGWConfigurationsAWS, + Read: readManagementCMEGWConfigurationsAWS, + Delete: deleteManagementCMEGWConfigurationsAWS, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The GW configuration name.", + }, + "version": { + Type: schema.TypeString, + Required: true, + Description: "The GW version.", + }, + "base64_sic_key": { + Type: schema.TypeString, + Required: true, + Description: "Base64 key for trusted communication between management and GW.", + }, + "policy": { + Type: schema.TypeString, + Required: true, + Description: "Policy name to be installed on the GW.", + }, + "related_account": { + Type: schema.TypeString, + Required: true, + Description: "The CME account to associate with the GW Configuration.", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Required: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Required: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Required: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Required: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Required: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Required: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Required: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Required: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Required: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Required: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Required: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Required: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Required: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Optional: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Optional: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "vpn_domain": { + Type: schema.TypeString, + Optional: true, + Description: "The group object to be set as the VPN domain for the VPN gateway." + + " An empty string will automatically set an empty group as the encryption domain." + + " Always empty string for 'TGW' deployment type.", + }, + "vpn_community": { + Type: schema.TypeString, + Optional: true, + Description: "A star community in which to place the VPN gateway as center.", + }, + "deployment_type": { + Type: schema.TypeString, + Optional: true, + Description: "The deployment type of the CloudGuard Security Gateways.", + }, + "tgw_static_routes": { + Type: schema.TypeList, + Optional: true, + Description: "Comma separated list of cidrs, for each cidr a static route will be created on each" + + " gateway of the TGW auto scaling group.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "tgw_spoke_routes": { + Type: schema.TypeList, + Optional: true, + Description: "Comma separated list of spoke cidrs, each spoke cidr that was learned from the TGW over" + + " bgp will be re-advertised by the gateways of the TGW auto scaling group to the AWS TGW.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Optional: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Optional: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Optional: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func readManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme AWS GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/" + name + + AWSGWConfigurationRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + gwConfiguration := AWSGWConfigurationRes.GetData() + if checkIfRequestFailed(gwConfiguration) { + if cmeObjectNotFound(gwConfiguration) { + d.SetId("") + return nil + } + errMessage := buildErrorMessage(gwConfiguration) + return fmt.Errorf(errMessage) + } + + AWSGWConfiguration := gwConfiguration["result"].(map[string]interface{}) + + _ = d.Set("name", AWSGWConfiguration["name"]) + + _ = d.Set("version", AWSGWConfiguration["version"]) + + _ = d.Set("policy", AWSGWConfiguration["policy"]) + + _ = d.Set("related_account", AWSGWConfiguration["related_account"]) + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if AWSGWConfiguration["blades"] != nil { + bladesMap := AWSGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + _ = d.Set("blades", bladesListToReturn) + + if AWSGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := AWSGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + _ = d.Set("repository_gateway_scripts", scriptsListToReturn) + } else { + _ = d.Set("repository_gateway_scripts", scriptsList) + } + } else { + _ = d.Set("repository_gateway_scripts", nil) + } + _ = d.Set("vpn_domain", AWSGWConfiguration["vpn_domain"]) + + _ = d.Set("vpn_community", AWSGWConfiguration["vpn_community"]) + + _ = d.Set("deployment_type", AWSGWConfiguration["deployment_type"]) + + if tgwStaticRoutes, ok := AWSGWConfiguration["tgw_static_routes"].(string); ok { + _ = d.Set("tgw_static_routes", strings.Split(tgwStaticRoutes, ",")) + } + + if tgwSpokeRoutes, ok := AWSGWConfiguration["tgw_spoke_routes"].(string); ok { + _ = d.Set("tgw_spoke_routes", strings.Split(tgwSpokeRoutes, ",")) + } + + _ = d.Set("send_logs_to_server", AWSGWConfiguration["send-logs-to-server"]) + + _ = d.Set("send_logs_to_backup_server", AWSGWConfiguration["send-logs-to-backup-server"]) + + _ = d.Set("send_alerts_to_server", AWSGWConfiguration["send-alerts-to-server"]) + + return nil + +} + +func createManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if v, ok := d.GetOk("version"); ok { + payload["version"] = v.(string) + } + if v, ok := d.GetOk("base64_sic_key"); ok { + payload["base64_sic_key"] = v.(string) + } + if v, ok := d.GetOk("policy"); ok { + payload["policy"] = v.(string) + } + if v, ok := d.GetOk("related_account"); ok { + payload["related_account"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts"); ok { + scriptsList := v.([]interface{}) + if len(scriptsList) > 0 { + var scriptsPayload []map[string]interface{} + for i := range scriptsList { + tempObject := make(map[string]interface{}) + + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".uid"); ok { + tempObject["uid"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".parameters"); ok { + tempObject["parameters"] = v.(string) + } + scriptsPayload = append(scriptsPayload, tempObject) + } + payload["repository_gateway_scripts"] = scriptsPayload + } else { + payload["repository_gateway_scripts"] = scriptsList + } + } + if v, ok := d.GetOk("vpn_domain"); ok { + payload["vpn_domain"] = v.(string) + } + if v, ok := d.GetOk("vpn_community"); ok { + payload["vpn_community"] = v.(string) + } + if v, ok := d.GetOk("deployment_type"); ok { + payload["deployment_type"] = v.(string) + } + if v, ok := d.GetOk("tgw_static_routes"); ok { + payload["tgw_static_routes"] = v.([]interface{}) + } + if v, ok := d.GetOk("tgw_spoke_routes"); ok { + payload["tgw_spoke_routes"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_logs_to_server"); ok { + payload["send_logs_to_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_logs_to_backup_server"); ok { + payload["send_logs_to_backup_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_alerts_to_server"); ok { + payload["send_alerts_to_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + if _, ok := d.GetOk("blades"); ok { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOk("blades.0.ips"); ok { + tempObject["ips"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.identity_awareness"); ok { + tempObject["identity-awareness"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.content_awareness"); ok { + tempObject["content-awareness"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.https_inspection"); ok { + tempObject["https-inspection"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.application_control"); ok { + tempObject["application-control"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.url_filtering"); ok { + tempObject["url-filtering"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.anti_bot"); ok { + tempObject["anti-bot"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.anti_virus"); ok { + tempObject["anti-virus"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.threat_emulation"); ok { + tempObject["threat-emulation"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.ipsec_vpn"); ok { + tempObject["ipsec-vpn"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.vpn"); ok { + tempObject["vpn"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.autonomous_threat_prevention"); ok { + tempObject["autonomous-threat-prevention"] = v.(bool) + } + payload["blades"] = tempObject + } + + log.Println("Create cme AWS GW configuration - name = ", payload["name"]) + + url := CmeApiPath + "/gwConfigurations/aws" + + cmeGWConfigurationRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed()) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeGWConfigurationRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-aws-gw-configuration-" + d.Get("name").(string) + "-" + acctest.RandString(10)) + + return readManagementCMEGWConfigurationsAWS(d, m) +} + +func updateManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if d.HasChange("version") { + payload["version"] = d.Get("version") + } + if d.HasChange("base64_sic_key") { + payload["base64_sic_key"] = d.Get("base64_sic_key") + } + if d.HasChange("policy") { + payload["policy"] = d.Get("policy") + } + if d.HasChange("related_account") { + payload["related_account"] = d.Get("related_account") + } + if d.HasChange("repository_gateway_scripts") { + if v, ok := d.GetOk("repository_gateway_scripts"); ok { + scriptsList := v.([]interface{}) + if len(scriptsList) > 0 { + var scriptsPayload []map[string]interface{} + for i := range scriptsList { + tempObject := make(map[string]interface{}) + + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".uid"); ok { + tempObject["uid"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".parameters"); ok { + tempObject["parameters"] = v.(string) + } + scriptsPayload = append(scriptsPayload, tempObject) + } + payload["repository_gateway_scripts"] = scriptsPayload + } else { + payload["repository_gateway_scripts"] = scriptsList + } + } else { + payload["repository_gateway_scripts"] = v.([]interface{}) + } + } + if d.HasChange("vpn_domain") { + payload["vpn_domain"] = d.Get("vpn_domain") + } + if d.HasChange("vpn_community") { + payload["vpn_community"] = d.Get("vpn_community") + } + if d.HasChange("deployment_type") { + payload["deployment_type"] = d.Get("deployment_type") + } + if d.HasChange("tgw_static_routes") { + payload["tgw_static_routes"] = d.Get("tgw_static_routes") + } + if d.HasChange("tgw_spoke_routes") { + payload["tgw_spoke_routes"] = d.Get("tgw_spoke_routes") + } + if d.HasChange("send_logs_to_server") { + payload["send_logs_to_server"] = d.Get("send_logs_to_server") + } + if d.HasChange("send_logs_to_backup_server") { + payload["send_logs_to_backup_server"] = d.Get("send_logs_to_backup_server") + } + if d.HasChange("send_alerts_to_server") { + payload["send_alerts_to_server"] = d.Get("send_alerts_to_server") + } + if d.HasChange("blades") { + tempObject := make(map[string]interface{}) + if d.HasChange("blades.0.ips") { + tempObject["ips"] = d.Get("blades.0.ips") + } + if d.HasChange("blades.0.identity_awareness") { + tempObject["identity-awareness"] = d.Get("blades.0.identity_awareness") + } + if d.HasChange("blades.0.content_awareness") { + tempObject["content-awareness"] = d.Get("blades.0.content_awareness") + } + if d.HasChange("blades.0.https_inspection") { + tempObject["https-inspection"] = d.Get("blades.0.https_inspection") + } + if d.HasChange("blades.0.application_control") { + tempObject["application-control"] = d.Get("blades.0.application_control") + } + if d.HasChange("blades.0.url_filtering") { + tempObject["url-filtering"] = d.Get("blades.0.url_filtering") + } + if d.HasChange("blades.0.anti_bot") { + tempObject["anti-bot"] = d.Get("blades.0.anti_bot") + } + if d.HasChange("blades.0.anti_virus") { + tempObject["anti-virus"] = d.Get("blades.0.anti_virus") + } + if d.HasChange("blades.0.threat_emulation") { + tempObject["threat-emulation"] = d.Get("blades.0.threat_emulation") + } + if d.HasChange("blades.0.ipsec_vpn") { + tempObject["ipsec-vpn"] = d.Get("blades.0.ipsec_vpn") + } + if d.HasChange("blades.0.vpn") { + tempObject["vpn"] = d.Get("blades.0.vpn") + } + if d.HasChange("blades.0.autonomous_threat_prevention") { + tempObject["autonomous-threat-prevention"] = d.Get("blades.0.autonomous_threat_prevention") + } + payload["blades"] = tempObject + } + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Set cme AWS GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/aws/" + name + cmeGWConfigurationRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeGWConfigurationRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + return readManagementCMEGWConfigurationsAWS(d, m) + +} + +func deleteManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + url := CmeApiPath + "/gwConfigurations/" + name + + log.Println("Delete cme AWS GW configuration - name = ", name) + res, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "DELETE") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := res.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go new file mode 100644 index 00000000..01058cb6 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go @@ -0,0 +1,155 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEGWConfigurationsAWS_basic(t *testing.T) { + var awsGWConfiguration map[string]interface{} + resourceName := "checkpoint_management_cme_gw_configurations_aws.gw_configuration_test" + accountName := "test-account" + gwConfigurationName := "test-gw-configuration" + gwConfigurationVersion := "R81" + gwConfigurationBase64SIC := "MTIzNDU2Nzg=" + gwConfigurationPolicy := "Standard" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementCMEGWConfigurationsAWSDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEGWConfigurationsAWSConfig(accountName, gwConfigurationName, gwConfigurationVersion, + gwConfigurationBase64SIC, gwConfigurationPolicy), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceName, &awsGWConfiguration), + testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(&awsGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, + gwConfigurationPolicy, true, true), + ), + }, + }, + }) +} +func testAccCheckpointManagementCMEGWConfigurationsAWSDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_cme_gw_configurations_aws" { + continue + } + if rs.Primary.ID != "" { + url := CmeApiPath + "/gwConfigurations/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + res := response.GetData() + if !checkIfRequestFailed(res) { + return fmt.Errorf("AWS gw configuration (%s) still exists", rs.Primary.Attributes["name"]) + } + } + return nil + } + return nil +} + +func testAccManagementCMEGWConfigurationsAWSConfig(accountName string, gwConfigurationName string, gwConfigurationVersion string, + gwConfigurationBase64SIC string, gwConfigurationPolicy string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_aws" "account_test" { + name = "%s" + regions = ["us-east-1"] + credentials_file = "IAM" +} + +resource "checkpoint_management_cme_gw_configurations_aws" "gw_configuration_test" { + name = "%s" + related_account = checkpoint_management_cme_accounts_aws.account_test.name + version = "%s" + base64_sic_key = "%s" + policy = "%s" + blades { + ips = true + anti_bot = true + anti_virus = false + https_inspection = false + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} +`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy) +} + +func testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/gwConfigurations/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(awsGWConfiguration *map[string]interface{}, gwConfigurationName string, + accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, ipsFlag bool, + antiBotFlag bool) resource.TestCheckFunc { + return func(s *terraform.State) error { + gwConfiguration := (*awsGWConfiguration)["result"].(map[string]interface{}) + if gwConfiguration["name"] != gwConfigurationName { + return fmt.Errorf("name is %s, expected %s", gwConfiguration["name"], gwConfigurationName) + } + if gwConfiguration["related_account"] != accountName { + return fmt.Errorf("related account name is %s, expected %s", gwConfiguration["related_account"], accountName) + } + if gwConfiguration["version"] != gwConfigurationVersion { + return fmt.Errorf("version is %s, expected %s", gwConfiguration["version"], gwConfigurationVersion) + } + if gwConfiguration["policy"] != gwConfigurationPolicyName { + return fmt.Errorf("policy is %s, expected %s", gwConfiguration["policy"], gwConfigurationPolicyName) + } + blades := gwConfiguration["blades"].(map[string]interface{}) + ips := blades["ips"] + antiBot := blades["anti-bot"] + if ips != ipsFlag { + return fmt.Errorf("ips is %t, expected %t", ips, ipsFlag) + } + if antiBot != antiBotFlag { + return fmt.Errorf("anti bot is %t, expected %t", antiBot, antiBotFlag) + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go new file mode 100644 index 00000000..94da9767 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go @@ -0,0 +1,525 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strconv" +) + +func resourceManagementCMEGWConfigurationsAzure() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEGWConfigurationsAzure, + Update: updateManagementCMEGWConfigurationsAzure, + Read: readManagementCMEGWConfigurationsAzure, + Delete: deleteManagementCMEGWConfigurationsAzure, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The GW configuration name.", + }, + "version": { + Type: schema.TypeString, + Required: true, + Description: "The GW version.", + }, + "base64_sic_key": { + Type: schema.TypeString, + Required: true, + Description: "Base64 key for trusted communication between management and GW.", + }, + "policy": { + Type: schema.TypeString, + Required: true, + Description: "Policy name to be installed on the GW.", + }, + "related_account": { + Type: schema.TypeString, + Required: true, + Description: "The CME account to associate with the GW Configuration.", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Required: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Required: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Required: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Required: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Required: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Required: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Required: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Required: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Required: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Required: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Required: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Required: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Required: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Optional: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Optional: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Optional: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Optional: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Optional: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func readManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme Azure GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/" + name + + AzureGWConfigurationRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + gwConfiguration := AzureGWConfigurationRes.GetData() + if checkIfRequestFailed(gwConfiguration) { + if cmeObjectNotFound(gwConfiguration) { + d.SetId("") + return nil + } + errMessage := buildErrorMessage(gwConfiguration) + return fmt.Errorf(errMessage) + } + + AzureGWConfiguration := gwConfiguration["result"].(map[string]interface{}) + + _ = d.Set("name", AzureGWConfiguration["name"]) + + _ = d.Set("version", AzureGWConfiguration["version"]) + + _ = d.Set("policy", AzureGWConfiguration["policy"]) + + _ = d.Set("related_account", AzureGWConfiguration["related_account"]) + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if AzureGWConfiguration["blades"] != nil { + bladesMap := AzureGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + _ = d.Set("blades", bladesListToReturn) + + if AzureGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := AzureGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + _ = d.Set("repository_gateway_scripts", scriptsListToReturn) + } else { + _ = d.Set("repository_gateway_scripts", scriptsList) + } + } else { + _ = d.Set("repository_gateway_scripts", nil) + } + _ = d.Set("send_logs_to_server", AzureGWConfiguration["send-logs-to-server"]) + + _ = d.Set("send_logs_to_backup_server", AzureGWConfiguration["send-logs-to-backup-server"]) + + _ = d.Set("send_alerts_to_server", AzureGWConfiguration["send-alerts-to-server"]) + + return nil + +} + +func createManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if v, ok := d.GetOk("version"); ok { + payload["version"] = v.(string) + } + if v, ok := d.GetOk("base64_sic_key"); ok { + payload["base64_sic_key"] = v.(string) + } + if v, ok := d.GetOk("policy"); ok { + payload["policy"] = v.(string) + } + if v, ok := d.GetOk("related_account"); ok { + payload["related_account"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts"); ok { + scriptsList := v.([]interface{}) + if len(scriptsList) > 0 { + var scriptsPayload []map[string]interface{} + for i := range scriptsList { + tempObject := make(map[string]interface{}) + + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".uid"); ok { + tempObject["uid"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".parameters"); ok { + tempObject["parameters"] = v.(string) + } + scriptsPayload = append(scriptsPayload, tempObject) + } + payload["repository_gateway_scripts"] = scriptsPayload + } else { + payload["repository_gateway_scripts"] = scriptsList + } + } + + if v, ok := d.GetOk("send_logs_to_server"); ok { + payload["send_logs_to_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_logs_to_backup_server"); ok { + payload["send_logs_to_backup_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_alerts_to_server"); ok { + payload["send_alerts_to_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + if _, ok := d.GetOk("blades"); ok { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOk("blades.0.ips"); ok { + tempObject["ips"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.identity_awareness"); ok { + tempObject["identity-awareness"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.content_awareness"); ok { + tempObject["content-awareness"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.https_inspection"); ok { + tempObject["https-inspection"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.application_control"); ok { + tempObject["application-control"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.url_filtering"); ok { + tempObject["url-filtering"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.anti_bot"); ok { + tempObject["anti-bot"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.anti_virus"); ok { + tempObject["anti-virus"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.threat_emulation"); ok { + tempObject["threat-emulation"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.ipsec_vpn"); ok { + tempObject["ipsec-vpn"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.vpn"); ok { + tempObject["vpn"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.autonomous_threat_prevention"); ok { + tempObject["autonomous-threat-prevention"] = v.(bool) + } + payload["blades"] = tempObject + } + + log.Println("Create cme Azure GW configuration - name = ", payload["name"]) + + url := CmeApiPath + "/gwConfigurations/azure" + + cmeGWConfigurationRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed()) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeGWConfigurationRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-azure-gw-configuration-" + d.Get("name").(string) + "-" + acctest.RandString(10)) + + return readManagementCMEGWConfigurationsAzure(d, m) +} + +func updateManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if d.HasChange("version") { + payload["version"] = d.Get("version") + } + if d.HasChange("base64_sic_key") { + payload["base64_sic_key"] = d.Get("base64_sic_key") + } + if d.HasChange("policy") { + payload["policy"] = d.Get("policy") + } + if d.HasChange("related_account") { + payload["related_account"] = d.Get("related_account") + } + if d.HasChange("repository_gateway_scripts") { + if v, ok := d.GetOk("repository_gateway_scripts"); ok { + scriptsList := v.([]interface{}) + if len(scriptsList) > 0 { + var scriptsPayload []map[string]interface{} + for i := range scriptsList { + tempObject := make(map[string]interface{}) + + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".uid"); ok { + tempObject["uid"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".parameters"); ok { + tempObject["parameters"] = v.(string) + } + scriptsPayload = append(scriptsPayload, tempObject) + } + payload["repository_gateway_scripts"] = scriptsPayload + } else { + payload["repository_gateway_scripts"] = scriptsList + } + } else { + payload["repository_gateway_scripts"] = v.([]interface{}) + } + } + if d.HasChange("send_logs_to_server") { + payload["send_logs_to_server"] = d.Get("send_logs_to_server") + } + if d.HasChange("send_logs_to_backup_server") { + payload["send_logs_to_backup_server"] = d.Get("send_logs_to_backup_server") + } + if d.HasChange("send_alerts_to_server") { + payload["send_alerts_to_server"] = d.Get("send_alerts_to_server") + } + if d.HasChange("blades") { + tempObject := make(map[string]interface{}) + if d.HasChange("blades.0.ips") { + tempObject["ips"] = d.Get("blades.0.ips") + } + if d.HasChange("blades.0.identity_awareness") { + tempObject["identity-awareness"] = d.Get("blades.0.identity_awareness") + } + if d.HasChange("blades.0.content_awareness") { + tempObject["content-awareness"] = d.Get("blades.0.content_awareness") + } + if d.HasChange("blades.0.https_inspection") { + tempObject["https-inspection"] = d.Get("blades.0.https_inspection") + } + if d.HasChange("blades.0.application_control") { + tempObject["application-control"] = d.Get("blades.0.application_control") + } + if d.HasChange("blades.0.url_filtering") { + tempObject["url-filtering"] = d.Get("blades.0.url_filtering") + } + if d.HasChange("blades.0.anti_bot") { + tempObject["anti-bot"] = d.Get("blades.0.anti_bot") + } + if d.HasChange("blades.0.anti_virus") { + tempObject["anti-virus"] = d.Get("blades.0.anti_virus") + } + if d.HasChange("blades.0.threat_emulation") { + tempObject["threat-emulation"] = d.Get("blades.0.threat_emulation") + } + if d.HasChange("blades.0.ipsec_vpn") { + tempObject["ipsec-vpn"] = d.Get("blades.0.ipsec_vpn") + } + if d.HasChange("blades.0.vpn") { + tempObject["vpn"] = d.Get("blades.0.vpn") + } + if d.HasChange("blades.0.autonomous_threat_prevention") { + tempObject["autonomous-threat-prevention"] = d.Get("blades.0.autonomous_threat_prevention") + } + payload["blades"] = tempObject + } + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Set cme Azure GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/azure/" + name + cmeGWConfigurationRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeGWConfigurationRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + return readManagementCMEGWConfigurationsAzure(d, m) + +} + +func deleteManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + url := CmeApiPath + "/gwConfigurations/" + name + + log.Println("Delete cme Azure GW configuration - name = ", name) + res, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "DELETE") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := res.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go new file mode 100644 index 00000000..0aa9d9ee --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go @@ -0,0 +1,157 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEGWConfigurationsAzure_basic(t *testing.T) { + var azureGWConfiguration map[string]interface{} + resourceName := "checkpoint_management_cme_gw_configurations_azure.gw_configuration_test" + accountName := "test-account" + gwConfigurationName := "test-gw-configuration" + gwConfigurationVersion := "R81.10" + gwConfigurationBase64SIC := "MTIzNDU2Nzg=" + gwConfigurationPolicy := "Standard" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementCMEGWConfigurationsAzureDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEGWConfigurationsAzureConfig(accountName, gwConfigurationName, gwConfigurationVersion, + gwConfigurationBase64SIC, gwConfigurationPolicy), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceName, &azureGWConfiguration), + testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(&azureGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, + gwConfigurationPolicy, true, true), + ), + }, + }, + }) +} +func testAccCheckpointManagementCMEGWConfigurationsAzureDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_cme_gw_configurations_azure" { + continue + } + if rs.Primary.ID != "" { + url := CmeApiPath + "/gwConfigurations/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + res := response.GetData() + if !checkIfRequestFailed(res) { + return fmt.Errorf("Azure gw configuration (%s) still exists", rs.Primary.Attributes["name"]) + } + } + return nil + } + return nil +} + +func testAccManagementCMEGWConfigurationsAzureConfig(accountName string, gwConfigurationName string, gwConfigurationVersion string, + gwConfigurationBase64SIC string, gwConfigurationPolicy string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_azure" "account_test" { + name = "%s" + directory_id = "46707d92-02f4-4817-8116-a4c3b23e6266" + application_id = "46707d92-02f4-4817-8116-a4c3b23e6266" + client_secret = "mySecret" + subscription = "46707d92-02f4-4817-8116-a4c3b23e6266" +} + +resource "checkpoint_management_cme_gw_configurations_azure" "gw_configuration_test" { + name = "%s" + related_account = checkpoint_management_cme_accounts_azure.account_test.name + version = "%s" + base64_sic_key = "%s" + policy = "%s" + blades { + https_inspection = true + application_control = true + ips = false + anti_bot = false + anti_virus = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} +`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy) +} + +func testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/gwConfigurations/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(azureGWConfiguration *map[string]interface{}, gwConfigurationName string, + accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, httpsInspectionFlag bool, + applicationControlFlag bool) resource.TestCheckFunc { + return func(s *terraform.State) error { + gwConfiguration := (*azureGWConfiguration)["result"].(map[string]interface{}) + if gwConfiguration["name"] != gwConfigurationName { + return fmt.Errorf("name is %s, expected %s", gwConfiguration["name"], gwConfigurationName) + } + if gwConfiguration["related_account"] != accountName { + return fmt.Errorf("related account name is %s, expected %s", gwConfiguration["related_account"], accountName) + } + if gwConfiguration["version"] != gwConfigurationVersion { + return fmt.Errorf("version is %s, expected %s", gwConfiguration["version"], gwConfigurationVersion) + } + if gwConfiguration["policy"] != gwConfigurationPolicyName { + return fmt.Errorf("policy is %s, expected %s", gwConfiguration["policy"], gwConfigurationPolicyName) + } + blades := gwConfiguration["blades"].(map[string]interface{}) + httpsInspection := blades["https-inspection"] + applicationControl := blades["application-control"] + if httpsInspection != httpsInspectionFlag { + return fmt.Errorf("https inspection is %t, expected %t", httpsInspection, httpsInspectionFlag) + } + if applicationControl != applicationControlFlag { + return fmt.Errorf("application control is %t, expected %t", applicationControl, applicationControlFlag) + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go new file mode 100644 index 00000000..f1bdb7b5 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go @@ -0,0 +1,525 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" + "strconv" +) + +func resourceManagementCMEGWConfigurationsGCP() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEGWConfigurationsGCP, + Update: updateManagementCMEGWConfigurationsGCP, + Read: readManagementCMEGWConfigurationsGCP, + Delete: deleteManagementCMEGWConfigurationsGCP, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The GW configuration name.", + }, + "version": { + Type: schema.TypeString, + Required: true, + Description: "The GW version.", + }, + "base64_sic_key": { + Type: schema.TypeString, + Required: true, + Description: "Base64 key for trusted communication between management and GW.", + }, + "policy": { + Type: schema.TypeString, + Required: true, + Description: "Policy name to be installed on the GW.", + }, + "related_account": { + Type: schema.TypeString, + Required: true, + Description: "The CME account to associate with the GW Configuration.", + }, + "blades": { + Type: schema.TypeList, + MaxItems: 1, + Required: true, + Description: "Dictionary of activated/deactivated blades on the GW.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "ips": { + Type: schema.TypeBool, + Required: true, + Description: "IPS blade", + }, + "identity_awareness": { + Type: schema.TypeBool, + Required: true, + Description: "Identity Awareness blade", + }, + "content_awareness": { + Type: schema.TypeBool, + Required: true, + Description: "Content Awareness blade", + }, + "https_inspection": { + Type: schema.TypeBool, + Required: true, + Description: "HTTPS Inspection blade", + }, + "application_control": { + Type: schema.TypeBool, + Required: true, + Description: "Application Control blade", + }, + "url_filtering": { + Type: schema.TypeBool, + Required: true, + Description: "URL Filtering blade", + }, + "anti_bot": { + Type: schema.TypeBool, + Required: true, + Description: "Anti-Bot blade", + }, + "anti_virus": { + Type: schema.TypeBool, + Required: true, + Description: "Anti-Virus blade", + }, + "threat_emulation": { + Type: schema.TypeBool, + Required: true, + Description: "Threat Emulation blade", + }, + "ipsec_vpn": { + Type: schema.TypeBool, + Required: true, + Description: "IPsec VPN blade", + }, + "vpn": { + Type: schema.TypeBool, + Required: true, + Description: "VPN blade", + }, + "autonomous_threat_prevention": { + Type: schema.TypeBool, + Required: true, + Description: "Autonomous Threat Prevention blade.", + }, + }, + }, + }, + "repository_gateway_scripts": { + Type: schema.TypeList, + Optional: true, + Description: "List of objects that each contains name/UID of a script that exists in the scripts repository" + + " on the Management server.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "Script name", + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: "Script uid", + }, + "parameters": { + Type: schema.TypeString, + Optional: true, + Description: "Script parameters (separated by space)", + }, + }, + }, + }, + "send_logs_to_server": { + Type: schema.TypeList, + Optional: true, + Description: "Primary Log Servers names to which logs are sent. Defined Log Server will act as Log and" + + " Alert Servers. Must be defined as part of Log Servers parameters.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_logs_to_backup_server": { + Type: schema.TypeList, + Optional: true, + Description: "Backup Log Servers names to which logs are sent in case Primary Log Servers are unavailable.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "send_alerts_to_server": { + Type: schema.TypeList, + Optional: true, + Description: "Alert Log Servers names to which alerts are sent.", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + } +} + +func readManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Read cme GCP GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/" + name + + GCPGWConfigurationRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + gwConfiguration := GCPGWConfigurationRes.GetData() + if checkIfRequestFailed(gwConfiguration) { + if cmeObjectNotFound(gwConfiguration) { + d.SetId("") + return nil + } + errMessage := buildErrorMessage(gwConfiguration) + return fmt.Errorf(errMessage) + } + + GCPGWConfiguration := gwConfiguration["result"].(map[string]interface{}) + + _ = d.Set("name", GCPGWConfiguration["name"]) + + _ = d.Set("version", GCPGWConfiguration["version"]) + + _ = d.Set("policy", GCPGWConfiguration["policy"]) + + _ = d.Set("related_account", GCPGWConfiguration["related_account"]) + + var bladesListToReturn []map[string]interface{} + bladesMapToAdd := make(map[string]interface{}) + if GCPGWConfiguration["blades"] != nil { + bladesMap := GCPGWConfiguration["blades"].(map[string]interface{}) + bladesMapToAdd["ips"] = bladesMap["ips"] + bladesMapToAdd["identity_awareness"] = bladesMap["identity-awareness"] + bladesMapToAdd["content_awareness"] = bladesMap["content-awareness"] + bladesMapToAdd["https_inspection"] = bladesMap["https-inspection"] + bladesMapToAdd["application_control"] = bladesMap["application-control"] + bladesMapToAdd["url_filtering"] = bladesMap["url-filtering"] + bladesMapToAdd["anti_bot"] = bladesMap["anti-bot"] + bladesMapToAdd["anti_virus"] = bladesMap["anti-virus"] + bladesMapToAdd["threat_emulation"] = bladesMap["threat-emulation"] + bladesMapToAdd["ipsec_vpn"] = bladesMap["ipsec-vpn"] + bladesMapToAdd["vpn"] = bladesMap["vpn"] + bladesMapToAdd["autonomous_threat_prevention"] = bladesMap["autonomous-threat-prevention"] + } else { + bladesMapToAdd["ips"] = false + bladesMapToAdd["identity_awareness"] = false + bladesMapToAdd["content_awareness"] = false + bladesMapToAdd["https_inspection"] = false + bladesMapToAdd["application_control"] = false + bladesMapToAdd["url_filtering"] = false + bladesMapToAdd["anti_bot"] = false + bladesMapToAdd["anti_virus"] = false + bladesMapToAdd["threat_emulation"] = false + bladesMapToAdd["ipsec_vpn"] = false + bladesMapToAdd["vpn"] = false + bladesMapToAdd["autonomous_threat_prevention"] = false + } + bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) + _ = d.Set("blades", bladesListToReturn) + + if GCPGWConfiguration["repository-gateway-scripts"] != nil { + scriptsList := GCPGWConfiguration["repository-gateway-scripts"].([]interface{}) + if len(scriptsList) > 0 { + var scriptsListToReturn []map[string]interface{} + for i := range scriptsList { + scriptMap := scriptsList[i].(map[string]interface{}) + scriptMapToAdd := make(map[string]interface{}) + scriptMapToAdd["name"] = scriptMap["name"] + scriptMapToAdd["uid"] = scriptMap["uid"] + scriptMapToAdd["parameters"] = scriptMap["parameters"] + scriptsListToReturn = append(scriptsListToReturn, scriptMapToAdd) + } + _ = d.Set("repository_gateway_scripts", scriptsListToReturn) + } else { + _ = d.Set("repository_gateway_scripts", scriptsList) + } + } else { + _ = d.Set("repository_gateway_scripts", nil) + } + _ = d.Set("send_logs_to_server", GCPGWConfiguration["send-logs-to-server"]) + + _ = d.Set("send_logs_to_backup_server", GCPGWConfiguration["send-logs-to-backup-server"]) + + _ = d.Set("send_alerts_to_server", GCPGWConfiguration["send-alerts-to-server"]) + + return nil + +} + +func createManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if v, ok := d.GetOk("version"); ok { + payload["version"] = v.(string) + } + if v, ok := d.GetOk("base64_sic_key"); ok { + payload["base64_sic_key"] = v.(string) + } + if v, ok := d.GetOk("policy"); ok { + payload["policy"] = v.(string) + } + if v, ok := d.GetOk("related_account"); ok { + payload["related_account"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts"); ok { + scriptsList := v.([]interface{}) + if len(scriptsList) > 0 { + var scriptsPayload []map[string]interface{} + for i := range scriptsList { + tempObject := make(map[string]interface{}) + + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".uid"); ok { + tempObject["uid"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".parameters"); ok { + tempObject["parameters"] = v.(string) + } + scriptsPayload = append(scriptsPayload, tempObject) + } + payload["repository_gateway_scripts"] = scriptsPayload + } else { + payload["repository_gateway_scripts"] = scriptsList + } + } + + if v, ok := d.GetOk("send_logs_to_server"); ok { + payload["send_logs_to_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_logs_to_backup_server"); ok { + payload["send_logs_to_backup_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("send_alerts_to_server"); ok { + payload["send_alerts_to_server"] = v.([]interface{}) + } + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + if _, ok := d.GetOk("blades"); ok { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOk("blades.0.ips"); ok { + tempObject["ips"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.identity_awareness"); ok { + tempObject["identity-awareness"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.content_awareness"); ok { + tempObject["content-awareness"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.https_inspection"); ok { + tempObject["https-inspection"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.application_control"); ok { + tempObject["application-control"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.url_filtering"); ok { + tempObject["url-filtering"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.anti_bot"); ok { + tempObject["anti-bot"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.anti_virus"); ok { + tempObject["anti-virus"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.threat_emulation"); ok { + tempObject["threat-emulation"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.ipsec_vpn"); ok { + tempObject["ipsec-vpn"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.vpn"); ok { + tempObject["vpn"] = v.(bool) + } + if v, ok := d.GetOk("blades.0.autonomous_threat_prevention"); ok { + tempObject["autonomous-threat-prevention"] = v.(bool) + } + payload["blades"] = tempObject + } + + log.Println("Create cme GCP GW configuration - name = ", payload["name"]) + + url := CmeApiPath + "/gwConfigurations/gcp" + + cmeGWConfigurationRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed()) + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeGWConfigurationRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("cme-gcp-gw-configuration-" + d.Get("name").(string) + "-" + acctest.RandString(10)) + + return readManagementCMEGWConfigurationsGCP(d, m) +} + +func updateManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + payload := make(map[string]interface{}) + + if d.HasChange("version") { + payload["version"] = d.Get("version") + } + if d.HasChange("base64_sic_key") { + payload["base64_sic_key"] = d.Get("base64_sic_key") + } + if d.HasChange("policy") { + payload["policy"] = d.Get("policy") + } + if d.HasChange("related_account") { + payload["related_account"] = d.Get("related_account") + } + if d.HasChange("repository_gateway_scripts") { + if v, ok := d.GetOk("repository_gateway_scripts"); ok { + scriptsList := v.([]interface{}) + if len(scriptsList) > 0 { + var scriptsPayload []map[string]interface{} + for i := range scriptsList { + tempObject := make(map[string]interface{}) + + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".name"); ok { + tempObject["name"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".uid"); ok { + tempObject["uid"] = v.(string) + } + if v, ok := d.GetOk("repository_gateway_scripts." + strconv.Itoa(i) + ".parameters"); ok { + tempObject["parameters"] = v.(string) + } + scriptsPayload = append(scriptsPayload, tempObject) + } + payload["repository_gateway_scripts"] = scriptsPayload + } else { + payload["repository_gateway_scripts"] = scriptsList + } + } else { + payload["repository_gateway_scripts"] = v.([]interface{}) + } + } + if d.HasChange("send_logs_to_server") { + payload["send_logs_to_server"] = d.Get("send_logs_to_server") + } + if d.HasChange("send_logs_to_backup_server") { + payload["send_logs_to_backup_server"] = d.Get("send_logs_to_backup_server") + } + if d.HasChange("send_alerts_to_server") { + payload["send_alerts_to_server"] = d.Get("send_alerts_to_server") + } + if d.HasChange("blades") { + tempObject := make(map[string]interface{}) + if d.HasChange("blades.0.ips") { + tempObject["ips"] = d.Get("blades.0.ips") + } + if d.HasChange("blades.0.identity_awareness") { + tempObject["identity-awareness"] = d.Get("blades.0.identity_awareness") + } + if d.HasChange("blades.0.content_awareness") { + tempObject["content-awareness"] = d.Get("blades.0.content_awareness") + } + if d.HasChange("blades.0.https_inspection") { + tempObject["https-inspection"] = d.Get("blades.0.https_inspection") + } + if d.HasChange("blades.0.application_control") { + tempObject["application-control"] = d.Get("blades.0.application_control") + } + if d.HasChange("blades.0.url_filtering") { + tempObject["url-filtering"] = d.Get("blades.0.url_filtering") + } + if d.HasChange("blades.0.anti_bot") { + tempObject["anti-bot"] = d.Get("blades.0.anti_bot") + } + if d.HasChange("blades.0.anti_virus") { + tempObject["anti-virus"] = d.Get("blades.0.anti_virus") + } + if d.HasChange("blades.0.threat_emulation") { + tempObject["threat-emulation"] = d.Get("blades.0.threat_emulation") + } + if d.HasChange("blades.0.ipsec_vpn") { + tempObject["ipsec-vpn"] = d.Get("blades.0.ipsec_vpn") + } + if d.HasChange("blades.0.vpn") { + tempObject["vpn"] = d.Get("blades.0.vpn") + } + if d.HasChange("blades.0.autonomous_threat_prevention") { + tempObject["autonomous-threat-prevention"] = d.Get("blades.0.autonomous_threat_prevention") + } + payload["blades"] = tempObject + } + var name string + + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + log.Println("Set cme GCP GW configuration - name = ", name) + + url := CmeApiPath + "/gwConfigurations/gcp/" + name + cmeGWConfigurationRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeGWConfigurationRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + return readManagementCMEGWConfigurationsGCP(d, m) + +} + +func deleteManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + var name string + if v, ok := d.GetOk("name"); ok { + name = v.(string) + } + url := CmeApiPath + "/gwConfigurations/" + name + + log.Println("Delete cme GCP GW configuration - name = ", name) + res, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "DELETE") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := res.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go new file mode 100644 index 00000000..8e1c0a9c --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go @@ -0,0 +1,155 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEGWConfigurationsGCP_basic(t *testing.T) { + var gcpGWConfiguration map[string]interface{} + resourceName := "checkpoint_management_cme_gw_configurations_gcp.gw_configuration_test" + accountName := "test-account" + gwConfigurationName := "test-gw-configuration" + gwConfigurationVersion := "R81.20" + gwConfigurationBase64SIC := "MTIzNDU2Nzg=" + gwConfigurationPolicy := "Standard" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckpointManagementCMEGWConfigurationsGCPDestroy, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEGWConfigurationsGCPConfig(accountName, gwConfigurationName, gwConfigurationVersion, + gwConfigurationBase64SIC, gwConfigurationPolicy), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEGWConfigurationsGCPExists(resourceName, &gcpGWConfiguration), + testAccCheckCheckpointManagementCMEGWConfigurationsGCPAttributes(&gcpGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, + gwConfigurationPolicy, true, true), + ), + }, + }, + }) +} +func testAccCheckpointManagementCMEGWConfigurationsGCPDestroy(s *terraform.State) error { + client := testAccProvider.Meta().(*checkpoint.ApiClient) + for _, rs := range s.RootModule().Resources { + if rs.Type != "checkpoint_management_cme_gw_configurations_gcp" { + continue + } + if rs.Primary.ID != "" { + url := CmeApiPath + "/gwConfigurations/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + res := response.GetData() + if !checkIfRequestFailed(res) { + return fmt.Errorf("GCP gw configuration (%s) still exists", rs.Primary.Attributes["name"]) + } + } + return nil + } + return nil +} + +func testAccManagementCMEGWConfigurationsGCPConfig(accountName string, gwConfigurationName string, gwConfigurationVersion string, + gwConfigurationBase64SIC string, gwConfigurationPolicy string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_accounts_gcp" "account_test" { + name = "%s" + project_id = "my-project-1" + credentials_file = "LocalGWSetMap.json" +} + +resource "checkpoint_management_cme_gw_configurations_gcp" "gw_configuration_test" { + name = "%s" + related_account = checkpoint_management_cme_accounts_gcp.account_test.name + version = "%s" + base64_sic_key = "%s" + policy = "%s" + blades { + content_awareness = true + identity_awareness = true + https_inspection = false + application_control = false + ips = false + anti_bot = false + anti_virus = false + autonomous_threat_prevention = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} +`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy) +} + +func testAccCheckCheckpointManagementCMEGWConfigurationsGCPExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/gwConfigurations/" + rs.Primary.Attributes["name"] + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEGWConfigurationsGCPAttributes(gcpGWConfiguration *map[string]interface{}, gwConfigurationName string, + accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, contentAwarenessFlag bool, + identityAwarenessFlag bool) resource.TestCheckFunc { + return func(s *terraform.State) error { + gwConfiguration := (*gcpGWConfiguration)["result"].(map[string]interface{}) + if gwConfiguration["name"] != gwConfigurationName { + return fmt.Errorf("name is %s, expected %s", gwConfiguration["name"], gwConfigurationName) + } + if gwConfiguration["related_account"] != accountName { + return fmt.Errorf("related account name is %s, expected %s", gwConfiguration["related_account"], accountName) + } + if gwConfiguration["version"] != gwConfigurationVersion { + return fmt.Errorf("version is %s, expected %s", gwConfiguration["version"], gwConfigurationVersion) + } + if gwConfiguration["policy"] != gwConfigurationPolicyName { + return fmt.Errorf("policy is %s, expected %s", gwConfiguration["policy"], gwConfigurationPolicyName) + } + blades := gwConfiguration["blades"].(map[string]interface{}) + contentAwareness := blades["content-awareness"] + identityAwareness := blades["identity-awareness"] + if contentAwareness != contentAwarenessFlag { + return fmt.Errorf("content awareness is %t, expected %t", contentAwareness, contentAwarenessFlag) + } + if identityAwareness != identityAwarenessFlag { + return fmt.Errorf("identity awareness is %t, expected %t", identityAwareness, identityAwarenessFlag) + } + return nil + } +} diff --git a/checkpoint/resource_checkpoint_management_cme_management.go b/checkpoint/resource_checkpoint_management_cme_management.go new file mode 100755 index 00000000..ca7c1b22 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_management.go @@ -0,0 +1,117 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "log" +) + +func resourceManagementCMEManagement() *schema.Resource { + return &schema.Resource{ + Create: createManagementCMEManagement, + Update: updateManagementCMEManagement, + Read: readManagementCMEManagement, + Delete: deleteManagementCMEManagement, + Importer: &schema.ResourceImporter{ + State: schema.ImportStatePassthrough, + }, + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + Description: "The name of the management server.", + }, + "domain": { + Type: schema.TypeString, + Optional: true, + Description: "The management's domain name in MDS environment.", + }, + "host": { + Type: schema.TypeString, + Computed: true, + Description: "The host of the management server.", + }, + }, + } +} + +func createManagementCMEManagement(d *schema.ResourceData, m interface{}) error { + err := createUpdateManagementCMEManagement(d, m) + if err != nil { + return err + } + d.SetId("cme-management-" + acctest.RandString(10)) + return readManagementCMEManagement(d, m) +} + +func updateManagementCMEManagement(d *schema.ResourceData, m interface{}) error { + err := createUpdateManagementCMEManagement(d, m) + if err != nil { + return err + } + return readManagementCMEManagement(d, m) +} + +func createUpdateManagementCMEManagement(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + payload := make(map[string]interface{}) + if v, ok := d.GetOk("name"); ok { + payload["name"] = v.(string) + } + if v, ok := d.GetOk("domain"); ok { + payload["domain"] = v.(string) + } + + log.Println("Update cme management - payload = ", payload) + + url := CmeApiPath + "/management" + + cmeManagementRes, err := client.ApiCall(url, payload, client.GetSessionID(), true, client.IsProxyUsed(), "PUT") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeManagementRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + return nil +} + +func readManagementCMEManagement(d *schema.ResourceData, m interface{}) error { + client := m.(*checkpoint.ApiClient) + + log.Println("Read cme management") + url := CmeApiPath + "/management" + + cmeManagementRes, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + + if err != nil { + return fmt.Errorf(err.Error()) + } + + data := cmeManagementRes.GetData() + if checkIfRequestFailed(data) { + errMessage := buildErrorMessage(data) + return fmt.Errorf(errMessage) + } + cmeManagementData := data["result"].(map[string]interface{}) + + _ = d.Set("name", cmeManagementData["name"]) + + _ = d.Set("domain", cmeManagementData["domain"]) + + _ = d.Set("host", cmeManagementData["host"]) + + return nil +} + +func deleteManagementCMEManagement(d *schema.ResourceData, m interface{}) error { + d.SetId("") + return nil +} diff --git a/checkpoint/resource_checkpoint_management_cme_management_test.go b/checkpoint/resource_checkpoint_management_cme_management_test.go new file mode 100644 index 00000000..693e6212 --- /dev/null +++ b/checkpoint/resource_checkpoint_management_cme_management_test.go @@ -0,0 +1,93 @@ +package checkpoint + +import ( + "fmt" + checkpoint "github.com/CheckPointSW/cp-mgmt-api-go-sdk/APIFiles" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" + "os" + "testing" +) + +func TestAccCheckpointManagementCMEManagement_basic(t *testing.T) { + var managementObject map[string]interface{} + DefaultManagementName := "MGMT" + resourceName := "checkpoint_management_cme_management.test" + ManagementName := "test-management" + + context := os.Getenv("CHECKPOINT_CONTEXT") + if context == "" { + t.Skip("Env CHECKPOINT_CONTEXT must be specified to run this test") + } else if context != "web_api" { + t.Skip("Skipping cme api test") + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccManagementCMEManagementConfig(ManagementName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEManagementExists(resourceName, &managementObject), + testAccCheckCheckpointManagementCMEManagementAttributes(&managementObject, ManagementName, "localhost"), + ), + }, + { + Config: testAccManagementCMEManagementConfig(DefaultManagementName), + Check: resource.ComposeTestCheckFunc( + testAccCheckCheckpointManagementCMEManagementExists(resourceName, &managementObject), + testAccCheckCheckpointManagementCMEManagementAttributes(&managementObject, DefaultManagementName, "localhost"), + ), + }, + }, + }) +} + +func testAccManagementCMEManagementConfig(ManagementName string) string { + return fmt.Sprintf(` +resource "checkpoint_management_cme_management" "test" { + name = "%s" +} +`, ManagementName) +} + +func testAccCheckCheckpointManagementCMEManagementExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[resourceTfName] + if !ok { + return fmt.Errorf("resource not found: %s", resourceTfName) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("ID is not set") + } + + client := testAccProvider.Meta().(*checkpoint.ApiClient) + url := CmeApiPath + "/management" + response, err := client.ApiCall(url, nil, client.GetSessionID(), true, client.IsProxyUsed(), "GET") + if err != nil { + return err + } + + *res = response.GetData() + if checkIfRequestFailed(*res) { + errMessage := buildErrorMessage(*res) + return fmt.Errorf(errMessage) + } + return nil + } +} + +func testAccCheckCheckpointManagementCMEManagementAttributes(managementObject *map[string]interface{}, ManagementName string, host string) resource.TestCheckFunc { + return func(s *terraform.State) error { + managementData := (*managementObject)["result"].(map[string]interface{}) + if managementData["name"] != ManagementName { + return fmt.Errorf("management name is %s, expected %s", managementData["name"], ManagementName) + } + if managementData["host"] != host { + return fmt.Errorf("host is %s, expected %s", managementData["host"], host) + } + return nil + } +} diff --git a/website/checkpoint.erb b/website/checkpoint.erb index f11236f8..7171464b 100644 --- a/website/checkpoint.erb +++ b/website/checkpoint.erb @@ -517,6 +517,30 @@ > checkpoint_management_lsm_cluster + > + checkpoint_management_cme_accounts_aws + + > + checkpoint_management_cme_accounts_azure + + > + checkpoint_management_cme_accounts_gcp + + > + checkpoint_management_cme_delay_cycle + + > + checkpoint_management_cme_gw_configurations_aws + + > + checkpoint_management_cme_gw_configurations_azure + + > + checkpoint_management_cme_gw_configurations_gcp + + > + checkpoint_management_cme_management + @@ -907,6 +931,42 @@ > checkpoint_management_updatable_object + > + checkpoint_management_cme_accounts + + > + checkpoint_management_cme_accounts_aws + + > + checkpoint_management_cme_accounts_azure + + > + checkpoint_management_cme_accounts_gcp + + > + checkpoint_management_cme_api_versions + + > + checkpoint_management_cme_delay_cycle + + > + checkpoint_management_cme_gw_configurations + + > + checkpoint_management_cme_gw_configurations_aws + + > + checkpoint_management_cme_gw_configurations_azure + + > + checkpoint_management_cme_gw_configurations_gcp + + > + checkpoint_management_cme_management + + > + checkpoint_management_cme_version + diff --git a/website/docs/d/checkpoint_management_cme_accounts.html.markdown b/website/docs/d/checkpoint_management_cme_accounts.html.markdown new file mode 100644 index 00000000..0b189ad7 --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_accounts.html.markdown @@ -0,0 +1,36 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-accounts" +description: |- Use this data source to get information on all Check Point CME Accounts. +--- + +# Data Source: checkpoint_management_cme_accounts + +Use this data source to get information on all Check Point CME Accounts. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_accounts" "accounts" { +} +``` + +## Argument Reference + +These arguments are supported: + +* `result` - List of all accounts, each with this data: + * `name` - Unique account name for identification. + * `platform` - The platform of the account. + * `gw_configurations` - A list of Gateway configurations attached to the account. + * `deletion_tolerance` - The number of CME cycles to wait when the cloud provider does not return a GW until its + deletion. + * `domain` - The account's domain name in Multi-Domain Security Management Server environment. + +Note: To get the full data for each account, use the specific data source of the account platform (checkpoint_management_cme_accounts_). \ No newline at end of file diff --git a/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown new file mode 100644 index 00000000..5966a4bf --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown @@ -0,0 +1,53 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts_aws" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-accounts-aws" +description: |- Use this data source to get information on an existing Check Point CME AWS Account. +--- + +# Data Source: checkpoint_management_cme_accounts_aws + +Use this data source to get information on an existing Check Point CME AWS Account. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_accounts_aws" "aws_account" { + name = "awsAccount" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) Unique account name for identification. +* `regions` - Comma-separated list of AWS regions where gateways are being deployed. +* `platform` - The platform of the account. +* `gw_configurations` - A list of Gateway configurations attached to the account. +* `credentials_file` - The credentials file. +* `deletion_tolerance` - The number of CME cycles to wait when the cloud provider does not return a Gateway until its + deletion. +* `access_key` - AWS access key. +* `secret_key` - AWS secret key. +* `sts_role` - AWS STS role. +* `sts_external_id` - AWS STS external id. Must exist with STS role. +* `scan_gateways` - true/false for scan gateways with AWS Transit Gateway. +* `scan_vpn` - true/false for scan VPN with AWS Transit Gateway. +* `scan_load_balancers` - true/false for scan load balancers access and NAT rules with AWS Transit Gateway. +* `scan_subnets` - true/false for scan subnets with AWS Gateway Load Balancer. +* `communities` - Comma-separated list of communities which are allowed for VPN connections of AWS Transit Gateway that + are discovered by this account. +* `sub_accounts` - AWS sub-accounts. Supports the following: + * `name` - Sub-account name. + * `credentials_file` - Sub-account credentials file. + * `access_key` - Sub-account access key. + * `secret_key` - Sub-account secret key. + * `sts_role` - Sub-account STS role. + * `sts_external_id` - Sub-account STS external id. Must exist with STS role. +* `domain` - The account's domain name in Multi-Domain Security Management Server environment. diff --git a/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown new file mode 100644 index 00000000..9e6cf60d --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown @@ -0,0 +1,38 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts_azure" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-accounts-azure" +description: |- Use this data source to get information on an existing Check Point CME Azure Account. +--- + +# Data Source: checkpoint_management_cme_accounts_azure + +Use this data source to get information on an existing Check Point CME Azure Account. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_accounts_azure" "azure_account" { + name = "azureAccount" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) Unique account name for identification. +* `subscription` - Azure subscription ID. +* `directory_id` - Azure Active Directory tenant ID. +* `application_id` - The application ID related to the service principal. +* `client_secret` - The service principal's client secret. +* `deletion_tolerance` - The number of CME cycles to wait when the cloud provider does not return a Gateway until its + deletion. +* `domain` - The account's domain name in Multi-Domain Security Management Server environment. +* `platform` - The platform of the account. +* `gw_configurations` - A list of Gateway configurations attached to the account. diff --git a/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown new file mode 100644 index 00000000..d26e2f47 --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown @@ -0,0 +1,37 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts_gcp" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-accounts-gcp" +description: |- Use this data source to get information on an existing Check Point CME GCP Account. +--- + +# Data Source: checkpoint_management_cme_accounts_gcp + +Use this data source to get information on an existing Check Point CME GCP Account. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_accounts_gcp" "gcp_account" { + name = "gcpAccount" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) Unique account name for identification. +* `project_id` - GCP project id. +* `credentials_file` - The credentials file. +* `credentials_data` - Base64 encoded string that represents the content of the credentials file. +* `deletion_tolerance` - The number of CME cycles to wait when the cloud provider does not return a Gateway until its + deletion. +* `domain` - The account's domain name in Multi-Domain Security Management Server environment. +* `platform` - The platform of the account. +* `gw_configurations` - A list of Gateway configurations attached to the account. diff --git a/website/docs/d/checkpoint_management_cme_api_versions.html.markdown b/website/docs/d/checkpoint_management_cme_api_versions.html.markdown new file mode 100644 index 00000000..7a55c01b --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_api_versions.html.markdown @@ -0,0 +1,29 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_api_versions" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-api-versions" +description: |- Use this data source to get information on existing Check Point CME API versions. +--- + +# Data Source: checkpoint_management_cme_api_versions + +Use this data source to get information on existing Check Point CME API versions. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_api_versions" "api_versions" { +} +``` + +## Argument Reference + +These arguments are supported: + +* `current_version` - Current CME API version. +* `supported_versions` - CME supported versions. diff --git a/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown b/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown new file mode 100644 index 00000000..3154e7cb --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown @@ -0,0 +1,28 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_delay_cycle" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-delay-cycle" +description: |- Use this data source to get information on existing Check Point CME Delay Cycle. +--- + +# Data Source: checkpoint_management_cme_management + +Use this data source to get information on existing Check Point CME Delay Cycle. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_delay_cycle" "delay_cycle" { +} +``` + +## Argument Reference + +These arguments are supported: + +* `delay_cycle` - Time to wait in seconds after each poll cycle. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown new file mode 100644 index 00000000..6e9dd460 --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown @@ -0,0 +1,55 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-gw-configurations" +description: |- Use this data source to get information on all Check Point CME Gateway Configurations. +--- + +# Data Source: checkpoint_management_cme_gw_configurations + +Use this data source to get information on all Check Point CME Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_gw_configurations" "gw_configurations" { +} +``` + +## Argument Reference + +These arguments are supported: + +* `result` - List of all Gateway configurations, each with the following data: + * `name` - The Gateway configuration name. + * `version` - The Gateway version. + * `sic_key` - SIC key for trusted communication between the Management server and the Gateway. + * `policy` - The policy name to install on the Gateway. + * `related_account` - The related CME account name associated with the Gateway configuration. + * `blades` - Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - IPS blade. + * `anti_bot` - Anti-Bot blade. + * `anti_virus` - Anti-Virus blade. + * `https_inspection` - HTTPS Inspection blade. + * `application_control` - Application Control blade. + * `autonomous_threat_prevention` - ATP blade. + * `content_awareness` - Content Awareness blade. + * `identity_awareness` - Identity Awareness blade. + * `ipsec_vpn` - IPsec VPN blade. + * `threat_emulation` - Threat Emulation blade. + * `url_filtering` - URL Filtering blade. + * `vpn` - VPN blade. + * `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the + scripts repository on the Management server. Supports these parameters: + * `name` - The name of the script. + * `uid` - The UID of the script. + * `parameters` - Script parameters. + * `send_logs_to_server` - Comma-separated list of Primary Log Servers names to which logs are sent. + * `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the + Primary Log Servers are unavailable. + * `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown new file mode 100644 index 00000000..7f6c5b4f --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown @@ -0,0 +1,62 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations_aws" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-gw-configurations-aws" +description: |- Use this data source to get information on an existing Check Point CME AWS Gateway Configurations. +--- + +# Data Source: checkpoint_management_cme_gw_configurations_aws + +Use this data source to get information on an existing Check Point CME AWS Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_gw_configurations_aws" "gw_config_aws" { + name = "awsGWConfigurations" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The Gateway configuration name. +* `version` - The Gateway version. +* `sic_key` - SIC key for trusted communication between the Management and the Gateway. +* `policy` - The policy name to install on the Gateway. +* `related_account` - The related CME account name associated with the Gateway configuration. +* `blades` - Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - IPS blade. + * `anti_bot` - Anti-Bot blade. + * `anti_virus` - Anti-Virus blade. + * `https_inspection` - HTTPS Inspection blade. + * `application_control` - Application Control blade. + * `autonomous_threat_prevention` - ATP blade. + * `content_awareness` - Content Awareness blade. + * `identity_awareness` - Identity Awareness blade. + * `ipsec_vpn` - IPsec VPN blade. + * `threat_emulation` - Threat Emulation blade. + * `url_filtering` - URL Filtering blade. + * `vpn` - VPN blade. +* `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts + repository on the Management server. Supports these parameters: + * `name` - The name of the script. + * `uid` - The UID of the script. + * `parameters` - Script parameters. +* `vpn_domain` - The group object is set as the VPN domain for the VPN Gateway. +* `vpn_community` - A star community to place the VPN Gateway as center. +* `deployment_type` - The deployment type of the CloudGuard Security Gateways. +* `tgw_static_routes` - Comma-separated list of CIDRs; for each CIDR, a static route is created on each Gateway of the + Transit Gateway auto-scaling group. +* `tgw_spoke_routes` - Comma-separated list of spoke CIDRs; each spoke CIDR that is learned from the Transit Gateway + over BGP is re-advertised by the Gateways of the Transit Gateway auto-scaling group to the AWS Transit Gateway. +* `send_logs_to_server` - Comma-separated list of Primary Log Servers names to which logs are sent. +* `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary + Log Servers are unavailable. +* `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown new file mode 100644 index 00000000..ecef1275 --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown @@ -0,0 +1,55 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations_azure" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-gw-configurations-azure" +description: |- Use this data source to get information on an existing Check Point CME Azure Gateway Configurations. +--- + +# Data Source: checkpoint_management_cme_gw_configurations_azure + +Use this data source to get information on an existing Check Point CME Azure Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_gw_configurations_azure" "gw_config_azure" { + name = "azureGWConfigurations" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The Gateway configuration name. +* `version` - The Gateway version. +* `sic_key` - SIC key for trusted communication between the Management and the Gateway. +* `policy` - The policy name to install on the Gateway. +* `related_account` - The related CME account name associated with the Gateway configuration. +* `blades` - Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - IPS blade. + * `anti_bot` - Anti-Bot blade. + * `anti_virus` - Anti-Virus blade. + * `https_inspection` - HTTPS Inspection blade. + * `application_control` - Application Control blade. + * `autonomous_threat_prevention` - ATP blade. + * `content_awareness` - Content Awareness blade. + * `identity_awareness` - Identity Awareness blade. + * `ipsec_vpn` - IPsec VPN blade. + * `threat_emulation` - Threat Emulation blade. + * `url_filtering` - URL Filtering blade. + * `vpn` - VPN blade. +* `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts + repository on the Management server. Supports these parameters: + * `name` - The name of the script. + * `uid` - The UID of the script. + * `parameters` - Script parameters. +* `send_logs_to_server` - Comma-separated list of Primary Log Servers names to which logs are sent. +* `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary + Log Servers are unavailable. +* `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown new file mode 100644 index 00000000..d748268e --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown @@ -0,0 +1,55 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations_gcp" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-gw-configurations-gcp" +description: |- Use this data source to get information on an existing Check Point CME GCP Gateway Configurations. +--- + +# Data Source: checkpoint_management_cme_gw_configurations_gcp + +Use this data source to get information on an existing Check Point CME GCP Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_gw_configurations_gcp" "gw_config_gcp" { + name = "gcpGWConfigurations" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The Gateway configuration name. +* `version` - The Gateway version. +* `sic_key` - SIC key for trusted communication between the Management and the Gateway. +* `policy` - The policy name to install on the Gateway. +* `related_account` - The related CME account name associated with the Gateway configuration. +* `blades` - Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - IPS blade. + * `anti_bot` - Anti-Bot blade. + * `anti_virus` - Anti-Virus blade. + * `https_inspection` - HTTPS Inspection blade. + * `application_control` - Application Control blade. + * `autonomous_threat_prevention` - ATP blade. + * `content_awareness` - Content Awareness blade. + * `identity_awareness` - Identity Awareness blade. + * `ipsec_vpn` - IPsec VPN blade. + * `threat_emulation` - Threat Emulation blade. + * `url_filtering` - URL Filtering blade. + * `vpn` - VPN blade. +* `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts + repository on the Management server. Supports these parameters: + * `name` - The name of the script. + * `uid` - The UID of the script. + * `parameters` - Script parameters. +* `send_logs_to_server` - Comma-separated list of Primary Log Servers names to which logs are sent. +* `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary + Log Servers are unavailable. +* `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/d/checkpoint_management_cme_management.html.markdown b/website/docs/d/checkpoint_management_cme_management.html.markdown new file mode 100644 index 00000000..4265291b --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_management.html.markdown @@ -0,0 +1,30 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_management" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-management" +description: |- Use this data source to get information on existing Check Point CME Management. +--- + +# Data Source: checkpoint_management_cme_management + +Use this data source to get information on existing Check Point CME Management. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_management" "mgmt" { +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - The name of the Management server. +* `domain` - The management's domain name in Multi-Domain Security Management Server environment. +* `host` - The host of the Management server. diff --git a/website/docs/d/checkpoint_management_cme_version.html.markdown b/website/docs/d/checkpoint_management_cme_version.html.markdown new file mode 100644 index 00000000..a1f15602 --- /dev/null +++ b/website/docs/d/checkpoint_management_cme_version.html.markdown @@ -0,0 +1,28 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_version" +sidebar_current: "docs-checkpoint-data-source-checkpoint-management-cme-version" +description: |- Use this data source to get information on existing Check Point CME version. +--- + +# Data Source: checkpoint_management_cme_version + +Use this data source to get information on existing Check Point CME version. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +data "checkpoint_management_cme_version" "cme_version" { +} +``` + +## Argument Reference + +These arguments are supported: + +* `take` - CME Take number. diff --git a/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown new file mode 100644 index 00000000..c5bf6efe --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown @@ -0,0 +1,75 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts_aws" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-accounts-aws" +description: |- This resource allows you to add/update/delete Check Point CME AWS Account. +--- + +# Resource: checkpoint_management_cme_accounts_aws + +This resource allows you to add/update/delete Check Point CME AWS Account. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_accounts_aws" "aws_account" { + name = "awsAccount" + regions = ["eu-north-1"] + credentials_file = "IAM" + scan_load_balancers = true + sts_role = "arn:aws:iam::123412341234:role/EXAMPLE" + sts_external_id = "12345" + sub_accounts { + name = "sub_account_a" + credentials_file = "IAM" + } + sub_accounts { + name = "sub_account_b" + access_key = "AKIAIOSFODNN7EXAMPLE" + secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" + } +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) Unique account name for identification without spaces. +* `regions` - (Required) Comma-separated list of AWS regions in which the Gateways are being deployed. +* `credentials_file` - (Optional) One of the these options: + 1. The name of a text file containing AWS credentials that is located in $FWDIR/conf/ directory for a Management + Server or + $MDSDIR/conf/ directory for a Multi-Domain Management Server. + 2. “IAM” to use an IAM role profile +* `deletion_tolerance` - (Optional) The number of CME cycles to wait when the cloud provider does not return a Gateway + until its deletion. +* `access_key` - (Optional) AWS access key. +* `secret_key` - (Optional) AWS secret key. +* `sts_role` - (Optional) AWS STS role. +* `sts_external_id` - (Optional) AWS STS external id. Must exist with STS role. +* `scan_gateways` - (Optional) Set true in order to scan gateways with AWS Transit Gateway. +* `scan_vpn` - (Optional) Set true in order to scan VPN with AWS Transit Gateway. +* `scan_load_balancers` - (Optional) Set true in order to scan load balancers access and NAT rules with AWS Transit + Gateway. +* `scan_subnets` - (Optional) Set true in order to scan subnets with AWS Gateway Load Balancer. +* `communities` - (Optional) Comma-separated list of communities that are allowed for VPN connections for AWS Transit + Gateways that are discovered by this account. +* `sub_accounts` - (Optional) AWS sub-accounts. Supports these parameters: + * `name` - (Required) Sub-account name. + * `credentials_file` - (Optional) Sub-account credentials file. + * `access_key` - (Optional) Sub-account access key. + * `secret_key` - (Optional) Sub-account secret key. + * `sts_role` - (Optional) Sub-account STS role. + * `sts_external_id` - (Optional) Sub-account STS external id. Must exist with STS role. +* `domain` - (Optional) The account's domain name in Multi-Domain Security Management Server environment. + +## Limitations + +`secret_key` attribute can be set only through terraform. If the `secret_key` is set with the autoprov_cfg command line +or CME API, terraform will not recognize the change. diff --git a/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown new file mode 100644 index 00000000..34a5be5d --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown @@ -0,0 +1,45 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts_azure" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-accounts-azure" +description: |- This resource allows you to add/update/delete Check Point CME Azure Account. +--- + +# Resource: checkpoint_management_cme_accounts_azure + +This resource allows you to add/update/delete Check Point CME Azure Account. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_accounts_azure" "azure_account" { + name = "azureAccount" + directory_id = "abcd1234-ab12-cd34-ef56-abcdef123456" + application_id = "abcd1234-ab12-cd34-ef56-abcdef123456" + client_secret = "mySecret" + subscription = "abcd1234-ab12-cd34-ef56-abcdef123456" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) Unique account name for identification without spaces. +* `subscription` - (Required) Azure subscription ID. +* `directory_id` - (Required) Azure Active Directory tenant ID. +* `application_id` - (Required) The application ID with which the service principal is associated. +* `client_secret` - (Required) The service principal's client secret. +* `deletion_tolerance` - (Optional) The number of CME cycles to wait when the cloud provider does not return a Gateway + until its deletion. +* `domain` - (Optional) The account's domain name in Multi-Domain Security Management Server environment. + +## Limitations + +`client_secret` attribute can be set only through terraform. If the `client_secret` is set with the autoprov_cfg +command line or CME API, terraform will not recognize the change. diff --git a/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown new file mode 100644 index 00000000..c38a297b --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown @@ -0,0 +1,38 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_accounts_gcp" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-accounts-gcp" +description: |- This resource allows you to add/update/delete Check Point CME GCP Account. +--- + +# Resource: checkpoint_management_cme_accounts_gcp + +This resource allows you to add/update/delete Check Point CME GCP Account. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_accounts_gcp" "gcp_account" { + name = "gcpAccount" + project_id = "my-project-1" + credentials_file = "cred_file.json" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) Unique account name for identification without spaces. +* `project_id` - (Required) GCP project id. +* `credentials_file` - (Optional) The name of a text file containing GCP credentials located in $FWDIR/conf directory + for a Management Server or $MDSDIR/conf directory for a Multi-Domain Security Management Server. +* `credentials_data` - (Optional) Base64 encoded string that represents the content of the credentials file. +* `deletion_tolerance` - (Optional) The number of CME cycles to wait when the cloud provider does not return a Gateway + until its deletion. +* `domain` - (Optional) The account's domain name in Multi-Domain Security Management Server environment. diff --git a/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown b/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown new file mode 100644 index 00000000..9080eb5d --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown @@ -0,0 +1,29 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_delay_cycle" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-delay-cycle" +description: |- This resource allows you to update an existing Check Point CME Delay Cycle. +--- + +# Resource: checkpoint_management_cme_delay_cycle + +This resource allows you to update an existing Check Point CME Delay Cycle. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_delay_cycle" "delay_cycle" { + delay_cycle = 30 +} +``` + +## Argument Reference + +These arguments are supported: + +* `delay_cycle` - (Required) Time to wait in seconds after each poll cycle. diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown new file mode 100644 index 00000000..f516bfb4 --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown @@ -0,0 +1,92 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations_aws" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-gw-configurations-aws" +description: |- This resource allows you to add/update/delete Check Point CME AWS Gateway Configurations. +--- + +# Resource: checkpoint_management_cme_gw_configurations_aws + +This resource allows you to add/update/delete Check Point CME AWS Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_gw_configurations_aws" "gw_config_aws" { + name = "awsGWConfigurations" + related_account = "awsAccount" + version = "R81" + base64_sic_key = "MTIzNDU2Nzg=" + policy = "Standard" + tgw_spoke_routes = ["192.168.100.0/24", "192.168.200.0/24"] + tgw_static_routes = ["10.0.0.0/16", "10.100.0.0/16"] + send_logs_to_server = ["PLS_A"] + send_logs_to_backup_server = ["BLS_B"] + send_alerts_to_server = ["ALS_C"] + repository_gateway_scripts { + name = "myScript" + parameters = "ls -l" + } + blades { + ips = true + anti_bot = false + anti_virus = false + https_inspection = false + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The Gateway configuration name without spaces. +* `version` - (Required) The Gateway version. +* `base64_sic_key` - (Required) Base64 key for trusted communication between the Management and the Gateway. +* `policy` - (Required) The policy name to install on the Gateway. +* `related_account` - (Required) The CME account name to associate with the Gateway Configuration. +* `blades` - (Required) Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - (Required) IPS blade. + * `anti_bot` - (Required) Anti-Bot blade. + * `anti_virus` - (Required) Anti-Virus blade. + * `https_inspection` - (Required) HTTPS Inspection blade. + * `application_control` - (Required) Application Control blade. + * `autonomous_threat_prevention` - (Required) ATP blade. + * `content_awareness` - (Required) Content Awareness blade. + * `identity_awareness` - (Required) Identity Awareness blade. + * `ipsec_vpn` - (Required) IPsec VPN blade. + * `threat_emulation` - (Required) Threat Emulation blade. + * `url_filtering` - (Required) URL Filtering blade. + * `vpn` - (Required) VPN blade. +* `repository_gateway_scripts` - (Optional) List of objects that each contain the name/UID of a script that exists in + the scripts repository on the Management server. Supports these parameters: + * `name` - (Required) The name of the script. + * `parameters` - (Optional) The parameters to pass to the script. +* `vpn_domain` - (Optional) The group object to set as the VPN domain for the VPN Gateway. + An empty string automatically sets an empty group as the encryption domain. Must be an empty string for 'TGW' + deployment type. +* `vpn_community` - (Optional) A star community to place the VPN Gateway as center. +* `deployment_type` - (Optional) The deployment type of the CloudGuard Security Gateways. +* `tgw_static_routes` - (Optional) Comma-separated list of CIDRs; for each CIDR a static route is created on each + Gateway of the Transit Gateway auto-scaling group. +* `tgw_spoke_routes` - (Optional) Comma separated list of spoke CIDRs; each spoke CIDR that is learned from the Transit + Gateway over BGP is re-advertised by the Gateways of the Transit Gateway auto-scaling group to the AWS Transit + Gateway. +* `send_logs_to_server` - (Optional) Comma-separated list of Primary Log Servers names to which logs are sent. + Configured Log Servers act as Log and Alert Servers. Must be defined as a part of Log Servers parameters. +* `send_logs_to_backup_server` - (Optional) Comma-separated list of Backup Log Servers names to which logs are sent if + the Primary Log Servers are unavailable. +* `send_alerts_to_server` - (Optional) Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown new file mode 100644 index 00000000..ae6c624b --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown @@ -0,0 +1,80 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations_azure" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-gw-configurations-azure" +description: |- This resource allows you to add/update/delete Check Point CME Azure Gateway Configurations. +--- + +# Resource: checkpoint_management_cme_gw_configurations_azure + +This resource allows you to add/update/delete Check Point CME Azure Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_gw_configurations_azure" "gw_config_azure" { + name = "azureGWConfigurations" + related_account = "azureAccount" + version = "R81" + base64_sic_key = "MTIzNDU2Nzg=" + policy = "Standard" + send_logs_to_server = ["PLS_A"] + send_logs_to_backup_server = ["BLS_B"] + send_alerts_to_server = ["ALS_C"] + repository_gateway_scripts { + name = "myScript" + parameters = "ls -l" + } + blades { + ips = true + anti_bot = true + anti_virus = true + https_inspection = false + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The Gateway configuration name without spaces. +* `version` - (Required) The Gateway version. +* `base64_sic_key` - (Required) Base64 key for trusted communication between the Management and the Gateway. +* `policy` - (Required) The policy name to install on the Gateway. +* `related_account` - (Required) The CME account name to associate with the Gateway Configuration. +* `blades` - (Required) Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - (Required) IPS blade. + * `anti_bot` - (Required) Anti-Bot blade. + * `anti_virus` - (Required) Anti-Virus blade. + * `https_inspection` - (Required) HTTPS Inspection blade. + * `application_control` - (Required) Application Control blade. + * `autonomous_threat_prevention` - (Required) ATP blade. + * `content_awareness` - (Required) Content Awareness blade. + * `identity_awareness` - (Required) Identity Awareness blade. + * `ipsec_vpn` - (Required) IPsec VPN blade. + * `threat_emulation` - (Required) Threat Emulation blade. + * `url_filtering` - (Required) URL Filtering blade. + * `vpn` - (Required) VPN blade. +* `repository_gateway_scripts` - (Optional) List of objects that each contain the name/UID of a script that exists in + the scripts repository on the Management server. Supports these parameters: + * `name` - (Required) The name of the script. + * `parameters` - (Optional) The parameters to pass to the script. +* `send_logs_to_server` - (Optional) Comma-separated list of Primary Log Servers names to which logs are sent. + Configured Log Servers act as Log and Alert Servers. Must be defined as a part of Log Servers parameters. +* `send_logs_to_backup_server` - (Optional) Comma-separated list of Backup Log Servers names to which logs are sent if + the Primary Log Servers are unavailable. +* `send_alerts_to_server` - (Optional) Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown new file mode 100644 index 00000000..72b0bc13 --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown @@ -0,0 +1,80 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_gw_configurations_gcp" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-gw-configurations-gcp" +description: |- This resource allows you to add/update/delete Check Point CME GCP Gateway Configurations. +--- + +# Resource: checkpoint_management_cme_gw_configurations_gcp + +This resource allows you to add/update/delete Check Point CME GCP Gateway Configurations. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_gw_configurations_gcp" "gw_config_gcp" { + name = "gcpGWConfigurations" + related_account = "gcpAccount" + version = "R81" + base64_sic_key = "MTIzNDU2Nzg=" + policy = "Standard" + send_logs_to_server = ["PLS_A"] + send_logs_to_backup_server = ["BLS_B"] + send_alerts_to_server = ["ALS_C"] + repository_gateway_scripts { + name = "myScript" + parameters = "ls -l" + } + blades { + ips = true + anti_bot = true + anti_virus = true + https_inspection = true + application_control = false + autonomous_threat_prevention = false + content_awareness = false + identity_awareness = false + ipsec_vpn = false + threat_emulation = false + url_filtering = false + vpn = false + } +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The Gateway configuration name without spaces. +* `version` - (Required) The Gateway version. +* `base64_sic_key` - (Required) Base64 key for trusted communication between the Management and the Gateway. +* `policy` - (Required) The policy name to install on the Gateway. +* `related_account` - (Required) The CME account name to associate with the Gateway Configuration. +* `blades` - (Required) Dictionary of activated/deactivated blades on the Gateway. Supports these blades: + * `ips` - (Required) IPS blade. + * `anti_bot` - (Required) Anti-Bot blade. + * `anti_virus` - (Required) Anti-Virus blade. + * `https_inspection` - (Required) HTTPS Inspection blade. + * `application_control` - (Required) Application Control blade. + * `autonomous_threat_prevention` - (Required) ATP blade. + * `content_awareness` - (Required) Content Awareness blade. + * `identity_awareness` - (Required) Identity Awareness blade. + * `ipsec_vpn` - (Required) IPsec VPN blade. + * `threat_emulation` - (Required) Threat Emulation blade. + * `url_filtering` - (Required) URL Filtering blade. + * `vpn` - (Required) VPN blade. +* `repository_gateway_scripts` - (Optional) List of objects that each contain the name/UID of a script that exists in + the scripts repository on the Management server. Supports these parameters: + * `name` - (Required) The name of the script. + * `parameters` - (Optional) The parameters to pass to the script. +* `send_logs_to_server` - (Optional) Comma-separated list of Primary Log Servers names to which logs are sent. + Configured Log Servers act as Log and Alert Servers. Must be defined as a part of Log Servers parameters. +* `send_logs_to_backup_server` - (Optional) Comma-separated list of Backup Log Servers names to which logs are sent if + the Primary Log Servers are unavailable. +* `send_alerts_to_server` - (Optional) Comma-separated list of Alert Log Servers names to which alerts are sent. diff --git a/website/docs/r/checkpoint_management_cme_management.html.markdown b/website/docs/r/checkpoint_management_cme_management.html.markdown new file mode 100644 index 00000000..a477e58e --- /dev/null +++ b/website/docs/r/checkpoint_management_cme_management.html.markdown @@ -0,0 +1,30 @@ +--- +layout: "checkpoint" +page_title: "checkpoint_management_cme_management" +sidebar_current: "docs-checkpoint-resource-checkpoint-management-cme-management" +description: |- This resource allows you to update an existing Check Point CME Management. +--- + +# Resource: checkpoint_management_cme_management + +This resource allows you to update an existing Check Point CME Management. + +Available in: + +- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. +- CME Take 255 and higher. + +## Example Usage + +```hcl +resource "checkpoint_management_cme_management" "mgmt" { + name = "newManagement" +} +``` + +## Argument Reference + +These arguments are supported: + +* `name` - (Required) The name of the Management server. +* `domain` - (Optional) The management's domain name in Multi-Domain Security Management Server environment.