Add support to CME API v1.2.2 (#198)

Add support for IDA settings attribute in gw config for CME v1.2.2
CheckPointSW · Dec 1, 2024 · accc32d · accc32d
1 parent d5c67cc
commit accc32d
Show file tree

Hide file tree

Showing 35 changed files with 433 additions and 47 deletions.
diff --git a/checkpoint/cme_utils.go b/checkpoint/cme_utils.go
@@ -6,7 +6,7 @@ import (
 )
 
 const (
-	CmeApiVersion = "v1.2"
+	CmeApiVersion = "v1.2.2"
 	CmeApiPath    = "cme-api/" + CmeApiVersion
 )
 

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go
@@ -134,6 +134,31 @@ func dataSourceManagementCMEGWConfigurations() *schema.Resource {
 								},
 							},
 						},
+						"identity_awareness_settings": {
+							Type:     schema.TypeList,
+							MaxItems: 1,
+							Computed: true,
+							Description: "Dictionary of identity awareness settings that can be configured on the gateway: " +
+								"enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" +
+								"receive identities from through identity sharing feature)",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"enable_cloudguard_controller": {
+										Type:        schema.TypeBool,
+										Computed:    true,
+										Description: "Enable the Web API identity source for CloudGuard Controller",
+									},
+									"receive_identities_from": {
+										Type:        schema.TypeList,
+										Computed:    true,
+										Description: "List of PDP gateway names from which to receive identities through Identity Sharing",
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+								},
+							},
+						},
 						"repository_gateway_scripts": {
 							Type:     schema.TypeList,
 							Computed: true,
@@ -261,6 +286,16 @@ func dataSourceManagementCMEGWConfigurationsRead(d *schema.ResourceData, m inter
 			bladesListToReturn = append(bladesListToReturn, bladesMapToAdd)
 			tempObject["blades"] = bladesListToReturn
 
+			var IDASettingsListToReturn []map[string]interface{}
+			IDASettingsMapToAdd := make(map[string]interface{})
+			if singleGWConfiguration["identity-awareness-settings"] != nil {
+				IDASettingsMap := singleGWConfiguration["identity-awareness-settings"].(map[string]interface{})
+				IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"]
+				IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"]
+				IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd)
+			}
+			tempObject["identity_awareness_settings"] = IDASettingsListToReturn
+
 			if singleGWConfiguration["repository-gateway-scripts"] != nil {
 				scriptsList := singleGWConfiguration["repository-gateway-scripts"].([]interface{})
 				if len(scriptsList) > 0 {

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go
@@ -129,6 +129,31 @@ func dataSourceManagementCMEGWConfigurationsAWS() *schema.Resource {
 					},
 				},
 			},
+			"identity_awareness_settings": {
+				Type:     schema.TypeList,
+				MaxItems: 1,
+				Computed: true,
+				Description: "Dictionary of identity awareness settings that can be configured on the gateway: " +
+					"enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" +
+					"receive identities from through identity sharing feature)",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enable_cloudguard_controller": {
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Enable the Web API identity source for CloudGuard Controller",
+						},
+						"receive_identities_from": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "List of PDP gateway names from which to receive identities through Identity Sharing",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
 			"repository_gateway_scripts": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -289,6 +314,18 @@ func dataSourceManagementCMEGWConfigurationsAWSRead(d *schema.ResourceData, m in
 	bladesListToReturn = append(bladesListToReturn, bladesMapToAdd)
 	_ = d.Set("blades", bladesListToReturn)
 
+	var IDASettingsListToReturn []map[string]interface{}
+	IDASettingsMapToAdd := make(map[string]interface{})
+	if AWSGWConfiguration["identity-awareness-settings"] != nil {
+		IDASettingsMap := AWSGWConfiguration["identity-awareness-settings"].(map[string]interface{})
+		IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"]
+		IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"]
+		IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd)
+		_ = d.Set("identity_awareness_settings", IDASettingsListToReturn)
+	} else {
+		_ = d.Set("identity_awareness_settings", nil)
+	}
+
 	if AWSGWConfiguration["repository-gateway-scripts"] != nil {
 		scriptsList := AWSGWConfiguration["repository-gateway-scripts"].([]interface{})
 		if len(scriptsList) > 0 {

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go
@@ -33,6 +33,7 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAWS_basic(t *testin
 					resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "identity_awareness_settings", resourceName, "identity_awareness_settings"),
 				),
 			},
 		},
@@ -50,7 +51,7 @@ resource "checkpoint_management_cme_accounts_aws" "aws_account" {
 resource "checkpoint_management_cme_gw_configurations_aws" "test" {
   name            = "%s"
   related_account = "${checkpoint_management_cme_accounts_aws.aws_account.name}"
-  version         = "R81"
+  version         = "R82"
   base64_sic_key  = "MTIzNDU2Nzg="
   policy          = "Standard"
   x_forwarded_for = true
@@ -64,12 +65,15 @@ resource "checkpoint_management_cme_gw_configurations_aws" "test" {
 	application_control          = false
 	autonomous_threat_prevention = false
 	content_awareness            = false
-	identity_awareness           = false
+	identity_awareness           = true
 	ipsec_vpn                    = false
 	threat_emulation             = false
 	url_filtering                = false
 	vpn                          = false
   }
+  identity_awareness_settings {
+    enable_cloudguard_controller = true
+  }
 }
 
 data "checkpoint_management_cme_gw_configurations_aws" "data_test" {

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go
@@ -107,6 +107,31 @@ func dataSourceManagementCMEGWConfigurationsAzure() *schema.Resource {
 					},
 				},
 			},
+			"identity_awareness_settings": {
+				Type:     schema.TypeList,
+				MaxItems: 1,
+				Computed: true,
+				Description: "Dictionary of identity awareness settings that can be configured on the gateway: " +
+					"enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" +
+					"receive identities from through identity sharing feature)",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enable_cloudguard_controller": {
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Enable the Web API identity source for CloudGuard Controller",
+						},
+						"receive_identities_from": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "List of PDP gateway names from which to receive identities through Identity Sharing",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
 			"repository_gateway_scripts": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -258,6 +283,18 @@ func dataSourceManagementCMEGWConfigurationsAzureRead(d *schema.ResourceData, m
 	bladesListToReturn = append(bladesListToReturn, bladesMapToAdd)
 	_ = d.Set("blades", bladesListToReturn)
 
+	var IDASettingsListToReturn []map[string]interface{}
+	IDASettingsMapToAdd := make(map[string]interface{})
+	if AzureGWConfiguration["identity-awareness-settings"] != nil {
+		IDASettingsMap := AzureGWConfiguration["identity-awareness-settings"].(map[string]interface{})
+		IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"]
+		IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"]
+		IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd)
+		_ = d.Set("identity_awareness_settings", IDASettingsListToReturn)
+	} else {
+		_ = d.Set("identity_awareness_settings", nil)
+	}
+
 	if AzureGWConfiguration["repository-gateway-scripts"] != nil {
 		scriptsList := AzureGWConfiguration["repository-gateway-scripts"].([]interface{})
 		if len(scriptsList) > 0 {

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go
@@ -34,6 +34,7 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAzure_basic(t *test
 					resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "identity_awareness_settings", resourceName, "identity_awareness_settings"),
 				),
 			},
 		},
@@ -46,14 +47,14 @@ resource "checkpoint_management_cme_accounts_azure" "azure_account" {
   name                  = "%s"
   directory_id = "46707d92-02f4-4817-8116-a4c3b23e6266"
   application_id = "46707d92-02f4-4817-8116-a4c3b23e6266"
-  client_secret = "mySecret"
+  client_secret = "abcdef-123456"
   subscription = "46707d92-02f4-4817-8116-a4c3b23e6267"
 }
 
 resource "checkpoint_management_cme_gw_configurations_azure" "test" {
   name            = "%s"
   related_account = "${checkpoint_management_cme_accounts_azure.azure_account.name}"
-  version         = "R81"
+  version         = "R82"
   base64_sic_key  = "MTIzNDU2Nzg="
   policy          = "Standard"
   ipv6			= true
@@ -68,12 +69,15 @@ resource "checkpoint_management_cme_gw_configurations_azure" "test" {
 	application_control          = false
 	autonomous_threat_prevention = false
 	content_awareness            = false
-	identity_awareness           = false
+	identity_awareness           = true
 	ipsec_vpn                    = false
 	threat_emulation             = false
 	url_filtering                = false
 	vpn                          = false
   }
+  identity_awareness_settings {
+    enable_cloudguard_controller = true
+  }
 }
 
 data "checkpoint_management_cme_gw_configurations_azure" "data_test" {

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go
@@ -128,6 +128,31 @@ func dataSourceManagementCMEGWConfigurationsGCP() *schema.Resource {
 					},
 				},
 			},
+			"identity_awareness_settings": {
+				Type:     schema.TypeList,
+				MaxItems: 1,
+				Computed: true,
+				Description: "Dictionary of identity awareness settings that can be configured on the gateway: " +
+					"enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" +
+					"receive identities from through identity sharing feature)",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enable_cloudguard_controller": {
+							Type:        schema.TypeBool,
+							Computed:    true,
+							Description: "Enable the Web API identity source for CloudGuard Controller",
+						},
+						"receive_identities_from": {
+							Type:        schema.TypeList,
+							Computed:    true,
+							Description: "List of PDP gateway names from which to receive identities through Identity Sharing",
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
 			"repository_gateway_scripts": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -253,6 +278,18 @@ func dataSourceManagementCMEGWConfigurationsGCPRead(d *schema.ResourceData, m in
 	bladesListToReturn = append(bladesListToReturn, bladesMapToAdd)
 	_ = d.Set("blades", bladesListToReturn)
 
+	var IDASettingsListToReturn []map[string]interface{}
+	IDASettingsMapToAdd := make(map[string]interface{})
+	if GCPGWConfiguration["identity-awareness-settings"] != nil {
+		IDASettingsMap := GCPGWConfiguration["identity-awareness-settings"].(map[string]interface{})
+		IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"]
+		IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"]
+		IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd)
+		_ = d.Set("identity_awareness_settings", IDASettingsListToReturn)
+	} else {
+		_ = d.Set("identity_awareness_settings", nil)
+	}
+
 	if GCPGWConfiguration["repository-gateway-scripts"] != nil {
 		scriptsList := GCPGWConfiguration["repository-gateway-scripts"].([]interface{})
 		if len(scriptsList) > 0 {

diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go
@@ -33,6 +33,7 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsGCP_basic(t *testin
 					resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"),
 					resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"),
+					resource.TestCheckResourceAttrPair(dataSourceName, "identity_awareness_settings", resourceName, "identity_awareness_settings"),
 				),
 			},
 		},
@@ -50,7 +51,7 @@ resource "checkpoint_management_cme_accounts_gcp" "gcp_account" {
 resource "checkpoint_management_cme_gw_configurations_gcp" "test" {
   name            = "%s"
   related_account = "${checkpoint_management_cme_accounts_gcp.gcp_account.name}"
-  version         = "R81"
+  version         = "R82"
   base64_sic_key  = "MTIzNDU2Nzg="
   policy          = "Standard"
   x_forwarded_for = true
@@ -64,12 +65,15 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "test" {
 	application_control          = false
 	autonomous_threat_prevention = false
 	content_awareness            = false
-	identity_awareness           = false
+	identity_awareness           = true
 	ipsec_vpn                    = false
 	threat_emulation             = false
 	url_filtering                = false
 	vpn                          = false
   }
+  identity_awareness_settings {
+    enable_cloudguard_controller = true
+  }
 }
 
 data "checkpoint_management_cme_gw_configurations_gcp" "data_test" {