diff --git a/checkpoint/cme_utils.go b/checkpoint/cme_utils.go index 474a8d38..702b0e9b 100755 --- a/checkpoint/cme_utils.go +++ b/checkpoint/cme_utils.go @@ -6,7 +6,7 @@ import ( ) const ( - CmeApiVersion = "v1.2" + CmeApiVersion = "v1.2.2" CmeApiPath = "cme-api/" + CmeApiVersion ) diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go index 803c06c6..d3e51aa7 100755 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go @@ -134,6 +134,31 @@ func dataSourceManagementCMEGWConfigurations() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Computed: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Computed: true, @@ -261,6 +286,16 @@ func dataSourceManagementCMEGWConfigurationsRead(d *schema.ResourceData, m inter bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) tempObject["blades"] = bladesListToReturn + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if singleGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := singleGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + } + tempObject["identity_awareness_settings"] = IDASettingsListToReturn + if singleGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := singleGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go index 3a245144..6a1bce21 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go @@ -129,6 +129,31 @@ func dataSourceManagementCMEGWConfigurationsAWS() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Computed: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Computed: true, @@ -289,6 +314,18 @@ func dataSourceManagementCMEGWConfigurationsAWSRead(d *schema.ResourceData, m in bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) _ = d.Set("blades", bladesListToReturn) + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if AWSGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := AWSGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + _ = d.Set("identity_awareness_settings", IDASettingsListToReturn) + } else { + _ = d.Set("identity_awareness_settings", nil) + } + if AWSGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := AWSGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go index 194c1ee6..69fab4d3 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go @@ -33,6 +33,7 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAWS_basic(t *testin resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"), resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"), resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"), + resource.TestCheckResourceAttrPair(dataSourceName, "identity_awareness_settings", resourceName, "identity_awareness_settings"), ), }, }, @@ -50,7 +51,7 @@ resource "checkpoint_management_cme_accounts_aws" "aws_account" { resource "checkpoint_management_cme_gw_configurations_aws" "test" { name = "%s" related_account = "${checkpoint_management_cme_accounts_aws.aws_account.name}" - version = "R81" + version = "R82" base64_sic_key = "MTIzNDU2Nzg=" policy = "Standard" x_forwarded_for = true @@ -64,12 +65,15 @@ resource "checkpoint_management_cme_gw_configurations_aws" "test" { application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = true + } } data "checkpoint_management_cme_gw_configurations_aws" "data_test" { diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go index 9af782dd..b051ecda 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go @@ -107,6 +107,31 @@ func dataSourceManagementCMEGWConfigurationsAzure() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Computed: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Computed: true, @@ -258,6 +283,18 @@ func dataSourceManagementCMEGWConfigurationsAzureRead(d *schema.ResourceData, m bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) _ = d.Set("blades", bladesListToReturn) + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if AzureGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := AzureGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + _ = d.Set("identity_awareness_settings", IDASettingsListToReturn) + } else { + _ = d.Set("identity_awareness_settings", nil) + } + if AzureGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := AzureGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go index f32f6dcb..b912b521 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go @@ -34,6 +34,7 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAzure_basic(t *test resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"), resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"), resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"), + resource.TestCheckResourceAttrPair(dataSourceName, "identity_awareness_settings", resourceName, "identity_awareness_settings"), ), }, }, @@ -46,14 +47,14 @@ resource "checkpoint_management_cme_accounts_azure" "azure_account" { name = "%s" directory_id = "46707d92-02f4-4817-8116-a4c3b23e6266" application_id = "46707d92-02f4-4817-8116-a4c3b23e6266" - client_secret = "mySecret" + client_secret = "abcdef-123456" subscription = "46707d92-02f4-4817-8116-a4c3b23e6267" } resource "checkpoint_management_cme_gw_configurations_azure" "test" { name = "%s" related_account = "${checkpoint_management_cme_accounts_azure.azure_account.name}" - version = "R81" + version = "R82" base64_sic_key = "MTIzNDU2Nzg=" policy = "Standard" ipv6 = true @@ -68,12 +69,15 @@ resource "checkpoint_management_cme_gw_configurations_azure" "test" { application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = true + } } data "checkpoint_management_cme_gw_configurations_azure" "data_test" { diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go index 9c021dd9..7f3de4d3 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go @@ -128,6 +128,31 @@ func dataSourceManagementCMEGWConfigurationsGCP() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Computed: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Computed: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Computed: true, @@ -253,6 +278,18 @@ func dataSourceManagementCMEGWConfigurationsGCPRead(d *schema.ResourceData, m in bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) _ = d.Set("blades", bladesListToReturn) + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if GCPGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := GCPGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + _ = d.Set("identity_awareness_settings", IDASettingsListToReturn) + } else { + _ = d.Set("identity_awareness_settings", nil) + } + if GCPGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := GCPGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go index c7001ecc..324fc485 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go @@ -33,6 +33,7 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsGCP_basic(t *testin resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"), resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"), resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"), + resource.TestCheckResourceAttrPair(dataSourceName, "identity_awareness_settings", resourceName, "identity_awareness_settings"), ), }, }, @@ -50,7 +51,7 @@ resource "checkpoint_management_cme_accounts_gcp" "gcp_account" { resource "checkpoint_management_cme_gw_configurations_gcp" "test" { name = "%s" related_account = "${checkpoint_management_cme_accounts_gcp.gcp_account.name}" - version = "R81" + version = "R82" base64_sic_key = "MTIzNDU2Nzg=" policy = "Standard" x_forwarded_for = true @@ -64,12 +65,15 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "test" { application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = true + } } data "checkpoint_management_cme_gw_configurations_gcp" "data_test" { diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go index 777f7318..9cd33b4d 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go @@ -136,6 +136,31 @@ func resourceManagementCMEGWConfigurationsAWS() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Optional: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Optional: true, @@ -295,6 +320,18 @@ func readManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{}) bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) _ = d.Set("blades", bladesListToReturn) + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if AWSGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := AWSGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + _ = d.Set("identity_awareness_settings", IDASettingsListToReturn) + } else { + _ = d.Set("identity_awareness_settings", nil) + } + if AWSGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := AWSGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { @@ -464,7 +501,16 @@ func createManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{ } payload["blades"] = tempObject } - + if _, ok := d.GetOk("identity_awareness_settings"); ok { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOkExists("identity_awareness_settings.0.enable_cloudguard_controller"); ok { + tempObject["enable_cloudguard_controller"] = v.(bool) + } + if v, ok := d.GetOk("identity_awareness_settings.0.receive_identities_from"); ok { + tempObject["receive_identities_from"] = v.([]interface{}) + } + payload["identity_awareness_settings"] = tempObject + } log.Println("Create cme AWS GW configuration - name = ", payload["name"]) url := CmeApiPath + "/gwConfigurations/aws" @@ -605,6 +651,14 @@ func updateManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{ } payload["blades"] = tempObject } + if d.HasChange("identity_awareness_settings") { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOkExists("identity_awareness_settings.0.enable_cloudguard_controller"); ok { + tempObject["enable_cloudguard_controller"] = v.(bool) + } + tempObject["receive_identities_from"] = d.Get("identity_awareness_settings.0.receive_identities_from") + payload["identity_awareness_settings"] = tempObject + } var name string if v, ok := d.GetOk("name"); ok { diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go index c91177cd..7165e750 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go @@ -14,7 +14,7 @@ func TestAccCheckpointManagementCMEGWConfigurationsAWS_basic(t *testing.T) { resourceName := "checkpoint_management_cme_gw_configurations_aws.gw_configuration_test" accountName := "test-account" gwConfigurationName := "test-gw-configuration" - gwConfigurationVersion := "R81" + gwConfigurationVersion := "R82" gwConfigurationBase64SIC := "MTIzNDU2Nzg=" gwConfigurationPolicy := "Standard" gwConfigurationXForwardedFor := true @@ -41,7 +41,7 @@ func TestAccCheckpointManagementCMEGWConfigurationsAWS_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceName, &awsGWConfiguration), testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(&awsGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, - gwConfigurationPolicy, true, true, gwConfigurationXForwardedFor, + gwConfigurationPolicy, true, true, true, gwConfigurationXForwardedFor, gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), ), }, @@ -97,12 +97,15 @@ resource "checkpoint_management_cme_gw_configurations_aws" "gw_configuration_tes application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = true + } } `, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationXForwardedFor, gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT) @@ -137,7 +140,7 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceTfName func testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(awsGWConfiguration *map[string]interface{}, gwConfigurationName string, accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, ipsFlag bool, - antiBotFlag bool, gwConfigurationXForwardedFor bool, gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) resource.TestCheckFunc { + antiBotFlag bool, IDAFlag bool, gwConfigurationXForwardedFor bool, gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) resource.TestCheckFunc { return func(s *terraform.State) error { gwConfiguration := (*awsGWConfiguration)["result"].(map[string]interface{}) if gwConfiguration["name"] != gwConfigurationName { @@ -155,19 +158,28 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(awsGWConfi blades := gwConfiguration["blades"].(map[string]interface{}) ips := blades["ips"] antiBot := blades["anti-bot"] + IDA := blades["identity-awareness"] if ips != ipsFlag { return fmt.Errorf("ips is %t, expected %t", ips, ipsFlag) } if antiBot != antiBotFlag { return fmt.Errorf("anti bot is %t, expected %t", antiBot, antiBotFlag) } + if IDA != IDAFlag { + return fmt.Errorf("identity awareness is %t, expected %t", IDA, IDAFlag) + } + IDASettings := gwConfiguration["identity-awareness-settings"].(map[string]interface{}) + enableCgController := IDASettings["enable-cloudguard-controller"] + if enableCgController != IDAFlag{ + return fmt.Errorf("enable-cloudguard-controller identity source is %t, expected %t", enableCgController, IDAFlag) + } if gwConfiguration["x_forwarded_for"] != gwConfigurationXForwardedFor { return fmt.Errorf("x_forwarded_for is %t, expected %t", gwConfiguration["x_forwarded_for"], gwConfigurationXForwardedFor) } if gwConfiguration["color"] != gwConfigurationColor { return fmt.Errorf("color is %s, expected %s", gwConfiguration["color"], gwConfigurationColor) } - if gwConfiguration["communication_with_servers_behind_nat"] != gwConfigurationCommunicationWithServersBehindNAT { + if gwConfiguration["communication-with-servers-behind-nat"] != gwConfigurationCommunicationWithServersBehindNAT { return fmt.Errorf("communication_with_servers_behind_nat is %s, expected %s", gwConfiguration["communication_with_servers_behind_nat"], gwConfigurationCommunicationWithServersBehindNAT) } return nil diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go index e0f8373c..2e67873e 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go @@ -135,6 +135,31 @@ func resourceManagementCMEGWConfigurationsAzure() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Optional: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Optional: true, @@ -265,6 +290,18 @@ func readManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interface{ bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) _ = d.Set("blades", bladesListToReturn) + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if AzureGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := AzureGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + _ = d.Set("identity_awareness_settings", IDASettingsListToReturn) + } else { + _ = d.Set("identity_awareness_settings", nil) + } + if AzureGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := AzureGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { @@ -411,7 +448,16 @@ func createManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interfac } payload["blades"] = tempObject } - + if _, ok := d.GetOk("identity_awareness_settings"); ok { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOkExists("identity_awareness_settings.0.enable_cloudguard_controller"); ok { + tempObject["enable_cloudguard_controller"] = v.(bool) + } + if v, ok := d.GetOk("identity_awareness_settings.0.receive_identities_from"); ok { + tempObject["receive_identities_from"] = v.([]interface{}) + } + payload["identity_awareness_settings"] = tempObject + } log.Println("Create cme Azure GW configuration - name = ", payload["name"]) url := CmeApiPath + "/gwConfigurations/azure" @@ -540,6 +586,14 @@ func updateManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interfac } payload["blades"] = tempObject } + if d.HasChange("identity_awareness_settings") { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOkExists("identity_awareness_settings.0.enable_cloudguard_controller"); ok { + tempObject["enable_cloudguard_controller"] = v.(bool) + } + tempObject["receive_identities_from"] = d.Get("identity_awareness_settings.0.receive_identities_from") + payload["identity_awareness_settings"] = tempObject + } var name string if v, ok := d.GetOk("name"); ok { diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go index 7f267000..c1cdd503 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go @@ -14,7 +14,7 @@ func TestAccCheckpointManagementCMEGWConfigurationsAzure_basic(t *testing.T) { resourceName := "checkpoint_management_cme_gw_configurations_azure.gw_configuration_test" accountName := "test-account" gwConfigurationName := "test-gw-configuration" - gwConfigurationVersion := "R81.10" + gwConfigurationVersion := "R82" gwConfigurationBase64SIC := "MTIzNDU2Nzg=" gwConfigurationPolicy := "Standard" gwConfigurationIpv6 := true @@ -43,7 +43,7 @@ func TestAccCheckpointManagementCMEGWConfigurationsAzure_basic(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceName, &azureGWConfiguration), testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(&azureGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, - gwConfigurationPolicy, true, true, gwConfigurationIpv6, gwConfigurationXForwardedFor, + gwConfigurationPolicy, true, true, true, gwConfigurationIpv6, gwConfigurationXForwardedFor, gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), ), }, @@ -80,7 +80,7 @@ resource "checkpoint_management_cme_accounts_azure" "account_test" { name = "%s" directory_id = "46707d92-02f4-4817-8116-a4c3b23e6266" application_id = "46707d92-02f4-4817-8116-a4c3b23e6266" - client_secret = "mySecret" + client_secret = "abcdef-123456" subscription = "46707d92-02f4-4817-8116-a4c3b23e6266" } @@ -98,12 +98,15 @@ resource "checkpoint_management_cme_gw_configurations_azure" "gw_configuration_t anti_virus = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = true + } ipv6 = %t x_forwarded_for = %t color = "%s" @@ -142,7 +145,7 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceTfNa func testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(azureGWConfiguration *map[string]interface{}, gwConfigurationName string, accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, httpsInspectionFlag bool, - applicationControlFlag bool, gwConfigurationIpv6 bool, gwConfigurationXForwardedFor bool, + applicationControlFlag bool, IDAFlag bool, gwConfigurationIpv6 bool, gwConfigurationXForwardedFor bool, gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) resource.TestCheckFunc { return func(s *terraform.State) error { gwConfiguration := (*azureGWConfiguration)["result"].(map[string]interface{}) @@ -161,12 +164,21 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(azureGWC blades := gwConfiguration["blades"].(map[string]interface{}) httpsInspection := blades["https-inspection"] applicationControl := blades["application-control"] + IDA := blades["identity-awareness"] if httpsInspection != httpsInspectionFlag { return fmt.Errorf("https inspection is %t, expected %t", httpsInspection, httpsInspectionFlag) } if applicationControl != applicationControlFlag { return fmt.Errorf("application control is %t, expected %t", applicationControl, applicationControlFlag) } + if IDA != IDAFlag { + return fmt.Errorf("identity awareness is %t, expected %t", IDA, IDAFlag) + } + IDASettings := gwConfiguration["identity-awareness-settings"].(map[string]interface{}) + enableCgController := IDASettings["enable-cloudguard-controller"] + if enableCgController != IDAFlag{ + return fmt.Errorf("enable-cloudguard-controller identity source is %t, expected %t", enableCgController, IDAFlag) + } if gwConfiguration["ipv6"] != gwConfigurationIpv6 { return fmt.Errorf("ipv6 is %t, expected %t", gwConfiguration["ipv6"], gwConfigurationIpv6) } @@ -176,7 +188,7 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(azureGWC if gwConfiguration["color"] != gwConfigurationColor { return fmt.Errorf("color is %s, expected %s", gwConfiguration["color"], gwConfigurationColor) } - if gwConfiguration["communication_with_servers_behind_nat"] != gwConfigurationCommunicationWithServersBehindNAT { + if gwConfiguration["communication-with-servers-behind-nat"] != gwConfigurationCommunicationWithServersBehindNAT { return fmt.Errorf("communication_with_servers_behind_nat is %s, expected %s", gwConfiguration["communication_with_servers_behind_nat"], gwConfigurationCommunicationWithServersBehindNAT) } return nil diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go index a65a116f..802061c1 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go @@ -135,6 +135,31 @@ func resourceManagementCMEGWConfigurationsGCP() *schema.Resource { }, }, }, + "identity_awareness_settings": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: "Dictionary of identity awareness settings that can be configured on the gateway: " + + "enable_cloudguard_controller (enabling IDA Web API) and receive_identities_from (list of PDP gateway to" + + "receive identities from through identity sharing feature)", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_cloudguard_controller": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable the Web API identity source for CloudGuard Controller", + }, + "receive_identities_from": { + Type: schema.TypeList, + Optional: true, + Description: "List of PDP gateway names from which to receive identities through Identity Sharing", + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + }, + }, + }, "repository_gateway_scripts": { Type: schema.TypeList, Optional: true, @@ -260,6 +285,18 @@ func readManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{}) bladesListToReturn = append(bladesListToReturn, bladesMapToAdd) _ = d.Set("blades", bladesListToReturn) + var IDASettingsListToReturn []map[string]interface{} + IDASettingsMapToAdd := make(map[string]interface{}) + if GCPGWConfiguration["identity-awareness-settings"] != nil { + IDASettingsMap := GCPGWConfiguration["identity-awareness-settings"].(map[string]interface{}) + IDASettingsMapToAdd["enable_cloudguard_controller"] = IDASettingsMap["enable-cloudguard-controller"] + IDASettingsMapToAdd["receive_identities_from"] = IDASettingsMap["receive-identities-from"] + IDASettingsListToReturn = append(IDASettingsListToReturn, IDASettingsMapToAdd) + _ = d.Set("identity_awareness_settings", IDASettingsListToReturn) + } else { + _ = d.Set("identity_awareness_settings", nil) + } + if GCPGWConfiguration["repository-gateway-scripts"] != nil { scriptsList := GCPGWConfiguration["repository-gateway-scripts"].([]interface{}) if len(scriptsList) > 0 { @@ -401,7 +438,16 @@ func createManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{ } payload["blades"] = tempObject } - + if _, ok := d.GetOk("identity_awareness_settings"); ok { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOkExists("identity_awareness_settings.0.enable_cloudguard_controller"); ok { + tempObject["enable_cloudguard_controller"] = v.(bool) + } + if v, ok := d.GetOk("identity_awareness_settings.0.receive_identities_from"); ok { + tempObject["receive_identities_from"] = v.([]interface{}) + } + payload["identity_awareness_settings"] = tempObject + } log.Println("Create cme GCP GW configuration - name = ", payload["name"]) url := CmeApiPath + "/gwConfigurations/gcp" @@ -527,6 +573,14 @@ func updateManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{ } payload["blades"] = tempObject } + if d.HasChange("identity_awareness_settings") { + tempObject := make(map[string]interface{}) + if v, ok := d.GetOkExists("identity_awareness_settings.0.enable_cloudguard_controller"); ok { + tempObject["enable_cloudguard_controller"] = v.(bool) + } + tempObject["receive_identities_from"] = d.Get("identity_awareness_settings.0.receive_identities_from") + payload["identity_awareness_settings"] = tempObject + } var name string if v, ok := d.GetOk("name"); ok { diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go index e98831e4..09fabac3 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go @@ -14,7 +14,7 @@ func TestAccCheckpointManagementCMEGWConfigurationsGCP_basic(t *testing.T) { resourceName := "checkpoint_management_cme_gw_configurations_gcp.gw_configuration_test" accountName := "test-account" gwConfigurationName := "test-gw-configuration" - gwConfigurationVersion := "R81.20" + gwConfigurationVersion := "R82" gwConfigurationBase64SIC := "MTIzNDU2Nzg=" gwConfigurationPolicy := "Standard" gwConfigurationColor := "blue" @@ -103,6 +103,9 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "gw_configuration_tes url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = true + } } `, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationXForwardedFor, gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT) @@ -162,13 +165,18 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsGCPAttributes(gcpGWConfi if identityAwareness != identityAwarenessFlag { return fmt.Errorf("identity awareness is %t, expected %t", identityAwareness, identityAwarenessFlag) } + IDASettings := gwConfiguration["identity-awareness-settings"].(map[string]interface{}) + enableCgController := IDASettings["enable-cloudguard-controller"] + if enableCgController != identityAwarenessFlag{ + return fmt.Errorf("enable-cloudguard-controller identity source is %t, expected %t", enableCgController, identityAwarenessFlag) + } if gwConfiguration["x_forwarded_for"] != gwConfigurationXForwardedFor { return fmt.Errorf("x_forwarded_for is %t, expected %t", gwConfiguration["x_forwarded_for"], gwConfigurationXForwardedFor) } if gwConfiguration["color"] != gwConfigurationColor { return fmt.Errorf("color is %s, expected %s", gwConfiguration["color"], gwConfigurationColor) } - if gwConfiguration["communication_with_servers_behind_nat"] != gwConfigurationCommunicationWithServersBehindNAT { + if gwConfiguration["communication-with-servers-behind-nat"] != gwConfigurationCommunicationWithServersBehindNAT { return fmt.Errorf("communication_with_servers_behind_nat is %s, expected %s", gwConfiguration["communication_with_servers_behind_nat"], gwConfigurationCommunicationWithServersBehindNAT) } return nil diff --git a/website/docs/d/checkpoint_management_cme_accounts.html.markdown b/website/docs/d/checkpoint_management_cme_accounts.html.markdown index 916cdf0b..15bf7e7f 100644 --- a/website/docs/d/checkpoint_management_cme_accounts.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on all Check Point CME A Use this data source to get information on all Check Point CME Accounts. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown index ab04baef..e1f327ff 100644 --- a/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME AWS Account. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown index df03bcf6..bb33d6f4 100644 --- a/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME Azure Account. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown index dc8b3753..b04c0707 100644 --- a/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME GCP Account. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_api_versions.html.markdown b/website/docs/d/checkpoint_management_cme_api_versions.html.markdown index 366e805d..9acc6f9d 100644 --- a/website/docs/d/checkpoint_management_cme_api_versions.html.markdown +++ b/website/docs/d/checkpoint_management_cme_api_versions.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME API versions. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown b/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown index d974ec2c..6963375f 100644 --- a/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown +++ b/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME Delay Cycle. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown index 01325e39..09c6e427 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on all Check Point CME G Use this data source to get information on all Check Point CME Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -42,6 +42,9 @@ These arguments are supported: * `threat_emulation` - Threat Emulation blade. * `url_filtering` - URL Filtering blade. * `vpn` - VPN blade. + * `identity_awareness_settings` - Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - The name of the script. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown index 8c87627a..f98e5cfd 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME AWS Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -42,6 +42,9 @@ These arguments are supported: * `threat_emulation` - Threat Emulation blade. * `url_filtering` - URL Filtering blade. * `vpn` - VPN blade. +* `identity_awareness_settings` - Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - The name of the script. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown index 491693c5..52158bed 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME Azure Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -42,6 +42,9 @@ These arguments are supported: * `threat_emulation` - Threat Emulation blade. * `url_filtering` - URL Filtering blade. * `vpn` - VPN blade. +* `identity_awareness_settings` - Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - The name of the script. diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown index 1405a6a0..c21e127d 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME GCP Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -42,6 +42,9 @@ These arguments are supported: * `threat_emulation` - Threat Emulation blade. * `url_filtering` - URL Filtering blade. * `vpn` - VPN blade. +* `identity_awareness_settings` - Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - The name of the script. diff --git a/website/docs/d/checkpoint_management_cme_management.html.markdown b/website/docs/d/checkpoint_management_cme_management.html.markdown index c3192fa3..d7b4acfc 100644 --- a/website/docs/d/checkpoint_management_cme_management.html.markdown +++ b/website/docs/d/checkpoint_management_cme_management.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME Management. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_version.html.markdown b/website/docs/d/checkpoint_management_cme_version.html.markdown index c255355d..e976c609 100644 --- a/website/docs/d/checkpoint_management_cme_version.html.markdown +++ b/website/docs/d/checkpoint_management_cme_version.html.markdown @@ -9,7 +9,7 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME version. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index ef259689..f6fe7544 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -398,6 +398,7 @@ The table below shows the compatibility between the Terraform Release version an | Terraform Release version | CME API version | CME Take | |---------------------------|-----------------|----------------| +| v2.9.0 | v1.2.2 | 289 and higher | | v2.8.0 | v1.2 | 279 and higher | | v2.7.0 | v1.1 | 255 and higher | diff --git a/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown index a9ec455d..e5ca0c33 100644 --- a/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown +++ b/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to add/update/delete Check Point CME AW This resource allows you to add/update/delete Check Point CME AWS Account. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown index 47a9bf7d..f98e23da 100644 --- a/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown +++ b/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to add/update/delete Check Point CME Az This resource allows you to add/update/delete Check Point CME Azure Account. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown index 075f7516..aab3776e 100644 --- a/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown +++ b/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to add/update/delete Check Point CME GC This resource allows you to add/update/delete Check Point CME GCP Account. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown b/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown index 5f283de9..db85e501 100644 --- a/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown +++ b/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to update an existing Check Point CME D This resource allows you to update an existing Check Point CME Delay Cycle. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown index c18e824f..c610d8c5 100644 --- a/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to add/update/delete Check Point CME AW This resource allows you to add/update/delete Check Point CME AWS Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -42,12 +42,16 @@ resource "checkpoint_management_cme_gw_configurations_aws" "gw_config_aws" { application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = false + receive_identities_from = ["PDP1", "PDP2"] + } } ``` @@ -73,6 +77,9 @@ These arguments are supported: * `threat_emulation` - (Required) Threat Emulation blade. * `url_filtering` - (Required) URL Filtering blade. * `vpn` - (Required) VPN blade. +* `identity_awareness_settings` - (Optional) Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - (Optional) Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - (Optional) List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - (Optional) List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - (Required) The name of the script. diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown index 7e6f8eaf..3abf13a1 100644 --- a/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to add/update/delete Check Point CME Az This resource allows you to add/update/delete Check Point CME Azure Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -42,12 +42,16 @@ resource "checkpoint_management_cme_gw_configurations_azure" "gw_config_azure" { application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = false + receive_identities_from = ["PDP1", "PDP2"] + } } ``` @@ -73,6 +77,9 @@ These arguments are supported: * `threat_emulation` - (Required) Threat Emulation blade. * `url_filtering` - (Required) URL Filtering blade. * `vpn` - (Required) VPN blade. +* `identity_awareness_settings` - (Optional) Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - (Optional) Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - (Optional) List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - (Optional) List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - (Required) The name of the script. diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown index 6e5365c7..218a33c5 100644 --- a/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to add/update/delete Check Point CME GC This resource allows you to add/update/delete Check Point CME GCP Gateway Configurations. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage @@ -40,12 +40,16 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "gw_config_gcp" { application_control = false autonomous_threat_prevention = false content_awareness = false - identity_awareness = false + identity_awareness = true ipsec_vpn = false threat_emulation = false url_filtering = false vpn = false } + identity_awareness_settings { + enable_cloudguard_controller = false + receive_identities_from = ["PDP1", "PDP2"] + } } ``` @@ -71,6 +75,9 @@ These arguments are supported: * `threat_emulation` - (Required) Threat Emulation blade. * `url_filtering` - (Required) URL Filtering blade. * `vpn` - (Required) VPN blade. +* `identity_awareness_settings` - (Optional) Dictionary of Identity Awareness settings that can be configured on the gateway: + * `enable_cloudguard_controller` - (Optional) Enable the Web API identity source for CloudGuard Controller. + * `receive_identities_from` - (Optional) List of PDP gateway names from which to receive identities through Identity Sharing. * `repository_gateway_scripts` - (Optional) List of objects that each contain the name/UID of a script that exists in the scripts repository on the Management server. Supports these parameters: * `name` - (Required) The name of the script. diff --git a/website/docs/r/checkpoint_management_cme_management.html.markdown b/website/docs/r/checkpoint_management_cme_management.html.markdown index 9c566182..02a72358 100644 --- a/website/docs/r/checkpoint_management_cme_management.html.markdown +++ b/website/docs/r/checkpoint_management_cme_management.html.markdown @@ -9,7 +9,7 @@ description: |- This resource allows you to update an existing Check Point CME M This resource allows you to update an existing Check Point CME Management. -For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](https://registry.terraform.io/providers/CheckPointSW/checkpoint/latest/docs#compatibility-with-cme). ## Example Usage