Merge pull request #26 from browningluke/add_firewall-core_resources

Add firewall-core (alias/category) resources

docs/data-sources/firewall_alias.md

@@ -0,0 +1,31 @@
+---
+page_title: "opnsense_firewall_alias Data Source - terraform-provider-opnsense"
+subcategory: Firewall
+description: |-
+  Aliases are named lists of networks, hosts or ports that can be used as one entity by selecting the alias name in the various supported sections of the firewall. These aliases are particularly useful to condense firewall rules and minimize changes.
+---
+
+# opnsense_firewall_alias (Data Source)
+
+Aliases are named lists of networks, hosts or ports that can be used as one entity by selecting the alias name in the various supported sections of the firewall. These aliases are particularly useful to condense firewall rules and minimize changes.
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) UUID of the resource.
+
+### Read-Only
+
+- `categories` (Set of String) Set of category IDs to apply.
+- `content` (Set of String) The content of the alias. Enter ISO 3166-1 country codes when `type = "geoip"` (e.g. `["CA", "FR"]`). Enter `__<int>_network`, or alias when `type = "networkgroup"` (e.g. `["__wan_network", "otheralias"]`). Enter OpenVPN group when `type = "authgroup"` (e.g. `["admins"]`). Set to `[]` when `type = "external"`.
+- `description` (String) Optional description here for your reference (not parsed).
+- `enabled` (Boolean) Enable this firewall alias.
+- `interface` (String) Choose on which interface this alias applies. Only applies (and must be set) when `type = "dynipv6host"`.
+- `ip_protocol` (String) Select the Internet Protocol version this alias applies to. Available values: `IPv4`, `IPv6`. Only applies when `type = "asn"`, `type = "geoip"`, or `type = "external"`.
+- `name` (String) The name must start with a letter or single underscore, be less than 32 characters and only consist of alphanumeric characters or underscores. Aliases can be nested using this name.
+- `stats` (Boolean) Whether to maintain a set of counters for each table entry.
+- `type` (String) The type of alias.
+- `update_freq` (Number) The frequency that the list will be refreshed, in days (e.g. for 30 hours, enter `1.25`). Only applies (and must be set) when `type = "urltable"`.
+

docs/data-sources/firewall_category.md

@@ -0,0 +1,24 @@
+---
+page_title: "opnsense_firewall_category Data Source - terraform-provider-opnsense"
+subcategory: Firewall
+description: |-
+  To ease maintenance of larger rulesets, OPNsense includes categories for the firewall. Each rule can contain one or more categories.
+---
+
+# opnsense_firewall_category (Data Source)
+
+To ease maintenance of larger rulesets, OPNsense includes categories for the firewall. Each rule can contain one or more categories.
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `id` (String) UUID of the resource.
+
+### Read-Only
+
+- `auto` (Boolean) If set, this category will be removed when unused.
+- `color` (String) The color to use. Must be a hex color in format `rrggbb` (e.g. `ff0000`).
+- `name` (String) The name for this category.
+

docs/resources/firewall_alias.md

@@ -0,0 +1,74 @@
+---
+page_title: "opnsense_firewall_alias Resource - terraform-provider-opnsense"
+subcategory: Firewall
+description: |-
+  Aliases are named lists of networks, hosts or ports that can be used as one entity by selecting the alias name in the various supported sections of the firewall. These aliases are particularly useful to condense firewall rules and minimize changes.
+---
+
+# opnsense_firewall_alias (Resource)
+
+Aliases are named lists of networks, hosts or ports that can be used as one entity by selecting the alias name in the various supported sections of the firewall. These aliases are particularly useful to condense firewall rules and minimize changes.
+
+## Example Usage
+
+```terraform
+// Network example
+resource "opnsense_firewall_alias" "example_one" {
+  name = "example_one"
+
+  type = "network"
+  content = [
+    "10.8.0.1/24",
+    "10.8.0.2/24"
+  ]
+
+  stats       = true
+  description = "Example"
+}
+
+// With category
+resource "opnsense_firewall_category" "example_one" {
+  name  = "example"
+  color = "ffaa00"
+}
+
+resource "opnsense_firewall_alias" "example_two" {
+  name = "example_two"
+
+  type = "geoip"
+  content = [
+    "FR",
+    "CA",
+  ]
+
+  categories = [
+    opnsense_firewall_category.example_one.id
+  ]
+
+  description = "Example two"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) The name must start with a letter or single underscore, be less than 32 characters and only consist of alphanumeric characters or underscores. Aliases can be nested using this name.
+- `type` (String) The type of alias.
+
+### Optional
+
+- `categories` (Set of String) Set of category IDs to apply. Defaults to `[]`.
+- `content` (Set of String) The content of the alias. Enter ISO 3166-1 country codes when `type = "geoip"` (e.g. `["CA", "FR"]`). Enter `__<int>_network`, or alias when `type = "networkgroup"` (e.g. `["__wan_network", "otheralias"]`). Enter OpenVPN group when `type = "authgroup"` (e.g. `["admins"]`). Set to `[]` when `type = "external"`. Defaults to `[]`.
+- `description` (String) Optional description here for your reference (not parsed).
+- `enabled` (Boolean) Enable this firewall alias. Defaults to `true`.
+- `interface` (String) Choose on which interface this alias applies. Only applies (and must be set) when `type = "dynipv6host"`. Defaults to `""`.
+- `ip_protocol` (String) Select the Internet Protocol version this alias applies to. Available values: `IPv4`, `IPv6`. Only applies when `type = "asn"`, `type = "geoip"`, or `type = "external"`. Defaults to `IPv4`.
+- `stats` (Boolean) Whether to maintain a set of counters for each table entry.
+- `update_freq` (Number) The frequency that the list will be refreshed, in days (e.g. for 30 hours, enter `1.25`). Only applies (and must be set) when `type = "urltable"`. Defaults to `-1`.
+
+### Read-Only
+
+- `id` (String) UUID of the resource.
+

docs/resources/firewall_category.md

@@ -0,0 +1,53 @@
+---
+page_title: "opnsense_firewall_category Resource - terraform-provider-opnsense"
+subcategory: Firewall
+description: |-
+  To ease maintenance of larger rulesets, OPNsense includes categories for the firewall. Each rule can contain one or more categories.
+---
+
+# opnsense_firewall_category (Resource)
+
+To ease maintenance of larger rulesets, OPNsense includes categories for the firewall. Each rule can contain one or more categories.
+
+## Example Usage
+
+```terraform
+resource "opnsense_firewall_category" "example_one" {
+  name  = "example"
+  color = "ffaa00"
+}
+
+resource "opnsense_firewall_alias" "example_one" {
+  name = "example"
+
+  type = "geoip"
+  content = [
+    "FR",
+    "CA",
+  ]
+
+  categories = [
+    opnsense_firewall_category.example_one.id
+  ]
+
+  stats       = true
+  description = "Example"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Enter a name for this category.
+
+### Optional
+
+- `auto` (Boolean) If set, this category will be removed when unused. This is included for completeness, but will result in constant recreations if not attached to any rules, and thus it is advised to leave it as default. Defaults to `false`.
+- `color` (String) Pick a color to use. Must be a hex color in format `rrggbb` (e.g. `ff0000`). Defaults to `""`.
+
+### Read-Only
+
+- `id` (String) UUID of the resource.
+

examples/resources/opnsense_firewall_alias/resource.tf

@@ -0,0 +1,35 @@
+// Network example
+resource "opnsense_firewall_alias" "example_one" {
+  name = "example_one"
+
+  type = "network"
+  content = [
+    "10.8.0.1/24",
+    "10.8.0.2/24"
+  ]
+
+  stats       = true
+  description = "Example"
+}
+
+// With category
+resource "opnsense_firewall_category" "example_one" {
+  name  = "example"
+  color = "ffaa00"
+}
+
+resource "opnsense_firewall_alias" "example_two" {
+  name = "example_two"
+
+  type = "geoip"
+  content = [
+    "FR",
+    "CA",
+  ]
+
+  categories = [
+    opnsense_firewall_category.example_one.id
+  ]
+
+  description = "Example two"
+}

examples/resources/opnsense_firewall_category/resource.tf

@@ -0,0 +1,21 @@
+resource "opnsense_firewall_category" "example_one" {
+  name  = "example"
+  color = "ffaa00"
+}
+
+resource "opnsense_firewall_alias" "example_one" {
+  name = "example"
+
+  type = "geoip"
+  content = [
+    "FR",
+    "CA",
+  ]
+
+  categories = [
+    opnsense_firewall_category.example_one.id
+  ]
+
+  stats       = true
+  description = "Example"
+}

go.mod

@@ -3,7 +3,7 @@ module terraform-provider-opnsense
 go 1.20
 
 require (
-	github.com/browningluke/opnsense-go v0.4.0
+	github.com/browningluke/opnsense-go v0.5.0
 	github.com/hashicorp/terraform-plugin-docs v0.14.1
 	github.com/hashicorp/terraform-plugin-framework v1.2.0
 	github.com/hashicorp/terraform-plugin-framework-validators v0.10.0

go.sum

@@ -21,8 +21,8 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/browningluke/opnsense-go v0.4.0 h1:776azA6/aav43t1akMn83X+sZDSfxjMVwGp3QNjFg9c=
-github.com/browningluke/opnsense-go v0.4.0/go.mod h1:5hQQDOqd2lZQ1x/lO0oU/4Px+hZxBiG6tDRf1GbNPdg=
+github.com/browningluke/opnsense-go v0.5.0 h1:zUdYWNwKMdg/iXiuTGk4KvQ7j/xrcQNemSRNCCAMPVI=
+github.com/browningluke/opnsense-go v0.5.0/go.mod h1:5hQQDOqd2lZQ1x/lO0oU/4Px+hZxBiG6tDRf1GbNPdg=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

internal/provider/provider.go

@@ -122,6 +122,8 @@ func (p *OPNsenseProvider) Resources(ctx context.Context) []func() resource.Reso
 		// Firewall
 		service.NewFirewallFilterResource,
 		service.NewFirewallNATResource,
+		service.NewFirewallAliasResource,
+		service.NewFirewallCategoryResource,
 	}
 }
 
@@ -139,6 +141,8 @@ func (p *OPNsenseProvider) DataSources(ctx context.Context) []func() datasource.
 		// Firewall
 		service.NewFirewallFilterDataSource,
 		service.NewFirewallNATDataSource,
+		service.NewFirewallAliasDataSource,
+		service.NewFirewallCategoryDataSource,
 	}
 }
 

internal/service/firewall_alias_data_source.go

@@ -0,0 +1,80 @@
+package service
+
+import (
+	"context"
+	"fmt"
+	"github.com/browningluke/opnsense-go/pkg/api"
+	"github.com/browningluke/opnsense-go/pkg/opnsense"
+	"github.com/hashicorp/terraform-plugin-framework/datasource"
+)
+
+// Ensure provider defined types fully satisfy framework interfaces.
+var _ datasource.DataSource = &FirewallAliasDataSource{}
+
+func NewFirewallAliasDataSource() datasource.DataSource {
+	return &FirewallAliasDataSource{}
+}
+
+// FirewallAliasDataSource defines the data source implementation.
+type FirewallAliasDataSource struct {
+	client opnsense.Client
+}
+
+func (d *FirewallAliasDataSource) Metadata(ctx context.Context, req datasource.MetadataRequest, resp *datasource.MetadataResponse) {
+	resp.TypeName = req.ProviderTypeName + "_firewall_alias"
+}
+
+func (d *FirewallAliasDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
+	resp.Schema = FirewallAliasDataSourceSchema()
+}
+
+func (d *FirewallAliasDataSource) Configure(ctx context.Context, req datasource.ConfigureRequest, resp *datasource.ConfigureResponse) {
+	// Prevent panic if the provider has not been configured.
+	if req.ProviderData == nil {
+		return
+	}
+
+	apiClient, ok := req.ProviderData.(*api.Client)
+	if !ok {
+		resp.Diagnostics.AddError(
+			"Unexpected Resource Configure Type",
+			fmt.Sprintf("Expected *opnsense.Client, got: %T. Please report this issue to the provider developers.", req.ProviderData),
+		)
+		return
+	}
+
+	d.client = opnsense.NewClient(apiClient)
+}
+
+func (d *FirewallAliasDataSource) Read(ctx context.Context, req datasource.ReadRequest, resp *datasource.ReadResponse) {
+	var data *FirewallAliasResourceModel
+
+	// Read Terraform configuration data into the model
+	resp.Diagnostics.Append(req.Config.Get(ctx, &data)...)
+
+	if resp.Diagnostics.HasError() {
+		return
+	}
+
+	// Get firewall alias from OPNsense unbound API
+	resourceStruct, err := d.client.Firewall().GetAlias(ctx, data.Id.ValueString())
+	if err != nil {
+		resp.Diagnostics.AddError("Client Error",
+			fmt.Sprintf("Unable to read firewall alias, got error: %s", err))
+		return
+	}
+
+	// Convert OPNsense struct to TF schema
+	resourceModel, err := convertFirewallAliasStructToSchema(resourceStruct)
+	if err != nil {
+		resp.Diagnostics.AddError("Client Error",
+			fmt.Sprintf("Unable to read firewall alias, got error: %s", err))
+		return
+	}
+
+	// ID cannot be added by convert... func, have to add here
+	resourceModel.Id = data.Id
+
+	// Save updated data into Terraform state
+	resp.Diagnostics.Append(resp.State.Set(ctx, &resourceModel)...)
+}