search

CiscoDevNet / terraform-provider-sdwan

Terraform Cisco SD-WAN Provider
https://registry.terraform.io/providers/CiscoDevNet/sdwan
Mozilla Public License 2.0
19 stars 12 forks source link

Handling dynamic data for sdwan_zone_based_firewall_policy_definition #294

Open rrahimm opened 4 months ago

rrahimm commented 4 months ago

under sdwan_zone_based_firewall_policy_definition, We have a field “protocol_names” when used in API should be supplemented with 2 more parameters "destinationPort" and "protocol".

when terraform encounters "protocol_name" in the input , the provider should also dynamically populate these 2 variables based on the choosen protocol_names.

see example below. When "protocolName" is chosen as DNS, the protocol and destinationPort are also sent in the API payload. with app variable being the protocolName.

The mapping of protocolName to port and protocol is available in the vManage already in the below bath and can be fetched with an API call.

https:///app/json/application_protocol.json

      {
        "sequenceId": 21,
        "sequenceName": "Telstra DNS",
        "baseAction": "inspect",
        "sequenceType": "zoneBasedFW",
        "match": {
          "entries": [
            {
              "field": "destinationDataPrefixList",
              "ref": "bc30b08e-47d3-42c8-91e0-809929fb1386"
            },
            {
              "field": "destinationPort",
              "value": "53",
              "app": "dns"
            },
            {
              "field": "protocol",
              "value": "6 17",
              "app": "dns"
            },
            {
              "field": "protocolName",
              "value": "dns"
            },
            {
              "field": "sourceIp",
              "vipVariableName": "Guest / CFW"
            }
          ]
        },
        "actions": []
      },
rrahimm commented 4 months ago

Just to make a note here, this requirement is associated with feature requests from a potential customer for "Services as Code".