Misc changes for DFP and FW Pt.2 (#108)

Co-authored-by: Ashish Mathew <[email protected]>
infobloxopen · May 3, 2024 · 9448070 · 9448070
1 parent cdaed20
commit 9448070
Show file tree

Hide file tree

Showing 11 changed files with 88 additions and 203 deletions.
diff --git a/docs/data-sources/dfp_services.md b/docs/data-sources/dfp_services.md
@@ -30,7 +30,6 @@ data "bloxone_dfp_services" "example_all" {}
 ### Optional
 
 - `filters` (Map of String) Filter are used to return a more specific list of results. Filters can be used to match resources by specific attributes, e.g. name. If you specify multiple filters, the results returned will have only resources that match all the specified filters.
-- `tag_filters` (Map of String) Tag Filters are used to return a more specific list of results filtered by tags. If you specify multiple filters, the results returned will have only resources that match all the specified filters.
 
 ### Read-Only
 

diff --git a/docs/data-sources/td_named_lists.md b/docs/data-sources/td_named_lists.md
@@ -39,19 +39,32 @@ data "bloxone_td_named_lists" "example_all" {}
 <a id="nestedatt--results"></a>
 ### Nested Schema for `results`
 
+Required:
+
+- `items_described` (Attributes List) The List of ItemStructs structure which contains the item and its description (see [below for nested schema](#nestedatt--results--items_described))
+- `name` (String) The name of the named list.
+
 Optional:
 
-- `tags` (Map of String) Tags associated with this Named List
+- `confidence_level` (String) The confidence level for a custom list. The possible values are ["LOW", "MEDIUM", "HIGH"]
+- `description` (String) The brief description for the named list.
+- `tags` (Map of String) Enables tag support for resource where tags attribute contains user-defined key value pairs
+- `threat_level` (String) The threat level for a custom list. The possible values are ["INFO", "LOW", "MEDIUM", "HIGH"]
+- `type` (String) The type of the named list, that can be "custom_list", "threat_insight", "fast_flux", "dga", "dnsm", "threat_insight_nde", "default_allow", "default_block" or "threat_insight_nde".
 
 Read-Only:
 
-- `confidence_level` (String) The confidence level for a custom list. The possible values are ["LOW", "MEDIUM", "HIGH"]
 - `created_time` (String) The time when this Named List object was created.
-- `description` (String) The brief description for the named list.
 - `id` (Number) The Named List object identifier.
 - `item_count` (Number) The number of items in this named list.
-- `name` (String) The name of the named list.
+- `items` (List of String) The list of the FQDN or IPv4/IPv6 CIDRs to define whitelists and blacklists for additional protection.
 - `policies` (List of String) The list of the security policy names with which the named list is associated.
-- `threat_level` (String) The threat level for a custom list. The possible values are ["INFO", "LOW", "MEDIUM", "HIGH"]
-- `type` (String) The type of the named list, that can be "custom_list", "threat_insight", "fast_flux", "dga", "dnsm", "threat_insight_nde", "default_allow", "default_block".
 - `updated_time` (String) The time when this Named List object was last updated.
+
+<a id="nestedatt--results--items_described"></a>
+### Nested Schema for `results.items_described`
+
+Optional:
+
+- `description` (String) The description of the item
+- `item` (String) The data of the Item
diff --git a/docs/data-sources/td_network_lists.md b/docs/data-sources/td_network_lists.md
@@ -30,7 +30,6 @@ data "bloxone_td_network_lists" "example_all" {}
 ### Optional
 
 - `filters` (Map of String) Filter are used to return a more specific list of results. Filters can be used to match resources by specific attributes, e.g. name. If you specify multiple filters, the results returned will have only resources that match all the specified filters.
-- `tag_filters` (Map of String) Tag Filters are used to return a more specific list of results filtered by tags. If you specify multiple filters, the results returned will have only resources that match all the specified filters.
 
 ### Read-Only
 

diff --git a/internal/service/dfp/api_dfp_data_source.go b/internal/service/dfp/api_dfp_data_source.go
@@ -32,9 +32,8 @@ func (d *DfpDataSource) Metadata(ctx context.Context, req datasource.MetadataReq
 }
 
 type DfpServicesModelWithFilter struct {
-	Filters    types.Map  `tfsdk:"filters"`
-	TagFilters types.Map  `tfsdk:"tag_filters"`
-	Results    types.List `tfsdk:"results"`
+	Filters types.Map  `tfsdk:"filters"`
+	Results types.List `tfsdk:"results"`
 }
 
 func (m *DfpServicesModelWithFilter) FlattenResults(ctx context.Context, from []dfp.Dfp, diags *diag.Diagnostics) {
@@ -53,11 +52,6 @@ func (d *DfpDataSource) Schema(ctx context.Context, req datasource.SchemaRequest
 				ElementType: types.StringType,
 				Optional:    true,
 			},
-			"tag_filters": schema.MapAttribute{
-				Description: "Tag Filters are used to return a more specific list of results filtered by tags. If you specify multiple filters, the results returned will have only resources that match all the specified filters.",
-				ElementType: types.StringType,
-				Optional:    true,
-			},
 			"results": schema.ListNestedAttribute{
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: utils.DataSourceAttributeMap(DfpResourceSchemaAttributes, &resp.Diagnostics),

diff --git a/internal/service/fw/api_access_code_data_source_test.go b/internal/service/fw/api_access_code_data_source_test.go
@@ -3,6 +3,7 @@ package fw_test
 import (
 	"context"
 	"fmt"
+	"strings"
 	"testing"
 	"time"
 
@@ -17,14 +18,15 @@ func TestAccAccessCodeDataSource_Filters(t *testing.T) {
 	resourceName := "bloxone_td_access_code.test"
 	var v fw.AccessCode
 	name := acctest.RandomNameWithPrefix("ac")
+	namedListName := acctest.RandomNameWithPrefix("named-list")
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:                 func() { acctest.PreCheck(t) },
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		CheckDestroy:             testAccCheckAccessCodeDestroy(context.Background(), &v),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccAccessCodeDataSourceConfigFilters(name),
+				Config: testAccAccessCodeDataSourceConfigFilters(name, namedListName),
 				Check: resource.ComposeTestCheckFunc(
 					append([]resource.TestCheckFunc{
 						testAccCheckAccessCodeExists(context.Background(), resourceName, &v),
@@ -51,19 +53,16 @@ func testAccCheckAccessCodeResourceAttrPair(resourceName, dataSourceName string)
 	}
 }
 
-func testAccAccessCodeDataSourceConfigFilters(name string) string {
-	return fmt.Sprintf(`
+func testAccAccessCodeDataSourceConfigFilters(name, namedListName string) string {
+	config := fmt.Sprintf(`
 resource "bloxone_td_access_code" "test" {
 	name = %[1]q
 	activation = %[2]q
 	expiration = %[3]q
 	rules = [
 		{
-			action = "" ,
-			data = "terraform_test",
-			description = "",
-			redirect_name = "",
-			type = "custom_list"
+			data = bloxone_td_named_list.test.name,
+			type = bloxone_td_named_list.test.type
 		}
 	]
 }
@@ -74,4 +73,5 @@ data "bloxone_td_access_codes" "test" {
   }
 }
 `, name, time.Now().UTC().Format(time.RFC3339), time.Now().UTC().Add(time.Hour).Format(time.RFC3339))
+	return strings.Join([]string{testAccBaseWithNamedList(namedListName), config}, "")
 }
diff --git a/internal/service/fw/api_named_list_data_source.go b/internal/service/fw/api_named_list_data_source.go
@@ -41,7 +41,7 @@ func (m *AtcfwNamedListModelWithFilter) FlattenResults(ctx context.Context, from
 	if len(from) == 0 {
 		return
 	}
-	m.Results = flex.FlattenFrameworkListNestedBlock(ctx, from, AtcfwNamedListReadAttrTypes, diags, FlattenAtcfwNamedListRead)
+	m.Results = flex.FlattenFrameworkListNestedBlock(ctx, from, AtcfwNamedListAttrTypes, diags, FlattenAtcfwNamedList)
 }
 
 func (d *NamedListsDataSource) Schema(ctx context.Context, req datasource.SchemaRequest, resp *datasource.SchemaResponse) {
@@ -60,7 +60,7 @@ func (d *NamedListsDataSource) Schema(ctx context.Context, req datasource.Schema
 			},
 			"results": schema.ListNestedAttribute{
 				NestedObject: schema.NestedAttributeObject{
-					Attributes: utils.DataSourceAttributeMap(AtcfwNamedListReadResourceSchemaAttributes, &resp.Diagnostics),
+					Attributes: utils.DataSourceAttributeMap(AtcfwNamedListResourceSchemaAttributes, &resp.Diagnostics),
 				},
 				Computed: true,
 			},

diff --git a/internal/service/fw/api_network_list_data_source.go b/internal/service/fw/api_network_list_data_source.go
@@ -33,9 +33,8 @@ func (d *NetworkListsDataSource) Metadata(ctx context.Context, req datasource.Me
 }
 
 type AtcfwNetworkListModelWithFilter struct {
-	Filters    types.Map  `tfsdk:"filters"`
-	TagFilters types.Map  `tfsdk:"tag_filters"`
-	Results    types.List `tfsdk:"results"`
+	Filters types.Map  `tfsdk:"filters"`
+	Results types.List `tfsdk:"results"`
 }
 
 func (m *AtcfwNetworkListModelWithFilter) FlattenResults(ctx context.Context, from []fw.NetworkList, diags *diag.Diagnostics) {
@@ -54,11 +53,6 @@ func (d *NetworkListsDataSource) Schema(ctx context.Context, req datasource.Sche
 				ElementType: types.StringType,
 				Optional:    true,
 			},
-			"tag_filters": schema.MapAttribute{
-				Description: "Tag Filters are used to return a more specific list of results filtered by tags. If you specify multiple filters, the results returned will have only resources that match all the specified filters.",
-				ElementType: types.StringType,
-				Optional:    true,
-			},
 			"results": schema.ListNestedAttribute{
 				NestedObject: schema.NestedAttributeObject{
 					Attributes: utils.DataSourceAttributeMap(AtcfwNetworkListResourceSchemaAttributes, &resp.Diagnostics),

diff --git a/internal/service/fw/api_security_policy_resource.go b/internal/service/fw/api_security_policy_resource.go
@@ -4,14 +4,22 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"strings"
+	"time"
 
 	"github.com/hashicorp/terraform-plugin-framework/path"
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry"
 
 	bloxoneclient "github.com/infobloxopen/bloxone-go-client/client"
 )
 
+const (
+	// SecurityPolicyOperationTimeout is the maximum amount of time to wait for eventual consistency
+	SecurityPolicyOperationTimeout = 2 * time.Minute
+)
+
 // Ensure provider defined types fully satisfy framework interfaces.
 var _ resource.Resource = &SecurityPolicyResource{}
 var _ resource.ResourceWithImportState = &SecurityPolicyResource{}
@@ -150,15 +158,24 @@ func (r *SecurityPolicyResource) Delete(ctx context.Context, req resource.Delete
 		return
 	}
 
-	httpRes, err := r.client.FWAPI.
-		SecurityPoliciesAPI.
-		DeleteSingleSecurityPolicy(ctx, int32(data.Id.ValueInt64())).
-		Execute()
-	if err != nil {
-		if httpRes != nil && httpRes.StatusCode == http.StatusNotFound {
-			return
+	err := retry.RetryContext(ctx, SecurityPolicyOperationTimeout, func() *retry.RetryError {
+		httpRes, err := r.client.FWAPI.
+			SecurityPoliciesAPI.
+			DeleteSingleSecurityPolicy(ctx, int32(data.Id.ValueInt64())).
+			Execute()
+		if err != nil {
+			if httpRes != nil && httpRes.StatusCode == http.StatusNotFound {
+				return nil
+			}
+			if strings.Contains(err.Error(), "Internal Server Error") {
+				return retry.RetryableError(err)
+			}
+			resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete SecurityPolicies, got error: %s", err))
+			return retry.NonRetryableError(err)
 		}
-		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to delete SecurityPolicies, got error: %s", err))
+		return nil
+	})
+	if err != nil {
 		return
 	}
 }

diff --git a/internal/service/fw/model_atcfw_named_list.go b/internal/service/fw/model_atcfw_named_list.go
@@ -156,12 +156,12 @@ func (m *AtcfwNamedListModel) Expand(ctx context.Context, diags *diag.Diagnostic
 	return to
 }
 
-func FlattenAtcfwNamedList(ctx context.Context, from *fw.NamedList, diags *diag.Diagnostics) types.Object {
+func FlattenAtcfwNamedList(ctx context.Context, from *fw.NamedListRead, diags *diag.Diagnostics) types.Object {
 	if from == nil {
 		return types.ObjectNull(AtcfwNamedListAttrTypes)
 	}
 	m := AtcfwNamedListModel{}
-	m.Flatten(ctx, from, diags)
+	m.FlattenRead(ctx, from, diags)
 	t, d := types.ObjectValueFrom(ctx, AtcfwNamedListAttrTypes, m)
 	diags.Append(d...)
 	return t
@@ -188,3 +188,25 @@ func (m *AtcfwNamedListModel) Flatten(ctx context.Context, from *fw.NamedList, d
 	m.Type = flex.FlattenStringPointer(from.Type)
 	m.UpdatedTime = timetypes.NewRFC3339TimePointerValue(from.UpdatedTime)
 }
+
+func (m *AtcfwNamedListModel) FlattenRead(ctx context.Context, from *fw.NamedListRead, diags *diag.Diagnostics) {
+	if from == nil {
+		return
+	}
+	if m == nil {
+		*m = AtcfwNamedListModel{}
+	}
+	m.ConfidenceLevel = flex.FlattenStringPointer(from.ConfidenceLevel)
+	m.CreatedTime = timetypes.NewRFC3339TimePointerValue(from.CreatedTime)
+	m.Description = flex.FlattenStringPointer(from.Description)
+	m.Id = flex.FlattenInt32Pointer(from.Id)
+	m.ItemCount = flex.FlattenInt32Pointer(from.ItemCount)
+	m.Items = types.ListNull(types.StringType)
+	m.ItemsDescribed = types.ListNull(types.ObjectType{AttrTypes: AtcfwItemStructsAttrTypes})
+	m.Name = flex.FlattenStringPointer(from.Name)
+	m.Policies = flex.FlattenFrameworkListString(ctx, from.Policies, diags)
+	m.Tags = flex.FlattenFrameworkMapString(ctx, from.Tags, diags)
+	m.ThreatLevel = flex.FlattenStringPointer(from.ThreatLevel)
+	m.Type = flex.FlattenStringPointer(from.Type)
+	m.UpdatedTime = timetypes.NewRFC3339TimePointerValue(from.UpdatedTime)
+}