forked from netascode/terraform-sdwan-nac-sdwan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sdwan_feature_templates.tf
1996 lines (1974 loc) · 151 KB
/
sdwan_feature_templates.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
resource "sdwan_cedge_aaa_feature_template" "cedge_aaa_feature_template" {
for_each = { for t in try(local.edge_feature_templates.aaa_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.aaa_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
dot1x_authentication = try(each.value.dot1x_authentication, null)
dot1x_authentication_variable = try(each.value.dot1x_authentication_variable, null)
dot1x_accounting = try(each.value.dot1x_accounting, null)
dot1x_accounting_variable = try(each.value.dot1x_accounting_variable, null)
server_groups_priority_order = join(",", try(each.value.authentication_and_authorization_order, local.defaults.sdwan.edge_feature_templates.aaa_templates.authentication_and_authorization_order))
users = try(length(each.value.users) == 0, true) ? null : [for user in each.value.users : {
name = user.name
password = user.password
secret = user.secret
privilege_level = try(user.privilege_level, null)
privilege_level_variable = try(user.privilege_level_variable, null)
optional = try(user.optional, null)
ssh_pubkeys = try(length(user.ssh_rsa_keys) == 0, true) ? null : [for key in user.ssh_rsa_keys : {
key_string = key
key_type = "rsa"
}]
}]
radius_server_groups = try(length(each.value.radius_server_groups) == 0, true) ? null : [for group in each.value.radius_server_groups : {
group_name = group.name
vpn_id = try(group.vpn_id, null)
source_interface = try(group.source_interface, null)
source_interface_variable = try(group.source_interface_variable, null)
servers = !can(group.servers) ? null : [for server in group.servers : {
address = server.address
authentication_port = try(server.authentication_port, null)
authentication_port_variable = try(server.authentication_port_variable, null)
accounting_port = try(server.accounting_port, null)
accounting_port_variable = try(server.accounting_port_variable, null)
timeout = try(server.timeout, null)
timeout_variable = try(server.timeout_variable, null)
retransmit = try(server.retransmit_count, null)
retransmit_variable = try(server.retransmit_count_variable, null)
key_type = try(server.key_type, null)
key_type_variable = try(server.key_type_variable, null)
key = server.key
secret_key = server.secret_key
encryption_type = 6
}]
}]
radius_clients = try(length(each.value.radius_dynamic_author.clients) == 0, true) ? null : [for client in each.value.radius_dynamic_author.clients : {
client_ip = try(client.ip, null)
client_ip_variable = try(client.ip_variable, null)
vpn_configurations = [{
vpn_id = try(client.vpn_id, null)
vpn_id_variable = try(client.vpn_id_variable, null)
server_key = try(client.server_key, null)
}]
}]
radius_dynamic_author_server_key = try(each.value.radius_dynamic_author.server_key, null)
radius_dynamic_author_server_key_variable = try(each.value.radius_dynamic_author.server_key_variable, null)
radius_dynamic_author_domain_stripping = try(each.value.radius_dynamic_author.domain_stripping, null)
radius_dynamic_author_domain_stripping_variable = try(each.value.radius_dynamic_author.domain_stripping_variable, null)
radius_dynamic_author_authentication_type = try(each.value.radius_dynamic_author.authentication_type, null)
radius_dynamic_author_authentication_type_variable = try(each.value.radius_dynamic_author.authentication_type_variable, null)
radius_dynamic_author_port = try(each.value.radius_dynamic_author.port, null)
radius_dynamic_author_port_variable = try(each.value.radius_dynamic_author.port_variable, null)
radius_trustsec_cts_authorization_list = try(each.value.radius_trustsec.cts_authorization_list, null)
radius_trustsec_cts_authorization_list_variable = try(each.value.radius_trustsec.cts_authorization_list_variable, null)
radius_trustsec_group = try(each.value.radius_trustsec.server_group, null)
tacacs_server_groups = try(length(each.value.tacacs_server_groups) == 0, true) ? null : [for group in each.value.tacacs_server_groups : {
group_name = group.name
vpn_id = try(group.vpn_id, null)
source_interface = try(group.source_interface, null)
source_interface_variable = try(group.source_interface_variable, null)
servers = try(length(group.servers) == 0, true) ? null : [for server in group.servers : {
address = server.address
key = server.key
secret_key = server.secret_key
encryption_type = 6
port = try(server.port, null)
port_variable = try(server.port_variable, null)
timeout = try(server.timeout, null)
timeout_variable = try(server.timeout_variable, null)
}]
}]
accounting_rules = try(length(each.value.accounting_rules) == 0, true) ? null : [for rule in each.value.accounting_rules : {
name = index(each.value.accounting_rules, rule)
method = rule.method
privilege_level = try(rule.privilege_level, null)
start_stop = try(rule.start_stop, null)
start_stop_variable = try(rule.start_stop_variable, null)
groups = join(",", rule.groups)
}]
authorization_console = try(each.value.authorization_console, null)
authorization_console_variable = try(each.value.authorization_console_variable, null)
authorization_config_commands = try(each.value.authorization_config_commands, null)
authorization_config_commands_variable = try(each.value.authorization_config_commands_variable, null)
authorization_rules = try(length(each.value.authorization_rules) == 0, true) ? null : [for rule in each.value.authorization_rules : {
name = index(each.value.authorization_rules, rule)
method = rule.method
privilege_level = rule.privilege_level
groups = join(",", rule.groups)
authenticated = try(rule.authenticated, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cedge_global_feature_template" "cedge_global_feature_template" {
for_each = { for t in try(local.edge_feature_templates.global_settings_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.global_settings_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
arp_proxy = try(each.value.arp_proxy, null)
arp_proxy_variable = try(each.value.arp_proxy_variable, null)
bootp = try(each.value.ignore_bootp, null)
bootp_variable = try(each.value.ignore_bootp_variable, null)
cdp = try(each.value.cdp, null)
cdp_variable = try(each.value.cdp_variable, null)
console_logging = try(each.value.console_logging, null)
console_logging_variable = try(each.value.console_logging_variable, null)
domain_lookup = try(each.value.domain_lookup, null)
domain_lookup_variable = try(each.value.domain_lookup_variable, null)
ftp_passive = try(each.value.ftp_passive, null)
ftp_passive_variable = try(each.value.ftp_passive_variable, null)
http_authentication = try(each.value.http_authentication, null)
http_authentication_variable = try(each.value.http_authentication_variable, null)
http_server = try(each.value.http_server, null)
http_server_variable = try(each.value.http_server_variable, null)
https_server = try(each.value.https_server, null)
https_server_variable = try(each.value.https_server_variable, null)
ip_source_routing = try(each.value.ip_source_routing, null)
ip_source_routing_variable = try(each.value.ip_source_routing_variable, null)
line_vty = try(each.value.telnet_outbound, null)
line_vty_variable = try(each.value.telnet_outbound_variable, null)
lldp = try(each.value.lldp, null)
lldp_variable = try(each.value.lldp_variable, null)
nat64_tcp_timeout = try(each.value.nat64_tcp_timeout, null)
nat64_tcp_timeout_variable = try(each.value.nat64_tcp_timeout_variable, null)
nat64_udp_timeout = try(each.value.nat64_udp_timeout, null)
nat64_udp_timeout_variable = try(each.value.nat64_udp_timeout_variable, null)
rsh_rcp = try(each.value.rsh_rcp, null)
rsh_rcp_variable = try(each.value.rsh_rcp_variable, null)
snmp_ifindex_persist = try(each.value.snmp_ifindex_persist, null)
snmp_ifindex_persist_variable = try(each.value.snmp_ifindex_persist_variable, null)
source_interface = try(each.value.source_interface, null)
source_interface_variable = try(each.value.source_interface_variable, null)
ssh_version = try(each.value.ssh_version, null)
ssh_version_variable = try(each.value.ssh_version_variable, null)
tcp_keepalives_in = try(each.value.tcp_keepalives_in, null)
tcp_keepalives_in_variable = try(each.value.tcp_keepalives_in_variable, null)
tcp_keepalives_out = try(each.value.tcp_keepalives_out, null)
tcp_keepalives_out_variable = try(each.value.tcp_keepalives_out_variable, null)
tcp_small_servers = try(each.value.tcp_small_servers, null)
tcp_small_servers_variable = try(each.value.tcp_small_servers_variable, null)
udp_small_servers = try(each.value.udp_small_servers, null)
udp_small_servers_variable = try(each.value.udp_small_servers_variable, null)
vty_logging = try(each.value.vty_logging, null)
vty_logging_variable = try(each.value.vty_logging_variable, null)
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_banner_feature_template" "cisco_banner_feature_template" {
for_each = { for t in try(local.edge_feature_templates.banner_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.banner_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
login = try(each.value.login, null)
login_variable = try(each.value.login_variable, null)
motd = try(each.value.motd, null)
motd_variable = try(each.value.motd_variable, null)
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_bfd_feature_template" "cisco_bfd_feature_template" {
for_each = { for t in try(local.edge_feature_templates.bfd_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.bfd_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
multiplier = try(each.value.multiplier, null)
multiplier_variable = try(each.value.multiplier_variable, null)
poll_interval = try(each.value.poll_interval, null)
poll_interval_variable = try(each.value.poll_interval_variable, null)
default_dscp = try(each.value.default_dscp, null)
default_dscp_variable = try(each.value.default_dscp_variable, null)
colors = try(length(each.value.colors) == 0, true) ? null : [for color in each.value.colors : {
color = try(color.color, null)
color_variable = try(color.color_variable, null)
hello_interval = try(color.hello_interval, null)
hello_interval_variable = try(color.hello_interval_variable, null)
multiplier = try(color.multiplier, null)
multiplier_variable = try(color.multiplier_variable, null)
pmtu_discovery = try(color.path_mtu_discovery, null)
pmtu_discovery_variable = try(color.path_mtu_discovery_variable, null)
dscp = try(color.default_dscp, null)
dscp_variable = try(color.dscp_variable, null)
optional = try(color.optional, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_bgp_feature_template" "cisco_bgp_feature_template" {
for_each = { for t in try(local.edge_feature_templates.bgp_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.bgp_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
always_compare_med = try(each.value.always_compare_med, null)
always_compare_med_variable = try(each.value.always_compare_med_variable, null)
as_number = try(each.value.as_number, null)
as_number_variable = try(each.value.as_number_variable, null)
compare_router_id = try(each.value.compare_router_id, null)
compare_router_id_variable = try(each.value.compare_router_idr_variable, null)
deterministic_med = try(each.value.deterministic_med, null)
deterministic_med_variable = try(each.value.deterministic_med_variable, null)
distance_external = try(each.value.distance_external, null)
distance_external_variable = try(each.value.distance_external_variable, null)
distance_internal = try(each.value.distance_internal, null)
distance_internal_variable = try(each.value.distance_internal_variable, null)
distance_local = try(each.value.distance_local, null)
distance_local_variable = try(each.value.distance_local_variable, null)
holdtime = try(each.value.holdtime, null)
holdtime_variable = try(each.value.holdtime_variable, null)
keepalive = try(each.value.keepalive, null)
keepalive_variable = try(each.value.keepalive_variable, null)
missing_med_worst = try(each.value.missing_med_as_worst, null)
missing_med_worst_variable = try(each.value.missing_med_as_worst_variable, null)
multipath_relax = try(each.value.multipath_relax, null)
multipath_relax_variable = try(each.value.multipath_relax_variable, null)
propagate_aspath = try(each.value.propagate_as_path, null)
propagate_aspath_variable = try(each.value.propagate_as_path_variable, null)
propagate_community = try(each.value.propagate_community, null)
propagate_community_variable = try(each.value.propagate_community_variable, null)
router_id = try(each.value.router_id, null)
router_id_variable = try(each.value.router_id_variable, null)
shutdown = try(each.value.shutdown, null)
shutdown_variable = try(each.value.shutdown_variable, null)
address_families = flatten([
try(each.value.ipv4_address_family, null) == null ? [] : [{
family_type = "ipv4-unicast"
default_information_originate = try(each.value.ipv4_address_family.default_information_originate, null)
default_information_originate_variable = try(each.value.ipv4_address_family.default_information_originate_variable, null)
maximum_paths = try(each.value.ipv4_address_family.maximum_paths, null)
maximum_paths_variable = try(each.value.ipv4_address_family.maximum_paths_variable, null)
table_map_filter = try(each.value.ipv4_address_family.table_map_filter, null)
table_map_filter_variable = try(each.value.ipv4_address_family.table_map_filter_variable, null)
table_map_policy = try(each.value.ipv4_address_family.table_map_policy, null)
table_map_policy_variable = try(each.value.ipv4_address_family.table_map_policy_variable, null)
ipv4_aggregate_addresses = try(length(each.value.ipv4_address_family.aggregate_addresses) == 0, true) ? null : [for p in each.value.ipv4_address_family.aggregate_addresses : {
prefix = try(p.prefix, null)
prefix_variable = try(p.prefix_variable, null)
as_set_path = try(p.as_set_path, null)
as_set_path_variable = try(p.as_set_path_variable, null)
summary_only = try(p.summary_only, null)
summary_only_variable = try(p.summary_only_variable, null)
optional = try(p.optional, null)
}]
ipv4_networks = try(length(each.value.ipv4_address_family.networks) == 0, true) ? null : [for p in each.value.ipv4_address_family.networks : {
prefix = try(p.prefix, null)
prefix_variable = try(p.prefix_variable, null)
optional = try(p.optional, null)
}]
redistribute_routes = try(length(each.value.ipv4_address_family.redistributes) == 0, true) ? null : [for p in each.value.ipv4_address_family.redistributes : {
protocol = try(p.protocol, null)
protocol_variable = try(p.protocol_variable, null)
route_policy = try(p.route_policy, null)
route_policy_variable = try(p.route_policy_variable, null)
optional = try(p.optional, null)
}]
}],
try(each.value.ipv6_address_family, null) == null ? [] : [{
family_type = "ipv6-unicast"
default_information_originate = try(each.value.ipv6_address_family.default_information_originate, null)
default_information_originate_variable = try(each.value.ipv6_address_family.default_information_originate_variable, null)
maximum_paths = try(each.value.ipv6_address_family.maximum_paths, null)
maximum_paths_variable = try(each.value.ipv6_address_family.maximum_paths_variable, null)
table_map_filter = try(each.value.ipv6_address_family.table_map_filter, null)
table_map_filter_variable = try(each.value.ipv6_address_family.table_map_filter_variable, null)
table_map_policy = try(each.value.ipv6_address_family.table_map_policy, null)
table_map_policy_variable = try(each.value.ipv6_address_family.table_map_policy_variable, null)
ipv6_aggregate_addresses = try(length(each.value.ipv6_address_family.aggregate_addresses) == 0, true) ? null : [for p in each.value.ipv6_address_family.aggregate_addresses : {
prefix = try(p.prefix, null)
prefix_variable = try(p.prefix_variable, null)
as_set_path = try(p.as_set_path, null)
as_set_path_variable = try(p.as_set_path_variable, null)
summary_only = try(p.summary_only, null)
summary_only_variable = try(p.summary_only_variable, null)
optional = try(p.optional, null)
}]
ipv6_networks = try(length(each.value.ipv6_address_family.networks) == 0, true) ? null : [for p in each.value.ipv6_address_family.networks : {
prefix = try(p.prefix, null)
prefix_variable = try(p.prefix_variable, null)
optional = try(p.optional, null)
}]
redistribute_routes = try(length(each.value.ipv6_address_family.redistributes) == 0, true) ? null : [for p in each.value.ipv6_address_family.redistributes : {
protocol = try(p.protocol, null)
protocol_variable = try(p.protocol_variable, null)
route_policy = try(p.route_policy, null)
route_policy_variable = try(p.route_policy_variable, null)
optional = try(p.optional, null)
}]
}]
])
ipv4_neighbors = try(length(each.value.ipv4_address_family.neighbors) == 0, true) ? null : [for n in each.value.ipv4_address_family.neighbors : {
address = try(n.address, null)
address_variable = try(n.address_variable, null)
allow_as_in = try(n.allow_as_in, null)
allow_as_in_variable = try(n.allow_as_in_variable, null)
as_override = try(n.as_override, null)
as_override_variable = try(n.as_override_variable, null)
description = try(n.description, null)
description_variable = try(n.description_variable, null)
ebgp_multihop = try(n.ebgp_multihop, null)
ebgp_multihop_variable = try(n.ebgp_multihop_variable, null)
holdtime = try(n.holdtime, null)
holdtime_variable = try(n.holdtime_variable, null)
keepalive = try(n.keepalive, null)
keepalive_variable = try(n.keepalive_variable, null)
next_hop_self = try(n.next_hop_self, null)
next_hop_self_variable = try(n.next_hop_self_variable, null)
password = try(n.password, null)
password_variable = try(n.password_variable, null)
remote_as = try(n.remote_as, null)
remote_as_variable = try(n.remote_as_variable, null)
send_community = try(n.send_community, null)
send_community_variable = try(n.send_community_variable, null)
send_extended_community = try(n.send_extended_community, null)
send_extended_community_variable = try(n.send_extended_community_variable, null)
send_label = try(n.send_label, null)
send_label_variable = try(n.send_label_variable, null)
send_label_explicit = try(n.send_label_explicit, null)
send_label_explicit_variable = try(n.send_label_explicit_variable, null)
shutdown = try(n.shutdown, null)
shutdown_variable = try(n.shutdown_variable, null)
source_interface = try(n.source_interface, null)
source_interface_variable = try(n.source_interface_variable, null)
optional = try(n.optional, null)
optional_variable = try(n.optional_variable, null)
address_families = try(length(n.address_families) == 0, true) ? null : [for af in n.address_families : {
family_type = try(af.family_type, null)
maximum_prefixes = try(af.maximum_prefixes, null)
maximum_prefixes_variable = try(af.maximum_prefixes_variable, null)
maximum_prefixes_restart = try(af.maximum_prefixes_restart, null)
maximum_prefixes_restart_variable = try(af.maximum_prefixes_restart_variable, null)
maximum_prefixes_threshold = try(af.maximum_prefixes_threshold, null)
maximum_prefixes_threshold_variable = try(af.maximum_prefixes_threshold_variable, null)
maximum_prefixes_warning_only = try(af.maximum_prefixes_warning_only, null)
maximum_prefixes_warning_only_variable = try(af.maximum_prefixes_warning_only_variable, null)
optional = try(af.optional, null)
optional_variable = try(af.optional_variable, null)
route_policies = try(af.route_policy_in, af.route_policy_in_variable, af.route_policy_out, af.route_policy_out_variable, null) == null ? null : flatten([
try(af.route_policy_in, af.route_policy_in_variable, null) == null ? [] : [{
direction = "in"
policy_name = try(af.route_policy_in, null)
policy_name_variable = try(af.route_policy_in_variable, null)
}],
try(af.route_policy_out, null) == null && try(af.route_policy_out_variable, null) == null ? [] : [{
direction = "out"
policy_name = try(af.route_policy_out, null)
policy_name_variable = try(af.route_policy_out_variable, null)
}]
])
}]
}]
ipv6_neighbors = try(length(each.value.ipv6_address_family.neighbors) == 0, true) ? null : [for n in each.value.ipv6_address_family.neighbors : {
address = try(n.address, null)
address_variable = try(n.address_variable, null)
allow_as_in = try(n.allow_as_in, null)
allow_as_in_variable = try(n.allow_as_in_variable, null)
as_override = try(n.as_override, null)
as_override_variable = try(n.as_override_variable, null)
description = try(n.description, null)
description_variable = try(n.description_variable, null)
ebgp_multihop = try(n.ebgp_multihop, null)
ebgp_multihop_variable = try(n.ebgp_multihop_variable, null)
holdtime = try(n.holdtime, null)
holdtime_variable = try(n.holdtime_variable, null)
keepalive = try(n.keepalive, null)
keepalive_variable = try(n.keepalive_variable, null)
next_hop_self = try(n.next_hop_self, null)
next_hop_self_variable = try(n.next_hop_self_variable, null)
password = try(n.password, null)
password_variable = try(n.password_variable, null)
remote_as = try(n.remote_as, null)
remote_as_variable = try(n.remote_as_variable, null)
send_community = try(n.send_community, null)
send_community_variable = try(n.send_community_variable, null)
send_extended_community = try(n.send_extended_community, null)
send_extended_community_variable = try(n.send_extended_community_variable, null)
send_label = try(n.send_label, null)
send_label_variable = try(n.send_label_variable, null)
send_label_explicit = try(n.send_label_explicit, null)
send_label_explicit_variable = try(n.send_label_explicit_variable, null)
shutdown = try(n.shutdown, null)
shutdown_variable = try(n.shutdown_variable, null)
source_interface = try(n.source_interface, null)
source_interface_variable = try(n.source_interface_variable, null)
optional = try(n.optional, null)
optional_variable = try(n.optional_variable, null)
address_families = try(length(n.address_families) == 0, true) ? null : [for af in n.address_families : {
family_type = try(af.family_type, null)
maximum_prefixes = try(af.maximum_prefixes, null)
maximum_prefixes_variable = try(af.maximum_prefixes_variable, null)
maximum_prefixes_restart = try(af.maximum_prefixes_restart, null)
maximum_prefixes_restart_variable = try(af.maximum_prefixes_restart_variable, null)
maximum_prefixes_threshold = try(af.maximum_prefixes_threshold, null)
maximum_prefixes_threshold_variable = try(af.maximum_prefixes_threshold_variable, null)
maximum_prefixes_warning_only = try(af.maximum_prefixes_warning_only, null)
maximum_prefixes_warning_only_variable = try(af.maximum_prefixes_warning_only_variable, null)
optional = try(af.optional, null)
optional_variable = try(af.optional_variable, null)
route_policies = try(af.route_policy_in, af.route_policy_in_variable, af.route_policy_out, af.route_policy_out_variable, null) == null ? null : flatten([
try(af.route_policy_in, af.route_policy_in_variable, null) == null ? [] : [{
direction = "in"
policy_name = try(af.route_policy_in, null)
policy_name_variable = try(af.route_policy_in_variable, null)
}],
try(af.route_policy_out, null) == null && try(af.route_policy_out_variable, null) == null ? [] : [{
direction = "out"
policy_name = try(af.route_policy_out, null)
policy_name_variable = try(af.route_policy_out_variable, null)
}]
])
}]
}]
ipv4_route_targets = try(length(each.value.ipv4_address_family.route_targets) == 0, true) ? null : [for rt in each.value.ipv4_address_family.route_targets : {
optional = try(rt.optional, null)
vpn_id = try(rt.vpn_id, null)
vpn_id_variable = try(rt.vpn_id_variable, null)
export = try(length(rt.exports) == 0, true) ? null : [for e in rt.exports : {
asn_ip = try(e.asn_ip, null)
asn_ip_variable = try(e.asn_ip_variable, null)
}]
import = try(length(rt.imports) == 0, true) ? null : [for i in rt.imports : {
asn_ip = try(i.asn_ip, null)
asn_ip_variable = try(i.asn_ip_variable, null)
}]
}]
ipv6_route_targets = try(length(each.value.ipv6_address_family.route_targets) == 0, true) ? null : [for rt in each.value.ipv6_address_family.route_targets : {
optional = try(rt.optional, null)
vpn_id = try(rt.vpn_id, null)
vpn_id_variable = try(rt.vpn_id_variable, null)
export = try(length(rt.exports) == 0, true) ? null : [for e in rt.exports : {
asn_ip = try(e.asn_ip, null)
asn_ip_variable = try(e.asn_ip_variable, null)
}]
import = try(length(rt.imports) == 0, true) ? null : [for i in rt.imports : {
asn_ip = try(i.asn_ip, null)
asn_ip_variable = try(i.asn_ip_variable, null)
}]
}]
mpls_interfaces = try(length(each.value.mpls_interfaces) == 0, true) ? null : [for m in each.value.mpls_interfaces : {
interface_name = try(m.interface_name, null)
interface_name_variable = try(m.interface_name_variable, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_dhcp_server_feature_template" "cisco_dhcp_server_feature_template" {
for_each = { for t in try(local.edge_feature_templates.dhcp_server_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.dhcp_server_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
address_pool = try(each.value.address_pool, null)
address_pool_variable = try(each.value.address_pool_variable, null)
default_gateway = try(each.value.default_gateway, null)
default_gateway_variable = try(each.value.default_gateway_variable, null)
dns_servers = try(each.value.dns_servers, null)
dns_servers_variable = try(each.value.dns_servers_variable, null)
domain_name = try(each.value.domain_name, null)
domain_name_variable = try(each.value.domain_name_variable, null)
exclude_addresses = try(each.value.exclude_addresses, each.value.exclude_addresses_ranges, null) == null ? null : concat(try(each.value.exclude_addresses, []), [for r in try(each.value.exclude_addresses_ranges, []) : "${r.from}-${r.to}"])
exclude_addresses_variable = try(each.value.exclude_addresses_variable, null)
interface_mtu = try(each.value.interface_mtu, null)
interface_mtu_variable = try(each.value.interface_mtu_variable, null)
lease_time = try(each.value.lease_time, null)
lease_time_variable = try(each.value.lease_time_variable, null)
tftp_servers = try(each.value.tftp_servers, null)
tftp_servers_variable = try(each.value.tftp_servers_variable, null)
options = try(length(each.value.options) == 0, true) ? null : [for option in each.value.options : {
ascii = try(option.ascii, null)
ascii_variable = try(option.source_ip_variable, null)
hex = try(option.hex, null)
hex_variable = try(option.hex_variable, null)
ip_address = try(option.ip_addresses, null)
ip_address_variable = try(option.ip_addresses_variable, null)
option_code = try(option.option_code, null)
option_code_variable = try(option.option_code_variable, null)
}]
static_leases = try(length(each.value.static_leases) == 0, true) ? null : [for lease in each.value.static_leases : {
ip_address = try(lease.ip_address, null)
ip_address_variable = try(lease.ip_address_variable, null)
mac_address = try(lease.mac_address, null)
mac_address_variable = try(lease.mac_address_variable, null)
hostname = try(lease.hostname, null)
hostname_variable = try(lease.hostname_variable, null)
optional = try(lease.optional, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_logging_feature_template" "cisco_logging_feature_template" {
for_each = { for t in try(local.edge_feature_templates.logging_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.logging_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
disk_logging = try(each.value.disk_logging, null)
disk_logging_variable = try(each.value.disk_logging_variable, null)
log_rotations = try(each.value.log_rotations, null)
log_rotations_variable = try(each.value.log_rotations_variable, null)
max_size = try(each.value.max_size, null)
max_size_variable = try(each.value.max_size_variable, null)
ipv4_servers = try(length(each.value.ipv4_servers) == 0, true) ? null : [for server in each.value.ipv4_servers : {
hostname_ip = try(server.hostname_ip, null)
hostname_ip_variable = try(server.hostname_ip_variable, null)
enable_tls = try(server.enable_tls, null)
enable_tls_variable = try(server.enable_tls_variable, null)
logging_level = try(server.logging_level, null)
logging_level_variable = try(server.logging_level_variable, null)
source_interface = try(server.source_interface, null)
source_interface_variable = try(server.source_interface_variable, null)
custom_profile = try(server.tls_profile, null) == null ? false : true
profile = try(server.tls_profile, null)
profile_variable = try(server.tls_profile_variable, null)
optional = try(server.optional, null)
vpn_id = try(server.vpn_id, null)
vpn_id_variable = try(server.vpn_id_variable, null)
}]
ipv6_servers = try(length(each.value.ipv6_servers) == 0, true) ? null : [for server in each.value.ipv6_servers : {
hostname_ip = try(server.hostname_ip, null)
hostname_ip_variable = try(server.hostname_ip_variable, null)
enable_tls = try(server.enable_tls, null)
enable_tls_variable = try(server.enable_tls_variable, null)
logging_level = try(server.logging_level, null)
logging_level_variable = try(server.logging_level_variable, null)
source_interface = try(server.source_interface, null)
source_interface_variable = try(server.source_interface_variable, null)
custom_profile = try(server.tls_profile, null) == null ? false : true
profile = try(server.tls_profile, null)
profile_variable = try(server.tls_profile_variable, null)
optional = try(server.optional, null)
vpn_id = try(server.vpn_id, null)
vpn_id_variable = try(server.vpn_id_variable, null)
}]
tls_profiles = try(length(each.value.tls_profiles) == 0, true) ? null : [for prof in each.value.tls_profiles : {
name = try(prof.name, null)
name_variable = try(prof.name_variable, null)
authentication_type = try(prof.authentication_type, null) == "server" ? "Server" : try(prof.authentication_type, null) == "mutual" ? "Mutual" : null
authentication_type_variable = try(prof.authentication_type_variable, null)
version = try(prof.version, null)
version_variable = try(prof.version_variable, null)
ciphersuite_list = try(prof.ciphersuites, null)
ciphersuite_list_variable = try(prof.version_ciphersuites_variablevariable, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_ntp_feature_template" "cisco_ntp_feature_template" {
for_each = { for t in try(local.edge_feature_templates.ntp_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.ntp_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
master = try(each.value.master, null)
master_variable = try(each.value.master_variable, null)
master_stratum = try(each.value.master_stratum, null)
master_stratum_variable = try(each.value.master_stratum_variable, null)
master_source_interface = try(each.value.master_source_interface, null)
master_source_interface_variable = try(each.value.master_source_interface_variable, null)
authentication_keys = try(length(each.value.authentication_keys) == 0, true) ? null : [for key in each.value.authentication_keys : {
id = try(key.id, null)
id_variable = try(key.id_variable, null)
optional = try(key.optional, null)
value = try(key.value, null)
value_variable = try(key.value_variable, null)
}]
servers = try(length(each.value.servers) == 0, true) ? null : [for server in each.value.servers : {
authentication_key_id = try(server.authentication_key_id, null)
authentication_key_id_variable = try(server.authentication_key_id_variable, null)
hostname_ip = try(server.hostname_ip, null)
hostname_ip_variable = try(server.hostname_ip_variable, null)
optional = try(server.optional, null)
prefer = try(server.prefer, null)
prefer_variable = try(server.prefer_variable, null)
source_interface = try(server.source_interface, null)
source_interface_variable = try(server.source_interface_variable, null)
version = try(server.version, null)
version_variable = try(server.version_variable, null)
vpn_id = try(server.vpn_id, null)
vpn_id_variable = try(server.vpn_id_variable, null)
}]
trusted_keys = try(each.value.trusted_keys, null)
trusted_keys_variable = try(each.value.trusted_keys_variable, null)
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_omp_feature_template" "cisco_omp_feature_template" {
for_each = { for t in try(local.edge_feature_templates.omp_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.omp_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
advertisement_interval = try(each.value.advertisement_interval, null)
advertisement_interval_variable = try(each.value.advertisement_interval_variable, null)
ecmp_limit = try(each.value.ecmp_limit, null)
ecmp_limit_variable = try(each.value.ecmp_limit_variable, null)
eor_timer = try(each.value.eor_timer, null)
eor_timer_variable = try(each.value.eor_timer_variable, null)
graceful_restart = try(each.value.graceful_restart, null)
graceful_restart_variable = try(each.value.graceful_restart_variable, null)
graceful_restart_timer = try(each.value.graceful_restart_timer, null)
graceful_restart_timer_variable = try(each.value.graceful_restart_timer_variable, null)
holdtime = try(each.value.holdtime, null)
holdtime_variable = try(each.value.holdtime_variable, null)
ignore_region_path_length = try(each.value.ignore_region_path_length, null)
ignore_region_path_length_variable = try(each.value.ignore_region_path_length_variable, null)
omp_admin_distance_ipv4 = try(each.value.omp_admin_distance_ipv4, null)
omp_admin_distance_ipv4_variable = try(each.value.omp_admin_distance_ipv4_variable, null)
omp_admin_distance_ipv6 = try(each.value.omp_admin_distance_ipv6, null)
omp_admin_distance_ipv6_variable = try(each.value.omp_admin_distance_ipv6_variable, null)
overlay_as = try(each.value.overlay_as, null)
overlay_as_variable = try(each.value.overlay_as_variable, null)
send_path_limit = try(each.value.send_path_limit, null)
send_path_limit_variable = try(each.value.send_path_limit_variable, null)
shutdown = try(each.value.shutdown, null)
shutdown_variable = try(each.value.shutdown_variable, null)
transport_gateway = try(each.value.transport_gateway, null)
transport_gateway_variable = try(each.value.transport_gateway_variable, null)
advertise_ipv4_routes = try(length(each.value.ipv4_advertise_protocols) == 0, true) ? null : [for a in each.value.ipv4_advertise_protocols : {
protocol = a
advertise_external_ospf = a == "ospf" ? "external" : null
}]
advertise_ipv6_routes = try(length(each.value.ipv6_advertise_protocols) == 0, true) ? null : [for a in each.value.ipv6_advertise_protocols : {
protocol = a
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_ospf_feature_template" "cisco_ospf_feature_template" {
for_each = { for t in try(local.edge_feature_templates.ospf_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.ospf_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
auto_cost_reference_bandwidth = try(each.value.auto_cost_reference_bandwidth, null)
auto_cost_reference_bandwidth_variable = try(each.value.auto_cost_reference_bandwidth_variable, null)
compatible_rfc1583 = try(each.value.compatible_rfc1583, null)
compatible_rfc1583_variable = try(each.value.compatible_rfc1583_variable, null)
default_information_originate = try(each.value.default_information_originate, null)
default_information_originate_always = try(each.value.default_information_originate_always, null)
default_information_originate_always_variable = try(each.value.default_information_originate_always_variable, null)
default_information_originate_metric = try(each.value.default_information_originate_metric, null)
default_information_originate_metric_variable = try(each.value.default_information_originate_metric_variable, null)
default_information_originate_metric_type = try(each.value.default_information_originate_metric_type, null)
default_information_originate_metric_type_variable = try(each.value.default_information_originate_metric_type_variable, null)
distance_inter_area = try(each.value.distance_inter_area, null)
distance_inter_area_variable = try(each.value.distance_inter_area_variable, null)
distance_intra_area = try(each.value.distance_intra_area, null)
distance_intra_area_variable = try(each.value.distance_intra_area_variable, null)
distance_external = try(each.value.distance_external, null)
distance_external_variable = try(each.value.distance_external_variable, null)
router_id = try(each.value.router_id, null)
router_id_variable = try(each.value.router_id_variable, null)
timers_spf_delay = try(each.value.timers_spf_delay, null)
timers_spf_delay_variable = try(each.value.timers_spf_delay_variable, null)
timers_spf_initial_hold = try(each.value.timers_spf_initial_hold, null)
timers_spf_initial_hold_variable = try(each.value.timers_spf_initial_hold_variable, null)
timers_spf_max_hold = try(each.value.timers_spf_max_hold, null)
timers_spf_max_hold_variable = try(each.value.timers_spf_max_hold_variable, null)
areas = try(length(each.value.areas) == 0, true) ? null : [for a in each.value.areas : {
area_number = try(a.area_number, null)
area_number_variable = try(a.area_number_variable, null)
stub = try(a.area_type, null) == "stub" ? true : null
stub_no_summary = try(a.area_type, null) == "stub" && try(a.no_summary, null) == true ? true : try(a.area_type, null) == "stub" && try(a.no_summary, null) == null ? false : null
nssa = try(a.area_type, null) == "nssa" ? true : null
nssa_no_summary = try(a.area_type, null) == "nssa" && try(a.no_summary, null) == true ? true : try(a.area_type, null) == "nssa" && try(a.no_summary, null) == null ? false : null
interfaces = try(length(a.interfaces) == 0, true) ? null : [for i in a.interfaces : {
name = try(i.name, null)
name_variable = try(i.name_variable, null)
authentication_type = try(i.authentication_type, null)
authentication_type_variable = try(i.authentication_type_variable, null)
authentication_message_digest_key = try(i.authentication_message_digest_key, null)
authentication_message_digest_key_variable = try(i.authentication_message_digest_key_variable, null)
authentication_message_digest_key_id = try(i.authentication_message_digest_key_id, null)
authentication_message_digest_key_id_variable = try(i.authentication_message_digest_key_id_variable, null)
cost = try(i.cost, null)
cost_variable = try(i.cost_variable, null)
dead_interval = try(i.dead_interval, null)
dead_interval_variable = try(i.dead_intervale_variable, null)
hello_interval = try(i.hello_interval, null)
hello_interval_variable = try(i.hello_interval_variable, null)
network = try(i.network_type, null)
network_variable = try(i.network_type_variable, null)
passive_interface = try(i.passive_interface, null)
passive_interface_variable = try(i.passive_interface_variable, null)
priority = try(i.priority, null)
priority_variable = try(i.priority_variable, null)
retransmit_interval = try(i.retransmit_interval, null)
retransmit_interval_variable = try(i.retransmit_interval_variable, null)
}]
ranges = try(length(a.ranges) == 0, true) ? null : [for r in a.ranges : {
address = try(r.address, null)
address_variable = try(r.address_variable, null)
cost = try(r.cost, null)
cost_variable = try(r.cost_variable, null)
no_advertise = try(r.no_advertise, null)
no_advertise_variable = try(r.no_advertise_variable, null)
}]
optional = try(a.optional, null)
}]
max_metric_router_lsa = try(length(each.value.max_metric_router_lsas) == 0, true) ? null : [for r in each.value.max_metric_router_lsas : {
ad_type = r.type
time = try(r.time, null)
time_variable = try(r.time_variable, null)
}]
redistribute = try(length(each.value.redistributes) == 0, true) ? null : [for r in each.value.redistributes : {
protocol = try(r.protocol, null)
protocol_variable = try(r.protocol_variable, null)
route_policy = try(r.route_policy, null)
route_policy_variable = try(r.route_policy_variable, null)
nat_dia = try(r.nat_dia, null)
nat_dia_variable = try(r.nat_dia_variable, null)
optional = try(r.optional, null)
}]
route_policies = try(each.value.route_policy, null) == null ? null : [{
direction = "in"
policy_name = try(each.value.route_policy, null)
policy_name_variable = try(each.value.route_policy_variable, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_secure_internet_gateway_feature_template" "cisco_secure_internet_gateway_feature_template" {
for_each = { for t in try(local.edge_feature_templates.secure_internet_gateway_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
tracker_source_ip = try(each.value.tracker_source_ip, null)
tracker_source_ip_variable = try(each.value.tracker_source_ip_variable, null)
vpn_id = 0
interfaces = try(length(each.value.interfaces) == 0, true) ? null : [for interface in try(each.value.interfaces, []) : {
application = "sig"
auto_tunnel_mode = each.value.sig_provider == "other" ? false : true
description = try(interface.description, null)
description_variable = try(interface.description_variable, null)
dead_peer_detection_interval = try(interface.dpd_interval, null)
dead_peer_detection_interval_variable = try(interface.dpd_interval_variable, null)
dead_peer_detection_retries = try(interface.dpd_retries, null)
dead_peer_detection_retries_variable = try(interface.dpd_retries_variable, null)
ike_ciphersuite = interface.tunnel_type == "ipsec" ? try(interface.ike_ciphersuite, can(interface.ike_ciphersuite_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ike_ciphersuite) : null
ike_ciphersuite_variable = interface.tunnel_type == "ipsec" ? try(interface.ike_ciphersuite_variable, null) : null
ike_group = interface.tunnel_type == "ipsec" ? try(interface.ike_group, can(interface.ike_group_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ike_group) : null
ike_group_variable = interface.tunnel_type == "ipsec" ? try(interface.ike_group_variable, null) : null
ike_pre_shared_key = interface.tunnel_type == "ipsec" ? try(interface.ike_pre_shared_key, null) : null
ike_pre_shared_key_variable = interface.tunnel_type == "ipsec" ? try(interface.ike_pre_shared_key_variable, null) : null
ike_pre_shared_key_dynamic = each.value.sig_provider == "other" ? null : interface.tunnel_type == "ipsec" ? true : null
ike_pre_shared_key_local_id = interface.tunnel_type == "ipsec" ? try(interface.ike_pre_shared_key_local_id, null) : null
ike_pre_shared_key_local_id_variable = interface.tunnel_type == "ipsec" ? try(interface.ike_pre_shared_key_local_id_variable, null) : null
ike_pre_shared_key_remote_id = interface.tunnel_type == "ipsec" ? try(interface.ike_pre_shared_key_remote_id, null) : null
ike_pre_shared_key_remote_id_variable = interface.tunnel_type == "ipsec" ? try(interface.ike_pre_shared_key_remote_id_variable, null) : null
ike_rekey_interval = interface.tunnel_type == "ipsec" ? try(interface.ike_rekey_interval, can(interface.ike_rekey_interval_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ike_rekey_interval) : null
ike_rekey_interval_variable = interface.tunnel_type == "ipsec" ? try(interface.ike_rekey_interval_variable, null) : null
ike_version = interface.tunnel_type == "ipsec" ? 2 : null
ip_unnumbered = "true"
ipsec_ciphersuite = interface.tunnel_type == "ipsec" ? try(interface.ipsec_ciphersuite, can(interface.ipsec_ciphersuite_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ipsec_ciphersuite) : null
ipsec_ciphersuite_variable = interface.tunnel_type == "ipsec" ? try(interface.ipsec_ciphersuite_variable, null) : null
ipsec_perfect_forward_secrecy = interface.tunnel_type == "ipsec" ? try(interface.ipsec_perfect_forward_secrecy, can(interface.ipsec_perfect_forward_secrecy_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ipsec_perfect_forward_secrecy) : null
ipsec_perfect_forward_secrecy_variable = interface.tunnel_type == "ipsec" ? try(interface.ipsec_perfect_forward_secrecy_variable, null) : null
ipsec_rekey_interval = interface.tunnel_type == "ipsec" ? try(interface.ipsec_rekey_interval, can(interface.ipsec_rekey_interval_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ipsec_rekey_interval) : null
ipsec_rekey_interval_variable = interface.tunnel_type == "ipsec" ? try(interface.ipsec_rekey_interval_variable, null) : null
ipsec_replay_window = interface.tunnel_type == "ipsec" ? try(interface.ipsec_replay_window, can(interface.ipsec_replay_window_variable) ? null : local.defaults.sdwan.edge_feature_templates.secure_internet_gateway_templates.interfaces.ipsec_replay_window) : null
ipsec_replay_window_variable = interface.tunnel_type == "ipsec" ? try(interface.ipsec_replay_window_variable, null) : null
mtu = try(interface.mtu, null)
mtu_variable = try(interface.mtu_variable, null)
name = try(interface.name, null)
name_variable = try(interface.name_variable, null)
shutdown = try(interface.shutdown, null)
sig_provider = each.value.sig_provider == "umbrella" ? "secure-internet-gateway-umbrella" : each.value.sig_provider == "zscaler" ? "secure-internet-gateway-zscaler" : each.value.sig_provider == "other" ? "secure-internet-gateway-other" : null
tcp_mss = try(interface.tcp_mss, null)
tcp_mss_variable = try(interface.tcp_mss_variable, null)
track_enable = try(interface.track, null)
tracker = try(interface.tracker, null)
tracker_variable = try(interface.tracker_variable, null)
tunnel_dc_preference = try(interface.tunnel_dc_preference, null)
tunnel_destination = each.value.sig_provider == "other" ? try(interface.tunnel_destination, null) : "dynamic"
tunnel_destination_variable = each.value.sig_provider == "other" ? try(interface.tunnel_destination_variable, null) : null
tunnel_route_via = try(interface.tunnel_source_interface, null)
tunnel_route_via_variable = try(interface.tunnel_source_interface_variable, null)
tunnel_public_ip = interface.tunnel_type == "gre" ? try(interface.tunnel_public_source_ip, null) : null
tunnel_public_ip_variable = interface.tunnel_type == "gre" ? try(interface.tunnel_public_source_ip_variable, null) : null
tunnel_source_interface = try(interface.tunnel_source_interface, null)
tunnel_source_interface_variable = try(interface.tunnel_source_interface_variable, null)
}]
trackers = try(length(each.value.trackers) == 0, true) ? null : [for tracker in try(each.value.trackers, []) : {
tracker_type = "SIG"
endpoint_api_url = try(tracker.endpoint_api_url, null)
endpoint_api_url_variable = try(tracker.endpoint_api_url_variable, null)
multiplier = try(tracker.multiplier, null)
multiplier_variable = try(tracker.multiplier_variable, null)
interval = try(tracker.interval, null)
interval_variable = try(tracker.interval_variable, null)
name = try(tracker.name, null)
name_variable = try(tracker.name_variable, null)
threshold = try(tracker.threshold, null)
threshold_variable = try(tracker.threshold_variable, null)
}]
services = [{
service_type = "sig"
umbrella_primary_data_center = try(each.value.umbrella_primary_data_center, null)
umbrella_primary_data_center_variable = try(each.value.umbrella_primary_data_center_variable, null)
umbrella_secondary_data_center = try(each.value.umbrella_secondary_data_center, null)
umbrella_secondary_data_center_variable = try(each.value.umbrella_secondary_data_center_variable, null)
zscaler_aup_block_internet_until_accepted = try(each.value.zscaler_aup_block_internet_until_accepted, null)
zscaler_aup_enabled = try(each.value.zscaler_aup_enabled, null)
zscaler_aup_force_ssl_inspection = try(each.value.zscaler_aup_force_ssl_inspection, null)
zscaler_aup_timeout = try(each.value.zscaler_aup_timeout, null)
zscaler_authentication_required = try(each.value.zscaler_authentication_required, null)
zscaler_caution_enabled = try(each.value.zscaler_caution_enabled, null)
zscaler_firewall_enabled = try(each.value.zscaler_firewall_enabled, null)
zscaler_ips_control_enabled = try(each.value.zscaler_ips_control_enabled, null)
zscaler_location_name_variable = try(each.value.zscaler_location_name_variable, null)
zscaler_primary_data_center = try(each.value.zscaler_primary_data_center, null)
zscaler_primary_data_center_variable = try(each.value.zscaler_primary_data_center_variable, null)
zscaler_secondary_data_center = try(each.value.zscaler_secondary_data_center, null)
zscaler_secondary_data_center_variable = try(each.value.zscaler_secondary_data_center_variable, null)
zscaler_surrogate_display_time_unit = try(upper(each.value.zscaler_surrogate_display_time_unit), null)
zscaler_surrogate_idle_time = try(each.value.zscaler_surrogate_idle_time, null)
zscaler_surrogate_ip = try(each.value.zscaler_surrogate_ip, null)
zscaler_surrogate_ip_enforce_for_known_browsers = try(each.value.zscaler_surrogate_ip_enforce_for_known_browsers, null)
zscaler_surrogate_refresh_time = try(each.value.zscaler_surrogate_refresh_time, null)
zscaler_surrogate_refresh_time_unit = try(upper(each.value.zscaler_surrogate_refresh_time_unit), null)
zscaler_xff_forward = try(each.value.zscaler_xff_forward, null)
interface_pairs = try(length(each.value.high_availability_interface_pairs) == 0, true) ? null : [for pair in try(each.value.high_availability_interface_pairs, []) : {
active_interface = try(pair.active_interface, null)
active_interface_weight = try(pair.active_interface_weight, null)
backup_interface = try(pair.backup_interface, null)
backup_interface_weight = try(pair.backup_interface_weight, null)
}]
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_security_feature_template" "cisco_security_feature_template" {
for_each = { for t in try(local.edge_feature_templates.security_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.security_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
extended_ar_window = try(each.value.extended_anti_replay_window, null)
extended_ar_window_variable = try(each.value.extended_anti_replay_window_variable, null)
integrity_type = try(each.value.authentication_types, null)
integrity_type_variable = try(each.value.authentication_types_variable, null)
pairwise_keying = try(each.value.pairwise_keying, null)
pairwise_keying_variable = try(each.value.pairwise_keying_variable, null)
rekey_interval = try(each.value.rekey_interval, null)
rekey_interval_variable = try(each.value.rekey_interval_variable, null)
replay_window = try(each.value.replay_window, null)
replay_window_variable = try(each.value.replay_window_variable, null)
authentication_type = try(length(each.value.authentication_types) == 0, true) ? null : [for a in each.value.authentication_types :
a == "esp" ? "sha1-hmac" :
a == "ip-udp-esp" ? "ah-sha1-hmac" :
a == "ip-udp-esp-no-id" ? "ah-no-id" :
a]
keychains = try(length(each.value.key_chains) == 0, true) ? null : [for key in each.value.key_chains : {
key_id = key.key_id
name = key.name
}]
keys = try(length(each.value.keys) == 0, true) ? null : [for key in each.value.keys : {
accept_ao_mismatch = try(key.accept_ao_mismatch, null)
accept_ao_mismatch_variable = try(key.accept_ao_mismatch_variable, null)
accept_lifetime_local = try(key.accept_lifetime, null)
accept_lifetime_local_variable = try(key.accept_lifetime_variable, null)
accept_lifetime_duration = try(key.accept_lifetime_duration_seconds, null)
accept_lifetime_duration_variable = try(key.accept_lifetime_duration_variable, null)
accept_lifetime_end_time = try(key.accept_lifetime_end_time_epoch, null)
accept_lifetime_end_time_format = try(key.accept_lifetime_end_time_format, null)
accept_lifetime_infinite = try(key.accept_lifetime_end_time_format, null) == "infinite" ? true : null
accept_lifetime_start_time = try(key.accept_lifetime_start_time_epoch, null)
chain_name = key.key_chain_name
crypto_algorithm = try(key.crypto_algorithm, null)
id = key.id
include_tcp_options = try(key.include_tcp_options, null)
key_string = key.key_string
receive_id = try(key.receive_id, null)
receive_id_variable = try(key.receive_id_variable, null)
send_id = try(key.send_id, null)
send_id_variable = try(key.send_id_variable, null)
send_lifetime_local = try(key.send_lifetime, null)
send_lifetime_local_variable = try(key.send_lifetime_variable, null)
send_lifetime_duration = try(key.send_lifetime_duration_seconds, null)
send_lifetime_duration_variable = try(key.send_lifetime_duration_variable, null)
send_lifetime_end_time = try(key.send_lifetime_end_time_epoch, null)
send_lifetime_end_time_format = try(key.send_lifetime_end_time_format, null)
send_lifetime_infinite = try(key.send_lifetime_end_time_format, null) == "infinite" ? true : null
send_lifetime_start_time = try(key.send_lifetime_start_time_epoch, null)
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_sig_credentials_feature_template" "cisco_sig_credentials_feature_template" {
for_each = { for t in try(local.edge_feature_templates.sig_credentials_templates, {}) : t.name => t }
name = each.value.name == "umbrella" ? "Cisco-Umbrella-Global-Credentials" : "Cisco-Zscaler-Global-Credentials"
description = each.value.name == "umbrella" ? "Global credentials for umbrella" : "Global credentials for zscaler"
#device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.sig_credentials_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
device_types = ["vedge-CSR-1000v", "vedge-ISR1100-6G-XE", "vedge-ISR1100X-6G-XE", "vedge-IR-1101", "vedge-IR-1821", "vedge-IR-1831", "vedge-IR-1833", "vedge-IR-1835", "vedge-IR-8140H", "vedge-IR-8140H-P", "vedge-IR-8340", "vedge-ESR-6300", "vedge-ESR-6300-NCP", "vedge-ISR-4331", "vedge-ISR-4321", "vedge-ISR-4351", "vedge-ISR-4221", "vedge-ISR-4221X", "vedge-ISR-4431", "vedge-ISR-4461", "vedge-ISR-4451-X", "vedge-ASR-1001-HX", "vedge-ASR-1002-X", "vedge-ASR-1002-HX", "vedge-ASR-1006-X", "vedge-C1111-8P", "vedge-C1121X-8P", "vedge-C1111X-8P", "vedge-C1111-8PLTEEA", "vedge-C1121-8PLTEPW", "vedge-C1111-8PLTEEAW", "vedge-C1111-8PLTELA", "vedge-C1117-4PLTEEA", "vedge-C1126X-8PLTEP", "vedge-C1127X-8PLTEP", "vedge-C1127X-8PMLTEP", "vedge-C1127-8PMLTEP", "vedge-C1117-4PLTELA", "vedge-ISRv", "vedge-C8000V", "vedge-ASR-1001-X", "vedge-C1101-4P", "vedge-C1101-4PLTEP", "vedge-C1111-4P", "vedge-C1111-8PW", "vedge-C1111-4PLTEEA", "vedge-C1131-8PW", "vedge-C1131X-8PW", "vedge-C1131-8PLTEPW", "vedge-C1131X-8PLTEPW", "vedge-C1101-4PLTEPW", "vedge-C1109-4PLTE2PW", "vedge-C1111-8PLTELAW", "vedge-C1109-4PLTE2P", "vedge-C1121X-8PLTEP", "vedge-C1161X-8PLTEP", "vedge-C1113-8PMLTEEA", "vedge-C1111-4PLTELA", "vedge-C1116-4P", "vedge-C1116-4PLTEEA", "vedge-C1117-4P", "vedge-C1117-4PM", "vedge-C1117-4PMLTEEA", "vedge-C8300-1N1S-4T2X", "vedge-C8300-1N1S-6T", "vedge-C8300-2N2S-6T", "vedge-C8300-2N2S-4T2X", "vedge-C8500-12X4QC", "vedge-C8500-12X", "vedge-C8500-20X6C", "vedge-C1161X-8P", "vedge-ISR1100-4G-XE", "vedge-ISR1100X-4G-XE", "vedge-ISR1100-4GLTENA-XE", "vedge-ISR1100-4GLTEGB-XE", "vedge-C8500L-8S4X", "vedge-C1161-8P", "vedge-C1126-8PLTEP", "vedge-C1127-8PLTEP", "vedge-C1121-4P", "vedge-C1121-4PLTEP", "vedge-C1128-8PLTEP", "vedge-C1121X-8PLTEPW", "vedge-C1121-8PLTEP", "vedge-C1121-8P", "vedge-C1161-8PLTEP", "vedge-C1113-8PLTEEA", "vedge-C1113-8PLTEW", "vedge-C1111-4PW", "vedge-C1112-8P", "vedge-C1112-8PLTEEA", "vedge-C1112-8PLTEEAWE", "vedge-C1112-8PWE", "vedge-C1113-8P", "vedge-C1113-8PLTEEAW", "vedge-C1113-8PLTELA", "vedge-C1113-8PLTELAWZ", "vedge-C1113-8PM", "vedge-C1113-8PMWE", "vedge-C1113-8PW", "vedge-C1116-4PLTEEAWE", "vedge-C1116-4PWE", "vedge-C1117-4PLTEEAW", "vedge-C1117-4PLTELAWZ", "vedge-C1117-4PMLTEEAWE", "vedge-C1117-4PMWE", "vedge-C1117-4PW", "vedge-C1118-8P", "vedge-C1109-2PLTEGB", "vedge-C1109-2PLTEUS", "vedge-C1109-2PLTEVZ", "vedge-C8200-1N-4T", "vedge-C8200L-1N-4T", "cellular-gateway-CG418-E", "cellular-gateway-CG522MW-IO-NA", "cellular-gateway-CG522MW-IO-GL", "cellular-gateway-CG113-4GW6A", "cellular-gateway-CG113-4GW6B", "cellular-gateway-CG113-4GW6E", "cellular-gateway-CG113-4GW6H", "cellular-gateway-CG113-4GW6Z", "cellular-gateway-CG113-4GW6Q", "cellular-gateway-CG113-W6A", "cellular-gateway-CG113-W6B", "cellular-gateway-CG113-W6E", "cellular-gateway-CG113-W6H", "cellular-gateway-CG113-W6Z", "cellular-gateway-CG113-W6Q", "cellular-gateway-CG522-E"]
umbrella_api_key = try(each.value.umbrella_api_key, null)
umbrella_api_key_variable = try(each.value.umbrella_api_key_variable, null)
umbrella_api_secret = try(each.value.umbrella_api_secret, null)
umbrella_api_secret_variable = try(each.value.umbrella_api_secret_variable, null)
umbrella_organization_id = try(each.value.umbrella_organization_id, null)
umbrella_organization_id_variable = try(each.value.umbrella_organization_id_variable, null)
zscaler_organization = try(each.value.zscaler_organization, null)
zscaler_organization_variable = try(each.value.zscaler_organization_variable, null)
zscaler_partner_api_key = try(each.value.zscaler_partner_api_key, null)
zscaler_partner_api_key_variable = try(each.value.zscaler_partner_api_key_variable, null)
zscaler_partner_base_uri = try(each.value.zscaler_partner_base_uri, null)
zscaler_partner_base_uri_variable = try(each.value.zscaler_partner_base_uri_variable, null)
zscaler_password = try(each.value.zscaler_password, null)
zscaler_password_variable = try(each.value.zscaler_password_variable, null)
zscaler_username = try(each.value.zscaler_username, null)
zscaler_username_variable = try(each.value.zscaler_username_variable, null)
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_snmp_feature_template" "cisco_snmp_feature_template" {
for_each = { for t in try(local.edge_feature_templates.snmp_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.snmp_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
contact = try(each.value.contact, null)
contact_variable = try(each.value.contact_variable, null)
location = try(each.value.location, null)
location_variable = try(each.value.location_variable, null)
shutdown = try(each.value.shutdown, null)
shutdown_variable = try(each.value.shutdown_variable, null)
communities = try(length(each.value.communities) == 0, true) ? null : [for c in each.value.communities : {
name = c.name
authorization = try(c.authorization_read_only, can(c.authorization_variable) ? null : local.defaults.sdwan.edge_feature_templates.snmp_templates.communities.authorization_read_only) == true ? "read-only" : null
authorization_variable = try(c.authorization_read_only_variable, null)
view = try(c.view, null)
view_variable = try(c.view_variable, null)
}]
groups = try(length(each.value.groups) == 0, true) ? null : [for g in each.value.groups : {
name = g.name
security_level = g.security_level
view = try(g.view, null)
view_variable = try(g.view_variable, null)
}]
trap_targets = try(length(each.value.trap_target_servers) == 0, true) ? null : [for t in each.value.trap_target_servers : {
community_name = try(t.community_name, null)
community_name_variable = try(t.community_name_variable, null)
ip = try(t.ip, null)
ip_variable = try(t.ip_variable, null)
source_interface = try(t.source_interface, null)
source_interface_variable = try(t.source_interface_variable, null)
udp_port = try(t.udp_port, null)
udp_port_variable = try(t.udp_port_variable, null)
user = try(t.user, null)
user_variable = try(t.user_variable, null)
vpn_id = try(t.vpn_id, null)
vpn_id_variable = try(t.vpn_id_variable, null)
}]
users = try(length(each.value.users) == 0, true) ? null : [for u in each.value.users : {
name = u.name
authentication_password = try(u.authentication_password, null)
authentication_password_variable = try(u.authentication_password_variable, null)
authentication_protocol = try(u.authentication_protocol, null)
authentication_protocol_variable = try(u.authentication_protocol_variable, null)
group = try(u.group, null)
group_variable = try(u.group_variable, null)
privacy_password = try(u.privacy_password, null)
privacy_password_variable = try(u.privacy_password_variable, null)
privacy_protocol = try(u.privacy_protocol, null)
privacy_protocol_variable = try(u.privacy_protocol_variable, null)
}]
views = try(length(each.value.views) == 0, true) ? null : [for v in each.value.views : {
name = v.name
object_identifiers = try(length(v.oids) == 0, true) ? null : [for o in v.oids : {
id = try(o.id, null)
id_variable = try(o.id_variable, null)
exclude = try(o.exclude, null)
exclude_variable = try(o.exclude_variable, null)
}]
}]
depends_on = [sdwan_localized_policy.localized_policy]
}
resource "sdwan_cisco_system_feature_template" "cisco_system_feature_template" {
for_each = { for t in try(local.edge_feature_templates.system_templates, {}) : t.name => t }
name = each.value.name
description = each.value.description
device_types = [for d in try(each.value.device_types, local.defaults.sdwan.edge_feature_templates.system_templates.device_types) : try(local.device_type_map[d], "vedge-${d}")]
admin_tech_on_failure = try(each.value.admin_tech_on_failure, null)
admin_tech_on_failure_variable = try(each.value.admin_tech_on_failure_variable, null)
affinity_group_number = try(each.value.affinity_group_number, null)
affinity_group_number_variable = try(each.value.affinity_group_number_variable, null)
affinity_group_preference = try(each.value.affinity_group_preferences, null)
affinity_group_preference_variable = try(each.value.affinity_group_preferences_variable, null)
console_baud_rate = try(each.value.console_baud_rate, null)
console_baud_rate_variable = try(each.value.console_baud_rate_variable, null)
control_session_pps = try(each.value.control_session_pps, null)
control_session_pps_variable = try(each.value.control_session_pps_variable, null)
controller_group_list = try(each.value.controller_groups, null)
controller_group_list_variable = try(each.value.controller_groups_variable, null)
device_groups = try(each.value.device_groups, null)
device_groups_variable = try(each.value.device_groups_variable, null)
enable_mrf_migration = try(each.value.enable_mrf_migration, null)
geo_fencing = try(each.value.geo_fencing, null)
geo_fencing_sms = try(each.value.geo_fencing_sms_phone_numbers, null) == null ? null : true
geo_fencing_sms_phone_numbers = try(length(each.value.geo_fencing_sms_phone_numbers) == 0, true) ? null : [for obj in each.value.geo_fencing_sms_phone_numbers : {
number = try(obj.number, null)