paultyng · catrielmuller · Jul 21, 2023
diff --git a/docs/resources/device.md b/docs/resources/device.md
@@ -26,9 +26,6 @@ resource "unifi_port_profile" "poe" {
   forward = "customize"
 
   native_networkconf_id = var.native_network_id
-  tagged_networkconf_ids = [
-    var.some_vlan_network_id,
-  ]
 
   poe_mode = "auto"
 }

diff --git a/docs/resources/network.md b/docs/resources/network.md
@@ -69,7 +69,6 @@ resource "unifi_network" "wan" {
 - `domain_name` (String) The domain name of this network.
 - `igmp_snooping` (Boolean) Specifies whether IGMP snooping is enabled or not.
 - `internet_access_enabled` (Boolean) Specifies whether this network should be allowed to access the internet or not. Defaults to `true`.
-- `intra_network_access_enabled` (Boolean) Specifies whether this network should be allowed to access other local networks or not. Defaults to `true`.
 - `ipv6_interface_type` (String) Specifies which type of IPv6 connection to use. Must be one of either `static`, `pd`, or `none`. Defaults to `none`.
 - `ipv6_pd_interface` (String) Specifies which WAN interface to use for IPv6 PD. Must be one of either `wan` or `wan2`.
 - `ipv6_pd_prefixid` (String) Specifies the IPv6 Prefix ID.
@@ -82,6 +81,7 @@ resource "unifi_network" "wan" {
 - `ipv6_static_subnet` (String) Specifies the static IPv6 subnet when `ipv6_interface_type` is 'static'.
 - `multicast_dns` (Boolean) Specifies whether Multicast DNS (mDNS) is enabled or not on the network (Controller >=v7).
 - `network_group` (String) The group of the network. Defaults to `LAN`.
+- `network_isolation_enabled`: (Boolean) Specifies whether this network should be not allowed to access other local networks. Defaults to `false`.
 - `site` (String) The name of the site to associate the network with.
 - `subnet` (String) The subnet of the network. Must be a valid CIDR address.
 - `vlan_id` (Number) The VLAN ID of the network.

diff --git a/docs/resources/port_profile.md b/docs/resources/port_profile.md
@@ -46,6 +46,7 @@ resource "unifi_port_profile" "poe_disabled" {
 - `dot1x_idle_timeout` (Number) The timeout, in seconds, to use when using the MAC Based 802.1X control. Can be between 0 and 65535 Defaults to `300`.
 - `egress_rate_limit_kbps` (Number) The egress rate limit, in kpbs, for the port profile. Can be between `64` and `9999999`.
 - `egress_rate_limit_kbps_enabled` (Boolean) Enable egress rate limiting for the port profile. Defaults to `false`.
+- `excluded_networkconf_ids` (Set of String) The IDs of networks to block traffic for this port profile.
 - `forward` (String) The type forwarding to use for the port profile. Can be `all`, `native`, `customize` or `disabled`. Defaults to `native`.
 - `full_duplex` (Boolean) Enable full duplex for the port profile. Defaults to `false`.
 - `isolation` (Boolean) Enable port isolation for the port profile. Defaults to `false`.
@@ -61,6 +62,7 @@ resource "unifi_port_profile" "poe_disabled" {
 - `priority_queue2_level` (Number) The priority queue 2 level for the port profile. Can be between 0 and 100.
 - `priority_queue3_level` (Number) The priority queue 3 level for the port profile. Can be between 0 and 100.
 - `priority_queue4_level` (Number) The priority queue 4 level for the port profile. Can be between 0 and 100.
+- `show_traffic_restriction_as_allowlist` (Boolean) Show the Traffic Restriction as allow list. This only affect to the UI, the list need to be configured on `excluded_networkconf_ids` as black list.
 - `site` (String) The name of the site to associate the port profile with.
 - `speed` (Number) The link speed to set for the port profile. Can be one of `10`, `100`, `1000`, `2500`, `5000`, `10000`, `20000`, `25000`, `40000`, `50000` or `100000`
 - `stormctrl_bcast_enabled` (Boolean) Enable broadcast Storm Control for the port profile. Defaults to `false`.
@@ -74,7 +76,6 @@ resource "unifi_port_profile" "poe_disabled" {
 - `stormctrl_ucast_level` (Number) The unknown unicast Storm Control level for the port profile. Can be between 0 and 100.
 - `stormctrl_ucast_rate` (Number) The unknown unicast Storm Control rate for the port profile. Can be between 0 and 14880000.
 - `stp_port_mode` (Boolean) Enable spanning tree protocol on the port profile. Defaults to `true`.
-- `tagged_networkconf_ids` (Set of String) The IDs of networks to tag traffic with for the port profile.
 - `voice_networkconf_id` (String) The ID of network to use as the voice network on the port profile.
 
 ### Read-Only

diff --git a/examples/resources/unifi_device/resource.tf b/examples/resources/unifi_device/resource.tf
@@ -8,9 +8,6 @@ resource "unifi_port_profile" "poe" {
   forward = "customize"
 
   native_networkconf_id = var.native_network_id
-  tagged_networkconf_ids = [
-    var.some_vlan_network_id,
-  ]
 
   poe_mode = "auto"
 }

diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum
diff --git a/internal/provider/resource_network.go b/internal/provider/resource_network.go
@@ -97,6 +97,12 @@ func resourceNetwork() *schema.Resource {
 				Optional:    true,
 				Default:     "LAN",
 			},
+			"network_isolation_enabled": {
+				Description: "Specifies whether this network should be not allowed to access other local networks.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
 			"dhcp_start": {
 				Description:  "The IPv4 address where the DHCP range of addresses starts.",
 				Type:         schema.TypeString,
@@ -253,12 +259,6 @@ func resourceNetwork() *schema.Resource {
 				Optional:    true,
 				Default:     true,
 			},
-			"intra_network_access_enabled": {
-				Description: "Specifies whether this network should be allowed to access other local networks or not.",
-				Type:        schema.TypeBool,
-				Optional:    true,
-				Default:     true,
-			},
 			"ipv6_ra_preferred_lifetime": {
 				Description: "Lifetime in which the address can be used. Address becomes deprecated afterwards. Must be lower than or equal to `ipv6_ra_valid_lifetime`",
 				Type:        schema.TypeInt,
@@ -415,22 +415,23 @@ func resourceNetworkGetResourceData(d *schema.ResourceData, meta interface{}) (*
 	}
 
 	return &unifi.Network{
-		Name:              d.Get("name").(string),
-		Purpose:           d.Get("purpose").(string),
-		VLAN:              vlan,
-		IPSubnet:          cidrOneBased(d.Get("subnet").(string)),
-		NetworkGroup:      d.Get("network_group").(string),
-		DHCPDStart:        d.Get("dhcp_start").(string),
-		DHCPDStop:         d.Get("dhcp_stop").(string),
-		DHCPDEnabled:      d.Get("dhcp_enabled").(bool),
-		DHCPDLeaseTime:    d.Get("dhcp_lease").(int),
-		DHCPDBootEnabled:  d.Get("dhcpd_boot_enabled").(bool),
-		DHCPDBootServer:   d.Get("dhcpd_boot_server").(string),
-		DHCPDBootFilename: d.Get("dhcpd_boot_filename").(string),
-		DHCPRelayEnabled:  d.Get("dhcp_relay_enabled").(bool),
-		DomainName:        d.Get("domain_name").(string),
-		IGMPSnooping:      d.Get("igmp_snooping").(bool),
-		MdnsEnabled:       d.Get("multicast_dns").(bool),
+		Name:                    d.Get("name").(string),
+		Purpose:                 d.Get("purpose").(string),
+		VLAN:                    vlan,
+		IPSubnet:                cidrOneBased(d.Get("subnet").(string)),
+		NetworkGroup:            d.Get("network_group").(string),
+		NetworkIsolationEnabled: d.Get("network_isolation_enabled").(bool),
+		DHCPDStart:              d.Get("dhcp_start").(string),
+		DHCPDStop:               d.Get("dhcp_stop").(string),
+		DHCPDEnabled:            d.Get("dhcp_enabled").(bool),
+		DHCPDLeaseTime:          d.Get("dhcp_lease").(int),
+		DHCPDBootEnabled:        d.Get("dhcpd_boot_enabled").(bool),
+		DHCPDBootServer:         d.Get("dhcpd_boot_server").(string),
+		DHCPDBootFilename:       d.Get("dhcpd_boot_filename").(string),
+		DHCPRelayEnabled:        d.Get("dhcp_relay_enabled").(bool),
+		DomainName:              d.Get("domain_name").(string),
+		IGMPSnooping:            d.Get("igmp_snooping").(bool),
+		MdnsEnabled:             d.Get("multicast_dns").(bool),
 
 		DHCPDDNSEnabled: len(dhcpDNS) > 0,
 		// this is kinda hacky but ¯\_(ツ)_/¯
@@ -466,8 +467,7 @@ func resourceNetworkGetResourceData(d *schema.ResourceData, meta interface{}) (*
 		IPV6RaPriority:          d.Get("ipv6_ra_priority").(string),
 		IPV6RaValidLifetime:     d.Get("ipv6_ra_valid_lifetime").(int),
 
-		InternetAccessEnabled:     d.Get("internet_access_enabled").(bool),
-		IntraNetworkAccessEnabled: d.Get("intra_network_access_enabled").(bool),
+		InternetAccessEnabled: d.Get("internet_access_enabled").(bool),
 
 		WANIP:           d.Get("wan_ip").(string),
 		WANType:         d.Get("wan_type").(string),
@@ -567,6 +567,7 @@ func resourceNetworkSetResourceData(resp *unifi.Network, d *schema.ResourceData,
 	d.Set("vlan_id", vlan)
 	d.Set("subnet", cidrZeroBased(resp.IPSubnet))
 	d.Set("network_group", resp.NetworkGroup)
+	d.Set("network_isolation_enabled", resp.NetworkIsolationEnabled)
 
 	d.Set("dhcp_dns", dhcpDNS)
 	d.Set("dhcp_enabled", resp.DHCPDEnabled)
@@ -586,7 +587,6 @@ func resourceNetworkSetResourceData(resp *unifi.Network, d *schema.ResourceData,
 	d.Set("domain_name", resp.DomainName)
 	d.Set("igmp_snooping", resp.IGMPSnooping)
 	d.Set("internet_access_enabled", resp.InternetAccessEnabled)
-	d.Set("intra_network_access_enabled", resp.IntraNetworkAccessEnabled)
 	d.Set("ipv6_interface_type", resp.IPV6InterfaceType)
 	d.Set("ipv6_pd_interface", resp.IPV6PDInterface)
 	d.Set("ipv6_pd_prefixid", resp.IPV6PDPrefixid)

diff --git a/internal/provider/resource_port_profile.go b/internal/provider/resource_port_profile.go
@@ -66,6 +66,12 @@ func resourcePortProfile() *schema.Resource {
 				Optional:    true,
 				Default:     false,
 			},
+			"excluded_networkconf_ids": {
+				Description: "The IDs of networks to block traffic for this port profile.",
+				Type:        schema.TypeSet,
+				Optional:    true,
+				Elem:        &schema.Schema{Type: schema.TypeString},
+			},
 			"forward": {
 				Description:  "The type forwarding to use for the port profile. Can be `all`, `native`, `customize` or `disabled`.",
 				Type:         schema.TypeString,
@@ -157,6 +163,12 @@ func resourcePortProfile() *schema.Resource {
 				Optional:     true,
 				ValidateFunc: validation.IntBetween(0, 100),
 			},
+			"show_traffic_restriction_as_allowlist": {
+				Description: "Show the Traffic Restriction as allow list. This only affect to the UI, the list need to be configured on `excluded_networkconf_ids` as black list.",
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+			},
 			"speed": {
 				Description:  "The link speed to set for the port profile. Can be one of `10`, `100`, `1000`, `2500`, `5000`, `10000`, `20000`, `25000`, `40000`, `50000` or `100000`",
 				Type:         schema.TypeInt,
@@ -232,13 +244,6 @@ func resourcePortProfile() *schema.Resource {
 				Optional:    true,
 				Default:     true,
 			},
-			// TODO: renamed to tagged_network_ids
-			"tagged_networkconf_ids": {
-				Description: "The IDs of networks to tag traffic with for the port profile.",
-				Type:        schema.TypeSet,
-				Optional:    true,
-				Elem:        &schema.Schema{Type: schema.TypeString},
-			},
 			// TODO: rename to voice_network_id
 			"voice_networkconf_id": {
 				Description: "The ID of network to use as the voice network on the port profile.",
@@ -277,46 +282,47 @@ func resourcePortProfileGetResourceData(d *schema.ResourceData) (*unifi.PortProf
 		return nil, err
 	}
 
-	taggedNetworkconfIds, err := setToStringSlice(d.Get("tagged_networkconf_ids").(*schema.Set))
+	excludedNetworkIds, err := setToStringSlice(d.Get("excluded_networkconf_ids").(*schema.Set))
 	if err != nil {
 		return nil, err
 	}
 
 	return &unifi.PortProfile{
-		Autoneg:                      d.Get("autoneg").(bool),
-		Dot1XCtrl:                    d.Get("dot1x_ctrl").(string),
-		Dot1XIDleTimeout:             d.Get("dot1x_idle_timeout").(int),
-		EgressRateLimitKbps:          d.Get("egress_rate_limit_kbps").(int),
-		EgressRateLimitKbpsEnabled:   d.Get("egress_rate_limit_kbps_enabled").(bool),
-		Forward:                      d.Get("forward").(string),
-		FullDuplex:                   d.Get("full_duplex").(bool),
-		Isolation:                    d.Get("isolation").(bool),
-		LldpmedEnabled:               d.Get("lldpmed_enabled").(bool),
-		LldpmedNotifyEnabled:         d.Get("lldpmed_notify_enabled").(bool),
-		NATiveNetworkID:              d.Get("native_networkconf_id").(string),
-		Name:                         d.Get("name").(string),
-		OpMode:                       d.Get("op_mode").(string),
-		PoeMode:                      d.Get("poe_mode").(string),
-		PortSecurityEnabled:          d.Get("port_security_enabled").(bool),
-		PortSecurityMACAddress:       portSecurityMacAddress,
-		PriorityQueue1Level:          d.Get("priority_queue1_level").(int),
-		PriorityQueue2Level:          d.Get("priority_queue2_level").(int),
-		PriorityQueue3Level:          d.Get("priority_queue3_level").(int),
-		PriorityQueue4Level:          d.Get("priority_queue4_level").(int),
-		Speed:                        d.Get("speed").(int),
-		StormctrlBroadcastastEnabled: d.Get("stormctrl_bcast_enabled").(bool),
-		StormctrlBroadcastastLevel:   d.Get("stormctrl_bcast_level").(int),
-		StormctrlBroadcastastRate:    d.Get("stormctrl_bcast_rate").(int),
-		StormctrlMcastEnabled:        d.Get("stormctrl_mcast_enabled").(bool),
-		StormctrlMcastLevel:          d.Get("stormctrl_mcast_level").(int),
-		StormctrlMcastRate:           d.Get("stormctrl_mcast_rate").(int),
-		StormctrlType:                d.Get("stormctrl_type").(string),
-		StormctrlUcastEnabled:        d.Get("stormctrl_ucast_enabled").(bool),
-		StormctrlUcastLevel:          d.Get("stormctrl_ucast_level").(int),
-		StormctrlUcastRate:           d.Get("stormctrl_ucast_rate").(int),
-		StpPortMode:                  d.Get("stp_port_mode").(bool),
-		TaggedNetworkIDs:             taggedNetworkconfIds,
-		VoiceNetworkID:               d.Get("voice_networkconf_id").(string),
+		Autoneg:                           d.Get("autoneg").(bool),
+		Dot1XCtrl:                         d.Get("dot1x_ctrl").(string),
+		Dot1XIDleTimeout:                  d.Get("dot1x_idle_timeout").(int),
+		EgressRateLimitKbps:               d.Get("egress_rate_limit_kbps").(int),
+		EgressRateLimitKbpsEnabled:        d.Get("egress_rate_limit_kbps_enabled").(bool),
+		Forward:                           d.Get("forward").(string),
+		ExcludedNetworkIDs:                excludedNetworkIds,
+		FullDuplex:                        d.Get("full_duplex").(bool),
+		Isolation:                         d.Get("isolation").(bool),
+		LldpmedEnabled:                    d.Get("lldpmed_enabled").(bool),
+		LldpmedNotifyEnabled:              d.Get("lldpmed_notify_enabled").(bool),
+		NATiveNetworkID:                   d.Get("native_networkconf_id").(string),
+		Name:                              d.Get("name").(string),
+		OpMode:                            d.Get("op_mode").(string),
+		PoeMode:                           d.Get("poe_mode").(string),
+		PortSecurityEnabled:               d.Get("port_security_enabled").(bool),
+		PortSecurityMACAddress:            portSecurityMacAddress,
+		PriorityQueue1Level:               d.Get("priority_queue1_level").(int),
+		PriorityQueue2Level:               d.Get("priority_queue2_level").(int),
+		PriorityQueue3Level:               d.Get("priority_queue3_level").(int),
+		PriorityQueue4Level:               d.Get("priority_queue4_level").(int),
+		ShowTrafficRestrictionAsAllowlist: d.Get("show_traffic_restriction_as_allowlist").(bool),
+		Speed:                             d.Get("speed").(int),
+		StormctrlBroadcastastEnabled:      d.Get("stormctrl_bcast_enabled").(bool),
+		StormctrlBroadcastastLevel:        d.Get("stormctrl_bcast_level").(int),
+		StormctrlBroadcastastRate:         d.Get("stormctrl_bcast_rate").(int),
+		StormctrlMcastEnabled:             d.Get("stormctrl_mcast_enabled").(bool),
+		StormctrlMcastLevel:               d.Get("stormctrl_mcast_level").(int),
+		StormctrlMcastRate:                d.Get("stormctrl_mcast_rate").(int),
+		StormctrlType:                     d.Get("stormctrl_type").(string),
+		StormctrlUcastEnabled:             d.Get("stormctrl_ucast_enabled").(bool),
+		StormctrlUcastLevel:               d.Get("stormctrl_ucast_level").(int),
+		StormctrlUcastRate:                d.Get("stormctrl_ucast_rate").(int),
+		StpPortMode:                       d.Get("stp_port_mode").(bool),
+		VoiceNetworkID:                    d.Get("voice_networkconf_id").(string),
 	}, nil
 }
 
@@ -328,6 +334,7 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("egress_rate_limit_kbps", resp.EgressRateLimitKbps)
 	d.Set("egress_rate_limit_kbps_enabled", resp.EgressRateLimitKbpsEnabled)
 	d.Set("forward", resp.Forward)
+	d.Set("excluded_networkconf_ids", stringSliceToSet(resp.ExcludedNetworkIDs))
 	d.Set("full_duplex", resp.FullDuplex)
 	d.Set("isolation", resp.Isolation)
 	d.Set("lldpmed_enabled", resp.LldpmedEnabled)
@@ -342,6 +349,7 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("priority_queue2_level", resp.PriorityQueue2Level)
 	d.Set("priority_queue3_level", resp.PriorityQueue3Level)
 	d.Set("priority_queue4_level", resp.PriorityQueue4Level)
+	d.Set("show_traffic_restriction_as_allowlist", resp.ShowTrafficRestrictionAsAllowlist)
 	d.Set("speed", resp.Speed)
 	d.Set("stormctrl_bcast_enabled", resp.StormctrlBroadcastastEnabled)
 	d.Set("stormctrl_bcast_level", resp.StormctrlBroadcastastLevel)
@@ -354,7 +362,6 @@ func resourcePortProfileSetResourceData(resp *unifi.PortProfile, d *schema.Resou
 	d.Set("stormctrl_ucast_level", resp.StormctrlUcastLevel)
 	d.Set("stormctrl_ucast_rate", resp.StormctrlUcastRate)
 	d.Set("stp_port_mode", resp.StpPortMode)
-	d.Set("tagged_networkconf_ids", stringSliceToSet(resp.TaggedNetworkIDs))
 	d.Set("voice_networkconf_id", resp.VoiceNetworkID)
 
 	return nil