[UX2.0] Add Embedded Security NGFW Policy

CHANGELOG.md

@@ -7,6 +7,7 @@
 - BREAKING CHANGE: Bump the minimum supported version of `sdwan_system_banner_feature` to `20.15.0`
 - BREAKING CHANGE: Bump the minimum supported version of `sdwan_system_basic_feature` to `20.15.0`
 - BREAKING CHANGE: Bump the minimum supported version of `sdwan_system_bfd_feature` to `20.15.0`
+- Add sdwan_embedded_security_ngfw_policy resource and data source
 
 ## 0.9.0
 

docs/data-sources/embedded_security_ngfw_policy.md

@@ -0,0 +1,100 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_embedded_security_ngfw_policy Data Source - terraform-provider-sdwan"
+subcategory: "Policies"
+description: |-
+  This data source can read the Embedded Security NGFW Policy.
+---
+
+# sdwan_embedded_security_ngfw_policy (Data Source)
+
+This data source can read the Embedded Security NGFW Policy.
+
+## Example Usage
+
+```terraform
+data "sdwan_embedded_security_ngfw_policy" "example" {
+  id                 = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+  feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `feature_profile_id` (String) Feature Profile ID
+- `id` (String) The id of the Policy
+
+### Read-Only
+
+- `default_action` (String)
+- `description` (String) The description of the Policy
+- `name` (String) The name of the Policy
+- `sequences` (Attributes List) (see [below for nested schema](#nestedatt--sequences))
+- `version` (Number) The version of the Policy
+
+<a id="nestedatt--sequences"></a>
+### Nested Schema for `sequences`
+
+Read-Only:
+
+- `actions` (Attributes List) can be empty array or with type or parameter (see [below for nested schema](#nestedatt--sequences--actions))
+- `base_action` (String)
+- `disable_rule` (Boolean)
+- `match_entries` (Attributes List) (see [below for nested schema](#nestedatt--sequences--match_entries))
+- `rule_type` (String)
+- `sequence_id` (String)
+- `sequence_name` (String)
+
+<a id="nestedatt--sequences--actions"></a>
+### Nested Schema for `sequences.actions`
+
+Read-Only:
+
+- `parameter` (String)
+- `parameter_id` (String)
+- `type` (String)
+
+
+<a id="nestedatt--sequences--match_entries"></a>
+### Nested Schema for `sequences.match_entries`
+
+Read-Only:
+
+- `app_list_ids` (Set of String)
+- `application_families` (Set of String)
+- `applications` (Set of String)
+- `destination_data_prefix_list_ids` (Set of String)
+- `destination_data_prefixs` (Set of String)
+- `destination_data_prefixs_variable` (String) Variable name
+- `destination_fqdn_list_ids` (Set of String)
+- `destination_fqdns` (Set of String)
+- `destination_fqdns_variable` (String) Variable name
+- `destination_geo_location_list_ids` (Set of String)
+- `destination_geo_locations` (Set of String)
+- `destination_geo_locations_variable` (String) Variable name
+- `destination_port_list_ids` (Set of String)
+- `destination_ports` (Set of String)
+- `destination_ports_variable` (String) Variable name
+- `destination_scalable_group_tag_list_ids` (Set of String)
+- `destination_security_group_list_ids` (Set of String)
+- `flat_app_list_ids` (Set of String)
+- `protocol_name_list_ids` (Set of String)
+- `protocol_names` (Set of String)
+- `protocols` (Set of String)
+- `source_data_prefix_list_ids` (Set of String)
+- `source_data_prefixs` (Set of String)
+- `source_data_prefixs_variable` (String) Variable name
+- `source_geo_location_list_ids` (Set of String)
+- `source_geo_locations` (Set of String)
+- `source_geo_locations_variable` (String) Variable name
+- `source_identity_usergroups` (Set of String)
+- `source_identity_users` (Set of String)
+- `source_indentity_list_ids` (Set of String)
+- `source_port_list_ids` (Set of String)
+- `source_ports` (Set of String)
+- `source_ports_variable` (String) Variable name
+- `source_scalable_group_tag_list_ids` (Set of String)
+- `source_security_group_list_ids` (Set of String)

docs/guides/changelog.md

@@ -16,6 +16,7 @@ description: |-
 - BREAKING CHANGE: Bump the minimum supported version of `sdwan_system_banner_feature` to `20.15.0`
 - BREAKING CHANGE: Bump the minimum supported version of `sdwan_system_basic_feature` to `20.15.0`
 - BREAKING CHANGE: Bump the minimum supported version of `sdwan_system_bfd_feature` to `20.15.0`
+- Add sdwan_embedded_security_ngfw_policy resource and data source
 
 ## 0.9.0
 

docs/resources/embedded_security_ngfw_policy.md

@@ -0,0 +1,138 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_embedded_security_ngfw_policy Resource - terraform-provider-sdwan"
+subcategory: "Policies"
+description: |-
+  This resource can manage a Embedded Security NGFW Policy.
+  Minimum SD-WAN Manager version: 20.15.0
+---
+
+# sdwan_embedded_security_ngfw_policy (Resource)
+
+This resource can manage a Embedded Security NGFW Policy.
+  - Minimum SD-WAN Manager version: `20.15.0`
+
+## Example Usage
+
+```terraform
+resource "sdwan_embedded_security_ngfw_policy" "example" {
+  name               = "Example"
+  description        = "My Example"
+  feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  default_action     = "pass"
+  sequences = [
+    {
+      sequence_id   = "1"
+      sequence_name = "security"
+      base_action   = "drop"
+      rule_type     = "ngfirewall"
+      disable_rule  = false
+      match_entries = [
+        {
+          source_ports = ["123"]
+        }
+      ]
+      actions = [
+        {
+          type      = "log"
+          parameter = "true"
+        }
+      ]
+    }
+  ]
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `default_action` (String) - Choices: `pass`, `drop`
+- `feature_profile_id` (String) Feature Profile ID
+- `name` (String) The name of the Policy
+
+### Optional
+
+- `description` (String) The description of the Policy
+- `sequences` (Attributes List) (see [below for nested schema](#nestedatt--sequences))
+
+### Read-Only
+
+- `id` (String) The id of the Policy
+- `version` (Number) The version of the Policy
+
+<a id="nestedatt--sequences"></a>
+### Nested Schema for `sequences`
+
+Optional:
+
+- `actions` (Attributes List) can be empty array or with type or parameter (see [below for nested schema](#nestedatt--sequences--actions))
+- `base_action` (String) - Choices: `pass`, `inspect`, `drop`
+- `disable_rule` (Boolean)
+- `match_entries` (Attributes List) (see [below for nested schema](#nestedatt--sequences--match_entries))
+- `rule_type` (String)
+- `sequence_id` (String)
+- `sequence_name` (String)
+
+<a id="nestedatt--sequences--actions"></a>
+### Nested Schema for `sequences.actions`
+
+Optional:
+
+- `parameter` (String)
+- `parameter_id` (String)
+- `type` (String) - Choices: `log`, `connectionEvents`
+
+
+<a id="nestedatt--sequences--match_entries"></a>
+### Nested Schema for `sequences.match_entries`
+
+Optional:
+
+- `app_list_ids` (Set of String)
+- `application_families` (Set of String)
+- `applications` (Set of String)
+- `destination_data_prefix_list_ids` (Set of String)
+- `destination_data_prefixs` (Set of String)
+- `destination_data_prefixs_variable` (String) Variable name
+- `destination_fqdn_list_ids` (Set of String)
+- `destination_fqdns` (Set of String)
+- `destination_fqdns_variable` (String) Variable name
+- `destination_geo_location_list_ids` (Set of String)
+- `destination_geo_locations` (Set of String)
+- `destination_geo_locations_variable` (String) Variable name
+- `destination_port_list_ids` (Set of String)
+- `destination_ports` (Set of String)
+- `destination_ports_variable` (String) Variable name
+- `destination_scalable_group_tag_list_ids` (Set of String)
+- `destination_security_group_list_ids` (Set of String)
+- `flat_app_list_ids` (Set of String)
+- `protocol_name_list_ids` (Set of String)
+- `protocol_names` (Set of String)
+- `protocols` (Set of String)
+- `source_data_prefix_list_ids` (Set of String)
+- `source_data_prefixs` (Set of String)
+- `source_data_prefixs_variable` (String) Variable name
+- `source_geo_location_list_ids` (Set of String)
+- `source_geo_locations` (Set of String)
+- `source_geo_locations_variable` (String) Variable name
+- `source_identity_usergroups` (Set of String)
+- `source_identity_users` (Set of String)
+- `source_indentity_list_ids` (Set of String)
+- `source_port_list_ids` (Set of String)
+- `source_ports` (Set of String)
+- `source_ports_variable` (String) Variable name
+- `source_scalable_group_tag_list_ids` (Set of String)
+- `source_security_group_list_ids` (Set of String)
+
+## Import
+
+Import is supported using the following syntax:
+
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
+```shell
+# Expected import identifier with the format: "embedded_security_ngfw_policy_id,feature_profile_id"
+terraform import sdwan_embedded_security_ngfw_policy.example "f6b2c44c-693c-4763-b010-895aa3d236bd,f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+```

examples/data-sources/sdwan_embedded_security_ngfw_policy/data-source.tf

@@ -0,0 +1,4 @@
+data "sdwan_embedded_security_ngfw_policy" "example" {
+  id                 = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+  feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+}

examples/resources/sdwan_embedded_security_ngfw_policy/import.sh

@@ -0,0 +1,2 @@
+# Expected import identifier with the format: "embedded_security_ngfw_policy_id,feature_profile_id"
+terraform import sdwan_embedded_security_ngfw_policy.example "f6b2c44c-693c-4763-b010-895aa3d236bd,f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"

examples/resources/sdwan_embedded_security_ngfw_policy/resource.tf

@@ -0,0 +1,26 @@
+resource "sdwan_embedded_security_ngfw_policy" "example" {
+  name               = "Example"
+  description        = "My Example"
+  feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  default_action     = "pass"
+  sequences = [
+    {
+      sequence_id   = "1"
+      sequence_name = "security"
+      base_action   = "drop"
+      rule_type     = "ngfirewall"
+      disable_rule  = false
+      match_entries = [
+        {
+          source_ports = ["123"]
+        }
+      ]
+      actions = [
+        {
+          type      = "log"
+          parameter = "true"
+        }
+      ]
+    }
+  ]
+}