feat(panos): add PAN-OS Panorama support (GoogleCloudPlatform#960)

c6h12o6 · Jul 30, 2021 · 6014041 · 6014041
1 parent 399ed68
commit 6014041
Show file tree

Hide file tree

Showing 16 changed files with 2,124 additions and 133 deletions.
diff --git a/cmd/provider_cmd_panos.go b/cmd/provider_cmd_panos.go
@@ -16,6 +16,7 @@ package cmd
 
 import (
 	"log"
+	"reflect"
 	"strings"
 
 	panos_terraforming "github.com/GoogleCloudPlatform/terraformer/providers/panos"
@@ -30,15 +31,27 @@ func newCmdPanosImporter(options ImportOptions) *cobra.Command {
 		Short: "Import current state to Terraform configuration from a PAN-OS",
 		Long:  "Import current state to Terraform configuration from a PAN-OS",
 		RunE: func(cmd *cobra.Command, args []string) error {
+			var t interface{}
+
 			if len(vsys) == 0 {
 				var err error
 
-				vsys, err = panos_terraforming.GetVsysList()
+				vsys, t, err = panos_terraforming.GetVsysList()
+				if err != nil {
+					return err
+				}
+			} else {
+				c, err := panos_terraforming.Initialize()
 				if err != nil {
 					return err
 				}
+
+				t = reflect.TypeOf(c)
 			}
 
+			resources := panos_terraforming.FilterCallableResources(t, options.Resources)
+			options.Resources = resources
+
 			originalPathPattern := options.PathPattern
 			for _, v := range vsys {
 				provider := newPanosProvider()
@@ -57,7 +70,7 @@ func newCmdPanosImporter(options ImportOptions) *cobra.Command {
 	}
 
 	cmd.AddCommand(listCmd(newPanosProvider()))
-	baseProviderFlags(cmd.PersistentFlags(), &options, "device_config,firewall_networking,firewall_objects", "")
+	baseProviderFlags(cmd.PersistentFlags(), &options, "firewall_device_config,firewall_networking,firewall_objects,firewall_policy", "")
 	cmd.PersistentFlags().StringSliceVarP(&vsys, "vsys", "", []string{}, "")
 
 	return cmd

diff --git a/docs/panos.md b/docs/panos.md
@@ -7,7 +7,7 @@ Example:
  export PANOS_USERNAME=[PANOS_USERNAME]
  export PANOS_PASSWORD=[PANOS_PASSWORD]
 
- terraformer import panos --resources=device_config,firewall_networking,firewall_objects,firewall_policy
+ terraformer import panos --resources=firewall_device_config,firewall_networking,firewall_objects,firewall_policy
 ```
 The list of usable environment variables is the same as the [pango go-client](https://github.com/PaloAltoNetworks/pango):
 *  `PANOS_HOSTNAME`
@@ -24,7 +24,7 @@ The list of usable environment variables is the same as the [pango go-client](ht
 
 Here is the list of resources which are currently supported:
 
-*   `device_config`
+*   `firewall_device_config`
     * `panos_general_settings`
     * `panos_telemetry` 
     * `panos_email_server_profile`
@@ -91,3 +91,77 @@ Here is the list of resources which are currently supported:
     * `panos_nat_rule_group`
     * `panos_pbf_rule_group`
     * `panos_security_rule_group`
+*   `panorama_device_config`
+    * `panos_device_group_parent`
+    * `panos_panorama_device_group`
+    * `panos_panorama_email_server_profile`
+    * `panos_panorama_http_server_profile`
+    * `panos_panorama_snmptrap_server_profile`
+    * `panos_panorama_syslog_server_profile`
+    * `panos_panorama_template`
+    * `panos_panorama_template_stack`
+    * `panos_panorama_template_variable`
+*   `panorama_networking`
+    * `panos_panorama_aggregate_interface`
+    * `panos_panorama_bfd_profile`
+    * `panos_panorama_bgp`
+    * `panos_panorama_bgp_aggregate`
+    * `panos_panorama_bgp_aggregate_advertise_filter`
+    * `panos_panorama_bgp_aggregate_suppress_filter`
+    * `panos_panorama_bgp_auth_profile` # The secret argument will contain "(incorrect)"
+    * `panos_panorama_bgp_conditional_adv`
+    * `panos_panorama_bgp_conditional_adv_advertise_filter`
+    * `panos_panorama_bgp_conditional_adv_non_exist_filter`
+    * `panos_panorama_bgp_dampening_profile`
+    * `panos_panorama_bgp_export_rule_group`
+    * `panos_panorama_bgp_import_rule_group`
+    * `panos_panorama_bgp_peer`
+    * `panos_panorama_bgp_peer_group`
+    * `panos_panorama_bgp_redist_rule`
+    * `panos_panorama_ethernet_interface`
+    * `panos_panorama_gre_tunnel`
+    * `panos_panorama_ike_crypto_profile`
+    * `panos_panorama_ike_gateway`
+    * `panos_panorama_ipsec_crypto_profile`
+    * `panos_panorama_ipsec_tunnel`
+    * `panos_panorama_ipsec_tunnel_proxy_id_ipv4`
+    * `panos_panorama_layer2_subinterface`
+    * `panos_panorama_layer3_subinterface`
+    * `panos_panorama_loopback_interface`
+    * `panos_panorama_management_profile`
+    * `panos_panorama_monitor_profile`
+    * `panos_panorama_redistribution_profile`
+    * `panos_panorama_static_route_ipv4`
+    * `panos_panorama_tunnel_interface`
+    * `panos_panorama_virtual_router`
+    * `panos_panorama_vlan`
+    * `panos_panorama_vlan_interface`
+    * `panos_panorama_zone`
+*   `panorama_objects`
+    * `panos_panorama_address_group`
+    * `panos_panorama_administrative_tag`
+    * `panos_panorama_application_group`
+    * `panos_panorama_application_object`
+    * `panos_panorama_edl`
+    * `panos_panorama_log_forwarding_profile`
+    * `panos_panorama_service_group`
+    * `panos_panorama_service_object`
+    * `panos_address_object`
+    * `panos_anti_spyware_security_profile`
+    * `panos_antivirus_security_profile`
+    * `panos_custom_data_pattern_object`
+    * `panos_data_filtering_security_profile`
+    * `panos_dos_protection_profile`
+    * `panos_dynamic_user_group`
+    * `panos_file_blocking_security_profile`
+    * `panos_url_filtering_security_profile`
+    * `panos_vulnerability_security_profile`
+    * `panos_wildfire_analysis_security_profile`
+*   `panorama_plugins`
+    * `panos_panorama_gcp_account`
+    * `panos_panorama_gke_cluster`
+    * `panos_panorama_gke_cluster_group`
+*   `panorama_policy`
+    * `panos_panorama_nat_rule_group`
+    * `panos_panorama_pbf_rule_group`
+    * `panos_panorama_security_rule_group`
diff --git a/go.mod b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/IBM/vpc-go-sdk v0.4.1
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/OctopusDeploy/go-octopusdeploy v1.6.0
-	github.com/PaloAltoNetworks/pango v0.5.2-0.20210514062125-b809b85eb51c
+	github.com/PaloAltoNetworks/pango v0.6.0
 	github.com/SAP/go-hdb v0.105.2 // indirect
 	github.com/SermoDigital/jose v0.9.1 // indirect
 	github.com/aliyun/alibaba-cloud-sdk-go v1.60.295

diff --git a/go.sum b/go.sum
@@ -131,8 +131,8 @@ github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8
 github.com/OctopusDeploy/go-octopusdeploy v1.6.0 h1:r9ThVuANGkzm3noAjLF/i7LUcxQxbCJwpvn1DLwPoOA=
 github.com/OctopusDeploy/go-octopusdeploy v1.6.0/go.mod h1:maPbD8azyb2mcNN6E4SGrwiLN7XmDSML5ui+mcWR/R0=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
-github.com/PaloAltoNetworks/pango v0.5.2-0.20210514062125-b809b85eb51c h1:4uQRvqtOkn0n4zb9BbYHhXzAmWDd25T6TfnE5I5gpFg=
-github.com/PaloAltoNetworks/pango v0.5.2-0.20210514062125-b809b85eb51c/go.mod h1:xpwEKL6CHhniRcqKYTjIiGBzPd3QIyto3sz2ynsP1qg=
+github.com/PaloAltoNetworks/pango v0.6.0 h1:QKe17XsICz2P1S6sKpaH1w8zr/4Q3jYsYVq7bQTjfv8=
+github.com/PaloAltoNetworks/pango v0.6.0/go.mod h1:xpwEKL6CHhniRcqKYTjIiGBzPd3QIyto3sz2ynsP1qg=
 github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=

diff --git a/providers/panos/device_config.go → providers/panos/firewall_device_config.go b/providers/panos/device_config.go → providers/panos/firewall_device_config.go
@@ -16,15 +16,16 @@ package panos
 
 import (
 	"github.com/GoogleCloudPlatform/terraformer/terraformutils"
+	"github.com/PaloAltoNetworks/pango"
 )
 
-type DeviceConfigGenerator struct {
+type FirewallDeviceConfigGenerator struct {
 	PanosService
 }
 
-func (g *DeviceConfigGenerator) createResourcesFromList(o getGeneric, idPrefix, terraformResourceName string) (resources []terraformutils.Resource) {
+func (g *FirewallDeviceConfigGenerator) createResourcesFromList(o getGeneric, idPrefix, terraformResourceName string) (resources []terraformutils.Resource) {
 	l, err := o.i.(getListWithOneArg).GetList(o.params[0])
-	if err != nil {
+	if err != nil || len(l) == 0 {
 		return []terraformutils.Resource{}
 	}
 
@@ -42,7 +43,7 @@ func (g *DeviceConfigGenerator) createResourcesFromList(o getGeneric, idPrefix,
 	return resources
 }
 
-func (g *DeviceConfigGenerator) createGeneralSettingsResource(hostname string) terraformutils.Resource {
+func (g *FirewallDeviceConfigGenerator) createGeneralSettingsResource(hostname string) terraformutils.Resource {
 	return terraformutils.NewSimpleResource(
 		hostname,
 		normalizeResourceName(hostname),
@@ -52,7 +53,7 @@ func (g *DeviceConfigGenerator) createGeneralSettingsResource(hostname string) t
 	)
 }
 
-func (g *DeviceConfigGenerator) createTelemetryResource(ipAddress, hostname string) terraformutils.Resource {
+func (g *FirewallDeviceConfigGenerator) createTelemetryResource(ipAddress, hostname string) terraformutils.Resource {
 	return terraformutils.NewSimpleResource(
 		ipAddress,
 		normalizeResourceName(hostname),
@@ -62,31 +63,31 @@ func (g *DeviceConfigGenerator) createTelemetryResource(ipAddress, hostname stri
 	)
 }
 
-func (g *DeviceConfigGenerator) createEmailServerProfileResources() []terraformutils.Resource {
-	return g.createResourcesFromList(getGeneric{g.client.Device.EmailServerProfile, []string{g.vsys}},
+func (g *FirewallDeviceConfigGenerator) createEmailServerProfileResources() []terraformutils.Resource {
+	return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Device.EmailServerProfile, []string{g.vsys}},
 		g.vsys+":", "panos_email_server_profile",
 	)
 }
 
-func (g *DeviceConfigGenerator) createHTTPServerProfileResources() []terraformutils.Resource {
-	return g.createResourcesFromList(getGeneric{g.client.Device.HttpServerProfile, []string{g.vsys}},
+func (g *FirewallDeviceConfigGenerator) createHTTPServerProfileResources() []terraformutils.Resource {
+	return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Device.HttpServerProfile, []string{g.vsys}},
 		g.vsys+":", "panos_http_server_profile",
 	)
 }
 
-func (g *DeviceConfigGenerator) createSNMPTrapServerProfileResources() []terraformutils.Resource {
-	return g.createResourcesFromList(getGeneric{g.client.Device.SnmpServerProfile, []string{g.vsys}},
+func (g *FirewallDeviceConfigGenerator) createSNMPTrapServerProfileResources() []terraformutils.Resource {
+	return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Device.SnmpServerProfile, []string{g.vsys}},
 		g.vsys+":", "panos_snmptrap_server_profile",
 	)
 }
 
-func (g *DeviceConfigGenerator) createSyslogServerProfileResources() []terraformutils.Resource {
-	return g.createResourcesFromList(getGeneric{g.client.Device.SyslogServerProfile, []string{g.vsys}},
+func (g *FirewallDeviceConfigGenerator) createSyslogServerProfileResources() []terraformutils.Resource {
+	return g.createResourcesFromList(getGeneric{g.client.(*pango.Firewall).Device.SyslogServerProfile, []string{g.vsys}},
 		g.vsys+":", "panos_syslog_server_profile",
 	)
 }
 
-func (g *DeviceConfigGenerator) InitResources() error {
+func (g *FirewallDeviceConfigGenerator) InitResources() error {
 	if err := g.Initialize(); err != nil {
 		return err
 	}
@@ -95,7 +96,7 @@ func (g *DeviceConfigGenerator) InitResources() error {
 		g.vsys = "shared"
 	}
 
-	generalConfig, err := g.client.Device.GeneralSettings.Get()
+	generalConfig, err := g.client.(*pango.Firewall).Device.GeneralSettings.Get()
 	if err != nil {
 		return err
 	}