Merge pull request #516 from jeremmfr/main

Release v2.1.0

.github/workflows/go_analysis.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: Running govulncheck
-        uses: Templum/govulncheck-action@v0.10.1
+        uses: Templum/govulncheck-action@v1.0.0
         with:
           go-version: '1.20'
           package: ./...

.github/workflows/linters.yml

@@ -19,7 +19,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.52
+          version: v1.53
           args: -c .golangci.yml -v
 
   markdown-lint:

.golangci.yml

@@ -29,6 +29,7 @@ linters:
     - execinquery
     - nosnakecase
     - musttag
+    - depguard
 linters-settings:
   gci:
     custom-order: true

CHANGELOG.md

@@ -1,6 +1,87 @@
 <!-- markdownlint-disable-file MD013 MD041 -->
 # changelog
 
+## v2.1.0 (July 25, 2023)
+
+ENHANCEMENTS:
+
+* **resource/junos_application**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value
+* **data-source/junos_applications**: data-source now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)
+* **resource/junos_application_set**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  * add `application_set`, `description` arguments
+* **data-source/junos_application_sets**:
+  * data-source now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)
+  * add `match_application_sets` argument
+  * add `application_set` and `description` attribute in `application_sets` block attribute
+* **resource/junos_bgp_group**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * `advertise_external` is now computed to `true` when `advertise_external_conditional` is `true` (instead of the 2 attributes conflicting)
+  * `bfd_liveness_detection.version` now generate an error if the value is not in one of strings `0`, `1` or `automatic`
+  * add `bgp_error_tolerance`, `description`, `no_client_reflect`, `tcp_aggressive_transmission` arguments
+* **resource/junos_bgp_neighbor**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * `advertise_external` is now computed to `true` when `advertise_external_conditional` is `true` (instead of the 2 attributes conflicting)
+  * `bfd_liveness_detection.version` now generate an error if the value is not in one of strings `0`, `1` or `automatic`
+  * add `bgp_error_tolerance`, `description`, `no_client_reflect`, `tcp_aggressive_transmission` arguments
+* **resource/junos_firewall_filter**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+    some of config errors are now sent during Plan instead of during Apply  
+    optional boolean attributes doesn't accept value *false*  
+    optional string attributes doesn't accept *empty* value  
+    the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * add `destination_mac_address`, `destination_mac_address_except`,
+  `forwarding_class`, `forwarding_class_except`,
+  `interface`,
+  `loss_priority`, `loss_priority_except`,
+  `packet_length`, `packet_length_except`,
+  `policy_map`, `policy_map_except`,
+  `source_mac_address` and `source_mac_address_except` arguments in from block in term block
+  * add `forwarding_class` and `loss_priority` arguments in then block in term block
+* **resource/junos_firewall_policer**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+    some of config errors are now sent during Plan instead of during Apply  
+    optional boolean attributes doesn't accept value *false*  
+    optional string attributes doesn't accept *empty* value  
+    the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * add `logical_bandwidth_policer`, `logical_interface_policer`, `physical_interface_policer`, `shared_bandwidth_policer` and `if_exceeding_pps` arguments
+* **resource/junos_policyoptions_as_path**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+* **resource/junos_policyoptions_as_path_group**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+* **resource/junos_policyoptions_community**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+    optional boolean attributes doesn't accept value *false*  
+  * add `dynamic_db` argument (`members` is now optional but one of `dynamic_db` or `members` must be specified)
+* **resource/junos_policyoptions_policy_statement**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+    some of config errors are now sent during Plan instead of during Apply  
+    optional boolean attributes doesn't accept value *false*  
+    optional string attributes doesn't accept *empty* value  
+    the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * add `dynamic_db` argument
+* **resource/junos_policyoptions_prefix_list**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+
+BUG FIXES:
+
+* reduce plan time for resources that have migrated to the new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework) and have block set attributes (multiple unordered blocks) (Partial fix [#498](https://github.com/jeremmfr/terraform-provider-junos/issues/498))
+* **resource/junos_security_ipsec_vpn**: fix length validator (max 31 instead of 32) and remove space exclusion validator of `name` for `traffic_selector` block
+
 ## v2.0.0 (May 10, 2023)
 
 BREAKING CHANGES with new `v2`:

docs/data-sources/application_sets.md

@@ -26,6 +26,9 @@ The following arguments are supported:
 - **match_applications** (Optional, Set of String)  
   List of applications to apply a filter on application-sets.  
   The list needs to be exact to match.
+- **match_application_sets** (Optional, Set of String)  
+  List of application-sets to apply a filter on application-sets.  
+  The list needs to be exact to match.
 
 ## Attributes Reference
 
@@ -36,6 +39,10 @@ The following attributes are exported:
 - **application_sets** (Block List)  
   For each application-set found.
   - **name** (String)  
-    Name of application set.
+    Application set name.
   - **applications** (List of String)  
-    List of application names.
+    List of included application names.
+  - **application_set** (List of String)  
+    List of included application-set names.
+  - **description** (String)  
+    Description for application-set.

docs/data-sources/applications.md

@@ -47,7 +47,7 @@ The following arguments are supported:
   - **icmp6_type** (Optional, String)  
     Match ICMP6 message type.
   - **inactivity_timeout** (Optional, Number)  
-    Application-specific inactivity timeout (4..86400 seconds).
+    Application-specific inactivity timeout.
   - **inactivity_timeout_never** (Optional, Boolean)  
     Disables inactivity timeout.
   - **protocol** (Optional, String)  

docs/resources/application.md

@@ -22,13 +22,13 @@ resource "junos_application" "mysql" {
 The following arguments are supported:
 
 - **name** (Required, String, Forces new resource)  
-  Name of application.
+  Application name.
 - **application_protocol** (Optional, String)  
   Application protocol type.
 - **description** (Optional, String)  
   Text description of application.
 - **destination_port** (Optional, String)  
-  Port(s) destination used by application.
+  Match TCP/UDP destination port.
 - **ether_type** (Optional, String)  
   Match ether type.  
   Must be in hex (example: 0x8906).
@@ -39,12 +39,12 @@ The following arguments are supported:
   Disables inactivity timeout.  
   Conflict with `inactivity_timeout`.
 - **protocol** (Optional, String)  
-  Protocol used by application.
+  Match IP protocol type.
 - **rpc_program_number** (Optional, String)  
   Match range of RPC program numbers.  
   Must be an integer or a range of integers.
 - **source_port** (Optional, String)  
-  Port(s) source used by application.
+  Match TCP/UDP source port.
 - **term** (Optional, Block List)  
   For each name of term to declare.  
   Conflict with `application_protocol`, `destination_port`, `inactivity_timeout`, `protocol`,

docs/resources/application_set.md

@@ -21,9 +21,13 @@ resource "junos_application_set" "ssh_telnet" {
 The following arguments are supported:
 
 - **name** (Required, String, Forces new resource)  
-  Name of application set.
+  Application set name.
 - **applications** (Optional, List of String)  
-  List of application names.
+  Application to be included in the set.
+- **application_set** (Optional, List of String)  
+  Application-set to be included in the set.
+- **description** (Optional, String)  
+  Description for application-set.
 
 ## Attributes Reference
 

docs/resources/bgp_group.md

@@ -25,7 +25,7 @@ The following arguments are supported:
 - **name** (Required, String, Forces new resource)  
   Name of group.
 - **routing_instance** (Optional, String, Forces new resource)  
-  Routing instance for bgp protocol.  
+  Routing instance for bgp protocol if not root level.  
   Need to be `default` or name of routing instance.  
   Defaults to `default`.
 - **type** (Optional, String, Forces new resource)  
@@ -34,12 +34,11 @@ The following arguments are supported:
   Defaults to `external`.
 - **accept_remote_nexthop** (Optional, Boolean)  
   Allow import policy to specify a non-directly connected next-hop.
-- **advertise_external** (Optional, Boolean)  
+- **advertise_external** (Optional, Computed, Boolean)  
   Advertise best external routes.  
-  Conflict with `advertise_external_conditional`.
+  Computed to set to `true` when `advertise_external_conditional` is true.
 - **advertise_external_conditional** (Optional, Boolean)  
-  Route matches active route upto med-comparison rule.  
-  Conflict with `advertise_external`.
+  Route matches active route upto med-comparison rule.
 - **advertise_inactive** (Optional, Boolean)  
   Advertise inactive routes.
 - **advertise_peer_as** (Optional, Boolean)  
@@ -62,6 +61,16 @@ The following arguments are supported:
 - **bfd_liveness_detection** (Optional, Block)  
   Define Bidirectional Forwarding Detection (BFD) options.  
   See [below for nested schema](#bfd_liveness_detection-arguments).
+- **bgp_error_tolerance** (Optional, Block)  
+  Handle BGP malformed updates softly.
+  - **malformed_route_limit** (Optional, Number)  
+    Maximum number of malformed routes from a peer (0..4294967295).  
+    Conflict with `no_malformed_route_limit`.
+  - **malformed_update_log_interval** (Optional, Number)  
+    Time used when logging malformed update (10..65535 seconds).
+  - **no_malformed_route_limit** (Optional, Boolean)  
+    No malformed route limit.  
+    Conflict with `malformed_route_limit`.
 - **bgp_multipath** (Optional, Block)  
   Allow load sharing among multiple BGP paths.
   - **allow_protection** (Optional, Boolean)  
@@ -71,9 +80,12 @@ The following arguments are supported:
   - **multiple_as** (Optional, Boolean)  
     Use paths received from different ASs.
 - **cluster** (Optional, String)  
-  Cluster identifier. Must be a valid IP address.
+  Cluster identifier.  
+  Must be a valid IP address.
 - **damping** (Optional, Boolean)  
   Enable route flap damping.
+- **description** (Optional, String)  
+  Text description.
 - **export** (Optional, List of String)  
   Export policy list.
 - **family_evpn** (Optional, Block List)  
@@ -91,7 +103,12 @@ The following arguments are supported:
   Same options as [`family_inet` arguments](#family_inet-arguments) but for inet6 family.
 - **graceful_restart** (Optional, Block)  
   Define BGP graceful restart options.
-  See [below for nested schema](#graceful_restart-arguments).
+  - **disable** (Optional, Boolean)  
+    Disable graceful restart.
+  - **restart_time** (Optional, Number)  
+    Restart time used when negotiating with a peer (1..600).
+  - **stale_route_time** (Optional, Number)  
+    Maximum time for which stale routes are kept (1..600).
 - **hold_time** (Optional, Number)  
   Hold time used when negotiating with a peer.
 - **import** (Optional, List of String)  
@@ -147,6 +164,8 @@ The following arguments are supported:
   Enable TCP path MTU discovery.
 - **multihop** (Optional, Boolean)  
   Configure an EBGP multihop session.
+- **no_client_reflect** (Optional, Boolean)  
+  Disable intracluster route redistribution.
 - **out_delay** (Optional, Number)  
   How long before exporting routes from routing table.
 - **passive** (Optional, Boolean)  
@@ -157,6 +176,8 @@ The following arguments are supported:
   Preference value.
 - **remove_private** (Optional, Boolean)  
   Remove well-known private AS numbers.
+- **tcp_aggressive_transmission** (Optional, Boolean)  
+  Enable aggressive transmission of pure TCP ACKs and retransmissions
 
 ---
 
@@ -186,7 +207,8 @@ The following arguments are supported:
 - **transmit_interval_threshold** (Optional, Number)  
   High transmit interval triggering a trap (milliseconds).
 - **version** (Optional, String)  
-  BFD protocol version number.
+  BFD protocol version number.  
+  Need to be `0`, `1` or `automatic`.
 
 ---
 
@@ -198,7 +220,7 @@ Also for `family_inet6` and `family_evpn` (except `nlri_type`)
   NLRI type.  
   Need to be `any`, `flow`, `labeled-unicast`, `unicast` or `multicast`.
 - **accepted_prefix_limit** (Optional, Block)  
-  Define maximum number of prefixes accepted from a peer and options.
+  Define maximum number of prefixes accepted from a peer.
   - **maximum** (Required, Number)  
     Maximum number of prefixes accepted from a peer (1..4294967295).
   - **teardown** (Optional, Number)  
@@ -212,17 +234,6 @@ Also for `family_inet6` and `family_evpn` (except `nlri_type`)
 - **prefix_limit** (Optional, Block)  
   Same options as `accepted_prefix_limit` but for limit maximum number of prefixes from a peer.
 
----
-
-### graceful_restart arguments
-
-- **disable** (Optional, Boolean)  
-  Disable graceful restart.
-- **restart_time** (Optional, Number)  
-  Restart time used when negotiating with a peer (1..600).
-- **stale_route_time** (Optional, Number)  
-  Maximum time for which stale routes are kept (1..600).
-
 ## Attributes Reference
 
 The following attributes are exported: