Merge pull request #422 from jeremmfr/main

Release v1.30.1
jeremmfr · Sep 9, 2022 · d56f763 · d56f763
2 parents 50df441 + 93ae1eb
commit d56f763
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,13 @@ ENHANCEMENTS:
 
 BUG FIXES:
 
+## 1.30.1 (September 09, 2022)
+
+BUG FIXES:
+
+* resource/`junos_security_nat_static`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block of `rule` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) (Fixes [#420](https://github.com/jeremmfr/terraform-provider-junos/issues/420))
+* resource/`junos_security_nat_static_rule`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block (`then static-nat inet` without `routing-instance` is correct to do NAT64)
+
 ## 1.30.0 (September 07, 2022)
 
 FEATURES:

diff --git a/junos/resource_security_nat_static.go b/junos/resource_security_nat_static.go
@@ -460,16 +460,15 @@ func setSecurityNatStatic(d *schema.ResourceData, clt *Client, junSess *junosSes
 			for _, thenV := range rule["then"].([]interface{}) {
 				then := thenV.(map[string]interface{})
 				if then["type"].(string) == inetW {
-					if then["routing_instance"].(string) == "" {
-						return fmt.Errorf("missing routing_instance in rule %s with type = inet", rule["name"].(string))
-					}
 					if then["prefix"].(string) != "" ||
 						then["mapped_port"].(int) != 0 ||
 						then["mapped_port_to"].(int) != 0 {
-						return fmt.Errorf("only routing_instance need to be set in rule %s with type = inet", rule["name"].(string))
+						return fmt.Errorf("only routing_instance can be set in rule %s with type = inet", rule["name"].(string))
+					}
+					configSet = append(configSet, setPrefixRule+" then static-nat inet")
+					if rI := then["routing_instance"].(string); rI != "" {
+						configSet = append(configSet, setPrefixRule+" then static-nat inet routing-instance "+rI)
 					}
-					configSet = append(configSet, setPrefixRule+" then static-nat inet routing-instance "+
-						then["routing_instance"].(string))
 				}
 				if then["type"].(string) == "prefix" || then["type"].(string) == "prefix-name" {
 					setPrefixRuleThenStaticNat := setPrefixRule + " then static-nat "
@@ -624,7 +623,9 @@ func readSecurityNatStatic(name string, clt *Client, junSess *junosSession) (nat
 						default:
 							ruleThenOptions["prefix"] = strings.Trim(itemThen, "\"")
 						}
-					case strings.HasPrefix(itemThen, "inet "):
+					case itemThen == inetW:
+						ruleThenOptions["type"] = inetW
+					case strings.HasPrefix(itemThen, "inet routing-instance "):
 						ruleThenOptions["type"] = inetW
 						ruleThenOptions["routing_instance"] = strings.TrimPrefix(itemThen, "inet routing-instance ")
 					}

diff --git a/junos/resource_security_nat_static_rule.go b/junos/resource_security_nat_static_rule.go
@@ -401,16 +401,15 @@ func setSecurityNatStaticRule(d *schema.ResourceData, clt *Client, junSess *juno
 	for _, v := range d.Get("then").([]interface{}) {
 		then := v.(map[string]interface{})
 		if then["type"].(string) == inetW {
-			if then["routing_instance"].(string) == "" {
-				return fmt.Errorf("missing routing_instance with type = inet")
-			}
 			if then["prefix"].(string) != "" ||
 				then["mapped_port"].(int) != 0 ||
 				then["mapped_port_to"].(int) != 0 {
-				return fmt.Errorf("only routing_instance need to be set with type = inet")
+				return fmt.Errorf("only routing_instance can be set with type = inet")
+			}
+			configSet = append(configSet, setPrefix+"then static-nat inet")
+			if rI := then["routing_instance"].(string); rI != "" {
+				configSet = append(configSet, setPrefix+"then static-nat inet routing-instance "+rI)
 			}
-			configSet = append(configSet, setPrefix+"then static-nat inet routing-instance "+
-				then["routing_instance"].(string))
 		}
 		if then["type"].(string) == "prefix" || then["type"].(string) == "prefix-name" {
 			setPrefixRuleThenStaticNat := setPrefix + "then static-nat "
@@ -533,7 +532,9 @@ func readSecurityNatStaticRule(ruleSet, name string, clt *Client, junSess *junos
 					default:
 						ruleThenOptions["prefix"] = strings.Trim(itemThen, "\"")
 					}
-				case strings.HasPrefix(itemThen, "inet "):
+				case itemThen == inetW:
+					ruleThenOptions["type"] = inetW
+				case strings.HasPrefix(itemThen, "inet routing-instance "):
 					ruleThenOptions["type"] = inetW
 					ruleThenOptions["routing_instance"] = strings.TrimPrefix(itemThen, "inet routing-instance ")
 				}

diff --git a/junos/resource_security_nat_static_rule_test.go b/junos/resource_security_nat_static_rule_test.go
@@ -60,6 +60,9 @@ func TestAccJunosSecurityNatStaticRule_basic(t *testing.T) {
 					ImportState:       true,
 					ImportStateVerify: true,
 				},
+				{
+					Config: testAccJunosSecurityNatStaticRuleConfigCreate2(),
+				},
 			},
 		})
 	}
@@ -85,6 +88,14 @@ resource "junos_security_nat_static_rule" "testacc_securityNATSttRule" {
     prefix           = "192.0.2.128/25"
   }
 }
+resource "junos_security_nat_static_rule" "testacc_securityNATSttRuleInet" {
+  name                = "testacc_securityNATSttRuleInet"
+  rule_set            = junos_security_nat_static.testacc_securityNATSttRule.name
+  destination_address = "64:ff9b::/96"
+  then {
+    type = "inet"
+  }
+}
 
 resource "junos_security_zone" "testacc_securityNATSttRule" {
   name = "testacc_securityNATSttRule"
@@ -178,3 +189,31 @@ resource "junos_security_address_book" "testacc_securityNATSttRule" {
 }
 `
 }
+
+func testAccJunosSecurityNatStaticRuleConfigCreate2() string {
+	return `
+resource "junos_security_nat_static" "testacc_securityNATSttRuleInet" {
+  name = "testacc_securityNATSttRuleInet"
+  from {
+    type  = "zone"
+    value = [junos_security_zone.testacc_securityNATSttRuleInet.name]
+  }
+  configure_rules_singly = true
+}
+resource "junos_security_nat_static_rule" "testacc_securityNATSttRuleInet" {
+  name                = "testacc_securityNATSttRuleInet"
+  rule_set            = junos_security_nat_static.testacc_securityNATSttRuleInet.name
+  destination_address = "64:ff9b::/96"
+  then {
+    type             = "inet"
+    routing_instance = junos_routing_instance.testacc_securityNATSttRuleInet.name
+  }
+}
+resource "junos_security_zone" "testacc_securityNATSttRuleInet" {
+  name = "testacc_securityNATSttRuleInet"
+}
+resource "junos_routing_instance" "testacc_securityNATSttRuleInet" {
+  name = "testacc_securityNATSttRuleInet"
+}
+`
+}
diff --git a/junos/resource_security_nat_static_test.go b/junos/resource_security_nat_static_test.go
@@ -25,7 +25,7 @@ func TestAccJunosSecurityNatStatic_basic(t *testing.T) {
 						resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt",
 							"from.0.value.0", "testacc_securityNATStt"),
 						resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt",
-							"rule.#", "1"),
+							"rule.#", "2"),
 						resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt",
 							"rule.0.name", "testacc_securityNATSttRule"),
 						resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt",
@@ -67,6 +67,9 @@ func TestAccJunosSecurityNatStatic_basic(t *testing.T) {
 					ImportState:   true,
 					ImportStateId: "testacc_securityNATStt_singly_-_no_rules",
 				},
+				{
+					Config: testAccJunosSecurityNatStaticConfigUpdate2(),
+				},
 			},
 		})
 	}
@@ -90,6 +93,13 @@ resource "junos_security_nat_static" "testacc_securityNATStt" {
       prefix           = "192.0.2.128/25"
     }
   }
+  rule {
+    name                = "testacc_securityNATSttRule2"
+    destination_address = "64:ff9b::/96"
+    then {
+      type = "inet"
+    }
+  }
 }
 
 resource "junos_security_zone" "testacc_securityNATStt" {
@@ -186,3 +196,45 @@ resource "junos_security_nat_static" "testacc_securityNATStt_singly" {
 }
 `
 }
+
+func testAccJunosSecurityNatStaticConfigUpdate2() string {
+	return `
+resource "junos_security_nat_static" "testacc_securityNATStt" {
+  name = "testacc_securityNATStt"
+  from {
+    type  = "zone"
+    value = [junos_security_zone.testacc_securityNATStt.name]
+  }
+  rule {
+    name                = "testacc_securityNATSttRule"
+    destination_address = "64:ff9b::/96"
+    then {
+      type             = "inet"
+      routing_instance = junos_routing_instance.testacc_securityNATStt.name
+    }
+  }
+}
+
+resource "junos_security_zone" "testacc_securityNATStt" {
+  name = "testacc_securityNATStt"
+}
+resource "junos_routing_instance" "testacc_securityNATStt" {
+  name = "testacc_securityNATStt"
+}
+
+resource "junos_security_address_book" "testacc_securityNATStt" {
+  network_address {
+    name  = "testacc_securityNATSttRule2"
+    value = "192.0.2.128/27"
+  }
+  network_address {
+    name  = "testacc_securityNATStt-prefix"
+    value = "192.0.2.160/27"
+  }
+  network_address {
+    name  = "testacc_securityNATStt-src"
+    value = "192.0.2.224/27"
+  }
+}
+`
+}