From 34162568e0a72cac79534b4b753dcbd091fe7de2 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Fri, 9 Sep 2022 08:48:32 +0200 Subject: [PATCH 1/4] r/security_nat_static: remove the need to set 'routing_instance' argument with 'type' = 'inet' inside 'then' block of 'rule' block 'then static-nat inet' without 'routing-instance' is correct to do NAT64 Fixes #420 --- CHANGELOG.md | 2 + junos/resource_security_nat_static.go | 15 +++--- junos/resource_security_nat_static_test.go | 54 +++++++++++++++++++++- 3 files changed, 63 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6bfd639..c5f05626 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ ENHANCEMENTS: BUG FIXES: +* resource/`junos_security_nat_static`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block of `rule` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) (Fixes #420) + ## 1.30.0 (September 07, 2022) FEATURES: diff --git a/junos/resource_security_nat_static.go b/junos/resource_security_nat_static.go index b27e86ac..53082f88 100644 --- a/junos/resource_security_nat_static.go +++ b/junos/resource_security_nat_static.go @@ -460,16 +460,15 @@ func setSecurityNatStatic(d *schema.ResourceData, clt *Client, junSess *junosSes for _, thenV := range rule["then"].([]interface{}) { then := thenV.(map[string]interface{}) if then["type"].(string) == inetW { - if then["routing_instance"].(string) == "" { - return fmt.Errorf("missing routing_instance in rule %s with type = inet", rule["name"].(string)) - } if then["prefix"].(string) != "" || then["mapped_port"].(int) != 0 || then["mapped_port_to"].(int) != 0 { - return fmt.Errorf("only routing_instance need to be set in rule %s with type = inet", rule["name"].(string)) + return fmt.Errorf("only routing_instance can be set in rule %s with type = inet", rule["name"].(string)) + } + configSet = append(configSet, setPrefixRule+" then static-nat inet") + if rI := then["routing_instance"].(string); rI != "" { + configSet = append(configSet, setPrefixRule+" then static-nat inet routing-instance "+rI) } - configSet = append(configSet, setPrefixRule+" then static-nat inet routing-instance "+ - then["routing_instance"].(string)) } if then["type"].(string) == "prefix" || then["type"].(string) == "prefix-name" { setPrefixRuleThenStaticNat := setPrefixRule + " then static-nat " @@ -624,7 +623,9 @@ func readSecurityNatStatic(name string, clt *Client, junSess *junosSession) (nat default: ruleThenOptions["prefix"] = strings.Trim(itemThen, "\"") } - case strings.HasPrefix(itemThen, "inet "): + case itemThen == inetW: + ruleThenOptions["type"] = inetW + case strings.HasPrefix(itemThen, "inet routing-instance "): ruleThenOptions["type"] = inetW ruleThenOptions["routing_instance"] = strings.TrimPrefix(itemThen, "inet routing-instance ") } diff --git a/junos/resource_security_nat_static_test.go b/junos/resource_security_nat_static_test.go index c056d1ad..0ddd69e7 100644 --- a/junos/resource_security_nat_static_test.go +++ b/junos/resource_security_nat_static_test.go @@ -25,7 +25,7 @@ func TestAccJunosSecurityNatStatic_basic(t *testing.T) { resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt", "from.0.value.0", "testacc_securityNATStt"), resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt", - "rule.#", "1"), + "rule.#", "2"), resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt", "rule.0.name", "testacc_securityNATSttRule"), resource.TestCheckResourceAttr("junos_security_nat_static.testacc_securityNATStt", @@ -67,6 +67,9 @@ func TestAccJunosSecurityNatStatic_basic(t *testing.T) { ImportState: true, ImportStateId: "testacc_securityNATStt_singly_-_no_rules", }, + { + Config: testAccJunosSecurityNatStaticConfigUpdate2(), + }, }, }) } @@ -90,6 +93,13 @@ resource "junos_security_nat_static" "testacc_securityNATStt" { prefix = "192.0.2.128/25" } } + rule { + name = "testacc_securityNATSttRule2" + destination_address = "64:ff9b::/96" + then { + type = "inet" + } + } } resource "junos_security_zone" "testacc_securityNATStt" { @@ -186,3 +196,45 @@ resource "junos_security_nat_static" "testacc_securityNATStt_singly" { } ` } + +func testAccJunosSecurityNatStaticConfigUpdate2() string { + return ` +resource "junos_security_nat_static" "testacc_securityNATStt" { + name = "testacc_securityNATStt" + from { + type = "zone" + value = [junos_security_zone.testacc_securityNATStt.name] + } + rule { + name = "testacc_securityNATSttRule" + destination_address = "64:ff9b::/96" + then { + type = "inet" + routing_instance = junos_routing_instance.testacc_securityNATStt.name + } + } +} + +resource "junos_security_zone" "testacc_securityNATStt" { + name = "testacc_securityNATStt" +} +resource "junos_routing_instance" "testacc_securityNATStt" { + name = "testacc_securityNATStt" +} + +resource "junos_security_address_book" "testacc_securityNATStt" { + network_address { + name = "testacc_securityNATSttRule2" + value = "192.0.2.128/27" + } + network_address { + name = "testacc_securityNATStt-prefix" + value = "192.0.2.160/27" + } + network_address { + name = "testacc_securityNATStt-src" + value = "192.0.2.224/27" + } +} +` +} From 08acec61e93540eb6575101fb741ecddd9a6c767 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Fri, 9 Sep 2022 09:04:52 +0200 Subject: [PATCH 2/4] r/security_nat_static_rule: remove the need to set 'routing_instance' argument with 'type' = 'inet' inside 'then' block 'then static-nat inet' without 'routing-instance' is correct to do NAT64 --- CHANGELOG.md | 1 + junos/resource_security_nat_static_rule.go | 15 +++---- .../resource_security_nat_static_rule_test.go | 39 +++++++++++++++++++ 3 files changed, 48 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c5f05626..d88f5589 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ ENHANCEMENTS: BUG FIXES: * resource/`junos_security_nat_static`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block of `rule` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) (Fixes #420) +* resource/`junos_security_nat_static_rule`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) ## 1.30.0 (September 07, 2022) diff --git a/junos/resource_security_nat_static_rule.go b/junos/resource_security_nat_static_rule.go index a0d99af7..8da2c182 100644 --- a/junos/resource_security_nat_static_rule.go +++ b/junos/resource_security_nat_static_rule.go @@ -401,16 +401,15 @@ func setSecurityNatStaticRule(d *schema.ResourceData, clt *Client, junSess *juno for _, v := range d.Get("then").([]interface{}) { then := v.(map[string]interface{}) if then["type"].(string) == inetW { - if then["routing_instance"].(string) == "" { - return fmt.Errorf("missing routing_instance with type = inet") - } if then["prefix"].(string) != "" || then["mapped_port"].(int) != 0 || then["mapped_port_to"].(int) != 0 { - return fmt.Errorf("only routing_instance need to be set with type = inet") + return fmt.Errorf("only routing_instance can be set with type = inet") + } + configSet = append(configSet, setPrefix+"then static-nat inet") + if rI := then["routing_instance"].(string); rI != "" { + configSet = append(configSet, setPrefix+"then static-nat inet routing-instance "+rI) } - configSet = append(configSet, setPrefix+"then static-nat inet routing-instance "+ - then["routing_instance"].(string)) } if then["type"].(string) == "prefix" || then["type"].(string) == "prefix-name" { setPrefixRuleThenStaticNat := setPrefix + "then static-nat " @@ -533,7 +532,9 @@ func readSecurityNatStaticRule(ruleSet, name string, clt *Client, junSess *junos default: ruleThenOptions["prefix"] = strings.Trim(itemThen, "\"") } - case strings.HasPrefix(itemThen, "inet "): + case itemThen == inetW: + ruleThenOptions["type"] = inetW + case strings.HasPrefix(itemThen, "inet routing-instance "): ruleThenOptions["type"] = inetW ruleThenOptions["routing_instance"] = strings.TrimPrefix(itemThen, "inet routing-instance ") } diff --git a/junos/resource_security_nat_static_rule_test.go b/junos/resource_security_nat_static_rule_test.go index 44c8628a..e156b373 100644 --- a/junos/resource_security_nat_static_rule_test.go +++ b/junos/resource_security_nat_static_rule_test.go @@ -60,6 +60,9 @@ func TestAccJunosSecurityNatStaticRule_basic(t *testing.T) { ImportState: true, ImportStateVerify: true, }, + { + Config: testAccJunosSecurityNatStaticRuleConfigCreate2(), + }, }, }) } @@ -85,6 +88,14 @@ resource "junos_security_nat_static_rule" "testacc_securityNATSttRule" { prefix = "192.0.2.128/25" } } +resource "junos_security_nat_static_rule" "testacc_securityNATSttRuleInet" { + name = "testacc_securityNATSttRuleInet" + rule_set = junos_security_nat_static.testacc_securityNATSttRule.name + destination_address = "64:ff9b::/96" + then { + type = "inet" + } +} resource "junos_security_zone" "testacc_securityNATSttRule" { name = "testacc_securityNATSttRule" @@ -178,3 +189,31 @@ resource "junos_security_address_book" "testacc_securityNATSttRule" { } ` } + +func testAccJunosSecurityNatStaticRuleConfigCreate2() string { + return ` +resource "junos_security_nat_static" "testacc_securityNATSttRuleInet" { + name = "testacc_securityNATSttRuleInet" + from { + type = "zone" + value = [junos_security_zone.testacc_securityNATSttRuleInet.name] + } + configure_rules_singly = true +} +resource "junos_security_nat_static_rule" "testacc_securityNATSttRuleInet" { + name = "testacc_securityNATSttRuleInet" + rule_set = junos_security_nat_static.testacc_securityNATSttRuleInet.name + destination_address = "64:ff9b::/96" + then { + type = "inet" + routing_instance = junos_routing_instance.testacc_securityNATSttRuleInet.name + } +} +resource "junos_security_zone" "testacc_securityNATSttRuleInet" { + name = "testacc_securityNATSttRuleInet" +} +resource "junos_routing_instance" "testacc_securityNATSttRuleInet" { + name = "testacc_securityNATSttRuleInet" +} +` +} From 56a37dde0193086cd9f42b27ac1436ab1ceeb755 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Fri, 9 Sep 2022 09:14:58 +0200 Subject: [PATCH 3/4] Release v1.30.1 --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d88f5589..45242db6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ ENHANCEMENTS: BUG FIXES: +## 1.30.1 (September 09, 2022) + +BUG FIXES: + * resource/`junos_security_nat_static`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block of `rule` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) (Fixes #420) * resource/`junos_security_nat_static_rule`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) From 93ae1eb27c934a43b37ba5fd1048a314a2a82fb7 Mon Sep 17 00:00:00 2001 From: Jeremy Muriel Date: Fri, 9 Sep 2022 09:18:49 +0200 Subject: [PATCH 4/4] update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 45242db6..b82be18e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,7 +11,7 @@ BUG FIXES: BUG FIXES: -* resource/`junos_security_nat_static`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block of `rule` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) (Fixes #420) +* resource/`junos_security_nat_static`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block of `rule` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) (Fixes [#420](https://github.com/jeremmfr/terraform-provider-junos/issues/420)) * resource/`junos_security_nat_static_rule`: remove the need to set `routing_instance` argument with `type` = `inet` inside `then` block (`then static-nat inet` without `routing-instance` is correct to do NAT64) ## 1.30.0 (September 07, 2022)