Merge pull request #705 from jeremmfr/main

Release v2.9.0
jeremmfr · Sep 10, 2024 · ea6d7ad · ea6d7ad
2 parents 4499d2c + 5bc1d51
commit ea6d7ad
Show file tree

Hide file tree

Showing 298 changed files with 10,825 additions and 7,957 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -1,14 +1,14 @@
 name: Go Tests
 on: [push, pull_request]
 jobs:
-  build-1_21:
-    name: Build 1.21
+  build-1_22:
+    name: Build 1.22
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.21
+      - name: Set up Go 1.22
         uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
           check-latest: true
         id: go
       - name: Disable cgo
@@ -21,14 +21,14 @@ jobs:
       - name: Build
         run: go build -v .
 
-  build-1_22:
-    name: Build 1.22
+  build-1_23:
+    name: Build 1.23
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.22
+      - name: Set up Go 1.23
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           check-latest: true
         id: go
       - name: Disable cgo
@@ -45,10 +45,10 @@ jobs:
     name: Test
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.22
+      - name: Set up Go 1.23
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           check-latest: true
         id: go
       - name: Disable cgo

diff --git a/.github/workflows/go_analysis.yml b/.github/workflows/go_analysis.yml
@@ -16,7 +16,7 @@ jobs:
       - name: Running govulncheck
         uses: Templum/[email protected]
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           package: ./...
           fail-on-vuln: false
 

diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
@@ -5,10 +5,10 @@ jobs:
     name: golangci-lint
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.22
+      - name: Set up Go 1.23
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           check-latest: true
         id: go
       - name: Disable cgo
@@ -19,7 +19,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v6
         with:
-          version: v1.59.1
+          version: v1.60.3
           args: -c .golangci.yml -v
 
   markdown-lint:
@@ -38,10 +38,10 @@ jobs:
     name: terrafmt
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.22
+      - name: Set up Go 1.23
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           check-latest: true
         id: go
       - name: Show version

diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml
@@ -38,10 +38,10 @@ jobs:
           - goos: windows
             goarch: arm64
     steps:
-      - name: Set up Go 1.22
+      - name: Set up Go 1.23
         uses: actions/setup-go@v5
         with:
-          go-version: '1.22'
+          go-version: '1.23'
           check-latest: true
         id: go
       - name: Show version
@@ -55,13 +55,6 @@ jobs:
           echo "REPO_NAME=$(echo ${GITHUB_REPOSITORY} | cut -d'/' -f2)" >> $GITHUB_ENV
           echo "GOOS=$(echo ${{ matrix.goos }})" >> $GITHUB_ENV
           echo "GOARCH=$(echo ${{ matrix.goarch }})" >> $GITHUB_ENV
-      - name: Setup aarch64 for arm64
-        run: |
-          if [[ "${{ matrix.goarch }}" == "arm64" ]] ; then
-            sudo apt update
-            sudo apt install -y gcc-aarch64-linux-gnu
-            echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
-          fi
       - name: Define version in build
         run: echo ${RELEASE_VERSION} > internal/version/version.txt
       - name: Build

diff --git a/.golangci.yml b/.golangci.yml
@@ -7,6 +7,7 @@ linters:
     # deprecated
     - execinquery # deprecated 1.58.0
     - gomnd # deprecated 1.58.0
+    - exportloopref # deprecated 1.60.2
     # unwanted
     - cyclop
     - depguard
@@ -43,6 +44,12 @@ linters-settings:
     min-occurrences: 25
     # Ignore test files.
     ignore-tests: true
+  gocritic:
+    enabled-checks:
+      - ruleguard
+    settings:
+      ruleguard:
+        rules: '${configDir}/internal/ruleguard/*.go'
   gocyclo:
     # minimal code complexity to report, 30 by default
     min-complexity: 100
@@ -84,6 +91,11 @@ linters-settings:
       - name: import-alias-naming
       - name: import-shadowing
       - name: unhandled-error
+  tagliatelle:
+    case:
+      rules:
+        json: snake
+        tfsdk: snake
 
 issues:
   exclude-rules:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,14 +1,59 @@
 <!-- markdownlint-disable-file MD013 MD041 -->
 # changelog
 
+## v2.9.0 (2024-09-10)
+
+FEATURES:
+
+* add **junos_applications** resource (Fix [#694](https://github.com/jeremmfr/terraform-provider-junos/issues/694))
+* add **junos_security_authentication_key_chain** resource
+* **provider**: add `no_decode_secrets` attribute to disable decoding secret `$9$` hashes by Junos device when reading resource data (Fix [#688](https://github.com/jeremmfr/terraform-provider-junos/issues/688))
+
+ENHANCEMENTS:
+
+* **resource/junos_application**: add `do_not_translate_a_query_to_aaaa_query`, `do_not_translate_aaaa_query_to_a_query`, `icmp_code`, `icmp_type`, `icmp6_code` and `icmp6_type` arguments
+* **data-source/junos_applications**:
+  * add `do_not_translate_a_query_to_aaaa_query`, `do_not_translate_aaaa_query_to_a_query`, `icmp_code`, `icmp_type`, `icmp6_code` and `icmp6_type` attributes in `applications` attribute
+  * add `do_not_translate_a_query_to_aaaa_query` and `do_not_translate_aaaa_query_to_a_query` arguments inside `match_options` block argument
+* **resource/junos_rip_group**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+* **resource/junos_rip_neighbor**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+* **resource/junos_snmp_v3_usm_user**: now provider store the corresponding `authentication-key` and `privacy-key` of `authentication-password` and `privacy-password` in private state of Terraform after create/update resource to be able to detect a change of the password outside of Terraform.
+* **resource/junos_system**: add `keys` argument inside `license` block argument (Fix [#689](https://github.com/jeremmfr/terraform-provider-junos/issues/689))
+* **resource/junos_system_login_user**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * now provider store the corresponding `authentication encrypted-password` of `authentication plain-text-password` in private state of Terraform after create/update resource to be able to detect a change of the password outside of Terraform.
+* **resource/junos_system_root_authentication**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  * now provider store the corresponding `encrypted-password` of `plain-text-password` in private state of Terraform after create/update resource to be able to detect a change of the password outside of Terraform.
+* release now with golang 1.23
+
+BUG FIXES:
+
+* **resource/junos_security_ike_policy**, **resource/junos_security_ike_proposal**, **resource/junos_security_ipsec_policy**, **resource/junos_security_ipsec_proposal**, **resource/junos_security_ipsec_vpn**: don't check device compatibility with security model (could be used on non-security devices)
+
 ## v2.8.0 (2024-06-27)
 
 ENHANCEMENTS:
 
-* **resource/junos_bridge_domain**:  add `static_remote_vtep_list` argument inside `vxlan` block argument (Fix [#672](https://github.com/jeremmfr/terraform-provider-junos/issues/672))
+* **resource/junos_bridge_domain**: add `static_remote_vtep_list` argument inside `vxlan` block argument (Fix [#672](https://github.com/jeremmfr/terraform-provider-junos/issues/672))
 * **resource/junos_interface_logical**: add `encapsulation` argument (Fix [#674](https://github.com/jeremmfr/terraform-provider-junos/issues/674))
 * **data-source/junos_interface_logical**: add `encapsulation` attribute like resource
-* **resource/junos_routing_instance**:  add `remote_vtep_list` and `remote_vtep_v6_list` arguments (Fix [#673](https://github.com/jeremmfr/terraform-provider-junos/issues/673))
+* **resource/junos_routing_instance**: add `remote_vtep_list` and `remote_vtep_v6_list` arguments (Fix [#673](https://github.com/jeremmfr/terraform-provider-junos/issues/673))
 * **data-source/junos_routing_instance**: add `remote_vtep_list` and `remote_vtep_v6_list` attributes like resource
 * **resource/junos_rstp**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
   some of config errors are now sent during Plan instead of during Apply  
@@ -23,8 +68,8 @@ ENHANCEMENTS:
   optional string attributes doesn't accept *empty* value  
   the resource schema has been upgraded to have one-blocks in single mode instead of list
   * add `transport` block argument (Fix [#675](https://github.com/jeremmfr/terraform-provider-junos/issues/675))
-* **resource/junos_switch_options**:  add `remote_vtep_list` and `remote_vtep_v6_list` arguments
-* **resource/junos_vlan**:  add `static_remote_vtep_list` argument inside `vxlan` block argument
+* **resource/junos_switch_options**: add `remote_vtep_list` and `remote_vtep_v6_list` arguments
+* **resource/junos_vlan**: add `static_remote_vtep_list` argument inside `vxlan` block argument
 * **resource/junos_vstp**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
   some of config errors are now sent during Plan instead of during Apply  
   optional boolean attributes doesn't accept value *false*
@@ -46,7 +91,7 @@ FEATURES:
 
 ENHANCEMENTS:
 
-* **data-source/junos_interfaces_physical_present**:  
+* **data-source/junos_interfaces_physical_present**:
   * add `interfaces` block map attribute with same attributes as `interface_statuses` and additional `logical_interface_names` attribute (Fix [#641](https://github.com/jeremmfr/terraform-provider-junos/issues/641))
   * deprecate `interface_statuses` attribute (read the `interfaces` attribute instead)
 * **resource/junos_evpn**: add `no_core_isolation` argument (Fix [#644](https://github.com/jeremmfr/terraform-provider-junos/issues/644))
@@ -111,7 +156,7 @@ ENHANCEMENTS:
   optional string attributes doesn't accept *empty* value  
 * **resource/junos_snmp_v3_community**: resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
   optional string attributes doesn't accept *empty* value  
-* **resource/junos_snmp_v3_usm_user**:  
+* **resource/junos_snmp_v3_usm_user**:
   * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
   some of config errors are now sent during Plan instead of during Apply  
   optional string attributes doesn't accept *empty* value  

diff --git a/Makefile b/Makefile
@@ -7,26 +7,30 @@ install:
 	go install
 
 # Run acceptance tests
-testacc:
-	cd internal/providerfwk ; TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk.out $(TESTARGS)
-	go tool cover -html=coverage_fwk.out
-	cd internal/providersdk ; TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_sdk.out $(TESTARGS)
-	go tool cover -html=coverage_sdk.out
 testacc/srx:
 	cd internal/providerfwk ; TESTACC_SRX=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk_srx.out $(TESTARGS)
 	go tool cover -html=coverage_fwk_srx.out
 	cd internal/providersdk ; TESTACC_SRX=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_sdk_srx.out $(TESTARGS)
 	go tool cover -html=coverage_sdk_srx.out
+testacc/upgradestate/srx:
+	cd internal/providerfwk ; TESTACC_UPGRADE_STATE=1 TESTACC_SRX=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk_srx.out -run "TestAccUpgradeState" $(TESTARGS)
+	go tool cover -html=coverage_fwk_srx.out
 testacc/router:
 	cd internal/providerfwk ; TESTACC_ROUTER=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk_router.out $(TESTARGS)
 	go tool cover -html=coverage_fwk_router.out
 	cd internal/providersdk ; TESTACC_ROUTER=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_sdk_router.out $(TESTARGS)
 	go tool cover -html=coverage_sdk_router.out
+testacc/upgradestate/router:
+	cd internal/providerfwk ; TESTACC_UPGRADE_STATE=1 TESTACC_ROUTER=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk_router.out -run "TestAccUpgradeState" $(TESTARGS)
+	go tool cover -html=coverage_fwk_router.out
 testacc/switch:
 	cd internal/providerfwk ; TESTACC_SWITCH=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk_switch.out $(TESTARGS)
 	go tool cover -html=coverage_fwk_switch.out
 	cd internal/providersdk ; TESTACC_SWITCH=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_sdk_switch.out $(TESTARGS)
 	go tool cover -html=coverage_sdk_switch.out
+testacc/upgradestate/switch:
+	cd internal/providerfwk ; TESTACC_UPGRADE_STATE=1 TESTACC_SWITCH=1 TF_ACC=1 go test -v --timeout 0 -coverprofile=../../coverage_fwk_switch.out -run "TestAccUpgradeState" $(TESTARGS)
+	go tool cover -html=coverage_fwk_switch.out
 
 # Run unit tests
 testunit: 

diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ for provider and resources documentation.
 
 ### In addition to develop
 
-- [Go](https://golang.org/doc/install) `v1.21` or `v1.22`
+- [Go](https://golang.org/doc/install) `v1.22` or `v1.23`
 
 ## Automatic install
 

diff --git a/docs/data-sources/applications.md b/docs/data-sources/applications.md
@@ -36,6 +36,10 @@ The following arguments are supported:
     Application protocol type.
   - **destination_port** (Optional, String)  
     Match TCP/UDP destination port.
+  - **do_not_translate_a_query_to_aaaa_query** (Optional, Boolean)  
+    Knob to control the translation of A query to AAAA query.
+  - **do_not_translate_aaaa_query_to_a_query** (Optional, Boolean)  
+    Knob to control the translation of AAAA query to A query.
   - **ether_type** (Optional, String)  
     Match ether type.
   - **icmp_code** (Optional, String)  
@@ -75,8 +79,20 @@ The following attributes are exported:
     Text description of application.
   - **destination_port** (String)  
     Port(s) destination used by application.
+  - **do_not_translate_a_query_to_aaaa_query** (Boolean)  
+    Knob to control the translation of A query to AAAA query.
+  - **do_not_translate_aaaa_query_to_a_query** (Boolean)  
+    Knob to control the translation of AAAA query to A query.
   - **ether_type** (String)  
     Match ether type.
+  - **icmp_code** (String)  
+    Match ICMP message code.
+  - **icmp_type** (String)  
+    Match ICMP message type.
+  - **icmp6_code** (String)  
+    Match ICMP6 message code.
+  - **icmp6_type** (String)  
+    Match ICMP6 message type.
   - **inactivity_timeout** (Number)  
     Application-specific inactivity timeout (4..86400 seconds).
   - **inactivity_timeout_never** (Boolean)  

diff --git a/docs/data-sources/interface_logical.md b/docs/data-sources/interface_logical.md
@@ -30,7 +30,8 @@ The following arguments are supported:
 - **match** (Optional, String)  
   Regex string to filter lines and find only one interface.
 
-~> **NOTE:** If more or less than a single match is returned by the search, Terraform will fail.
+~> **Note**
+  If more or less than a single match is returned by the search, Terraform will fail.
 
 ## Attribute Reference
 

diff --git a/docs/data-sources/interface_physical.md b/docs/data-sources/interface_physical.md
@@ -26,7 +26,8 @@ The following arguments are supported:
 - **match** (Optional, String)  
   Regex string to filter lines and find only one interface.
 
-~> **NOTE:** If more or less than a single match is returned by the search, Terraform will fail.
+~> **Note**
+  If more or less than a single match is returned by the search, Terraform will fail.
 
 ## Attribute Reference