feat: Add 802.1X server resource

terraform-routeros · Nov 10, 2023 · 05894af · 05894af
1 parent db76369
commit 05894af
Show file tree

Hide file tree

Showing 4 changed files with 106 additions and 0 deletions.
diff --git a/examples/resources/routeros_interface_dot1x_server/import.sh b/examples/resources/routeros_interface_dot1x_server/import.sh
@@ -0,0 +1,3 @@
+#The ID can be found via API or the terminal
+#The command for the terminal is -> :put [/interface/dot1x/server get [print show-ids]]
+terraform import routeros_interface_dot1x_server.ether2 *1
diff --git a/examples/resources/routeros_interface_dot1x_server/resource.tf b/examples/resources/routeros_interface_dot1x_server/resource.tf
@@ -0,0 +1,4 @@
+resource "routeros_interface_dot1x_server" "ether2" {
+  auth_types = "mac-auth"
+  interface = "ether2"
+}
diff --git a/routeros/provider.go b/routeros/provider.go
@@ -105,6 +105,7 @@ func Provider() *schema.Provider {
 			"routeros_interface_bridge_vlan":     ResourceInterfaceBridgeVlan(),
 			"routeros_interface_bridge_settings": ResourceInterfaceBridgeSettings(),
 			"routeros_interface_dot1x_client":    ResourceInterfaceDot1xClient(),
+			"routeros_interface_dot1x_server":    ResourceInterfaceDot1xServer(),
 			"routeros_interface_eoip":            ResourceInterfaceEoip(),
 			"routeros_interface_ethernet_switch": ResourceInterfaceEthernetSwitch(),
 			"routeros_interface_gre":             ResourceInterfaceGre(),

diff --git a/routeros/resource_interface_dot1x.go b/routeros/resource_interface_dot1x.go
@@ -2,6 +2,7 @@ package routeros
 
 import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 )
 
 // https://help.mikrotik.com/docs/display/ROS/Dot1X#Dot1X-Client
@@ -59,3 +60,100 @@ func ResourceInterfaceDot1xClient() *schema.Resource {
 		Schema: resSchema,
 	}
 }
+
+// https://help.mikrotik.com/docs/display/ROS/Dot1X#Dot1X-Server
+func ResourceInterfaceDot1xServer() *schema.Resource {
+	resSchema := map[string]*schema.Schema{
+		MetaResourcePath: PropResourcePath("/interface/dot1x/server"),
+		MetaId:           PropId(Id),
+
+		"accounting": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "Whether to send RADIUS accounting requests to the authentication server.",
+		},
+		"auth_timeout": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "1m",
+			Description: "Total time available for EAP authentication.",
+			DiffSuppressFunc: TimeEquall,
+		},
+		"auth_types": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "dot1x",
+			Description: "Used authentication type on a server interface. Comma-separated list of `dot1x` and `mac-auth`.",
+		},
+		KeyComment:  PropCommentRw,
+		KeyDisabled: PropDisabledRw,
+		"guest_vlan_id": {
+			Type:         schema.TypeInt,
+			Optional:     true,
+			Description:  "Assigned VLAN when end devices do not support dot1x authentication and no mac-auth fallback is configured.",
+			ValidateFunc: validation.IntBetween(1, 4094),
+		},
+		KeyInterface: PropInterfaceRw,
+		"interim_update": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "0s",
+			Description: "Interval between scheduled RADIUS Interim-Update messages.",
+			DiffSuppressFunc: TimeEquall,
+		},
+		"mac_auth_mode": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "mac-as-username",
+			Description: "An option that allows to control User-Name and User-Password RADIUS attributes when using MAC authentication.",
+			ValidateFunc: validation.StringInSlice([]string{"mac-as-username", "mac-as-username-and-password"}, false),
+		},
+		"radius_mac_format": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "XX:XX:XX:XX:XX:XX",
+			Description: "An option that controls how the MAC address of the client is encoded in the User-Name and User-Password attributes when using MAC authentication.",
+			ValidateFunc: validation.StringInSlice([]string{"XX-XX-XX-XX-XX-XX", "XX:XX:XX:XX:XX:XX", "XXXXXXXXXXXX",
+				"xx-xx-xx-xx-xx-xx", "xx:xx:xx:xx:xx:xx", "xxxxxxxxxxxx"}, false),
+		},
+		"reauth_timeout": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "An option that enables server port re-authentication.",
+			DiffSuppressFunc: TimeEquall,
+		},
+		"reject_vlan_id": {
+			Type:        schema.TypeInt,
+			Optional:    true,
+			Description: "Assigned VLAN when authentication failed, and a RADIUS server responded with an Access-Reject message. ",
+			ValidateFunc: validation.IntBetween(1, 4094),
+		},
+		"retrans_timeout": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Default:     "30s",
+			Description: "The time interval between message re-transmissions if no response is received from the supplicant.",
+			DiffSuppressFunc: TimeEquall,
+		},
+		"server_fail_vlan_id": {
+			Type:        schema.TypeInt,
+			Optional:    true,
+			Description: "Assigned VLAN when RADIUS server is not responding and request timed out.",
+			ValidateFunc: validation.IntBetween(1, 4094),
+		},
+	}
+
+	return &schema.Resource{
+		CreateContext: DefaultCreate(resSchema),
+		ReadContext: DefaultRead(resSchema),
+		UpdateContext: DefaultUpdate(resSchema),
+		DeleteContext: DefaultDelete(resSchema),
+
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+
+		Schema: resSchema,
+	}
+}