diff --git a/examples/resources/routeros_interface_dot1x_server/import.sh b/examples/resources/routeros_interface_dot1x_server/import.sh new file mode 100644 index 00000000..cdf9a9ed --- /dev/null +++ b/examples/resources/routeros_interface_dot1x_server/import.sh @@ -0,0 +1,3 @@ +#The ID can be found via API or the terminal +#The command for the terminal is -> :put [/interface/dot1x/server get [print show-ids]] +terraform import routeros_interface_dot1x_server.ether2 *1 diff --git a/examples/resources/routeros_interface_dot1x_server/resource.tf b/examples/resources/routeros_interface_dot1x_server/resource.tf new file mode 100644 index 00000000..38de4b6d --- /dev/null +++ b/examples/resources/routeros_interface_dot1x_server/resource.tf @@ -0,0 +1,4 @@ +resource "routeros_interface_dot1x_server" "ether2" { + auth_types = "mac-auth" + interface = "ether2" +} diff --git a/routeros/provider.go b/routeros/provider.go index 06144c51..1a0d86a6 100644 --- a/routeros/provider.go +++ b/routeros/provider.go @@ -105,6 +105,7 @@ func Provider() *schema.Provider { "routeros_interface_bridge_vlan": ResourceInterfaceBridgeVlan(), "routeros_interface_bridge_settings": ResourceInterfaceBridgeSettings(), "routeros_interface_dot1x_client": ResourceInterfaceDot1xClient(), + "routeros_interface_dot1x_server": ResourceInterfaceDot1xServer(), "routeros_interface_eoip": ResourceInterfaceEoip(), "routeros_interface_ethernet_switch": ResourceInterfaceEthernetSwitch(), "routeros_interface_gre": ResourceInterfaceGre(), diff --git a/routeros/resource_interface_dot1x.go b/routeros/resource_interface_dot1x.go index a3989d57..d8ccd128 100644 --- a/routeros/resource_interface_dot1x.go +++ b/routeros/resource_interface_dot1x.go @@ -2,6 +2,7 @@ package routeros import ( "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" ) // https://help.mikrotik.com/docs/display/ROS/Dot1X#Dot1X-Client @@ -59,3 +60,100 @@ func ResourceInterfaceDot1xClient() *schema.Resource { Schema: resSchema, } } + +// https://help.mikrotik.com/docs/display/ROS/Dot1X#Dot1X-Server +func ResourceInterfaceDot1xServer() *schema.Resource { + resSchema := map[string]*schema.Schema{ + MetaResourcePath: PropResourcePath("/interface/dot1x/server"), + MetaId: PropId(Id), + + "accounting": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: "Whether to send RADIUS accounting requests to the authentication server.", + }, + "auth_timeout": { + Type: schema.TypeString, + Optional: true, + Default: "1m", + Description: "Total time available for EAP authentication.", + DiffSuppressFunc: TimeEquall, + }, + "auth_types": { + Type: schema.TypeString, + Optional: true, + Default: "dot1x", + Description: "Used authentication type on a server interface. Comma-separated list of `dot1x` and `mac-auth`.", + }, + KeyComment: PropCommentRw, + KeyDisabled: PropDisabledRw, + "guest_vlan_id": { + Type: schema.TypeInt, + Optional: true, + Description: "Assigned VLAN when end devices do not support dot1x authentication and no mac-auth fallback is configured.", + ValidateFunc: validation.IntBetween(1, 4094), + }, + KeyInterface: PropInterfaceRw, + "interim_update": { + Type: schema.TypeString, + Optional: true, + Default: "0s", + Description: "Interval between scheduled RADIUS Interim-Update messages.", + DiffSuppressFunc: TimeEquall, + }, + "mac_auth_mode": { + Type: schema.TypeString, + Optional: true, + Default: "mac-as-username", + Description: "An option that allows to control User-Name and User-Password RADIUS attributes when using MAC authentication.", + ValidateFunc: validation.StringInSlice([]string{"mac-as-username", "mac-as-username-and-password"}, false), + }, + "radius_mac_format": { + Type: schema.TypeString, + Optional: true, + Default: "XX:XX:XX:XX:XX:XX", + Description: "An option that controls how the MAC address of the client is encoded in the User-Name and User-Password attributes when using MAC authentication.", + ValidateFunc: validation.StringInSlice([]string{"XX-XX-XX-XX-XX-XX", "XX:XX:XX:XX:XX:XX", "XXXXXXXXXXXX", + "xx-xx-xx-xx-xx-xx", "xx:xx:xx:xx:xx:xx", "xxxxxxxxxxxx"}, false), + }, + "reauth_timeout": { + Type: schema.TypeString, + Optional: true, + Description: "An option that enables server port re-authentication.", + DiffSuppressFunc: TimeEquall, + }, + "reject_vlan_id": { + Type: schema.TypeInt, + Optional: true, + Description: "Assigned VLAN when authentication failed, and a RADIUS server responded with an Access-Reject message. ", + ValidateFunc: validation.IntBetween(1, 4094), + }, + "retrans_timeout": { + Type: schema.TypeString, + Optional: true, + Default: "30s", + Description: "The time interval between message re-transmissions if no response is received from the supplicant.", + DiffSuppressFunc: TimeEquall, + }, + "server_fail_vlan_id": { + Type: schema.TypeInt, + Optional: true, + Description: "Assigned VLAN when RADIUS server is not responding and request timed out.", + ValidateFunc: validation.IntBetween(1, 4094), + }, + } + + return &schema.Resource{ + CreateContext: DefaultCreate(resSchema), + ReadContext: DefaultRead(resSchema), + UpdateContext: DefaultUpdate(resSchema), + DeleteContext: DefaultDelete(resSchema), + + Importer: &schema.ResourceImporter{ + StateContext: schema.ImportStatePassthroughContext, + }, + + Schema: resSchema, + } +}