-
Notifications
You must be signed in to change notification settings - Fork 65
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Add CAPsMAN access-list resource (#281)
- v1.76.4
- v1.76.3
- v1.76.2
- v1.76.1
- v1.76.0
- v1.75.0
- v1.74.0
- v1.73.0
- v1.72.0
- v1.71.0
- v1.70.0
- v1.69.2
- v1.69.1
- v1.69.0
- v1.68.0
- v1.67.0
- v1.66.0
- v1.65.1
- v1.65.0
- v1.64.2
- v1.64.1
- v1.64.0
- v1.63.1
- v1.63.0
- v1.62.0
- v1.61.2
- v1.61.1
- v1.61.0
- v1.60.0
- v1.59.4
- v1.59.3
- v1.59.2
- v1.59.1
- v1.59.0
- v1.58.2
- v1.58.1
- v1.58.0
- v1.57.2
- v1.57.1
- v1.57.0
- v1.56.0
- v1.55.0
- v1.54.3
- v1.54.2
- v1.54.1
- v1.54.0
- v1.53.0
- v1.52.1
- v1.52.0
- v1.51.0
- v1.50.0
- v1.49.0
- v1.48.3
- v1.48.2
- v1.48.1
- v1.48.0
- v1.47.0
- v1.46.3
- v1.46.2
- v1.46.1
- v1.46.0
- v1.45.0
- v1.44.3
- v1.44.2
- v1.44.1
- v1.44.0
- v1.43.0
- v1.42.0
- v1.41.0
- v1.40.0
- v1.39.0
- v1.38.0
- v1.37.2
- v1.37.1
- v1.37.0
- v1.36.1
- v1.36.0
- v1.34.0
- v1.33.1
- v1.33.0
- v1.32.6
- v1.32.5
- v1.32.4
- v1.32.3
- v1.32.2
- v1.32.1
- v1.32.0
- v1.31.0
- v1.30.0
- v1.29.1
- v1.29.0
- v1.28.1
- v1.28.0
- v1.27.2
- v1.27.1
- v1.27.0
- v1.26.0
- v1.25.1
- v1.25.0
- v1.24.0
- v1.23.0
- v1.22.1
- v1.22.0
- v1.21.0
- v1.20.1
- v1.20.0
- v1.19.0
Showing
5 changed files
with
201 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
# routeros_capsman_access_list (Resource) | ||
|
||
|
||
## Example Usage | ||
```terraform | ||
resource "routeros_capsman_datapath" "test_rule" { | ||
comment = "Catch-all" | ||
interface = "cap1" | ||
signal_range = "-120..-85" | ||
allow_signal_out_of_range = "20s" | ||
action = "reject" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Optional | ||
|
||
- `action` (String) An action to take when a client matches. | ||
- `allow_signal_out_of_range` (String) An option that permits the client's signal to be out of the range always or for some time interval. | ||
- `ap_tx_limit` (Number) Transmission speed limit in the direction of the client.. | ||
- `client_to_client_forwarding` (Boolean) An option that specifies whether to allow forwarding data between clients connected to the same interface. | ||
- `client_tx_limit` (Number) Transmission speed limit in the direction of the access point. | ||
- `comment` (String) | ||
- `disabled` (Boolean) | ||
- `interface` (String) Interface name to compare with an interface to which the client actually connects to. | ||
- `mac_address` (String) MAC address of the client. | ||
- `mac_mask` (String) MAC address mask to apply when comparing clients' addresses. | ||
- `place_before` (String) Before which position the rule will be inserted. | ||
> Please check the effect of this option, as it does not work as you think! | ||
> Best way to use in conjunction with a data source. See [example](../data-sources/firewall.md#example-usage). | ||
- `private_passphrase` (String) PSK passphrase for the client if some PSK authentication algorithm is used. | ||
- `radius_accounting` (Boolean) An option that specifies if RADIUS traffic accounting should be used in case of RADIUS authentication of the client. | ||
- `signal_range` (String) The range in which the client signal must fall. | ||
- `ssid_regexp` (String) The regular expression to compare the actual SSID the client connects to. | ||
- `time` (String) Time of the day and days of the week when the rule is applicable. | ||
- `vlan_id` (Number) VLAN ID to use if vlan-mode enables use of VLAN tagging. | ||
- `vlan_mode` (String) VLAN tagging mode specifies if traffic coming from a client should get tagged and untagged when it goes back to the client. | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. | ||
|
||
## Import | ||
Import is supported using the following syntax: | ||
```shell | ||
#The ID can be found via API or the terminal | ||
#The command for the terminal is -> :put [/caps-man/access-list get [print show-ids]] | ||
terraform import routeros_capsman_access_list.test_rule "*1" | ||
``` | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
#The ID can be found via API or the terminal | ||
#The command for the terminal is -> :put [/caps-man/access-list get [print show-ids]] | ||
terraform import routeros_capsman_access_list.test_rule "*1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
resource "routeros_capsman_datapath" "test_rule" { | ||
comment = "Catch-all" | ||
interface = "cap1" | ||
signal_range = "-120..-85" | ||
allow_signal_out_of_range = "20s" | ||
action = "reject" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
package routeros | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/diag" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" | ||
) | ||
|
||
/* | ||
{ | ||
".id": "*1", | ||
"allow-signal-out-of-range": "10s", | ||
"comment": "Laptop", | ||
"disabled": "false", | ||
"mac-address": "00:00:00:00:00:00", | ||
"signal-range": "-120..120", | ||
"ssid-regexp": "", | ||
"time": "0s-1d,sun,mon,tue,wed,thu,fri,sat", | ||
"vlan-id": "1", | ||
"vlan-mode": "use-tag" | ||
} | ||
*/ | ||
|
||
// https://help.mikrotik.com/docs/display/ROS/CAPsMAN | ||
func ResourceCapsManAccessList() *schema.Resource { | ||
resSchema := map[string]*schema.Schema{ | ||
MetaResourcePath: PropResourcePath("/caps-man/access-list"), | ||
MetaId: PropId(Id), | ||
|
||
KeyComment: PropCommentRw, | ||
KeyDisabled: PropDisabledRw, | ||
"action": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "An action to take when a client matches.", | ||
ValidateFunc: validation.StringInSlice([]string{"accept", "reject", "query-radius"}, false), | ||
}, | ||
"allow_signal_out_of_range": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Default: "10s", | ||
Description: "An option that permits the client's signal to be out of the range always or for some time interval.", | ||
DiffSuppressFunc: TimeEquall, | ||
}, | ||
"ap_tx_limit": { | ||
Type: schema.TypeInt, | ||
Optional: true, | ||
Description: "Transmission speed limit in the direction of the client..", | ||
}, | ||
"client_to_client_forwarding": { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
Description: "An option that specifies whether to allow forwarding data between clients connected to the same interface.", | ||
}, | ||
"client_tx_limit": { | ||
Type: schema.TypeInt, | ||
Optional: true, | ||
Description: "Transmission speed limit in the direction of the access point.", | ||
}, | ||
"mac_address": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "MAC address of the client.", | ||
}, | ||
"mac_mask": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "MAC address mask to apply when comparing clients' addresses.", | ||
}, | ||
"interface": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "Interface name to compare with an interface to which the client actually connects to.", | ||
}, | ||
KeyPlaceBefore: PropPlaceBefore, | ||
"private_passphrase": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "PSK passphrase for the client if some PSK authentication algorithm is used.", | ||
}, | ||
"radius_accounting": { | ||
Type: schema.TypeBool, | ||
Optional: true, | ||
Description: "An option that specifies if RADIUS traffic accounting should be used in case of RADIUS authentication of the client.", | ||
}, | ||
"signal_range": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Default: "-120..120", | ||
Description: "The range in which the client signal must fall.", | ||
}, | ||
"ssid_regexp": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "The regular expression to compare the actual SSID the client connects to.", | ||
}, | ||
"time": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Default: "0s-1d,sun,mon,tue,wed,thu,fri,sat", | ||
Description: "Time of the day and days of the week when the rule is applicable.", | ||
}, | ||
"vlan_id": { | ||
Type: schema.TypeInt, | ||
Optional: true, | ||
Description: "VLAN ID to use if vlan-mode enables use of VLAN tagging.", | ||
ValidateFunc: validation.IntBetween(1, 4094), | ||
}, | ||
"vlan_mode": { | ||
Type: schema.TypeString, | ||
Optional: true, | ||
Description: "VLAN tagging mode specifies if traffic coming from a client should get tagged and untagged when it goes back to the client.", | ||
ValidateFunc: validation.StringInSlice([]string{"no-tag", "use-service-tag", "use-tag"}, false), | ||
}, | ||
} | ||
|
||
return &schema.Resource{ | ||
CreateContext: DefaultCreate(resSchema), | ||
ReadContext: DefaultRead(resSchema), | ||
UpdateContext: func(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics { | ||
resSchema[MetaSkipFields].Default = `"place_before"` | ||
defer func() { | ||
resSchema[MetaSkipFields].Default = `` | ||
}() | ||
|
||
return ResourceUpdate(ctx, resSchema, d, m) | ||
}, | ||
DeleteContext: DefaultDelete(resSchema), | ||
|
||
Importer: &schema.ResourceImporter{ | ||
StateContext: schema.ImportStatePassthroughContext, | ||
}, | ||
|
||
Schema: resSchema, | ||
} | ||
} |