Skip to content

Commit

Permalink
Showing 5 changed files with 201 additions and 0 deletions.
52 changes: 52 additions & 0 deletions docs/resources/capsman_access_list.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# routeros_capsman_access_list (Resource)


## Example Usage
```terraform
resource "routeros_capsman_datapath" "test_rule" {
comment = "Catch-all"
interface = "cap1"
signal_range = "-120..-85"
allow_signal_out_of_range = "20s"
action = "reject"
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Optional

- `action` (String) An action to take when a client matches.
- `allow_signal_out_of_range` (String) An option that permits the client's signal to be out of the range always or for some time interval.
- `ap_tx_limit` (Number) Transmission speed limit in the direction of the client..
- `client_to_client_forwarding` (Boolean) An option that specifies whether to allow forwarding data between clients connected to the same interface.
- `client_tx_limit` (Number) Transmission speed limit in the direction of the access point.
- `comment` (String)
- `disabled` (Boolean)
- `interface` (String) Interface name to compare with an interface to which the client actually connects to.
- `mac_address` (String) MAC address of the client.
- `mac_mask` (String) MAC address mask to apply when comparing clients' addresses.
- `place_before` (String) Before which position the rule will be inserted.
> Please check the effect of this option, as it does not work as you think!
> Best way to use in conjunction with a data source. See [example](../data-sources/firewall.md#example-usage).
- `private_passphrase` (String) PSK passphrase for the client if some PSK authentication algorithm is used.
- `radius_accounting` (Boolean) An option that specifies if RADIUS traffic accounting should be used in case of RADIUS authentication of the client.
- `signal_range` (String) The range in which the client signal must fall.
- `ssid_regexp` (String) The regular expression to compare the actual SSID the client connects to.
- `time` (String) Time of the day and days of the week when the rule is applicable.
- `vlan_id` (Number) VLAN ID to use if vlan-mode enables use of VLAN tagging.
- `vlan_mode` (String) VLAN tagging mode specifies if traffic coming from a client should get tagged and untagged when it goes back to the client.

### Read-Only

- `id` (String) The ID of this resource.

## Import
Import is supported using the following syntax:
```shell
#The ID can be found via API or the terminal
#The command for the terminal is -> :put [/caps-man/access-list get [print show-ids]]
terraform import routeros_capsman_access_list.test_rule "*1"
```

3 changes: 3 additions & 0 deletions examples/resources/routeros_capsman_access_list/import.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#The ID can be found via API or the terminal
#The command for the terminal is -> :put [/caps-man/access-list get [print show-ids]]
terraform import routeros_capsman_access_list.test_rule "*1"
7 changes: 7 additions & 0 deletions examples/resources/routeros_capsman_access_list/resource.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resource "routeros_capsman_datapath" "test_rule" {
comment = "Catch-all"
interface = "cap1"
signal_range = "-120..-85"
allow_signal_out_of_range = "20s"
action = "reject"
}
1 change: 1 addition & 0 deletions routeros/provider.go
Original file line number Diff line number Diff line change
@@ -144,6 +144,7 @@ func Provider() *schema.Provider {
// https://help.mikrotik.com/docs/display/ROS/WifiWave2#WifiWave2-WifiWave2CAPsMAN

// CAPsMAN Objects
"routeros_capsman_access_list": ResourceCapsManAccessList(),
"routeros_capsman_channel": ResourceCapsManChannel(),
"routeros_capsman_configuration": ResourceCapsManConfiguration(),
"routeros_capsman_datapath": ResourceCapsManDatapath(),
138 changes: 138 additions & 0 deletions routeros/resource_capsman_access_list.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
package routeros

import (
"context"

"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
)

/*
{
".id": "*1",
"allow-signal-out-of-range": "10s",
"comment": "Laptop",
"disabled": "false",
"mac-address": "00:00:00:00:00:00",
"signal-range": "-120..120",
"ssid-regexp": "",
"time": "0s-1d,sun,mon,tue,wed,thu,fri,sat",
"vlan-id": "1",
"vlan-mode": "use-tag"
}
*/

// https://help.mikrotik.com/docs/display/ROS/CAPsMAN
func ResourceCapsManAccessList() *schema.Resource {
resSchema := map[string]*schema.Schema{
MetaResourcePath: PropResourcePath("/caps-man/access-list"),
MetaId: PropId(Id),

KeyComment: PropCommentRw,
KeyDisabled: PropDisabledRw,
"action": {
Type: schema.TypeString,
Optional: true,
Description: "An action to take when a client matches.",
ValidateFunc: validation.StringInSlice([]string{"accept", "reject", "query-radius"}, false),
},
"allow_signal_out_of_range": {
Type: schema.TypeString,
Optional: true,
Default: "10s",
Description: "An option that permits the client's signal to be out of the range always or for some time interval.",
DiffSuppressFunc: TimeEquall,
},
"ap_tx_limit": {
Type: schema.TypeInt,
Optional: true,
Description: "Transmission speed limit in the direction of the client..",
},
"client_to_client_forwarding": {
Type: schema.TypeBool,
Optional: true,
Description: "An option that specifies whether to allow forwarding data between clients connected to the same interface.",
},
"client_tx_limit": {
Type: schema.TypeInt,
Optional: true,
Description: "Transmission speed limit in the direction of the access point.",
},
"mac_address": {
Type: schema.TypeString,
Optional: true,
Description: "MAC address of the client.",
},
"mac_mask": {
Type: schema.TypeString,
Optional: true,
Description: "MAC address mask to apply when comparing clients' addresses.",
},
"interface": {
Type: schema.TypeString,
Optional: true,
Description: "Interface name to compare with an interface to which the client actually connects to.",
},
KeyPlaceBefore: PropPlaceBefore,
"private_passphrase": {
Type: schema.TypeString,
Optional: true,
Description: "PSK passphrase for the client if some PSK authentication algorithm is used.",
},
"radius_accounting": {
Type: schema.TypeBool,
Optional: true,
Description: "An option that specifies if RADIUS traffic accounting should be used in case of RADIUS authentication of the client.",
},
"signal_range": {
Type: schema.TypeString,
Optional: true,
Default: "-120..120",
Description: "The range in which the client signal must fall.",
},
"ssid_regexp": {
Type: schema.TypeString,
Optional: true,
Description: "The regular expression to compare the actual SSID the client connects to.",
},
"time": {
Type: schema.TypeString,
Optional: true,
Default: "0s-1d,sun,mon,tue,wed,thu,fri,sat",
Description: "Time of the day and days of the week when the rule is applicable.",
},
"vlan_id": {
Type: schema.TypeInt,
Optional: true,
Description: "VLAN ID to use if vlan-mode enables use of VLAN tagging.",
ValidateFunc: validation.IntBetween(1, 4094),
},
"vlan_mode": {
Type: schema.TypeString,
Optional: true,
Description: "VLAN tagging mode specifies if traffic coming from a client should get tagged and untagged when it goes back to the client.",
ValidateFunc: validation.StringInSlice([]string{"no-tag", "use-service-tag", "use-tag"}, false),
},
}

return &schema.Resource{
CreateContext: DefaultCreate(resSchema),
ReadContext: DefaultRead(resSchema),
UpdateContext: func(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
resSchema[MetaSkipFields].Default = `"place_before"`
defer func() {
resSchema[MetaSkipFields].Default = ``
}()

return ResourceUpdate(ctx, resSchema, d, m)
},
DeleteContext: DefaultDelete(resSchema),

Importer: &schema.ResourceImporter{
StateContext: schema.ImportStatePassthroughContext,
},

Schema: resSchema,
}
}

0 comments on commit a0379c9

Please sign in to comment.