From 4ef710a25713aa9b5b6faa15eb164f8f9e152205 Mon Sep 17 00:00:00 2001 From: Vaerh Date: Mon, 30 Dec 2024 23:12:51 +0300 Subject: [PATCH] feat(wifi): Add new resource `routeros_wifi_security_multi_passphrase` Closes #621 --- .../import.sh | 5 ++ .../resource.tf | 4 + routeros/provider.go | 25 ++++--- routeros/resource_wifi_security.go | 7 ++ ...resource_wifi_security_multi_passphrase.go | 75 +++++++++++++++++++ 5 files changed, 104 insertions(+), 12 deletions(-) create mode 100644 examples/resources/routeros_wifi_security_multi_passphrase/import.sh create mode 100644 examples/resources/routeros_wifi_security_multi_passphrase/resource.tf create mode 100644 routeros/resource_wifi_security_multi_passphrase.go diff --git a/examples/resources/routeros_wifi_security_multi_passphrase/import.sh b/examples/resources/routeros_wifi_security_multi_passphrase/import.sh new file mode 100644 index 00000000..141956ca --- /dev/null +++ b/examples/resources/routeros_wifi_security_multi_passphrase/import.sh @@ -0,0 +1,5 @@ +#The ID can be found via API or the terminal +#The command for the terminal is -> :put [/wifi/security/multi/passphrase get [print show-ids]] +terraform import routeros_wifi_security_multi_passphrase.test *3 +#Or you can import a resource using one of its attributes +terraform import routeros_wifi_security_multi_passphrase.test "comment=xxx" \ No newline at end of file diff --git a/examples/resources/routeros_wifi_security_multi_passphrase/resource.tf b/examples/resources/routeros_wifi_security_multi_passphrase/resource.tf new file mode 100644 index 00000000..379bcf45 --- /dev/null +++ b/examples/resources/routeros_wifi_security_multi_passphrase/resource.tf @@ -0,0 +1,4 @@ +resource "routeros_wifi_security_multi_passphrase" "test" { + group = "gr-123" + passphrase = data.vault_kv_secret_v2.wifi_security.data["test"] +} diff --git a/routeros/provider.go b/routeros/provider.go index 7dc74d14..fcc3fcbe 100644 --- a/routeros/provider.go +++ b/routeros/provider.go @@ -320,18 +320,19 @@ func Provider() *schema.Provider { "routeros_user_manager_user_profile": ResourceUserManagerUserProfile(), // WiFi - "routeros_wifi": ResourceWifi(), - "routeros_wifi_aaa": ResourceWifiAaa(), - "routeros_wifi_access_list": ResourceWifiAccessList(), - "routeros_wifi_cap": ResourceWifiCap(), - "routeros_wifi_capsman": ResourceWifiCapsman(), - "routeros_wifi_channel": ResourceWifiChannel(), - "routeros_wifi_configuration": ResourceWifiConfiguration(), - "routeros_wifi_datapath": ResourceWifiDatapath(), - "routeros_wifi_interworking": ResourceWifiInterworking(), - "routeros_wifi_provisioning": ResourceWifiProvisioning(), - "routeros_wifi_security": ResourceWifiSecurity(), - "routeros_wifi_steering": ResourceWifiSteering(), + "routeros_wifi": ResourceWifi(), + "routeros_wifi_aaa": ResourceWifiAaa(), + "routeros_wifi_access_list": ResourceWifiAccessList(), + "routeros_wifi_cap": ResourceWifiCap(), + "routeros_wifi_capsman": ResourceWifiCapsman(), + "routeros_wifi_channel": ResourceWifiChannel(), + "routeros_wifi_configuration": ResourceWifiConfiguration(), + "routeros_wifi_datapath": ResourceWifiDatapath(), + "routeros_wifi_interworking": ResourceWifiInterworking(), + "routeros_wifi_provisioning": ResourceWifiProvisioning(), + "routeros_wifi_security": ResourceWifiSecurity(), + "routeros_wifi_security_multi_passphrase": ResourceWifiSecurityMultiPassphrase(), + "routeros_wifi_steering": ResourceWifiSteering(), // ZeroTier "routeros_zerotier": ResourceZerotier(), diff --git a/routeros/resource_wifi_security.go b/routeros/resource_wifi_security.go index 00b5f07c..bac06016 100644 --- a/routeros/resource_wifi_security.go +++ b/routeros/resource_wifi_security.go @@ -198,6 +198,13 @@ func ResourceWifiSecurity() *schema.Resource { Description: "An option to enable 802.11w management frame protection.", ValidateFunc: validation.StringInSlice([]string{"allowed", "disabled", "required"}, false), }, + "multi_passphrase_group": { + Type: schema.TypeString, + Optional: true, + Description: "Name of `/interface/wifi/security/multi-passphrase/` group that will be used. Only a " + + "single group can be defined under the security profile.", + DiffSuppressFunc: AlwaysPresentNotUserProvided, + }, "owe_transition_interface": { Type: schema.TypeString, Optional: true, diff --git a/routeros/resource_wifi_security_multi_passphrase.go b/routeros/resource_wifi_security_multi_passphrase.go new file mode 100644 index 00000000..ccece2ae --- /dev/null +++ b/routeros/resource_wifi_security_multi_passphrase.go @@ -0,0 +1,75 @@ +package routeros + +import ( + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" +) + +/* + { + ".id": "*1", + "disabled": "false", + "expired": "false", + "group": "123", + "passphrase": "12345678" + } +*/ + +// https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-Securitymulti-passphraseproperties +func ResourceWifiSecurityMultiPassphrase() *schema.Resource { + resSchema := map[string]*schema.Schema{ + MetaResourcePath: PropResourcePath("/interface/wifi/security/multi-passphrase"), + MetaId: PropId(Id), + + KeyComment: PropCommentRw, + KeyDisabled: PropDisabledRw, + "expires": { + Type: schema.TypeString, + Optional: true, + Description: "The expiration date and time for passphrase specified in this entry, doesn't affect the whole " + + "group. Once the date is reached, existing clients using this passphrase will be disconnected, and new " + + "clients will not be able to connect using it. If not set, passphrase can be used indefinetly.", + }, + "group": { + Type: schema.TypeString, + Required: true, + Description: "Assigning the group to a security profile or an access list, will enable use of all passphrases " + + "defined under it.", + }, + "isolation": { + Type: schema.TypeBool, + Optional: true, + Description: "Determines whether the client device using this passphrase is isolated from other clients " + + "on AP. Traffic from an isolated client will not be forwarded to other clients and unicast traffic from " + + "a non-isolated client will not be forwarded to an isolated one.", + }, + "passphrase": { + Type: schema.TypeString, + Optional: true, + Sensitive: true, + Description: "The passphrase to use for PSK authentication types. Multiple users can use the same passphrase. " + + "Not compatible with WPA3-PSK.", + ValidateFunc: validation.StringLenBetween(8, 64), + }, + "vlan_id": { + Type: schema.TypeString, + Optional: true, + Description: "Vlan-id that will be assigned to clients using this passphrase Only supported on wifi-qcom " + + "interfaces, if wifi-qcom-ac AP has a client that uses a passphrase that has vlan-id associated with " + + "it, the client will not be able to join.", + }, + } + + return &schema.Resource{ + CreateContext: DefaultCreate(resSchema), + ReadContext: DefaultRead(resSchema), + UpdateContext: DefaultUpdate(resSchema), + DeleteContext: DefaultDelete(resSchema), + + Importer: &schema.ResourceImporter{ + StateContext: ImportStateCustomContext(resSchema), + }, + + Schema: resSchema, + } +}