terraform-routeros · vaerh · Dec 30, 2024 · Dec 30, 2024
@@ -0,0 +1,5 @@
+#The ID can be found via API or the terminal
+#The command for the terminal is -> :put [/wifi/security/multi/passphrase get [print show-ids]]
+terraform import routeros_wifi_security_multi_passphrase.test *3
+#Or you can import a resource using one of its attributes
+terraform import routeros_wifi_security_multi_passphrase.test "comment=xxx"
@@ -0,0 +1,4 @@
+resource "routeros_wifi_security_multi_passphrase" "test" {
+  group      = "gr-123"
+  passphrase = data.vault_kv_secret_v2.wifi_security.data["test"]
+}
@@ -320,18 +320,19 @@ func Provider() *schema.Provider {
 			"routeros_user_manager_user_profile":       ResourceUserManagerUserProfile(),
 
 			// WiFi
-			"routeros_wifi":               ResourceWifi(),
-			"routeros_wifi_aaa":           ResourceWifiAaa(),
-			"routeros_wifi_access_list":   ResourceWifiAccessList(),
-			"routeros_wifi_cap":           ResourceWifiCap(),
-			"routeros_wifi_capsman":       ResourceWifiCapsman(),
-			"routeros_wifi_channel":       ResourceWifiChannel(),
-			"routeros_wifi_configuration": ResourceWifiConfiguration(),
-			"routeros_wifi_datapath":      ResourceWifiDatapath(),
-			"routeros_wifi_interworking":  ResourceWifiInterworking(),
-			"routeros_wifi_provisioning":  ResourceWifiProvisioning(),
-			"routeros_wifi_security":      ResourceWifiSecurity(),
-			"routeros_wifi_steering":      ResourceWifiSteering(),
+			"routeros_wifi":                           ResourceWifi(),
+			"routeros_wifi_aaa":                       ResourceWifiAaa(),
+			"routeros_wifi_access_list":               ResourceWifiAccessList(),
+			"routeros_wifi_cap":                       ResourceWifiCap(),
+			"routeros_wifi_capsman":                   ResourceWifiCapsman(),
+			"routeros_wifi_channel":                   ResourceWifiChannel(),
+			"routeros_wifi_configuration":             ResourceWifiConfiguration(),
+			"routeros_wifi_datapath":                  ResourceWifiDatapath(),
+			"routeros_wifi_interworking":              ResourceWifiInterworking(),
+			"routeros_wifi_provisioning":              ResourceWifiProvisioning(),
+			"routeros_wifi_security":                  ResourceWifiSecurity(),
+			"routeros_wifi_security_multi_passphrase": ResourceWifiSecurityMultiPassphrase(),
+			"routeros_wifi_steering":                  ResourceWifiSteering(),
 
 			// ZeroTier
 			"routeros_zerotier":            ResourceZerotier(),

@@ -198,6 +198,13 @@ func ResourceWifiSecurity() *schema.Resource {
 			Description:  "An option to enable 802.11w management frame protection.",
 			ValidateFunc: validation.StringInSlice([]string{"allowed", "disabled", "required"}, false),
 		},
+		"multi_passphrase_group": {
+			Type:     schema.TypeString,
+			Optional: true,
+			Description: "Name of `/interface/wifi/security/multi-passphrase/` group that will be used. Only a " +
+				"single group can be defined under the security profile.",
+			DiffSuppressFunc: AlwaysPresentNotUserProvided,
+		},
 		"owe_transition_interface": {
 			Type:        schema.TypeString,
 			Optional:    true,

@@ -0,0 +1,75 @@
+package routeros
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+)
+
+/*
+  {
+    ".id": "*1",
+    "disabled": "false",
+    "expired": "false",
+    "group": "123",
+    "passphrase": "12345678"
+  }
+*/
+
+// https://help.mikrotik.com/docs/spaces/ROS/pages/224559120/WiFi#WiFi-Securitymulti-passphraseproperties
+func ResourceWifiSecurityMultiPassphrase() *schema.Resource {
+	resSchema := map[string]*schema.Schema{
+		MetaResourcePath: PropResourcePath("/interface/wifi/security/multi-passphrase"),
+		MetaId:           PropId(Id),
+
+		KeyComment:  PropCommentRw,
+		KeyDisabled: PropDisabledRw,
+		"expires": {
+			Type:     schema.TypeString,
+			Optional: true,
+			Description: "The expiration date and time for passphrase specified in this entry, doesn't affect the whole " +
+				"group. Once the date is reached, existing clients using this passphrase will be disconnected, and new " +
+				"clients will not be able to connect using it. If not set, passphrase can be used indefinetly.",
+		},
+		"group": {
+			Type:     schema.TypeString,
+			Required: true,
+			Description: "Assigning the group to a security profile or an access list, will enable use of all passphrases " +
+				"defined under it.",
+		},
+		"isolation": {
+			Type:     schema.TypeBool,
+			Optional: true,
+			Description: "Determines whether the client device using this passphrase is isolated from other clients " +
+				"on AP. Traffic from an isolated client will not be forwarded to other clients and unicast traffic from " +
+				"a non-isolated client will not be forwarded to an isolated one.",
+		},
+		"passphrase": {
+			Type:      schema.TypeString,
+			Optional:  true,
+			Sensitive: true,
+			Description: "The passphrase to use for PSK authentication types. Multiple users can use the same passphrase. " +
+				"Not compatible with WPA3-PSK.",
+			ValidateFunc: validation.StringLenBetween(8, 64),
+		},
+		"vlan_id": {
+			Type:     schema.TypeString,
+			Optional: true,
+			Description: "Vlan-id that will be assigned to clients using this passphrase Only supported on wifi-qcom " +
+				"interfaces, if wifi-qcom-ac AP has a client that uses a passphrase that has vlan-id associated with " +
+				"it, the client will not be able to join.",
+		},
+	}
+
+	return &schema.Resource{
+		CreateContext: DefaultCreate(resSchema),
+		ReadContext:   DefaultRead(resSchema),
+		UpdateContext: DefaultUpdate(resSchema),
+		DeleteContext: DefaultDelete(resSchema),
+
+		Importer: &schema.ResourceImporter{
+			StateContext: ImportStateCustomContext(resSchema),
+		},
+
+		Schema: resSchema,
+	}
+}