From c822d76cb5f8a00d10db56b58b61aef464d014b5 Mon Sep 17 00:00:00 2001 From: Thomas Munzer Date: Fri, 27 Dec 2024 16:08:53 +0100 Subject: [PATCH] update documentation --- docs/guides/release_note_0.2.xx.md | 50 +++++++++++++++-- docs/resources/device_gateway.md | 59 ++++++++++---------- docs/resources/org_deviceprofile_gateway.md | 59 ++++++++++---------- docs/resources/org_gatewaytemplate.md | 61 ++++++++++----------- docs/resources/org_network.md | 35 ++++++------ templates/guides/release_note_0.2.xx.md | 3 +- 6 files changed, 152 insertions(+), 115 deletions(-) diff --git a/docs/guides/release_note_0.2.xx.md b/docs/guides/release_note_0.2.xx.md index 7da7f3e..a3c3084 100644 --- a/docs/guides/release_note_0.2.xx.md +++ b/docs/guides/release_note_0.2.xx.md @@ -10,6 +10,48 @@ description: |- ## Release Notes for v0.2.15 **release date** : December 27th, 2024 +!> Breaking changes. See below + +### Breaking Changes +* Following attributes have been changes from int64 to string to allow "mist variable" support: + * `mist_org_network.internet_access.destination_nat.port` + * `mist_org_network.vpn_access.destination_nat.port` + * `mist_device_gateway.networks.internet_access.destination_nat.port` + * `mist_device_gateway.networks.vpn_access.destination_nat.port` + * `mist_deviceprofile_gateway.networks.internet_access.destination_nat.port` + * `mist_deviceprofile_gateway.networks.vpn_access.destination_nat.port` + * `mist_org_gatewaytemplate.networks.internet_access.destination_nat.port` + * `mist_org_gatewaytemplate.networks.vpn_access.destination_nat.port` +* Following attributes have been changed from `optional` to `required`: + * `mist_org_network.internet_access.static_nat.internal_ip` + * `mist_org_network.internet_access.static_nat.name` + * `mist_org_network.vpn_access.static_nat.internal_ip` + * `mist_org_network.vpn_access.static_nat.name` + * `mist_device_gateway.tunnel_configs.primary.hosts` + * `mist_device_gateway.tunnel_configs.primary.wan_names` + * `mist_device_gateway.tunnel_configs.secondary.hosts` + * `mist_device_gateway.tunnel_configs.secondary.wan_names` + * `mist_device_gateway.networks.internet_access.static_nat.internal_ip` + * `mist_device_gateway.networks.internet_access.static_nat.name` + * `mist_device_gateway.networks.vpn_access.static_nat.internal_ip` + * `mist_device_gateway.networks.vpn_access.static_nat.name` + * `mist_deviceprofile_gateway.tunnel_configs.primary.hosts` + * `mist_deviceprofile_gateway.tunnel_configs.primary.wan_names` + * `mist_deviceprofile_gateway.tunnel_configs.secondary.hosts` + * `mist_deviceprofile_gateway.tunnel_configs.secondary.wan_names` + * `mist_deviceprofile_gateway.networks.internet_access.static_nat.internal_ip` + * `mist_deviceprofile_gateway.networks.internet_access.static_nat.name` + * `mist_deviceprofile_gateway.networks.vpn_access.static_nat.internal_ip` + * `mist_deviceprofile_gateway.networks.vpn_access.static_nat.name` + * `mist_org_gatewaytemplate.tunnel_configs.primary.hosts` + * `mist_org_gatewaytemplate.tunnel_configs.primary.wan_names` + * `mist_org_gatewaytemplate.tunnel_configs.secondary.hosts` + * `mist_org_gatewaytemplate.tunnel_configs.secondary.wan_names` + * `mist_org_gatewaytemplate.networks.internet_access.static_nat.internal_ip` + * `mist_org_gatewaytemplate.networks.internet_access.static_nat.name` + * `mist_org_gatewaytemplate.networks.vpn_access.static_nat.internal_ip` + * `mist_org_gatewaytemplate.networks.vpn_access.static_nat.name` + ### Improvements * add the `api_debug` flag to the provider properties to enable the logging of the SDK Requests and Responses @@ -27,8 +69,8 @@ Changes to the `mist_org_network` resource based on the OpenAPI changes: Changes to the `mist_device_gateway`, `mist_deviceprofile_gateway` and `mist_org_gatewaytemplate` resource based on the OpenAPI changes: * attributes added: - * `internet_access.destination_nat.wan_name` - * `internet_access.static_nat.wan_name` + * `networks.internet_access.destination_nat.wan_name` + * `networks.internet_access.static_nat.wan_name` * `port_config.wan_networks` * `routing_policies.action.aggregate` * `tunnel_configs.auto_provision.primary.probe_ips` @@ -39,10 +81,6 @@ Changes to the `mist_device_gateway`, `mist_deviceprofile_gateway` and `mist_org * `tunnel_configs.auto_provision.primary.num_hosts` (this setting is configured in the `tunnel_provider_options` object) * `tunnel_configs.auto_provision.secondary.num_hosts` (this setting is configured in the `tunnel_provider_options` object) * attributes updated: - * `tunnel_configs.primary.hosts` changed to `required` - * `tunnel_configs.primary.wan_names` changed to `required` - * `tunnel_configs.secondary.hosts` changed to `required` - * `tunnel_configs.secondary.wan_names` changed to `required` * `tunnel_provider_options.jse.name` renamed to `tunnel_provider_options.jse.org_name` * rework the whole `tunnel_provider_options.zscaler` object to match the Mist API structure (see the resource documentation for more details) diff --git a/docs/resources/device_gateway.md b/docs/resources/device_gateway.md index af53077..aa41764 100644 --- a/docs/resources/device_gateway.md +++ b/docs/resources/device_gateway.md @@ -282,7 +282,7 @@ Optional: - `multicast` (Attributes) whether to enable multicast support (only PIM-sparse mode is supported) (see [below for nested schema](#nestedatt--networks--multicast)) - `routed_for_networks` (List of String) for a Network (usually LAN), it can be routable to other networks (e.g. OSPF) - `subnet6` (String) -- `tenants` (Attributes Map) (see [below for nested schema](#nestedatt--networks--tenants)) +- `tenants` (Attributes Map) Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--tenants)) - `vlan_id` (String) - `vpn_access` (Attributes Map) Property key is the VPN name. Whether this network can be accessed from vpn (see [below for nested schema](#nestedatt--networks--vpn_access)) @@ -300,30 +300,33 @@ Optional: Optional: - `create_simple_service_policy` (Boolean) -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--networks--internet_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--networks--internet_access--destination_nat)) - `enabled` (Boolean) - `restricted` (Boolean) by default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--networks--internet_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--internet_access--static_nat)) ### Nested Schema for `networks.internet_access.destination_nat` Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}") +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity ### Nested Schema for `networks.internet_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity + +Optional: + +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}") @@ -360,7 +363,7 @@ Optional: - `advertised_subnet` (String) if `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side - `allow_ping` (Boolean) whether to allow ping from vpn into this routed network -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--networks--vpn_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--networks--vpn_access--destination_nat)) - `nat_pool` (String) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub - `no_readvertise_to_lan_bgp` (Boolean) toward LAN-side BGP peers - `no_readvertise_to_lan_ospf` (Boolean) toward LAN-side OSPF peers @@ -370,7 +373,7 @@ how HUB should deal with routes it received from Spokes to allow it to be leaked to other vrfs - `routed` (Boolean) whether this network is routable - `source_nat` (Attributes) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub (see [below for nested schema](#nestedatt--networks--vpn_access--source_nat)) -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--networks--vpn_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--vpn_access--static_nat)) - `summarized_subnet` (String) toward overlay how HUB should deal with routes it received from Spokes - `summarized_subnet_to_lan_bgp` (String) toward LAN-side BGP peers @@ -381,10 +384,9 @@ how HUB should deal with routes it received from Spokes Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) @@ -398,11 +400,10 @@ Optional: ### Nested Schema for `networks.vpn_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity @@ -474,12 +475,10 @@ Optional: - `ae_disable_lacp` (Boolean) if `aggregated`==`true`. To disable LCP support for the AE interface - `ae_idx` (String) if `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127) -- `ae_lacp_force_up` (Boolean) For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability.\n -Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n -Note: Turning this on will enable force-up on one of the interfaces in the bundle only +- `ae_lacp_force_up` (Boolean) For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only - `aggregated` (Boolean) - `critical` (Boolean) if want to generate port up/down alarm, set it to true -- `description` (String) +- `description` (String) Interface Description. Can be a variable (i.e. "{{myvar}}") - `disable_autoneg` (Boolean) - `disabled` (Boolean) port admin up (true) / down (false) - `dsl_type` (String) if `wan_type`==`dsl`. enum: `adsl`, `vdsl` @@ -499,7 +498,7 @@ Note: Turning this on will enable force-up on one of the interfaces in the bundl - `networks` (List of String) if `usage`==`lan`, name of the `mist_org_network` resource - `outer_vlan_id` (Number) for Q-in-Q - `poe_disabled` (Boolean) -- `port_network` (String) if `usage`==`lan` +- `port_network` (String) Only for SRX and if `usage`==`lan`, the Untagged VLAN Network - `preserve_dscp` (Boolean) whether to preserve dscp when sending traffic over VPN (SSR-only) - `redundant` (Boolean) if HA mode - `reth_idx` (Number) if HA mode @@ -509,7 +508,7 @@ Note: Turning this on will enable force-up on one of the interfaces in the bundl - `ssr_no_virtual_mac` (Boolean) when SSR is running as VM, this is required on certain hosting platforms - `svr_port_range` (String) for SSR only - `traffic_shaping` (Attributes) (see [below for nested schema](#nestedatt--port_config--traffic_shaping)) -- `vlan_id` (Number) if WAN interface is on a VLAN +- `vlan_id` (String) - `vpn_paths` (Attributes Map) Property key is the VPN name (see [below for nested schema](#nestedatt--port_config--vpn_paths)) - `wan_arp_policer` (String) Only when `wan_type`==`broadband`. enum: `default`, `max`, `recommended` - `wan_ext_ip` (String) Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP @@ -526,9 +525,9 @@ Optional: - `dns` (List of String) except for out-of_band interface (vme/em0/fxp0) - `dns_suffix` (List of String) except for out-of_band interface (vme/em0/fxp0) -- `gateway` (String) except for out-of_band interface (vme/em0/fxp0) -- `ip` (String) -- `netmask` (String) used only if `subnet` is not specified in `networks` +- `gateway` (String) except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}") +- `ip` (String) Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}") +- `netmask` (String) used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}") - `network` (String) optional, the network to be used for mgmt - `poser_password` (String, Sensitive) if `type`==`pppoe` - `pppoe_auth` (String) if `type`==`pppoe`. enum: `chap`, `none`, `pap` @@ -541,9 +540,9 @@ Optional: Optional: -- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort -sum must be equal to 100 +- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100 - `enabled` (Boolean) +- `max_tx_kbps` (Number) Interface Transmit Cap in kbps @@ -563,9 +562,9 @@ Optional: Optional: -- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort -sum must be equal to 100 +- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100 - `enabled` (Boolean) +- `max_tx_kbps` (Number) Interface Transmit Cap in kbps diff --git a/docs/resources/org_deviceprofile_gateway.md b/docs/resources/org_deviceprofile_gateway.md index 8f5e744..679415f 100644 --- a/docs/resources/org_deviceprofile_gateway.md +++ b/docs/resources/org_deviceprofile_gateway.md @@ -333,7 +333,7 @@ Optional: - `multicast` (Attributes) whether to enable multicast support (only PIM-sparse mode is supported) (see [below for nested schema](#nestedatt--networks--multicast)) - `routed_for_networks` (List of String) for a Network (usually LAN), it can be routable to other networks (e.g. OSPF) - `subnet6` (String) -- `tenants` (Attributes Map) (see [below for nested schema](#nestedatt--networks--tenants)) +- `tenants` (Attributes Map) Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--tenants)) - `vlan_id` (String) - `vpn_access` (Attributes Map) Property key is the VPN name. Whether this network can be accessed from vpn (see [below for nested schema](#nestedatt--networks--vpn_access)) @@ -351,30 +351,33 @@ Optional: Optional: - `create_simple_service_policy` (Boolean) -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--networks--internet_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--networks--internet_access--destination_nat)) - `enabled` (Boolean) - `restricted` (Boolean) by default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--networks--internet_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--internet_access--static_nat)) ### Nested Schema for `networks.internet_access.destination_nat` Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}") +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity ### Nested Schema for `networks.internet_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity + +Optional: + +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}") @@ -411,7 +414,7 @@ Optional: - `advertised_subnet` (String) if `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side - `allow_ping` (Boolean) whether to allow ping from vpn into this routed network -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--networks--vpn_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--networks--vpn_access--destination_nat)) - `nat_pool` (String) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub - `no_readvertise_to_lan_bgp` (Boolean) toward LAN-side BGP peers - `no_readvertise_to_lan_ospf` (Boolean) toward LAN-side OSPF peers @@ -421,7 +424,7 @@ how HUB should deal with routes it received from Spokes to allow it to be leaked to other vrfs - `routed` (Boolean) whether this network is routable - `source_nat` (Attributes) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub (see [below for nested schema](#nestedatt--networks--vpn_access--source_nat)) -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--networks--vpn_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--vpn_access--static_nat)) - `summarized_subnet` (String) toward overlay how HUB should deal with routes it received from Spokes - `summarized_subnet_to_lan_bgp` (String) toward LAN-side BGP peers @@ -432,10 +435,9 @@ how HUB should deal with routes it received from Spokes Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) @@ -449,11 +451,10 @@ Optional: ### Nested Schema for `networks.vpn_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity @@ -525,12 +526,10 @@ Optional: - `ae_disable_lacp` (Boolean) if `aggregated`==`true`. To disable LCP support for the AE interface - `ae_idx` (String) if `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127) -- `ae_lacp_force_up` (Boolean) For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability.\n -Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n -Note: Turning this on will enable force-up on one of the interfaces in the bundle only +- `ae_lacp_force_up` (Boolean) For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only - `aggregated` (Boolean) - `critical` (Boolean) if want to generate port up/down alarm, set it to true -- `description` (String) +- `description` (String) Interface Description. Can be a variable (i.e. "{{myvar}}") - `disable_autoneg` (Boolean) - `disabled` (Boolean) port admin up (true) / down (false) - `dsl_type` (String) if `wan_type`==`dsl`. enum: `adsl`, `vdsl` @@ -550,7 +549,7 @@ Note: Turning this on will enable force-up on one of the interfaces in the bundl - `networks` (List of String) if `usage`==`lan`, name of the `mist_org_network` resource - `outer_vlan_id` (Number) for Q-in-Q - `poe_disabled` (Boolean) -- `port_network` (String) if `usage`==`lan` +- `port_network` (String) Only for SRX and if `usage`==`lan`, the Untagged VLAN Network - `preserve_dscp` (Boolean) whether to preserve dscp when sending traffic over VPN (SSR-only) - `redundant` (Boolean) if HA mode - `reth_idx` (Number) if HA mode @@ -560,7 +559,7 @@ Note: Turning this on will enable force-up on one of the interfaces in the bundl - `ssr_no_virtual_mac` (Boolean) when SSR is running as VM, this is required on certain hosting platforms - `svr_port_range` (String) for SSR only - `traffic_shaping` (Attributes) (see [below for nested schema](#nestedatt--port_config--traffic_shaping)) -- `vlan_id` (Number) if WAN interface is on a VLAN +- `vlan_id` (String) - `vpn_paths` (Attributes Map) Property key is the VPN name (see [below for nested schema](#nestedatt--port_config--vpn_paths)) - `wan_arp_policer` (String) Only when `wan_type`==`broadband`. enum: `default`, `max`, `recommended` - `wan_ext_ip` (String) Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP @@ -577,9 +576,9 @@ Optional: - `dns` (List of String) except for out-of_band interface (vme/em0/fxp0) - `dns_suffix` (List of String) except for out-of_band interface (vme/em0/fxp0) -- `gateway` (String) except for out-of_band interface (vme/em0/fxp0) -- `ip` (String) -- `netmask` (String) used only if `subnet` is not specified in `networks` +- `gateway` (String) except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}") +- `ip` (String) Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}") +- `netmask` (String) used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}") - `network` (String) optional, the network to be used for mgmt - `poser_password` (String, Sensitive) if `type`==`pppoe` - `pppoe_auth` (String) if `type`==`pppoe`. enum: `chap`, `none`, `pap` @@ -592,9 +591,9 @@ Optional: Optional: -- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort -sum must be equal to 100 +- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100 - `enabled` (Boolean) +- `max_tx_kbps` (Number) Interface Transmit Cap in kbps @@ -614,9 +613,9 @@ Optional: Optional: -- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort -sum must be equal to 100 +- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100 - `enabled` (Boolean) +- `max_tx_kbps` (Number) Interface Transmit Cap in kbps diff --git a/docs/resources/org_gatewaytemplate.md b/docs/resources/org_gatewaytemplate.md index e0fac64..b1806b3 100644 --- a/docs/resources/org_gatewaytemplate.md +++ b/docs/resources/org_gatewaytemplate.md @@ -121,7 +121,7 @@ resource "mist_org_gatewaytemplate" "gatewaytemplate_one" { - `ntp_servers` (List of String) list of NTP servers specific to this device. By default, those in Site Settings will be used - `oob_ip_config` (Attributes) out-of-band (vme/em0/fxp0) IP config (see [below for nested schema](#nestedatt--oob_ip_config)) - `path_preferences` (Attributes Map) Property key is the path name (see [below for nested schema](#nestedatt--path_preferences)) -- `port_config` (Attributes Map) Property key is the port(s) name or range (e.g. "ge-0/0/0-10") (see [below for nested schema](#nestedatt--port_config)) +- `port_config` (Attributes Map) Property key is the Port Name (i.e. "ge-0/0/0"), the Ports Range (i.e. "ge-0/0/0-10"), the List of Ports (i.e. "ge-0/0/0,ge-1/0/0", only allowed for Aggregated or Redundant interfaces) or a Variable (i.e. "{{myvar}}"). (see [below for nested schema](#nestedatt--port_config)) - `router_id` (String) auto assigned if not set - `routing_policies` (Attributes Map) Property key is the routing policy name (see [below for nested schema](#nestedatt--routing_policies)) - `service_policies` (Attributes List) (see [below for nested schema](#nestedatt--service_policies)) @@ -327,7 +327,7 @@ Optional: - `multicast` (Attributes) whether to enable multicast support (only PIM-sparse mode is supported) (see [below for nested schema](#nestedatt--networks--multicast)) - `routed_for_networks` (List of String) for a Network (usually LAN), it can be routable to other networks (e.g. OSPF) - `subnet6` (String) -- `tenants` (Attributes Map) (see [below for nested schema](#nestedatt--networks--tenants)) +- `tenants` (Attributes Map) Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--tenants)) - `vlan_id` (String) - `vpn_access` (Attributes Map) Property key is the VPN name. Whether this network can be accessed from vpn (see [below for nested schema](#nestedatt--networks--vpn_access)) @@ -345,30 +345,33 @@ Optional: Optional: - `create_simple_service_policy` (Boolean) -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--networks--internet_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--networks--internet_access--destination_nat)) - `enabled` (Boolean) - `restricted` (Boolean) by default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--networks--internet_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--internet_access--static_nat)) ### Nested Schema for `networks.internet_access.destination_nat` Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}") +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity ### Nested Schema for `networks.internet_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity + +Optional: + +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}") @@ -405,7 +408,7 @@ Optional: - `advertised_subnet` (String) if `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side - `allow_ping` (Boolean) whether to allow ping from vpn into this routed network -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--networks--vpn_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--networks--vpn_access--destination_nat)) - `nat_pool` (String) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub - `no_readvertise_to_lan_bgp` (Boolean) toward LAN-side BGP peers - `no_readvertise_to_lan_ospf` (Boolean) toward LAN-side OSPF peers @@ -415,7 +418,7 @@ how HUB should deal with routes it received from Spokes to allow it to be leaked to other vrfs - `routed` (Boolean) whether this network is routable - `source_nat` (Attributes) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub (see [below for nested schema](#nestedatt--networks--vpn_access--source_nat)) -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--networks--vpn_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--networks--vpn_access--static_nat)) - `summarized_subnet` (String) toward overlay how HUB should deal with routes it received from Spokes - `summarized_subnet_to_lan_bgp` (String) toward LAN-side BGP peers @@ -426,10 +429,9 @@ how HUB should deal with routes it received from Spokes Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) @@ -443,11 +445,10 @@ Optional: ### Nested Schema for `networks.vpn_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity @@ -519,12 +520,10 @@ Optional: - `ae_disable_lacp` (Boolean) if `aggregated`==`true`. To disable LCP support for the AE interface - `ae_idx` (String) if `aggregated`==`true`. Users could force to use the designated AE name (must be an integer between 0 and 127) -- `ae_lacp_force_up` (Boolean) For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability.\n -Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end\n -Note: Turning this on will enable force-up on one of the interfaces in the bundle only +- `ae_lacp_force_up` (Boolean) For SRX Only, if `aggregated`==`true`.Sets the state of the interface as UP when the peer has limited LACP capability. Use case: When a device connected to this AE port is ZTPing for the first time, it will not have LACP configured on the other end. **Note:** Turning this on will enable force-up on one of the interfaces in the bundle only - `aggregated` (Boolean) - `critical` (Boolean) if want to generate port up/down alarm, set it to true -- `description` (String) +- `description` (String) Interface Description. Can be a variable (i.e. "{{myvar}}") - `disable_autoneg` (Boolean) - `disabled` (Boolean) port admin up (true) / down (false) - `dsl_type` (String) if `wan_type`==`dsl`. enum: `adsl`, `vdsl` @@ -544,7 +543,7 @@ Note: Turning this on will enable force-up on one of the interfaces in the bundl - `networks` (List of String) if `usage`==`lan`, name of the `mist_org_network` resource - `outer_vlan_id` (Number) for Q-in-Q - `poe_disabled` (Boolean) -- `port_network` (String) if `usage`==`lan` +- `port_network` (String) Only for SRX and if `usage`==`lan`, the Untagged VLAN Network - `preserve_dscp` (Boolean) whether to preserve dscp when sending traffic over VPN (SSR-only) - `redundant` (Boolean) if HA mode - `reth_idx` (Number) if HA mode @@ -554,7 +553,7 @@ Note: Turning this on will enable force-up on one of the interfaces in the bundl - `ssr_no_virtual_mac` (Boolean) when SSR is running as VM, this is required on certain hosting platforms - `svr_port_range` (String) for SSR only - `traffic_shaping` (Attributes) (see [below for nested schema](#nestedatt--port_config--traffic_shaping)) -- `vlan_id` (Number) if WAN interface is on a VLAN +- `vlan_id` (String) - `vpn_paths` (Attributes Map) Property key is the VPN name (see [below for nested schema](#nestedatt--port_config--vpn_paths)) - `wan_arp_policer` (String) Only when `wan_type`==`broadband`. enum: `default`, `max`, `recommended` - `wan_ext_ip` (String) Only if `usage`==`wan`, optional. If spoke should reach this port by a different IP @@ -571,9 +570,9 @@ Optional: - `dns` (List of String) except for out-of_band interface (vme/em0/fxp0) - `dns_suffix` (List of String) except for out-of_band interface (vme/em0/fxp0) -- `gateway` (String) except for out-of_band interface (vme/em0/fxp0) -- `ip` (String) -- `netmask` (String) used only if `subnet` is not specified in `networks` +- `gateway` (String) except for out-of_band interface (vme/em0/fxp0). Interface Default Gateway IP Address (i.e. "192.168.1.1") or a Variable (i.e. "{{myvar}}") +- `ip` (String) Interface IP Address (i.e. "192.168.1.8") or a Variable (i.e. "{{myvar}}") +- `netmask` (String) used only if `subnet` is not specified in `networks`. Interface Netmask (i.e. "/24") or a Variable (i.e. "{{myvar}}") - `network` (String) optional, the network to be used for mgmt - `poser_password` (String, Sensitive) if `type`==`pppoe` - `pppoe_auth` (String) if `type`==`pppoe`. enum: `chap`, `none`, `pap` @@ -586,9 +585,9 @@ Optional: Optional: -- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort -sum must be equal to 100 +- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100 - `enabled` (Boolean) +- `max_tx_kbps` (Number) Interface Transmit Cap in kbps @@ -608,9 +607,9 @@ Optional: Optional: -- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort -sum must be equal to 100 +- `class_percentages` (List of Number) percentages for differet class of traffic: high / medium / low / best-effort. Sum must be equal to 100 - `enabled` (Boolean) +- `max_tx_kbps` (Number) Interface Transmit Cap in kbps diff --git a/docs/resources/org_network.md b/docs/resources/org_network.md index 547bb65..bdf5ff5 100644 --- a/docs/resources/org_network.md +++ b/docs/resources/org_network.md @@ -43,7 +43,7 @@ resource "mist_org_network" "network_one" { - `multicast` (Attributes) whether to enable multicast support (only PIM-sparse mode is supported) (see [below for nested schema](#nestedatt--multicast)) - `routed_for_networks` (List of String) for a Network (usually LAN), it can be routable to other networks (e.g. OSPF) - `subnet6` (String) -- `tenants` (Attributes Map) (see [below for nested schema](#nestedatt--tenants)) +- `tenants` (Attributes Map) Property key must be the user/tenant name (i.e. "printer-1") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--tenants)) - `vlan_id` (String) - `vpn_access` (Attributes Map) Property key is the VPN name. Whether this network can be accessed from vpn (see [below for nested schema](#nestedatt--vpn_access)) @@ -65,30 +65,33 @@ Optional: Optional: - `create_simple_service_policy` (Boolean) -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--internet_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--internet_access--destination_nat)) - `enabled` (Boolean) - `restricted` (Boolean) by default, all access is allowed, to only allow certain traffic, make `restricted`=`true` and define service_policies -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--internet_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--internet_access--static_nat)) ### Nested Schema for `internet_access.destination_nat` Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) The Destination NAT destination IP Address. Must be a Port (i.e. "443") or a Variable (i.e. "{{myvar}}") +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity ### Nested Schema for `internet_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity + +Optional: + +- `wan_name` (String) SRX Only. If not set, we configure the nat policies against all WAN ports for simplicity. Can be a Variable (i.e. "{{myvar}}") @@ -125,7 +128,7 @@ Optional: - `advertised_subnet` (String) if `routed`==`true`, whether to advertise an aggregated subnet toward HUB this is useful when there are multiple networks on SPOKE's side - `allow_ping` (Boolean) whether to allow ping from vpn into this routed network -- `destination_nat` (Attributes Map) Property key may be an IP/Port (i.e. "63.16.0.3:443"), or a port (i.e. ":2222") (see [below for nested schema](#nestedatt--vpn_access--destination_nat)) +- `destination_nat` (Attributes Map) Property key can be an External IP (i.e. "63.16.0.3"), an External IP:Port (i.e. "63.16.0.3:443"), an External Port (i.e. ":443"), an External CIDR (i.e. "63.16.0.0/30"), an External CIDR:Port (i.e. "63.16.0.0/30:443") or a Variable (i.e. "{{myvar}}"). At least one of the `internal_ip` or `port` must be defined (see [below for nested schema](#nestedatt--vpn_access--destination_nat)) - `nat_pool` (String) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub, a subnet is required to create and advertise the route to Hub - `no_readvertise_to_lan_bgp` (Boolean) toward LAN-side BGP peers - `no_readvertise_to_lan_ospf` (Boolean) toward LAN-side OSPF peers @@ -135,7 +138,7 @@ how HUB should deal with routes it received from Spokes to allow it to be leaked to other vrfs - `routed` (Boolean) whether this network is routable - `source_nat` (Attributes) if `routed`==`false` (usually at Spoke), but some hosts needs to be reachable from Hub (see [below for nested schema](#nestedatt--vpn_access--source_nat)) -- `static_nat` (Attributes Map) Property key may be an IP Address (i.e. "172.16.0.1"), and IP Address and Port (i.e. "172.16.0.1:8443") or a CIDR (i.e. "172.16.0.12/20") (see [below for nested schema](#nestedatt--vpn_access--static_nat)) +- `static_nat` (Attributes Map) Property key may be an External IP Address (i.e. "63.16.0.3"), a CIDR (i.e. "63.16.0.12/20") or a Variable (i.e. "{{myvar}}") (see [below for nested schema](#nestedatt--vpn_access--static_nat)) - `summarized_subnet` (String) toward overlay how HUB should deal with routes it received from Spokes - `summarized_subnet_to_lan_bgp` (String) toward LAN-side BGP peers @@ -146,10 +149,9 @@ how HUB should deal with routes it received from Spokes Optional: -- `internal_ip` (String) +- `internal_ip` (String) The Destination NAT destination IP Address. Must be an IP (i.e. "192.168.70.30") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `port` (Number) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity +- `port` (String) @@ -163,11 +165,10 @@ Optional: ### Nested Schema for `vpn_access.static_nat` -Optional: +Required: -- `internal_ip` (String) +- `internal_ip` (String) The Static NAT destination IP Address. Must be an IP Address (i.e. "192.168.70.3") or a Variable (i.e. "{{myvar}}") - `name` (String) -- `wan_name` (String) If not set, we configure the nat policies against all WAN ports for simplicity diff --git a/templates/guides/release_note_0.2.xx.md b/templates/guides/release_note_0.2.xx.md index 08425c7..a3c3084 100644 --- a/templates/guides/release_note_0.2.xx.md +++ b/templates/guides/release_note_0.2.xx.md @@ -10,7 +10,8 @@ description: |- ## Release Notes for v0.2.15 **release date** : December 27th, 2024 -!> Breaking changes +!> Breaking changes. See below + ### Breaking Changes * Following attributes have been changes from int64 to string to allow "mist variable" support: * `mist_org_network.internet_access.destination_nat.port`