Add serial numbers in role, regenerate documentation and upgrade depe… (

#143)

* add serial numbers in role, regenerate documentation and upgrade dependencies,fixing policy-infra and policy-tunnel update check.

banyan/resource_policy_infra.go

@@ -127,8 +127,15 @@ func resourcePolicyInfraRead(ctx context.Context, d *schema.ResourceData, m inte
 }
 
 func resourcePolicyInfraUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) {
-	diagnostics = resourcePolicyInfraCreate(ctx, d, m)
+	c := m.(*client.Holder)
+	resp, err := c.Policy.Update(policyInfraFromState(d))
+	if err != nil {
+		return diag.FromErr(errors.WithMessage(err, "couldn't create new infra policy"))
+	}
+	d.SetId(resp.ID)
+	diagnostics = resourcePolicyInfraRead(ctx, d, m)
 	return
+
 }
 
 func resourcePolicyInfraDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) {

banyan/resource_policy_tunnel.go

@@ -207,7 +207,20 @@ func resourcePolicyTunnelCreate(ctx context.Context, d *schema.ResourceData, m i
 }
 
 func resourcePolicyTunnelUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostics diag.Diagnostics) {
-	diagnostics = resourcePolicyTunnelCreate(ctx, d, m)
+	c := m.(*client.Holder)
+
+	// 	ValidateFunc is not supported on lists or sets, so use this method instead
+	err := invalidL4AccessRules(d)
+	if err != nil {
+		return diag.FromErr(errors.WithMessage(err, "invalid l4_access block"))
+	}
+
+	createdPolicy, err := c.Policy.Update(policyTunnelFromState(d))
+	if err != nil {
+		return diag.FromErr(errors.WithMessage(err, "couldn't create new tunnel policy"))
+	}
+	d.SetId(createdPolicy.ID)
+	diagnostics = resourcePolicyTunnelRead(ctx, d, m)
 	return
 }
 

banyan/resource_policy_web.go

@@ -155,7 +155,7 @@ func resourcePolicyWebUpdate(ctx context.Context, d *schema.ResourceData, m inte
 	if err != nil {
 		return diag.FromErr(errors.WithMessage(err, "invalid l7_access block"))
 	}
-	updatedPolicy, err := c.Policy.Update(d.State().ID, policyWebFromState(d))
+	updatedPolicy, err := c.Policy.Update(policyWebFromState(d))
 	if err != nil {
 		return diag.FromErr(errors.WithMessage(err, "couldn't create new web policy"))
 	}

banyan/resource_role.go

@@ -46,7 +46,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"container_fqdn": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "FQDN for the container",
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
@@ -55,7 +54,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"image": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "Image",
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
@@ -64,7 +62,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"repo_tag": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "Repo Tag",
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
@@ -81,7 +78,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"user_group": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "Names of the groups (from your IdP) which will be included in the role",
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
@@ -90,7 +86,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"email": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "Email addresses for the users in the role",
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
@@ -99,7 +94,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"device_ownership": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "Device ownership specification for the role",
 			Elem: &schema.Schema{
 				Type:         schema.TypeString,
@@ -109,7 +103,6 @@ func RoleSchema() (s map[string]*schema.Schema) {
 		"platform": {
 			Type:        schema.TypeSet,
 			Optional:    true,
-			Computed:    true,
 			Description: "Platform type which is required by the role",
 			Elem: &schema.Schema{
 				Type:         schema.TypeString,
@@ -126,6 +119,14 @@ func RoleSchema() (s map[string]*schema.Schema) {
 			Optional:    true,
 			Description: "Enforces whether the role requires an MDM to be present on the device",
 		},
+		"serial_numbers": {
+			Type:        schema.TypeSet,
+			Optional:    true,
+			Description: "Serial Numbers of devices to be applicable for role",
+			Elem: &schema.Schema{
+				Type: schema.TypeString,
+			},
+		},
 	}
 	return
 }
@@ -155,6 +156,7 @@ func RoleFromState(d *schema.ResourceData) (r role.CreateRole) {
 			Platform:        convertSchemaSetToStringSlice(d.Get("platform").(*schema.Set)),
 			KnownDeviceOnly: d.Get("known_device_only").(bool),
 			MDMPresent:      d.Get("mdm_present").(bool),
+			SerialNumbers:   convertSchemaSetToStringSlice(d.Get("serial_numbers").(*schema.Set)),
 		},
 	}
 	return
@@ -232,6 +234,10 @@ func resourceRoleRead(ctx context.Context, d *schema.ResourceData, m interface{}
 	if err != nil {
 		return diag.FromErr(err)
 	}
+	err = d.Set("serial_numbers", resp.UnmarshalledSpec.Spec.SerialNumbers)
+	if err != nil {
+		return diag.FromErr(err)
+	}
 	return
 }
 

banyan/resource_role_test.go

@@ -37,6 +37,8 @@ func TestSchemaRole_device_ownership(t *testing.T) {
 		"description":      "[TF] Admins on corporate devices",
 		"user_group":       []interface{}{"Admins"},
 		"device_ownership": []interface{}{"Corporate Dedicated", "Corporate Shared"},
+		"platform":         []interface{}{"Windows"},
+		"serial_numbers":   []interface{}{"DeviceSerial1"},
 	}
 	d := schema.TestResourceDataRaw(t, RoleSchema(), role_device_ownership)
 	role_obj := RoleFromState(d)
@@ -166,6 +168,7 @@ resource "banyan_role" "acceptance" {
   known_device_only = true
   mdm_present       = true
   platform          = ["Windows", "macOS", "Linux", "iOS", "Android", "Unregistered"]
+  serial_numbers    = ["First","Second","Third"]
 }
 `, name)
 }
@@ -182,6 +185,7 @@ resource "banyan_role" "acceptance" {
   email = ["john@marsha.com"]
   device_ownership = ["Corporate Dedicated", "Employee Owned"]
   mdm_present = true
+  serial_numbers = ["First"]
 }
 `, name)
 }
@@ -199,6 +203,7 @@ resource "banyan_role" "acceptance" {
   email = ["john@marsha.com"]
   device_ownership = ["Corporate Dedicated", "Employee Owned"]
   mdm_present = true
+  serial_numbers = ["First"]
 }
 `, name)
 }

banyan/specs/role/device-ownership.json

@@ -29,8 +29,9 @@
             "Corporate Dedicated",
             "Corporate Shared"
         ],
-        "platform": null,
+        "platform": ["Windows"],
         "known_device_only": false,
-        "mdm_present": false
+        "mdm_present": false,
+        "serial_numbers": ["DeviceSerial1"]
     }
 }

client/policy/policy.go

@@ -32,7 +32,7 @@ type Client interface {
 	Get(id string) (spec GetPolicy, err error)
 	GetName(name string) (spec GetPolicy, err error)
 	Create(policy Object) (created GetPolicy, err error)
-	Update(id string, policy Object) (updated GetPolicy, err error)
+	Update(policy Object) (updated GetPolicy, err error)
 	Delete(id string) (err error)
 	Detach(paClient policyattachment.Client, id string) (err error)
 }
@@ -73,7 +73,7 @@ func (p *policy) Create(policy Object) (created GetPolicy, err error) {
 	return
 }
 
-func (p *policy) Update(id string, policy Object) (updated GetPolicy, err error) {
+func (p *policy) Update(policy Object) (updated GetPolicy, err error) {
 	log.Printf("[INFO] Updating policy %s", policy.Name)
 	body, err := json.Marshal(policy)
 	if err != nil {

client/role/model.go

@@ -1,7 +1,5 @@
 package role
 
-import "sync"
-
 // Info represents the specification of a role populated by json.Unmarshal.
 type Info struct {
 	Kind       string `json:"kind"`
@@ -39,49 +37,13 @@ type Spec struct {
 	Platform        []string `json:"platform"`
 	KnownDeviceOnly bool     `json:"known_device_only"`
 	MDMPresent      bool     `json:"mdm_present"`
+
+	SerialNumbers []string `json:"serial_numbers"`
 }
 
 // RepoTagList is a list of repo:tag strings within a role.Spec.
 type RepoTagList []string
 
-// Records keeps track of role definitions and the record of
-// which containers can take on which roles.
-type Records struct {
-	sync.RWMutex
-}
-
-// ServiceAccounter is any type that implements the ServiceAccount() method.
-type ServiceAccounter interface {
-	ServiceAccount(containerID string) string
-}
-
-// Diff is returned by Records.CheckNonExistentRoles() and is used to report a new set of roles (could be empty) for a container.
-type Diff struct {
-	// ContainerID identifies a container
-	ContainerID string
-	// Roles are all the roles the corresponding container can take on
-	Roles []string
-	// Versions are the corresponding role versions : len(Versions) == len(Roles)
-	Versions []int
-}
-
-type UserClaims struct {
-	Name   string
-	Email  string
-	Phone  string
-	Groups []string
-}
-
-type DeviceClaims struct {
-	DeviceID        string
-	SerialNumber    string
-	DeviceOwnership string
-	Platform        string
-	MDMPresent      bool
-	IsStagedInstall bool
-	Unregistered    bool
-}
-
 // LabSel represents a label map within a role.Spec.
 type LabSel map[string]string
 

docs/data-sources/role.md

@@ -15,6 +15,15 @@ Obtains information describing the role from banyan
 ```terraform
 data "banyan_role" "example" {
     name = "my-example-policy"
+    description = "realdescription"
+    container_fqdn = ["asdf.asdf"]
+    known_device_only = true
+    platform = ["macOS", "Android"]
+    user_group = ["group1", "group2"]
+    email = ["john@marsha.com"]
+    device_ownership = ["Corporate Dedicated", "Employee Owned"]
+    mdm_present = true
+   serial_numbers = ["DeviceSerial1"]
 }
 
 resource "banyan_service_web" "example" {

docs/resources/accesstier.md

@@ -114,4 +114,31 @@ resource "banyan_policy_tunnel" "anyone-high" {
 - `id` (String) ID of the access tier in Banyan
 ## Import
 Import is supported using the following syntax:
-{{codefile "shell" "/Users/naresh/banyan/banyansecurity-terraform-provider-banyan/examples/resources/banyan_accesstier/import.sh"}}
+```shell
+# For importing a resource we require resource Id, which can be obtained from console for the resource we are importing
+# And we need to create an entry in .tf file which represents the resource which would be imported.
+# for e.g adding an entry into main.tf
+# main.tf:
+# resource "banyan_accesstier" "myexample" {
+#   name = "myexample"
+# }
+
+terraform import banyan_accesstier.myexample 46f3a708-2a9a-4c87-b18e-b11b6c92bf24
+
+terraform show
+# update thw show output configuration into above main.tf file, then resource is managed.
+# BE CAUTIOUS before terraform apply, do terraform plan and verify there are no changes to be applied.
+
+# Terraform Version 1.5.x or Later:
+# We can create Import tf files
+# for e.g
+# import.tf:
+# import {
+#  to = banyan_accesstier.myexample
+#  id = "46f3a708-2a9a-4c87-b18e-b11b6c92bf24"
+# }
+#  Then execute
+terraform plan -generate-config-out=generated.tf
+# Configurations are imported into generated.tf edit and verify
+# BE CAUTIOUS before terraform apply, do terraform plan and verify there are no changes to be applied.
+```

docs/resources/connector.md

@@ -75,4 +75,31 @@ resource "banyan_service_tunnel" "example" {
 - `id` (String) ID of the connector in Banyan
 ## Import
 Import is supported using the following syntax:
-{{codefile "shell" "/Users/naresh/banyan/banyansecurity-terraform-provider-banyan/examples/resources/banyan_connector/import.sh"}}
+```shell
+# For importing a resource we require resource Id, which can be obtained from console for the resource we are importing
+# And we need to create an entry in .tf file which represents the resource which would be imported.
+# for e.g adding an entry into main.tf
+# main.tf:
+# resource "banyan_connector" "myexample" {
+#   name = "myexample"
+# }
+
+terraform import banyan_connector.myexample 46f3a708-2a9a-4c87-b18e-b11b6c92bf24
+
+terraform show
+# update thw show output configuration into above main.tf file, then resource is managed.
+# BE CAUTIOUS before terraform apply, do terraform plan and verify there are no changes to be applied.
+
+# Terraform Version 1.5.x or Later:
+# We can create Import tf files
+# for e.g
+# import.tf:
+# import {
+#  to = banyan_connector.myexample
+#  id = "46f3a708-2a9a-4c87-b18e-b11b6c92bf24"
+# }
+#  Then execute
+terraform plan -generate-config-out=generated.tf
+# Configurations are imported into generated.tf edit and verify
+# BE CAUTIOUS before terraform apply, do terraform plan and verify there are no changes to be applied.
+```

docs/resources/role.md

@@ -40,6 +40,7 @@ resource "banyan_role" "example" {
 - `mdm_present` (Boolean) Enforces whether the role requires an MDM to be present on the device
 - `platform` (Set of String) Platform type which is required by the role
 - `repo_tag` (Set of String) Repo Tag
+- `serial_numbers` (Set of String) Serial Numbers of devices to be applicable for role
 - `service_account` (Set of String) Service accounts to be included in the role
 - `user_group` (Set of String) Names of the groups (from your IdP) which will be included in the role
 

docs/resources/service_db.md

@@ -66,6 +66,23 @@ Optional:
 
 - `cidrs` (List of String)
 - `hostnames` (List of String)
+- `ports` (Block Set, Max: 1) (see [below for nested schema](#nestedblock--allow_patterns--ports))
+
+<a id="nestedblock--allow_patterns--ports"></a>
+### Nested Schema for `allow_patterns.ports`
+
+Optional:
+
+- `port_list` (List of Number)
+- `port_range` (Block List) (see [below for nested schema](#nestedblock--allow_patterns--ports--port_range))
+
+<a id="nestedblock--allow_patterns--ports--port_range"></a>
+### Nested Schema for `allow_patterns.ports.port_range`
+
+Required:
+
+- `max` (Number)
+- `min` (Number)
 
 ## Import