Merge changes from dev into main for Release v1.2.14 (#193)

* one click access for rdp changes (#168) * tunnel_policy changes add new fields name and description (#169) * fix ATG test case (#171) * Service tunnel policy and rdp setting feature addition. (#170) (#173) * one click access for rdp changes (#168) * tunnel_policy changes add new fields name and description (#169) * remove default l4 policy checks * fix AccessTierGroup changes (#171) --------- Co-authored-by: rohitSangamnerkar <148537411+rohitSangamnerkar@users.noreply.github.com> * Service tunnel policy and rdp setting feature addition. (#170) (#173) * one click access for rdp changes (#168) * tunnel_policy changes add new fields name and description (#169) * remove default l4 policy checks * fix AccessTierGroup changes (#171) --------- Co-authored-by: rohitSangamnerkar <148537411+rohitSangamnerkar@users.noreply.github.com> * add description field to applicable resources (#184) * set tls insecure value correctly (#185) * Terraform changes to support NRPT option at ORG level (#175) * Terraform changes to support configure by NRPT option at ORG level (#172) --------- Co-authored-by: sparsh-arora-josh <sparsh.arora@joshsoftware.com> * BC-13824: Add deployment property to connector spec (#177) (#178) * BC-13824: Add deployment property to connector spec (#177) * feat: Added new fields to connector * updated the description of platform and method --------- Co-authored-by: Suhaan-Bhandary <suhaanbhandary1@gmail.com> * bump releaser version * Documentation generated --------- Co-authored-by: Suhaan-Bhandary-Josh <suhaan.bhandary@joshsoftware.com> Co-authored-by: Suhaan-Bhandary <suhaanbhandary1@gmail.com> Co-authored-by: github-actions <github-actions@github.com> * fix releaser args to --clean (#179) * revert go releaser to v5 (#180) * Service tunnel configuration support (#181) --------- Co-authored-by: github-actions <github-actions@github.com> * fix applications block conversion (#182) * allow setting post redirect url in webservice (#187) * add support to set tls_sni in web service (#188) --------- Co-authored-by: Naresh Kakubal <naresh@banyansecurity.io> * add support to set enforcing and permissive mode for services (#189) * fix test case (#191) * BC-14790 : Ability to Enable / Disable service like on the console for resource service (#190) * add ability to create registered domain and validate it. (#192) * add a unit test case for registered domain with import state true (#194) --------- Co-authored-by: rohitSangamnerkar <148537411+rohitSangamnerkar@users.noreply.github.com> Co-authored-by: sparsh-arora-josh <sparsh.arora@joshsoftware.com> Co-authored-by: Suhaan-Bhandary-Josh <suhaan.bhandary@joshsoftware.com> Co-authored-by: Suhaan-Bhandary <suhaanbhandary1@gmail.com> Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: Omkesh Sajjanwar (Josh) <121938354+OmkeshJosh@users.noreply.github.com>
banyansecurity · Nov 18, 2024 · 06c01fa · 06c01fa
1 parent 8e1606e
commit 06c01fa
Show file tree

Hide file tree

Showing 11 changed files with 765 additions and 17 deletions.
diff --git a/banyan/provider.go b/banyan/provider.go
@@ -28,23 +28,25 @@ func Provider() *schema.Provider {
 			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
-			"banyan_service_ssh":      resourceServiceSsh(),
-			"banyan_service_rdp":      resourceServiceRdp(),
-			"banyan_service_tcp":      resourceServiceTcp(),
-			"banyan_service_k8s":      resourceServiceK8s(),
-			"banyan_service_db":       resourceServiceDb(),
-			"banyan_service_web":      resourceServiceWeb(),
-			"banyan_service_tunnel":   resourceServiceTunnel(),
-			"banyan_policy_web":       resourcePolicyWeb(),
-			"banyan_policy_infra":     resourcePolicyInfra(),
-			"banyan_policy_tunnel":    resourcePolicyTunnel(),
-			"banyan_role":             resourceRole(),
-			"banyan_api_key":          resourceApiKey(),
-			"banyan_connector":        resourceConnector(),
-			"banyan_accesstier":       resourceAccessTier(),
-			"banyan_accesstier_group": resourceAccessTierGroup(),
-			"banyan_scim":             resourceSCIM(),
-			"banyan_app_config":       resourceAppConfig(),
+			"banyan_service_ssh":                resourceServiceSsh(),
+			"banyan_service_rdp":                resourceServiceRdp(),
+			"banyan_service_tcp":                resourceServiceTcp(),
+			"banyan_service_k8s":                resourceServiceK8s(),
+			"banyan_service_db":                 resourceServiceDb(),
+			"banyan_service_web":                resourceServiceWeb(),
+			"banyan_service_tunnel":             resourceServiceTunnel(),
+			"banyan_policy_web":                 resourcePolicyWeb(),
+			"banyan_policy_infra":               resourcePolicyInfra(),
+			"banyan_policy_tunnel":              resourcePolicyTunnel(),
+			"banyan_role":                       resourceRole(),
+			"banyan_api_key":                    resourceApiKey(),
+			"banyan_connector":                  resourceConnector(),
+			"banyan_accesstier":                 resourceAccessTier(),
+			"banyan_accesstier_group":           resourceAccessTierGroup(),
+			"banyan_scim":                       resourceSCIM(),
+			"banyan_app_config":                 resourceAppConfig(),
+			"banyan_registered_domain":          resourceRegisteredDomain(),
+			"banyan_validate_registered_domain": resourceValidateRegisteredDomain(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
 			"banyan_oidc_settings": dataSourceOidcSettings(),

diff --git a/banyan/resource_registered_domain.go b/banyan/resource_registered_domain.go
@@ -0,0 +1,255 @@
+package banyan
+
+import (
+	"context"
+	"net"
+	"strings"
+
+	"github.com/banyansecurity/terraform-banyan-provider/client"
+	"github.com/banyansecurity/terraform-banyan-provider/client/registereddomain"
+	"github.com/banyansecurity/terraform-banyan-provider/constants"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func resourceRegisteredDomain() *schema.Resource {
+	return &schema.Resource{
+		Description:   "Registered domain resource allows for configuration of the registered domain API object",
+		CreateContext: resourceRegisteredDomainCreate,
+		ReadContext:   resourceRegisteredDomainRead,
+		DeleteContext: resourceRegisteredDomainDelete,
+		Schema:        RegisteredDomainSchema(),
+		Importer: &schema.ResourceImporter{
+			StateContext: schema.ImportStatePassthroughContext,
+		},
+	}
+}
+
+func RegisteredDomainSchema() map[string]*schema.Schema {
+	s := map[string]*schema.Schema{
+		"id": {
+			Type:        schema.TypeString,
+			Computed:    true,
+			Description: "Unique ID for a registered domain",
+			ForceNew:    true,
+		},
+		"name": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "Name of the registered domain",
+			ForceNew:    true,
+		},
+		"cluster": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "cluster name used to identify if cluster type is private edge or global edge",
+			ForceNew:    true,
+		},
+		"cname": {
+			Type:        schema.TypeString,
+			Required:    true,
+			Description: "CNAME of the access-tier",
+			ForceNew:    true,
+		},
+		"description": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "description of registered domain",
+			Default:     "",
+			ForceNew:    true,
+		},
+		"dns_setting": {
+			Type:        schema.TypeList,
+			Computed:    true, // read only user cannot specify custom values. 
+			Description: "List of dns settings required for registered domain",
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+					"type": {
+						Type:        schema.TypeString,
+						Computed:    true,
+						Description: "type of DNS setting ex: CNAME , A or TXT",
+					},
+					"name": {
+						Type:        schema.TypeString,
+						Computed:    true,
+						Description: "name of DNS setting ",
+					},
+					"value": {
+						Type:        schema.TypeString,
+						Computed:    true,
+						Description: "value of the dns setting",
+					},
+				},
+			},
+		},
+	}
+
+	return s
+}
+
+func resourceRegisteredDomainCreate(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostic diag.Diagnostics) {
+
+	c := m.(*client.Holder)
+
+	rdReqBody := rdFromState(d)
+
+	// if org is global edge create domain challenge first
+	if rdReqBody.ClusterName == constants.GlobalEdgeCluster {
+
+		challengeID, err := c.RegisteredDomain.CreateRDChallenge(registereddomain.RegisteredDomainChallengeRequest{
+			RegisteredDomainName: rdReqBody.Name,
+		})
+		if err != nil {
+			return
+		}
+
+		rdReqBody.RegisteredDomainChallengeID = &challengeID
+	}
+
+	rd, err := c.RegisteredDomain.Create(rdReqBody)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	dnsSettings, err := flattenDnsSettings(d, c, rd)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("dns_setting", dnsSettings)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId(rd.ID)
+
+	return
+}
+
+func rdFromState(d *schema.ResourceData) registereddomain.RegisteredDomainRequest {
+
+	return registereddomain.RegisteredDomainRequest{
+		RegisteredDomainInfo: registereddomain.RegisteredDomainInfo{
+			Name:        d.Get("name").(string),
+			ClusterName: d.Get("cluster").(string),
+			Cname:       d.Get("cname").(string),
+			Description: d.Get("description").(string),
+		},
+	}
+
+}
+
+func resourceRegisteredDomainRead(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostic diag.Diagnostics) {
+
+	id := d.Get("id").(string)
+	c := m.(*client.Holder)
+	resp, err := c.RegisteredDomain.Get(id)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("name", resp.Name)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("cluster", resp.ClusterName)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("cname", resp.Cname)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("description", resp.Description)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	dnsSettings, err := flattenDnsSettings(d, c, resp)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	err = d.Set("dns_setting", dnsSettings)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	return
+}
+
+func resourceRegisteredDomainDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diagnostic diag.Diagnostics) {
+
+	id := d.Get("id").(string)
+	c := m.(*client.Holder)
+
+	err := c.RegisteredDomain.Delete(id)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.SetId("")
+
+	return
+}
+
+func flattenDnsSettings(d *schema.ResourceData, c *client.Holder, resp registereddomain.RegisteredDomainInfo) (dnsSettings []interface{}, err error) {
+
+	// cname acme is only created for wildcard domains
+	if strings.HasPrefix(resp.Name, "*.") {
+
+		dnsSetting := map[string]interface{}{
+			"type":  "CNAME",
+			"name":  resp.DomainName,
+			"value": resp.ACME_cname,
+		}
+
+		dnsSettings = append(dnsSettings, dnsSetting)
+	}
+
+	// challenge is only created for global edge network.
+	if resp.ClusterName == constants.GlobalEdgeCluster {
+
+		var challengeInfo registereddomain.RegisteredDomainChallengeInfo
+		challengeInfo, err = c.RegisteredDomain.GetRDChallenge(*resp.RegisteredDomainChallengeID)
+		if err != nil {
+			return
+		}
+
+		dnsSetting := map[string]interface{}{
+			"type":  "TXT",
+			"name":  challengeInfo.Label,
+			"value": challengeInfo.Value,
+		}
+
+		dnsSettings = append(dnsSettings, dnsSetting)
+
+	}
+
+	dnsSetting := map[string]interface{}{
+		"name":  resp.Name,
+		"value": resp.Cname,
+	}
+
+	// if cname has ip value then need to create A type of dns setting else CNAME type
+	if isIPv4Address(resp.Cname) {
+		dnsSetting["type"] = "A"
+	} else {
+		dnsSetting["type"] = "CNAME"
+	}
+
+	dnsSettings = append(dnsSettings, dnsSetting)
+
+	return
+}
+
+func isIPv4Address(ip string) bool {
+	// Parse the IP address
+	parsedIP := net.ParseIP(ip)
+
+	// Check if it's a valid IPv4 address and not empty
+	return parsedIP != nil && strings.Contains(ip, ".") && parsedIP.To4() != nil
+}
diff --git a/banyan/resource_registered_domain_test.go b/banyan/resource_registered_domain_test.go
@@ -0,0 +1,88 @@
+package banyan
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccRegisteredDomain_basic(t *testing.T) {
+
+	rName := fmt.Sprintf("tf-acc-%s.bnntest.com", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		Providers:    testAccProviders,
+		CheckDestroy: nil,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccRD_basic_create(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_registered_domain.example", "name", rName),
+				),
+			},
+		},
+	})
+}
+
+func testAccRD_basic_create(name string) string {
+	return fmt.Sprintf(`
+resource "banyan_registered_domain" "example" {
+	name        = "%s"
+	cluster     = "global-edge"
+	cname       = "gke-usw1-at01.infra.bnntest.com"
+	description = "test me new"
+}
+`, name)
+}
+
+func TestAccRegisteredDomain(t *testing.T) {
+
+	rName := fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		Providers:    testAccProviders,
+		CheckDestroy: nil,
+		Steps: []resource.TestStep{
+			// Creates the registered domain with the given terraform configuration and asserts that the registered is created
+			{
+				Config: fmt.Sprintf(`
+
+					resource "banyan_registered_domain" "example" {
+						name        = "%s"
+						cluster     = "global-edge"
+						cname       = "gke-usw1-at01.infra.bnntest.com"
+						description = "unit test of registered domain"
+					}
+					`, rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_registered_domain.example", "name", rName),
+				),
+			},
+			{
+				ResourceName:      "banyan_registered_domain.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: fmt.Sprintf(`
+
+					resource "banyan_registered_domain" "example" {
+						name        = "%s"
+						cluster     = "cluster1"
+						cname       = "gke-usw1-at01.infra.bnntest.com"
+					}
+					`, rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_registered_domain.example", "name", rName),
+				),
+			},
+			{
+				ResourceName:      "banyan_registered_domain.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}