banyansecurity · nareshkakubal · Oct 21, 2024 · Apr 24, 2024 · Apr 24, 2024 · Apr 24, 2024
diff --git a/banyan/resource_accesstier.go b/banyan/resource_accesstier.go
@@ -293,6 +293,11 @@ func AccessTierSchema() map[string]*schema.Schema {
 			Optional:    true,
 			Description: "Timeout value for service discovery batch processing",
 		},
+		"description": {
+			Type:        schema.TypeString,
+			Optional:    true,
+			Description: "description of an access tier",
+		},
 	}
 	return s
 }
@@ -383,6 +388,12 @@ func resourceAccessTierRead(ctx context.Context, d *schema.ResourceData, m inter
 	if err != nil {
 		return diag.FromErr(err)
 	}
+
+	err = d.Set("description", at.Description)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
 	err = flattenTunnelConfigSatellite(d, &at)
 	if err != nil {
 		return diag.FromErr(err)
@@ -431,6 +442,7 @@ func atFromState(d *schema.ResourceData, clusterName string) (accessTier accesst
 		DisableSnat:     d.Get("disable_snat").(bool),
 		SrcNATCIDRRange: d.Get("src_nat_cidr_range").(string),
 		ApiKeyId:        d.Get("api_key_id").(string),
+		Description:     d.Get("description").(string),
 	}
 	return at
 }

diff --git a/banyan/resource_connector.go b/banyan/resource_connector.go
@@ -78,6 +78,11 @@ func resourceConnector() *schema.Resource {
 				Optional:    true,
 				Description: "The method used for the deployment of the satellite.",
 			},
+			"description": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "description of connector",
+			},
 		},
 	}
 }
@@ -95,6 +100,7 @@ func connectorFromState(d *schema.ResourceData) (info satellite.Info) {
 		Metadata: satellite.Metadata{
 			Name:        d.Get("name").(string),
 			DisplayName: d.Get("name").(string),
+			Description: d.Get("description").(string),
 		},
 		Spec: satellite.Spec{
 			APIKeyID: d.Get("api_key_id").(string),
@@ -154,6 +160,11 @@ func resourceConnectorRead(ctx context.Context, d *schema.ResourceData, m interf
 	if err != nil {
 		return diag.FromErr(err)
 	}
+
+	err = d.Set("description", sat.Description)
+	if err != nil {
+		return diag.FromErr(err)
+	}
 	return
 }
 

diff --git a/banyan/resource_service_db.go b/banyan/resource_service_db.go
@@ -211,6 +211,12 @@ func DbSchema() map[string]*schema.Schema {
 			Default:     true,
 			Description: "Allow the end user to override the backend_port for this service",
 		},
+		"policy_enforcing": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "mode in which policy should be. If this is true policy is in enforcing mode else policy is in Permissive mode",
+		},
 	}
 }
 

diff --git a/banyan/resource_service_k8s.go b/banyan/resource_service_k8s.go
@@ -142,6 +142,12 @@ func K8sSchema() map[string]*schema.Schema {
 			Default:     true,
 			Description: "Allow the end user to override the backend_port for this service",
 		},
+		"policy_enforcing": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "mode in which policy should be. If this is true policy is in enforcing mode else policy is in Permissive mode",
+		},
 	}
 }
 

diff --git a/banyan/resource_service_k8s_test.go b/banyan/resource_service_k8s_test.go
@@ -53,6 +53,7 @@ func TestAccService_k8s(t *testing.T) {
 					  client_kube_cluster_name = "k8s-cluster"
 					  client_kube_ca_key = "k8scAk3yH3re"
 					  client_banyanproxy_listen_port = "9119"
+					  policy_enforcing = false
 					}
 					`, rName, rName, rName),
 				Check: resource.ComposeTestCheckFunc(
@@ -67,3 +68,106 @@ func TestAccService_k8s(t *testing.T) {
 		},
 	})
 }
+
+func TestAccK8Service_basic(t *testing.T) {
+
+	rName := fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		Providers:    testAccProviders,
+		CheckDestroy: nil,
+		Steps: []resource.TestStep{
+			//test case with policy enforce
+			{
+				Config: fmt.Sprintf(`
+					resource "banyan_api_key" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						scope             = "access_tier"
+					}
+
+					resource banyan_accesstier "example" {
+						name = "%s"
+						address = "*.example.com"
+						api_key_id = banyan_api_key.example.id
+					}
+
+					resource "banyan_policy_infra" "example" {
+						name        = "%s"
+						description = "some tunnel policy description"
+						access {
+							roles       = ["ANY"]
+							trust_level = "High"
+						}
+					}
+
+					resource "banyan_service_k8s" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						access_tier 	  = banyan_accesstier.example.name
+						domain            = "test-k8s.corp.com"
+						policy            = banyan_policy_infra.example.id
+						policy_enforcing  = false
+						backend_dns_override_for_domain = "test-k8s.service"
+						client_kube_cluster_name = "k8s-cluster"
+						client_kube_ca_key = "k8scAk3yH3re"
+						client_banyanproxy_listen_port = "9119"
+					}
+					`, rName, rName, rName, rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_service_k8s.example", "name", rName),
+				),
+			},
+			{
+				ResourceName:      "banyan_service_k8s.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// test case without policy enforcing
+			{
+				Config: fmt.Sprintf(`
+					resource "banyan_api_key" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						scope             = "access_tier"
+					}
+
+					resource banyan_accesstier "example" {
+						name = "%s"
+						address = "*.example.com"
+						api_key_id = banyan_api_key.example.id
+					}
+
+					resource "banyan_policy_infra" "example" {
+						name        = "%s"
+						description = "some tunnel policy description"
+						access {
+							roles       = ["ANY"]
+							trust_level = "High"
+						}
+					}
+
+					resource "banyan_service_k8s" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						access_tier 	  = banyan_accesstier.example.name
+						domain            = "test-k8s.corp.com"
+						policy            = banyan_policy_infra.example.id
+						backend_dns_override_for_domain = "test-k8s.service"
+						client_kube_cluster_name = "k8s-cluster"
+						client_kube_ca_key = "k8scAk3yH3re"
+						client_banyanproxy_listen_port = "9119"
+					}
+					`, rName, rName, rName, rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_service_k8s.example", "name", rName),
+				),
+			},
+			{
+				ResourceName:      "banyan_service_k8s.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
diff --git a/banyan/resource_service_rdp.go b/banyan/resource_service_rdp.go
@@ -211,6 +211,12 @@ func RdpSchema() map[string]*schema.Schema {
 			},
 			Description: "allow admin to add custom rdp settings which app will add in rdp file",
 		},
+		"policy_enforcing": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "mode in which policy should be. If this is true policy is in enforcing mode else policy is in Permissive mode",
+		},
 	}
 }
 

diff --git a/banyan/resource_service_rdp_test.go b/banyan/resource_service_rdp_test.go
@@ -114,6 +114,7 @@ resource "banyan_service_rdp" "example" {
   backend_domain = "%s-rdp.internal"
   backend_port   = 3389
   rdp_settings   = ["devicestoredirect:s:*"]
+  policy_enforcing = false
 }
 `, name, name, name)
 }
@@ -243,6 +244,7 @@ resource "banyan_service_rdp" "example_without_rdp" {
   domain         = "%s-rdp.corp.com"
   backend_domain = "%s-rdp.internal"
   backend_port   = 3389
+  policy_enforcing = false
 }
 `, name, name, name)
 }
@@ -361,3 +363,101 @@ func testAccService_infra_rdp_create_without_rdp_settings_json(name string) stri
 }
 `, name, name, name, name, name)
 }
+
+func TestAccRDPService_basic(t *testing.T) {
+
+	rName := fmt.Sprintf("tf-acc-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
+
+	resource.Test(t, resource.TestCase{
+		Providers:    testAccProviders,
+		CheckDestroy: nil,
+		Steps: []resource.TestStep{
+			//test case with policy enforce
+			{
+				Config: fmt.Sprintf(`
+					resource "banyan_api_key" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						scope             = "access_tier"
+					}
+
+					resource banyan_accesstier "example" {
+						name = "%s"
+						address = "*.example.com"
+						api_key_id = banyan_api_key.example.id
+					}
+
+					resource "banyan_policy_infra" "example" {
+						name        = "%s"
+						description = "some tunnel policy description"
+						access {
+							roles       = ["ANY"]
+							trust_level = "High"
+						}
+					}
+
+					resource "banyan_service_rdp" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						access_tier 	  = banyan_accesstier.example.name
+						domain            = "test-k8s.corp.com"
+						policy            = banyan_policy_infra.example.id
+                        backend_domain    = "10.1.34.54"
+                        backend_port      = 3389
+					}
+					`, rName, rName, rName, rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_service_rdp.example", "name", rName),
+				),
+			},
+			{
+				ResourceName:      "banyan_service_rdp.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// test case without policy enforcing
+			{
+				Config: fmt.Sprintf(`
+					resource "banyan_api_key" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						scope             = "access_tier"
+					}
+
+					resource banyan_accesstier "example" {
+						name = "%s"
+						address = "*.example.com"
+						api_key_id = banyan_api_key.example.id
+					}
+
+					resource "banyan_policy_infra" "example" {
+						name        = "%s"
+						description = "some tunnel policy description"
+						access {
+							roles       = ["ANY"]
+							trust_level = "High"
+						}
+					}
+
+					resource "banyan_service_rdp" "example" {
+						name              = "%s"
+						description       = "realdescription"
+						access_tier 	  = banyan_accesstier.example.name
+						domain            = "test-k8s.corp.com"
+						policy            = banyan_policy_infra.example.id
+                        backend_domain    = "10.1.34.54"
+                        backend_port      = 3389
+					}
+					`, rName, rName, rName, rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("banyan_service_rdp.example", "name", rName),
+				),
+			},
+			{
+				ResourceName:      "banyan_service_rdp.example",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
diff --git a/banyan/resource_service_ssh.go b/banyan/resource_service_ssh.go
@@ -152,6 +152,12 @@ func SshSchema() map[string]*schema.Schema {
 			Optional:    true,
 			Default:     false,
 		},
+		"policy_enforcing": {
+			Type:        schema.TypeBool,
+			Optional:    true,
+			Default:     true,
+			Description: "mode in which policy should be. If this is true policy is in enforcing mode else policy is in Permissive mode",
+		},
 		"allow_patterns": {
 			Type:     schema.TypeSet,
 			MaxItems: 1,