Added contract filter entry changes

anvitha-jain · lhercot · commit cfe66027466b · 2021-06-25T23:16:05.000-07:00
diff --git a/examples/aci_test/main.tf b/examples/aci_test/main.tf
@@ -73,7 +73,7 @@ resource "aci_contract" "contract_epg1_epg2" {
 resource "aci_contract_subject" "Web_subject1" {
   contract_dn                  = aci_contract.contract_epg1_epg2.id
   name                         = "Subject"
-  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.name, aci_filter.allow_icmp.name]
+  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id, aci_filter.allow_icmp.id]
 }
 
 resource "aci_filter" "allow_https" {
diff --git a/examples/aci_vmm/aci_resources/main.tf b/examples/aci_vmm/aci_resources/main.tf
@@ -68,7 +68,7 @@ resource "aci_contract" "contract_epg1_epg2" {
 resource "aci_contract_subject" "Web_subject1" {
   contract_dn                  = aci_contract.contract_epg1_epg2.id
   name                         = "Subject"
-  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.name,aci_filter.allow_icmp.name]
+  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id,aci_filter.allow_icmp.id]
 }
 
 resource "aci_filter" "allow_https" {
diff --git a/examples/cloud_apic/main.tf b/examples/cloud_apic/main.tf
@@ -53,7 +53,7 @@ resource "aci_contract" "contract_epg1_epg2" {
 resource "aci_contract_subject" "Web_subject1" {
   contract_dn                  = aci_contract.contract_epg1_epg2.id
   name                         = "Subject"
-  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.name, aci_filter.allow_icmp.name]
+  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id, aci_filter.allow_icmp.id]
 }
 
 resource "aci_filter" "allow_https" {
diff --git a/examples/contract/contract.tf b/examples/contract/contract.tf
@@ -3,12 +3,25 @@ resource "aci_tenant" "tenant_for_contract" {
   description = "This tenant is created by terraform ACI provider"
 }
 
-resource "aci_contract" "democontract" {
+resource "aci_l4_l7_service_graph_template" "rest_abs_graph" {
+  tenant_dn                         = aci_tenant.tenant_for_contract.id
+  name                              = "testgraph"
+}
+
+// Creating a contract
+resource "aci_contract" "web_contract" {
   tenant_dn                = aci_tenant.tenant_for_contract.id
   name                     = "test_tf_contract"
   description              = "This contract is created by terraform ACI provider"
   scope                    = "context"
   target_dscp              = "VA"
   prio                     = "unspecified"
-  relation_vz_rs_graph_att = aci_rest.rest_abs_graph.id # Relation to vnsAbsGraph class. Cardinality - N_TO_ONE
 }
+
+// Creating contract subject to connect contract to filters and filter entries in filter.tf file
+resource "aci_contract_subject" "web_subject" {
+  contract_dn                  = aci_contract.web_contract.id
+  name                         = "Subject"
+  relation_vz_rs_subj_graph_att = aci_l4_l7_service_graph_template.rest_abs_graph.id
+  relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id,aci_filter.allow_icmp.id]
+}
diff --git a/examples/contract/filter.tf b/examples/contract/filter.tf
@@ -0,0 +1,28 @@
+// Add below filter and filter entries to contract web_contract in contract.tf file
+
+resource "aci_filter" "allow_https" {
+  tenant_dn = aci_tenant.tenant_for_contract.id
+  name      = "allow_https"
+}
+resource "aci_filter" "allow_icmp" {
+  tenant_dn = aci_tenant.tenant_for_contract.id
+  name      = "allow_icmp"
+}
+
+resource "aci_filter_entry" "https" {
+  name        = "https"
+  filter_dn   = aci_filter.allow_https.id
+  ether_t     = "ip"
+  prot        = "tcp"
+  d_from_port = "https"
+  d_to_port   = "https"
+  stateful    = "yes"
+}
+
+resource "aci_filter_entry" "icmp" {
+  name        = "icmp"
+  filter_dn   = aci_filter.allow_icmp.id
+  ether_t     = "ip"
+  prot        = "icmp"
+  stateful    = "yes"
+}
diff --git a/examples/contract/main.tf b/examples/contract/main.tf
@@ -7,17 +7,8 @@ terraform {
 }
 
 provider "aci" {
-  username = ""
-  password = ""
-  url      = ""
+  username = "" # <APIC username>
+  password = "" # <APIC pwd>
+  url      = "" # <cloud APIC URL>
   insecure = true
 }
-
-# provider "aci" {
-#   username    = ""
-#   private_key = ""
-#   cert_name   = ""
-#   url         = ""
-#   insecure    = true
-# }
-
diff --git a/examples/contract/rest.tf b/examples/contract/rest.tf
diff --git a/examples/epg/contract.tf b/examples/epg/contract.tf
@@ -37,3 +37,15 @@ resource "aci_contract" "intra_epg_contract" {
   prio                     = "unspecified"
   relation_vz_rs_graph_att = aci_l4_l7_service_graph_template.rest_abs_graph.id
 }
+
+// Taboo Contract
+resource "aci_taboo_contract" "rest_taboo_con" {
+  tenant_dn = aci_tenant.tenant_for_epg.id
+  name = "testcon"
+}
+
+// Imported Contract
+resource "aci_imported_contract" "rest_vz_cons_if" {
+  tenant_dn = aci_tenant.tenant_for_epg.id
+  name       = "testcontract"
+}
diff --git a/examples/epg/epg.tf b/examples/epg/epg.tf
@@ -16,6 +16,12 @@ resource "aci_application_epg" "inherit_epg" {
 
 }
 
+// Creation of Monitoring policy
+resource "aci_monitoring_policy" "rest_mon_epg_pol" {
+  tenant_dn = aci_tenant.tenant_for_epg.id
+  name = "testpol"
+}
+
 resource "aci_application_epg" "demoepg" {
   application_profile_dn       = aci_application_profile.app_profile_for_epg.id
   name                         = "tf_test_epg"
@@ -27,15 +33,15 @@ resource "aci_application_epg" "demoepg" {
   pc_enf_pref                  = "unenforced"
   pref_gr_memb                 = "exclude"
   prio                         = "unspecified"
-  relation_fv_rs_bd            = aci_bridge_domain.bd_for_rel.id      # Relation to fvBD class. Cardinality - N_TO_ONE.
-  relation_fv_rs_cust_qos_pol  = aci_rest.rest_qos_custom_pol.id      # Relation to qosCustomPol class. Cardinality - N_TO_ONE.
-  relation_fv_rs_prov          = [aci_contract.rs_prov_contract.id]   # Relation to vzBrCP class. Cardinality - N_TO_M.
-  relation_fv_rs_cons_if       = [aci_rest.rest_vz_cons_if.id]        # Relation to vzCPIf class. Cardinality - N_TO_M.
-  relation_fv_rs_sec_inherited = [aci_application_epg.inherit_epg.id] # Relation to fvEPg class. Cardinality - N_TO_M.
-  relation_fv_rs_dpp_pol       = aci_rest.rest_qos_dpp_pol.id         # Relation to qosDppPol class. Cardinality - N_TO_ONE.ye
-  relation_fv_rs_cons          = [aci_contract.rs_cons_contract.id]   # Relation to vzBrCP class. Cardinality - N_TO_M.
-  relation_fv_rs_trust_ctrl    = aci_rest.rest_trust_ctrl_pol.id      # Relation to fhsTrustCtrlPol class. Cardinality - N_TO_ONE.
-  relation_fv_rs_prot_by       = [aci_rest.rest_taboo_con.id]         # Relation to vzTaboo class. Cardinality - N_TO_M.
-  relation_fv_rs_aepg_mon_pol = aci_rest.rest_mon_epg_pol.id         # Relation to monEPGPol class. Cardinality - N_TO_ONE.
-  relation_fv_rs_intra_epg     = [aci_contract.intra_epg_contract.id] # Relation to vzBrCP class. Cardinality - N_TO_M.
+  relation_fv_rs_bd            = aci_bridge_domain.bd_for_rel.id      # Relation to Bridge Domain
+  relation_fv_rs_cust_qos_pol  = aci_rest.rest_qos_custom_pol.id      # Relation to Custom Quality of Service - QoS traffic policy
+  relation_fv_rs_prov          = [aci_contract.rs_prov_contract.id]   # Relation to Provided Contract
+  relation_fv_rs_cons_if       = [aci_imported_contract.rest_vz_cons_if.id]        # Relation to Imported Contract
+  relation_fv_rs_sec_inherited = [aci_application_epg.inherit_epg.id] # Relation to inherit security configuration from another EPG
+  relation_fv_rs_dpp_pol       = aci_rest.rest_qos_dpp_pol.id         # Relation to Data Plane Policing
+  relation_fv_rs_cons          = [aci_contract.rs_cons_contract.id]   # Relation to Consumed Contract
+  relation_fv_rs_trust_ctrl    = aci_rest.rest_trust_ctrl_pol.id      # Relation to First Hop Security trust control
+  relation_fv_rs_prot_by       = [aci_taboo_contract.rest_taboo_con.id]         # Relation to vzTaboo Taboo Contract
+  relation_fv_rs_aepg_mon_pol  = aci_monitoring_policy.rest_mon_epg_pol.id          # Relation to Monitoring policy
+  relation_fv_rs_intra_epg     = [aci_contract.intra_epg_contract.id] # Relation to Intra EPG Contract
 }
diff --git a/examples/epg/main.tf b/examples/epg/main.tf
@@ -12,12 +12,3 @@ provider "aci" {
   url      = "" # <cloud APIC URL>
   insecure = true
 }
-
-# provider "aci" {
-#   username    = ""
-#   private_key = ""
-#   cert_name   = ""
-#   url         = ""
-#   insecure    = true
-# }
-
diff --git a/examples/epg/rest.tf b/examples/epg/rest.tf
@@ -7,31 +7,6 @@ resource "aci_rest" "rest_qos_custom_pol" {
   }
 }
 
-resource "aci_rest" "rest_infra_domp" {
-  path       = "api/node/mo/uni/fc-test.json"
-  class_name = "fcDomP"
-
-  content = {
-    "name" = "test"
-  }
-}
-resource "aci_rest" "rest_mon_epg_pol" {
-  path       = "api/node/mo/${aci_tenant.tenant_for_epg.id}/monepg-testpol.json"
-  class_name = "monEPGPol"
-
-  content = {
-    "name" = "testpol"
-  }
-}
-
-resource "aci_rest" "rest_vz_cons_if" {
-  path       = "api/node/mo/${aci_tenant.tenant_for_epg.id}/cif-testcontract.json"
-  class_name = "vzCPIf"
-
-  content = {
-    "name" = "testcontract"
-  }
-}
 resource "aci_rest" "rest_qos_dpp_pol" {
   path       = "api/node/mo/${aci_tenant.tenant_for_epg.id}/qosdpppol-testqospol.json"
   class_name = "qosDppPol"
@@ -48,11 +23,3 @@ resource "aci_rest" "rest_trust_ctrl_pol" {
     "name" = "testtrustpol"
   }
 }
-resource "aci_rest" "rest_taboo_con" {
-  path       = "api/node/mo/${aci_tenant.tenant_for_epg.id}/taboo-testcon.json"
-  class_name = "vzTaboo"
-
-  content = {
-    "name" = "testcon"
-  }
-}
diff --git a/examples/filter_entry/entry.tf b/examples/filter_entry/entry.tf
diff --git a/examples/filter_entry/main.tf b/examples/filter_entry/main.tf
diff --git a/website/docs/r/application_epg.html.markdown b/website/docs/r/application_epg.html.markdown
@@ -48,16 +48,16 @@ Manages ACI Application EPG
 
 * `relation_fv_rs_bd` - (Required) Relation to Bridge domain associated with EPG (Point to class fvBD). Cardinality - N_TO_ONE. Type - String.
 
-* `relation_fv_rs_cust_qos_pol` - (Optional) Relation to custom Quality of Service traffic policy name (Point to class qosCustomPol). Cardinality - N_TO_ONE. Type - String.
+* `relation_fv_rs_cust_qos_pol` - (Optional) Relation to Custom Quality of Service traffic policy name (Point to class qosCustomPol). Cardinality - N_TO_ONE. Type - String.
 <!-- tenant -> policies -> protocol -> Custom QoS -->
 
-* `relation_fv_rs_fc_path_att` - (Optional) Relation to Fibre Channel (Paths)(Point to class fabricPathEp). Cardinality - N_TO_M. Type - Set of String.
+* `relation_fv_rs_fc_path_att` - (Optional) Relation to Fibre Channel (Paths) (Point to class fabricPathEp). Cardinality - N_TO_M. Type - Set of String.
 
 * `relation_fv_rs_prov` - (Optional) Relation to Provided Contract (Point to class vzBrCP). Cardinality - N_TO_M. Type - Set of String.
 
 * `relation_fv_rs_cons_if` - (Optional) Relation to Imported Contract (Point to class vzCPIf). Cardinality - N_TO_M. Type - Set of String.
 
-* `relation_fv_rs_sec_inherited` - (Optional) Relation represents that the EPG is inheriting security configuration from another EPG (Point to class fvEPg). Cardinality - N_TO_M. Type - Set of String.
+* `relation_fv_rs_sec_inherited` - (Optional) Relation represents that the EPG is inheriting security configuration from other EPGs (Point to class fvEPg). Cardinality - N_TO_M. Type - Set of String.
 
 * `relation_fv_rs_node_att` - (Optional) Relation used to define a Static Leaf binding (Point to class fabricNode). Cardinality - N_TO_M. Type - Set of String.
 <!-- tenant -> Application Profile -> EPG ->Static Leaf -->
diff --git a/website/docs/r/contract.html.markdown b/website/docs/r/contract.html.markdown
@@ -21,33 +21,6 @@ Manages ACI Contract
 		prio        = "level1"
 		scope       = "tenant"
 		target_dscp = "unspecified"
-		filter {
-  			annotation  = "tag_filter"
-  			description = "first filter from contract resource"
-  			filter_entry {
-    				entry_description   = "hello world"
-	  			filter_entry_name   = "check_entry3"
-    				d_from_port 	    = "http"
-    				ether_t       	    = "ipv4"
-    				prot 		    = "tcp"  
-  			}
-  			filter_entry {
-    				entry_description   = "world"
-	  			filter_entry_name   = "check_entry1"
-    				d_from_port 	    = "443"
-    				ether_t       	    = "ipv4"
-    				prot 		    = "tcp"  
-  			}
-  			filter_name  = "abcd"
-  			name_alias   = "abcd"
-		}
-		filter {
-  			filter_name = "example2"
-  			description = "second filter from contract resource"
-  			annotation = "tag_filter"
-  			name_alias = "example2"
-		}
-
 	}
 ```
 ## Argument Reference ##
@@ -58,46 +31,18 @@ Manages ACI Contract
 * `prio` - (Optional) priority level of the service contract.  Allowed values are "unspecified", "level1", "level2", "level3", "level4", "level5" and "level6". Default is "unspecified".
 * `scope` - (Optional)  Represents the scope of this contract. If the scope is set as application-profile, the epg can only communicate with epgs in the same application-profile. Allowed values are "global", "tenant", "application-profile" and "context". Default is "context".
 
-* `target_dscp` - (Optional) The target differentiated services code point (DSCP) of the path attached to the layer 3 outside profile. Allowed values are "CS0", "CS1", "AF11",	"AF12",	"AF13",	"CS2",	"AF21",	"AF22",	"AF23",	"CS3",	"AF31",	"AF32",	"AF33",	"CS4",	"AF41",	"AF42",	"AF43",	"CS5",	"VA",	"EF",	"CS6",	"CS7"	and "unspecified". Default is "unspecified".	
-
-* `relation_vz_rs_graph_att` - (Optional) Relation to class vnsAbsGraph. Cardinality - N_TO_ONE. Type - String.
-                
+* `target_dscp` - (Optional) The target differentiated services code point (DSCP) of the path attached to the layer 3 outside profile. Allowed values are "CS0", "CS1", "AF11",	"AF12",	"AF13",	"CS2",	"AF21",	"AF22",	"AF23",	"CS3",	"AF31",	"AF32",	"AF33",	"CS4",	"AF41",	"AF42",	"AF43",	"CS5",	"VA",	"EF",	"CS6",	"CS7"	and "unspecified". Default is "unspecified".
 
 * `filter` - (Optional) to manage filters from the contract resource. It has the attributes like filter_name, annotation, description and name_alias.
 * `filter.filter_name` - (Required) Name of the filter object.
 * `filter.description` - (Optional) Description for the filter object.
 * `filter.annotation` - (Optional) Annotation for filter object.
 * `filter.name_alias` - (Optional) Name alias for filter object.
 
-* `filter.filter_entry` - (Optional) to manage filter entries for particular filter from the contract resource. It has following attributes.
-* `filter.filter_entry.filter_entry_name` - (Required) name of Object filter_entry.
-* `filter.filterentry.entry_annotation` - (Optional) annotation for object filter_entry.
-* `filter.filter_entry.entry_description` - (Optional) Description for the filter entry.
-* `filter.filter_entry.apply_to_frag` - (Optional) Flag to determine whether to apply changes to fragment. Allowed values are "yes" and "no". Default is "no".
-* `filter.filter_entry.arp_opc` - (Optional) open peripheral codes. Allowed values are "unspecified", "req" and "reply". Default is "unspecified".
-* `filter.filter_entry.d_from_port` - (Optional) Destination From Port. Accepted values are any valid TCP/UDP port range. Default is "unspecified".
-Allowed values: "unspecified", "ftpData", "smtp", "dns", "http","pop3", "https", "rtsp"
-* `filter.filter_entry.d_to_port` - (Optional) Destination To Port. Accepted values are any valid TCP/UDP port range. Default is "unspecified".
-Allowed values: "unspecified", "ftpData", "smtp", "dns", "http","pop3", "https", "rtsp"
-* `filter.filter_entry.ether_t` - (Optional) ether type for the entry. Allowed values are "unspecified", "ipv4", "trill", "arp", "ipv6", "mpls_ucast", "mac_security", "fcoe" and "ip". Default is "unspecified".
-* `filter.filter_entry.icmpv4_t` - (Optional) ICMPv4 message type; used when ip_protocol is icmp. Allowed values are "echo-rep", "dst-unreach", "src-quench", "echo", "time-exceeded" and "unspecified". Default is "unspecified".
-* `filter.filter_entry.icmpv6_t` - (Optional) ICMPv6 message type; used when ip_protocol is icmpv6. Allowed values are "unspecified", "dst-unreach", "time-exceeded", "echo-req", "echo-rep", "nbr-solicit", "nbr-advert" and "redirect". Default is "unspecified".
-* `filter.filter_entry.match_dscp` - (Optional) The matching differentiated services code point (DSCP) of the path attached to the layer 3 outside profile. Allowed values are "CS0", "CS1", "AF11",	"AF12",	"AF13",	"CS2",	"AF21",	"AF22",	"AF23",	"CS3",	"AF31",	"AF32",	"AF33",	"CS4",	"AF41",	"AF42",	"AF43",	"CS5",	"VA",	"EF",	"CS6",	"CS7"	and "unspecified". Default is "unspecified".
-* `filter.filter_entry.entry_name_alias` - (Optional) name_alias for object filter_entry.
-* `filter.filter_entry.prot` - (Optional) level 3 ip protocol. Allowed values are "unspecified", "icmp", "igmp", "tcp", "egp", "igp", "udp", "icmpv6", "eigrp", "ospfigp", "pim" and "l2tp". Default is "unspecified".
-* `filter.filter_entry.s_from_port` - (Optional) Source From Port. Accepted values are any valid TCP/UDP port range. Default is "unspecified".
-Allowed values: "unspecified", "ftpData", "smtp", "dns", "http","pop3", "https", "rtsp"
-* `filter.filter_entry.s_to_port` - (Optional) Source To Port. Accepted values are any valid TCP/UDP port range. Default is "unspecified".
-Allowed values: "unspecified", "ftpData", "smtp", "dns", "http","pop3", "https", "rtsp"
-* `filter.filter_entry.stateful` - (Optional) Determines if entry is stateful or not. Allowed values are "yes" and "no". Default is "no".
-* `filter.filter_entry.tcp_rules` - (Optional) TCP Session Rules. Allowed values are "unspecified", "est", "syn", "ack", "fin" and "rst". Default is "unspecified".
-
 ## Attribute Reference
 
 The only attribute that this resource exports is the `id`, which is set to the
 Dn of the Contract.
-* `filter.id` - exports this attribute for filter object. Set to the Dn for the filter managed by the contract.
-* `filter.filter_entry.id` - exports this attribute for filter entry object of filter object. Set to the Dn for the filter entry managed by the contract.
 
 ## Importing ##
 

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ resource "aci_contract" "contract_epg1_epg2" {`
`73`	`73`	`resource "aci_contract_subject" "Web_subject1" {`
`74`	`74`	`contract_dn = aci_contract.contract_epg1_epg2.id`
`75`	`75`	`name = "Subject"`
`76`		`- relation_vz_rs_subj_filt_att = [aci_filter.allow_https.name, aci_filter.allow_icmp.name]`
	`76`	`+ relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id, aci_filter.allow_icmp.id]`
`77`	`77`	`}`
`78`	`78`
`79`	`79`	`resource "aci_filter" "allow_https" {`
Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ resource "aci_contract" "contract_epg1_epg2" {`
`68`	`68`	`resource "aci_contract_subject" "Web_subject1" {`
`69`	`69`	`contract_dn = aci_contract.contract_epg1_epg2.id`
`70`	`70`	`name = "Subject"`
`71`		`- relation_vz_rs_subj_filt_att = [aci_filter.allow_https.name,aci_filter.allow_icmp.name]`
	`71`	`+ relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id,aci_filter.allow_icmp.id]`
`72`	`72`	`}`
`73`	`73`
`74`	`74`	`resource "aci_filter" "allow_https" {`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ resource "aci_contract" "contract_epg1_epg2" {`
`53`	`53`	`resource "aci_contract_subject" "Web_subject1" {`
`54`	`54`	`contract_dn = aci_contract.contract_epg1_epg2.id`
`55`	`55`	`name = "Subject"`
`56`		`- relation_vz_rs_subj_filt_att = [aci_filter.allow_https.name, aci_filter.allow_icmp.name]`
	`56`	`+ relation_vz_rs_subj_filt_att = [aci_filter.allow_https.id, aci_filter.allow_icmp.id]`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`resource "aci_filter" "allow_https" {`