From 1606bce9e798bb147e81bec1b72fe2a6dee58f4f Mon Sep 17 00:00:00 2001 From: jmiguelhp Date: Wed, 16 Jul 2025 21:00:47 -0600 Subject: [PATCH 1/7] 'fp.moniroring' fixed and expanded (Issue623) --- .pre-commit-config.yaml | 4 + README.md | 1 + aci_fabric_policies.tf | 68 +++++++-- defaults/defaults.yaml | 24 ++++ defaults/modules.yaml | 1 + .../.terraform-docs.yml | 34 +++++ .../README.md | 83 +++++++++++ .../examples/complete/.terraform-docs.yml | 24 ++++ .../examples/complete/README.md | 44 ++++++ .../examples/complete/main.tf | 28 ++++ .../examples/complete/versions.tf | 11 ++ .../main.tf | 81 +++++++++++ .../outputs.tf | 9 ++ .../variables.tf | 135 ++++++++++++++++++ .../versions.tf | 11 ++ .../terraform-aci-monitoring-policy/README.md | 22 +-- .../examples/complete/README.md | 18 ++- .../examples/complete/main.tf | 18 ++- .../terraform-aci-monitoring-policy/main.tf | 14 +- .../variables.tf | 39 +++-- 20 files changed, 620 insertions(+), 49 deletions(-) create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/.terraform-docs.yml create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/README.md create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/examples/complete/.terraform-docs.yml create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/main.tf create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/outputs.tf create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/variables.tf create mode 100644 modules/terraform-aci-monitoring-policy-user-defined/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 07bde14a..c9ca9b20 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -562,6 +562,10 @@ repos: args: ["./modules/terraform-aci-monitoring-policy"] - id: terraform-docs-system args: ["./modules/terraform-aci-monitoring-policy/examples/complete"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-monitoring-policy-user-defined"] + - id: terraform-docs-system + args: ["./modules/terraform-aci-monitoring-policy-user-defined/examples/complete"] - id: terraform-docs-system args: ["./modules/terraform-aci-mpls-custom-qos-policy"] - id: terraform-docs-system diff --git a/README.md b/README.md index e4d7913c..c08104e1 100644 --- a/README.md +++ b/README.md @@ -265,6 +265,7 @@ Additional example repositories: | [aci\_mcp](#module\_aci\_mcp) | ./modules/terraform-aci-mcp | n/a | | [aci\_mcp\_policy](#module\_aci\_mcp\_policy) | ./modules/terraform-aci-mcp-policy | n/a | | [aci\_monitoring\_policy](#module\_aci\_monitoring\_policy) | ./modules/terraform-aci-monitoring-policy | n/a | +| [aci\_monitoring\_policy\_user\_defined](#module\_aci\_monitoring\_policy\_user\_defined) | ./modules/terraform-aci-monitoring-policy-user-defined | n/a | | [aci\_mpls\_custom\_qos\_policy](#module\_aci\_mpls\_custom\_qos\_policy) | ./modules/terraform-aci-mpls-custom-qos-policy | n/a | | [aci\_mst\_policy](#module\_aci\_mst\_policy) | ./modules/terraform-aci-mst-policy | n/a | | [aci\_multicast\_route\_map](#module\_aci\_multicast\_route\_map) | ./modules/terraform-aci-multicast-route-map | n/a | diff --git a/aci_fabric_policies.tf b/aci_fabric_policies.tf index 37533112..d344ac08 100644 --- a/aci_fabric_policies.tf +++ b/aci_fabric_policies.tf @@ -854,15 +854,19 @@ module "aci_syslog_policy" { module "aci_monitoring_policy" { source = "./modules/terraform-aci-monitoring-policy" - count = local.modules.aci_monitoring_policy == true && var.manage_fabric_policies ? 1 : 0 - snmp_trap_policies = [for policy in try(local.fabric_policies.monitoring.snmp_traps, []) : "${policy.name}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.name_suffix}"] + count = local.modules.aci_monitoring_policy == true && var.manage_fabric_policies ? 1 : 0 + snmp_trap_policies = [for policy in try(local.fabric_policies.monitoring.snmp_traps, []) : { + name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.name_suffix}" + destination_group = try(policy.destination_group, "") + }] syslog_policies = [for policy in try(local.fabric_policies.monitoring.syslogs, []) : { - name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.syslogs.name_suffix}" - audit = try(policy.audit, local.defaults.apic.fabric_policies.monitoring.syslogs.audit) - events = try(policy.events, local.defaults.apic.fabric_policies.monitoring.syslogs.events) - faults = try(policy.faults, local.defaults.apic.fabric_policies.monitoring.syslogs.faults) - session = try(policy.session, local.defaults.apic.fabric_policies.monitoring.syslogs.session) - minimum_severity = try(policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.syslogs.minimum_severity) + name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.syslogs.name_suffix}" + audit = try(policy.audit, local.defaults.apic.fabric_policies.monitoring.syslogs.audit) + events = try(policy.events, local.defaults.apic.fabric_policies.monitoring.syslogs.events) + faults = try(policy.faults, local.defaults.apic.fabric_policies.monitoring.syslogs.faults) + session = try(policy.session, local.defaults.apic.fabric_policies.monitoring.syslogs.session) + minimum_severity = try(policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.syslogs.minimum_severity) + destination_group = try(policy.destination_group, "") }] depends_on = [ @@ -871,6 +875,54 @@ module "aci_monitoring_policy" { ] } +locals { + monitoring_policies = flatten([ + for policy in try(local.fabric_policies.monitoring.policies, []) : { + name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.policies.name_suffix}" + description = try(policy.description, "") + snmp_trap_policies = [for snmp_policy in try(policy.snmp_traps, []) : { + name = "${snmp_policy.name}${local.defaults.apic.fabric_policies.monitoring.policies.snmp_traps.name_suffix}" + destination_group = try(snmp_policy.destination_group, "") + }] + syslog_policies = [for syslog_policy in try(policy.syslogs, []) : { + name = "${syslog_policy.name}${local.defaults.apic.fabric_policies.monitoring.policies.syslogs.name_suffix}" + audit = try(syslog_policy.audit, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.audit) + events = try(syslog_policy.events, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.events) + faults = try(syslog_policy.faults, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.faults) + session = try(syslog_policy.session, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.session) + minimum_severity = try(syslog_policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.minimum_severity) + destination_group = try(syslog_policy.destination_group, "") + }] + fault_severity_policies = [for policy in try(policy.fault_severity_policies, []) : { + class = policy.class + faults = [for fault in try(policy.faults, []) : { + fault_id = fault.fault_id + initial_severity = try(fault.initial_severity, local.defaults.apic.fabric_policies.monitoring.policies.fault_severity_policies.faults.initial_severity) + target_severity = try(fault.target_severity, local.defaults.apic.fabric_policies.monitoring.policies.fault_severity_policies.faults.target_severity) + description = try(fault.description, "") + }] + }] + } + ]) +} + +module "aci_monitoring_policy_user_defined" { + source = "./modules/terraform-aci-monitoring-policy-user-defined" + + for_each = { for pol in local.monitoring_policies : pol.name => pol if local.modules.aci_monitoring_policy_user_defined && var.manage_fabric_policies } + + name = each.value.name + description = each.value.description + snmp_trap_policies = each.value.snmp_trap_policies + syslog_policies = each.value.syslog_policies + fault_severity_policies = each.value.fault_severity_policies + + depends_on = [ + module.aci_snmp_trap_policy, + module.aci_syslog_policy, + ] +} + module "aci_management_access_policy" { source = "./modules/terraform-aci-management-access-policy" diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index 7e30b5d8..47278045 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -370,6 +370,30 @@ defaults: severity: warnings admin_state: true mgmt_epg: inb + policies: + name_suffix: "" + fault_severity_policies: + name_suffix: "" + faults: + initial_severity: "inherit" + target_severity: "inherit" + snmp_traps: + name_suffix: "" + syslogs: + name_suffix: "" + audit: true + events: true + faults: true + session: false + minimum_severity: warnings + format: aci + show_millisecond: false + show_timezone: false + admin_state: true + local_admin_state: true + local_severity: information + console_admin_state: true + console_severity: alerts span: destination_groups: name_suffix: "" diff --git a/defaults/modules.yaml b/defaults/modules.yaml index bcd8b638..586d70ca 100644 --- a/defaults/modules.yaml +++ b/defaults/modules.yaml @@ -109,6 +109,7 @@ modules: aci_mcp: true aci_mcp_policy: true aci_monitoring_policy: true + aci_monitoring_policy_user_defined: true aci_mpls_custom_qos_policy: true aci_mst_policy: true aci_multicast_route_map: true diff --git a/modules/terraform-aci-monitoring-policy-user-defined/.terraform-docs.yml b/modules/terraform-aci-monitoring-policy-user-defined/.terraform-docs.yml new file mode 100644 index 00000000..a1fa0d82 --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/.terraform-docs.yml @@ -0,0 +1,34 @@ +version: '>= 0.14.0' + +formatter: markdown table + +content: |- + # Terraform ACI User-Defined Monitoring Policy Module + + Manages ACI User-Defined Monitoring Policy + + Location in GUI: + `Fabric` » `Fabric Policies` » `Policies` » `Monitoring` + + ## Examples + + ```hcl + {{ include "./examples/complete/main.tf" }} + ``` + + {{ .Requirements }} + + {{ .Providers }} + + {{ .Inputs }} + + {{ .Outputs }} + + {{ .Resources }} + +output: + file: README.md + mode: replace + +sort: + enabled: false diff --git a/modules/terraform-aci-monitoring-policy-user-defined/README.md b/modules/terraform-aci-monitoring-policy-user-defined/README.md new file mode 100644 index 00000000..61176ff2 --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/README.md @@ -0,0 +1,83 @@ + +# Terraform ACI User-Defined Monitoring Policy Module + +Manages ACI User-Defined Monitoring Policy + +Location in GUI: +`Fabric` » `Fabric Policies` » `Policies` » `Monitoring` + +## Examples + +```hcl +module "aci_monitoring_policy_user_defined" { + source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy-user-defined" + version = "> 1.0.1" + + name = "MON1" + snmp_trap_policies = [{ + name = "SYSLOG1" + destination_group = "SNMP_DEST_GROUP1" + }] + syslog_policies = [{ + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" + destination_group = "SYSLOG_DEST_GROUP1" + }] + fault_severity_policies = [{ + class = "snmpClient" + faults = [{ + fault_id = "F1368" + description = "Fault 1368 nice description" + initial_severity = "critical" + target_severity = "inherit" + }] + }] +} +``` + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.0 | +| [aci](#requirement\_aci) | >= 2.0.0 | + +## Providers + +| Name | Version | +|------|---------| +| [aci](#provider\_aci) | >= 2.0.0 | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [name](#input\_name) | Track List name. | `string` | n/a | yes | +| [description](#input\_description) | Description. | `string` | `""` | no | +| [snmp\_trap\_policies](#input\_snmp\_trap\_policies) | List of SNMP trap policies. | 
list(object({
    name              = string
    destination_group = optional(string, "")
  }))
| `[]` | no | +| [syslog\_policies](#input\_syslog\_policies) | List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`. | 
list(object({
    name              = string
    audit             = optional(bool, true)
    events            = optional(bool, true)
    faults            = optional(bool, true)
    session           = optional(bool, false)
    minimum_severity  = optional(string, "warnings")
    destination_group = optional(string, "")
  }))
| `[]` | no | +| [fault\_severity\_policies](#input\_fault\_severity\_policies) | List of Fault Severity Assignment Policies. | 
list(object({
    class = string
    faults = list(object({
      fault_id         = string
      initial_severity = optional(string, "inherit")
      target_severity  = optional(string, "inherit")
      description      = optional(string, "")
    }))
  }))
| `[]` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [dn](#output\_dn) | Distinguished name of Fabric `monFabricPol` object. | +| [name](#output\_name) | User-Defined Fabric Monitoring Policy name. | + +## Resources + +| Name | Type | +|------|------| +| [aci_rest_managed.faultSevAsnP](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.monFabricPol](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.monFabricTarget](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.snmpRsDestGroup](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.snmpSrc](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.syslogRsDestGroup](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | +| [aci_rest_managed.syslogSrc](https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs/resources/rest_managed) | resource | + \ No newline at end of file diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/.terraform-docs.yml b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/.terraform-docs.yml new file mode 100644 index 00000000..2993d1ab --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/.terraform-docs.yml @@ -0,0 +1,24 @@ +version: '>= 0.14.0' + +formatter: markdown table + +content: |- + # Monitoring Policy Example + + To run this example you need to execute: + + ```bash + $ terraform init + $ terraform plan + $ terraform apply + ``` + + Note that this example will create resources. Resources can be destroyed with `terraform destroy`. + + ```hcl + {{ include "./main.tf" }} + ``` + +output: + file: README.md + mode: replace diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md new file mode 100644 index 00000000..c6b5c307 --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md @@ -0,0 +1,44 @@ + +# Monitoring Policy Example + +To run this example you need to execute: + +```bash +$ terraform init +$ terraform plan +$ terraform apply +``` + +Note that this example will create resources. Resources can be destroyed with `terraform destroy`. + +```hcl +module "aci_monitoring_policy_user_defined" { + source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy-user-defined" + version = "> 1.0.1" + + name = "MON1" + snmp_trap_policies = [{ + name = "SYSLOG1" + destination_group = "SNMP_DEST_GROUP1" + }] + syslog_policies = [{ + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" + destination_group = "SYSLOG_DEST_GROUP1" + }] + fault_severity_policies = [{ + class = "snmpClient" + faults = [{ + fault_id = "F1368" + description = "Fault 1368 nice description" + initial_severity = "critical" + target_severity = "inherit" + }] + }] +} +``` + \ No newline at end of file diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf new file mode 100644 index 00000000..c7765bdc --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf @@ -0,0 +1,28 @@ +module "aci_monitoring_policy_user_defined" { + source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy-user-defined" + version = "> 1.0.1" + + name = "MON1" + snmp_trap_policies = [{ + name = "SYSLOG1" + destination_group = "SNMP_DEST_GROUP1" + }] + syslog_policies = [{ + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" + destination_group = "SYSLOG_DEST_GROUP1" + }] + fault_severity_policies = [{ + class = "snmpClient" + faults = [{ + fault_id = "F1368" + description = "Fault 1368 nice description" + initial_severity = "critical" + target_severity = "inherit" + }] + }] +} diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf new file mode 100644 index 00000000..9299fb61 --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf @@ -0,0 +1,11 @@ + +terraform { + required_version = ">= 1.3.0" + + required_providers { + aci = { + source = "CiscoDevNet/aci" + version = ">= 2.0.0" + } + } +} diff --git a/modules/terraform-aci-monitoring-policy-user-defined/main.tf b/modules/terraform-aci-monitoring-policy-user-defined/main.tf new file mode 100644 index 00000000..7f5e10d8 --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/main.tf @@ -0,0 +1,81 @@ +locals { + faults = flatten([ + for policy in var.fault_severity_policies : [ + for fault in policy.faults : { + class = policy.class + fault_id = fault.fault_id + initial_severity = fault.initial_severity + target_severity = fault.target_severity + description = fault.description + } + ] + ]) +} + +resource "aci_rest_managed" "monFabricPol" { + dn = "uni/fabric/monfab-${var.name}" + class_name = "monFabricPol" + content = { + name = var.name + descr = var.description + } +} + +resource "aci_rest_managed" "snmpSrc" { + for_each = { for s in var.snmp_trap_policies : s.name => s } + dn = "${aci_rest_managed.monFabricPol.dn}/snmpsrc-${each.value.name}" + class_name = "snmpSrc" + content = { + name = each.value.name + } +} + +resource "aci_rest_managed" "snmpRsDestGroup" { + for_each = { for s in var.snmp_trap_policies : s.name => s } + dn = "${aci_rest_managed.snmpSrc[each.value.name].dn}/rsdestGroup" + class_name = "snmpRsDestGroup" + content = { + tDn = try("uni/fabric/snmpgroup-${each.value.destination_group}", null) + } +} + +resource "aci_rest_managed" "syslogSrc" { + for_each = { for s in var.syslog_policies : s.name => s } + dn = "${aci_rest_managed.monFabricPol.dn}/slsrc-${each.value.name}" + class_name = "syslogSrc" + content = { + name = each.value.name + incl = join(",", concat(each.value.audit == true && each.value.events == true && each.value.faults == true && each.value.session == true ? ["all"] : [], each.value.audit == true ? ["audit"] : [], each.value.events == true ? ["events"] : [], each.value.faults == true ? ["faults"] : [], each.value.session == true ? ["session"] : [])) + minSev = each.value.minimum_severity + } +} + +resource "aci_rest_managed" "syslogRsDestGroup" { + for_each = { for s in var.syslog_policies : s.name => s } + dn = "${aci_rest_managed.syslogSrc[each.value.name].dn}/rsdestGroup" + class_name = "syslogRsDestGroup" + content = { + tDn = try("uni/fabric/slgroup-${each.value.destination_group}", null) + } +} + +resource "aci_rest_managed" "monFabricTarget" { + for_each = { for s in var.fault_severity_policies : s.class => s } + dn = "${aci_rest_managed.monFabricPol.dn}/tarfab-${each.value.class}" + class_name = "monFabricTarget" + content = { + scope = each.value.class + } +} + +resource "aci_rest_managed" "faultSevAsnP" { + for_each = { for f in local.faults : f.fault_id => f } + dn = "${aci_rest_managed.monFabricTarget[each.value.class].dn}/fsevp-${each.value.fault_id}" + class_name = "faultSevAsnP" + content = { + code = each.value.fault_id + initial = each.value.initial_severity + target = each.value.target_severity + descr = each.value.description + } +} diff --git a/modules/terraform-aci-monitoring-policy-user-defined/outputs.tf b/modules/terraform-aci-monitoring-policy-user-defined/outputs.tf new file mode 100644 index 00000000..b514784c --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/outputs.tf @@ -0,0 +1,9 @@ +output "dn" { + value = aci_rest_managed.monFabricPol.id + description = "Distinguished name of Fabric `monFabricPol` object." +} + +output "name" { + value = aci_rest_managed.monFabricPol.content.name + description = "User-Defined Fabric Monitoring Policy name." +} \ No newline at end of file diff --git a/modules/terraform-aci-monitoring-policy-user-defined/variables.tf b/modules/terraform-aci-monitoring-policy-user-defined/variables.tf new file mode 100644 index 00000000..70726aaf --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/variables.tf @@ -0,0 +1,135 @@ +variable "name" { + description = "Track List name." + type = string + + validation { + condition = can(regex("^[a-zA-Z0-9_.:-]{0,64}$", var.name)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "description" { + description = "Description." + type = string + default = "" + + validation { + condition = can(regex("^[a-zA-Z0-9\\\\!#$%()*,-./:;@ _{|}~?&+]{0,128}$", var.description)) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `\\`, `!`, `#`, `$`, `%`, `(`, `)`, `*`, `,`, `-`, `.`, `/`, `:`, `;`, `@`, ` `, `_`, `{`, `|`, }`, `~`, `?`, `&`, `+`. Maximum characters: 128." + } +} + +variable "snmp_trap_policies" { + description = "List of SNMP trap policies." + type = list(object({ + name = string + destination_group = optional(string, "") + })) + default = [] + + validation { + condition = alltrue([ + for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp.name)) + ]) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } + + validation { + condition = alltrue([ + for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp.destination_group)) + ]) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "syslog_policies" { + description = "List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`." + type = list(object({ + name = string + audit = optional(bool, true) + events = optional(bool, true) + faults = optional(bool, true) + session = optional(bool, false) + minimum_severity = optional(string, "warnings") + destination_group = optional(string, "") + })) + default = [] + + validation { + condition = alltrue([ + for syslog in var.syslog_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", syslog.name)) + ]) + error_message = "Allowed characters `name`: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } + + validation { + condition = alltrue([ + for syslog in var.syslog_policies : contains(["emergencies", "alerts", "critical", "errors", "warnings", "notifications", "information", "debugging"], syslog.minimum_severity) + ]) + error_message = "`minimum_severity`: Allowed values are `emergencies`, `alerts`, `critical`, `errors`, `warnings`, `notifications`, `information` or `debugging`." + } + + validation { + condition = alltrue([ + for syslog in var.syslog_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", syslog.destination_group)) + ]) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} + +variable "fault_severity_policies" { + description = "List of Fault Severity Assignment Policies." + type = list(object({ + class = string + faults = list(object({ + fault_id = string + initial_severity = optional(string, "inherit") + target_severity = optional(string, "inherit") + description = optional(string, "") + })) + })) + default = [] + + validation { + condition = alltrue([ + for policy in var.fault_severity_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", policy.class)) + ]) + error_message = "`class`. Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } + validation { + condition = alltrue(flatten([ + for policy in var.fault_severity_policies : [ + for fault in policy.faults : fault.description == null || try(can(regex("^[a-zA-Z0-9\\\\!#$%()*,-./:;@ _{|}~?&+]{0,128}$", fault.description)), false) + ] + ])) + error_message = "`faults.description`: Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `\\`, `!`, `#`, `$`, `%`, `(`, `)`, `*`, `,`, `-`, `.`, `/`, `:`, `;`, `@`, ` `, `_`, `{`, `|`, `}`, `~`, `?`, `&`, `+`. Maximum characters: 128." + } + + validation { + condition = alltrue(flatten([ + for policy in var.fault_severity_policies : [ + for fault in policy.faults : contains(["warning", "minor", "major", "critical", "squelched", "inherit"], fault.initial_severity) + ] + ])) + error_message = "`initial_severity`: Allowed values are `warning`, `minor`, `major`, `critical`, `squelched` or `inherit`." + } + + validation { + condition = alltrue(flatten([ + for policy in var.fault_severity_policies : [ + for fault in policy.faults : contains(["warning", "minor", "major", "critical", "inherit"], fault.target_severity) + ] + ])) + error_message = "`target_severity`: Allowed values are `warning`, `minor`, `major`, `critical` or `inherit`." + } + + validation { + condition = alltrue(flatten([ + for policy in var.fault_severity_policies : [ + for fault in policy.faults : index(["warning", "minor", "major", "critical", "", "inherit"], fault.target_severity) >= index(["warning", "minor", "major", "critical", "squelched", "inherit"], fault.initial_severity) + ] + ])) + error_message = "`target_severity` level must be equal or higher than `initial_severity` level." + } + +} \ No newline at end of file diff --git a/modules/terraform-aci-monitoring-policy-user-defined/versions.tf b/modules/terraform-aci-monitoring-policy-user-defined/versions.tf new file mode 100644 index 00000000..9299fb61 --- /dev/null +++ b/modules/terraform-aci-monitoring-policy-user-defined/versions.tf @@ -0,0 +1,11 @@ + +terraform { + required_version = ">= 1.3.0" + + required_providers { + aci = { + source = "CiscoDevNet/aci" + version = ">= 2.0.0" + } + } +} diff --git a/modules/terraform-aci-monitoring-policy/README.md b/modules/terraform-aci-monitoring-policy/README.md index f7b3c0df..da71256c 100644 --- a/modules/terraform-aci-monitoring-policy/README.md +++ b/modules/terraform-aci-monitoring-policy/README.md @@ -13,14 +13,18 @@ module "aci_monitoring_policy" { source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy" version = ">= 0.8.0" - snmp_trap_policies = ["SNMP1"] + snmp_trap_policies = [{ + name = "SYSLOG1" + destination_group = "SNMP_DEST_GROUP1" + }] syslog_policies = [{ - name = "SYSLOG1" - audit = false - events = false - faults = false - session = true - minimum_severity = "alerts" + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" + destination_group = "SYSLOG_DEST_GROUP1" }] } ``` @@ -42,8 +46,8 @@ module "aci_monitoring_policy" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [snmp\_trap\_policies](#input\_snmp\_trap\_policies) | List of SNMP trap policy names. | `list(string)` | `[]` | no | -| [syslog\_policies](#input\_syslog\_policies) | List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`. | 
list(object({
    name             = string
    audit            = optional(bool, true)
    events           = optional(bool, true)
    faults           = optional(bool, true)
    session          = optional(bool, false)
    minimum_severity = optional(string, "warnings")
  }))
| `[]` | no | +| [snmp\_trap\_policies](#input\_snmp\_trap\_policies) | List of SNMP trap policies. | 
list(object({
    name              = string
    destination_group = optional(string, "")
  }))
| `[]` | no | +| [syslog\_policies](#input\_syslog\_policies) | List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`. | 
list(object({
    name              = string
    audit             = optional(bool, true)
    events            = optional(bool, true)
    faults            = optional(bool, true)
    session           = optional(bool, false)
    minimum_severity  = optional(string, "warnings")
    destination_group = optional(string, "")
  }))
| `[]` | no | ## Outputs diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/README.md b/modules/terraform-aci-monitoring-policy/examples/complete/README.md index 85eef45b..99eb4198 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/README.md +++ b/modules/terraform-aci-monitoring-policy/examples/complete/README.md @@ -16,14 +16,18 @@ module "aci_monitoring_policy" { source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy" version = ">= 0.8.0" - snmp_trap_policies = ["SNMP1"] + snmp_trap_policies = [{ + name = "SYSLOG1" + destination_group = "SNMP_DEST_GROUP1" + }] syslog_policies = [{ - name = "SYSLOG1" - audit = false - events = false - faults = false - session = true - minimum_severity = "alerts" + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" + destination_group = "SYSLOG_DEST_GROUP1" }] } ``` diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf index bd2d3388..e1b73fd7 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf +++ b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf @@ -2,13 +2,17 @@ module "aci_monitoring_policy" { source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy" version = ">= 0.8.0" - snmp_trap_policies = ["SNMP1"] + snmp_trap_policies = [{ + name = "SYSLOG1" + destination_group = "SNMP_DEST_GROUP1" + }] syslog_policies = [{ - name = "SYSLOG1" - audit = false - events = false - faults = false - session = true - minimum_severity = "alerts" + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" + destination_group = "SYSLOG_DEST_GROUP1" }] } diff --git a/modules/terraform-aci-monitoring-policy/main.tf b/modules/terraform-aci-monitoring-policy/main.tf index 76e75841..f8fe16ed 100644 --- a/modules/terraform-aci-monitoring-policy/main.tf +++ b/modules/terraform-aci-monitoring-policy/main.tf @@ -1,18 +1,18 @@ resource "aci_rest_managed" "snmpSrc" { - for_each = toset(var.snmp_trap_policies) - dn = "uni/fabric/moncommon/snmpsrc-${each.value}" + for_each = { for s in var.snmp_trap_policies : s.name => s } + dn = "uni/fabric/moncommon/snmpsrc-${each.value.name}" class_name = "snmpSrc" content = { - name = each.value + name = each.value.name } } resource "aci_rest_managed" "snmpRsDestGroup" { - for_each = toset(var.snmp_trap_policies) - dn = "${aci_rest_managed.snmpSrc[each.value].dn}/rsdestGroup" + for_each = { for s in var.snmp_trap_policies : s.name => s } + dn = "${aci_rest_managed.snmpSrc[each.value.name].dn}/rsdestGroup" class_name = "snmpRsDestGroup" content = { - tDn = "uni/fabric/snmpgroup-${each.value}" + tDn = try("uni/fabric/snmpgroup-${each.value.destination_group}", null) } } @@ -32,6 +32,6 @@ resource "aci_rest_managed" "syslogRsDestGroup" { dn = "${aci_rest_managed.syslogSrc[each.value.name].dn}/rsdestGroup" class_name = "syslogRsDestGroup" content = { - tDn = "uni/fabric/slgroup-${each.value.name}" + tDn = try("uni/fabric/slgroup-${each.value.destination_group}", null) } } diff --git a/modules/terraform-aci-monitoring-policy/variables.tf b/modules/terraform-aci-monitoring-policy/variables.tf index f05a6a2f..b2b05727 100644 --- a/modules/terraform-aci-monitoring-policy/variables.tf +++ b/modules/terraform-aci-monitoring-policy/variables.tf @@ -1,11 +1,21 @@ variable "snmp_trap_policies" { - description = "List of SNMP trap policy names." - type = list(string) - default = [] + description = "List of SNMP trap policies." + type = list(object({ + name = string + destination_group = optional(string, "") + })) + default = [] + + validation { + condition = alltrue([ + for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp.name)) + ]) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } validation { condition = alltrue([ - for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp)) + for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp.destination_group)) ]) error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." } @@ -14,12 +24,13 @@ variable "snmp_trap_policies" { variable "syslog_policies" { description = "List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`." type = list(object({ - name = string - audit = optional(bool, true) - events = optional(bool, true) - faults = optional(bool, true) - session = optional(bool, false) - minimum_severity = optional(string, "warnings") + name = string + audit = optional(bool, true) + events = optional(bool, true) + faults = optional(bool, true) + session = optional(bool, false) + minimum_severity = optional(string, "warnings") + destination_group = optional(string, "") })) default = [] @@ -36,5 +47,11 @@ variable "syslog_policies" { ]) error_message = "`minimum_severity`: Allowed values are `emergencies`, `alerts`, `critical`, `errors`, `warnings`, `notifications`, `information` or `debugging`." } -} + validation { + condition = alltrue([ + for syslog in var.syslog_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", syslog.destination_group)) + ]) + error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." + } +} From 3d5993790dd14d93196abfc04c89bcf492a894c2 Mon Sep 17 00:00:00 2001 From: jmiguelhp Date: Wed, 16 Jul 2025 22:04:01 -0600 Subject: [PATCH 2/7] Fix typos --- .../examples/complete/main.tf | 2 +- .../terraform-aci-monitoring-policy/examples/complete/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf index c7765bdc..88e542e6 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf @@ -4,7 +4,7 @@ module "aci_monitoring_policy_user_defined" { name = "MON1" snmp_trap_policies = [{ - name = "SYSLOG1" + name = "SNMP1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf index e1b73fd7..c97d14a6 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf +++ b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf @@ -3,7 +3,7 @@ module "aci_monitoring_policy" { version = ">= 0.8.0" snmp_trap_policies = [{ - name = "SYSLOG1" + name = "SNMP1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ From 7fca57a036281fbc93f80d314ac43ba99eea8822 Mon Sep 17 00:00:00 2001 From: jmiguelhp Date: Wed, 16 Jul 2025 22:10:08 -0600 Subject: [PATCH 3/7] Fix typos --- modules/terraform-aci-monitoring-policy-user-defined/README.md | 2 +- .../examples/complete/README.md | 2 +- .../examples/complete/main.tf | 2 +- modules/terraform-aci-monitoring-policy/README.md | 2 +- .../terraform-aci-monitoring-policy/examples/complete/README.md | 2 +- .../terraform-aci-monitoring-policy/examples/complete/main.tf | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/terraform-aci-monitoring-policy-user-defined/README.md b/modules/terraform-aci-monitoring-policy-user-defined/README.md index 61176ff2..a3c8faac 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/README.md +++ b/modules/terraform-aci-monitoring-policy-user-defined/README.md @@ -15,7 +15,7 @@ module "aci_monitoring_policy_user_defined" { name = "MON1" snmp_trap_policies = [{ - name = "SYSLOG1" + name = "SNMP_1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md index c6b5c307..6cb7b151 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/README.md @@ -18,7 +18,7 @@ module "aci_monitoring_policy_user_defined" { name = "MON1" snmp_trap_policies = [{ - name = "SYSLOG1" + name = "SNMP_1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf index 88e542e6..ad538449 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/main.tf @@ -4,7 +4,7 @@ module "aci_monitoring_policy_user_defined" { name = "MON1" snmp_trap_policies = [{ - name = "SNMP1" + name = "SNMP_1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ diff --git a/modules/terraform-aci-monitoring-policy/README.md b/modules/terraform-aci-monitoring-policy/README.md index da71256c..ef646ca8 100644 --- a/modules/terraform-aci-monitoring-policy/README.md +++ b/modules/terraform-aci-monitoring-policy/README.md @@ -14,7 +14,7 @@ module "aci_monitoring_policy" { version = ">= 0.8.0" snmp_trap_policies = [{ - name = "SYSLOG1" + name = "SNMP_1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/README.md b/modules/terraform-aci-monitoring-policy/examples/complete/README.md index 99eb4198..0ea55b34 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/README.md +++ b/modules/terraform-aci-monitoring-policy/examples/complete/README.md @@ -17,7 +17,7 @@ module "aci_monitoring_policy" { version = ">= 0.8.0" snmp_trap_policies = [{ - name = "SYSLOG1" + name = "SNMP_1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf index c97d14a6..75b006b9 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf +++ b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf @@ -3,7 +3,7 @@ module "aci_monitoring_policy" { version = ">= 0.8.0" snmp_trap_policies = [{ - name = "SNMP1" + name = "SNMP_1" destination_group = "SNMP_DEST_GROUP1" }] syslog_policies = [{ From d605f460f119f55312e602f47a36259f98f68a60 Mon Sep 17 00:00:00 2001 From: jmiguelhp Date: Thu, 24 Jul 2025 12:44:05 -0600 Subject: [PATCH 4/7] Updates as per Oskar comments. --- .../examples/complete/versions.tf | 2 +- .../terraform-aci-monitoring-policy-user-defined/main.tf | 8 ++++---- .../variables.tf | 2 +- .../versions.tf | 2 +- modules/terraform-aci-monitoring-policy/main.tf | 8 ++++---- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf index 9299fb61..f4938bdc 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf +++ b/modules/terraform-aci-monitoring-policy-user-defined/examples/complete/versions.tf @@ -5,7 +5,7 @@ terraform { required_providers { aci = { source = "CiscoDevNet/aci" - version = ">= 2.0.0" + version = ">= 2.15.0" } } } diff --git a/modules/terraform-aci-monitoring-policy-user-defined/main.tf b/modules/terraform-aci-monitoring-policy-user-defined/main.tf index 7f5e10d8..21e13b0c 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/main.tf +++ b/modules/terraform-aci-monitoring-policy-user-defined/main.tf @@ -31,11 +31,11 @@ resource "aci_rest_managed" "snmpSrc" { } resource "aci_rest_managed" "snmpRsDestGroup" { - for_each = { for s in var.snmp_trap_policies : s.name => s } + for_each = { for s in var.snmp_trap_policies : s.name => s if s.destination_group != null } dn = "${aci_rest_managed.snmpSrc[each.value.name].dn}/rsdestGroup" class_name = "snmpRsDestGroup" content = { - tDn = try("uni/fabric/snmpgroup-${each.value.destination_group}", null) + tDn = "uni/fabric/snmpgroup-${each.value.destination_group}" } } @@ -51,11 +51,11 @@ resource "aci_rest_managed" "syslogSrc" { } resource "aci_rest_managed" "syslogRsDestGroup" { - for_each = { for s in var.syslog_policies : s.name => s } + for_each = { for s in var.syslog_policies : s.name => s if s.destination_group != null } dn = "${aci_rest_managed.syslogSrc[each.value.name].dn}/rsdestGroup" class_name = "syslogRsDestGroup" content = { - tDn = try("uni/fabric/slgroup-${each.value.destination_group}", null) + tDn = "uni/fabric/slgroup-${each.value.destination_group}" } } diff --git a/modules/terraform-aci-monitoring-policy-user-defined/variables.tf b/modules/terraform-aci-monitoring-policy-user-defined/variables.tf index 70726aaf..3d91406b 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/variables.tf +++ b/modules/terraform-aci-monitoring-policy-user-defined/variables.tf @@ -92,7 +92,7 @@ variable "fault_severity_policies" { validation { condition = alltrue([ - for policy in var.fault_severity_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", policy.class)) + for policy in var.fault_severity_policies : can(regex("^[a-zA-Z0-9]{0,64}$", policy.class)) ]) error_message = "`class`. Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." } diff --git a/modules/terraform-aci-monitoring-policy-user-defined/versions.tf b/modules/terraform-aci-monitoring-policy-user-defined/versions.tf index 9299fb61..f4938bdc 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/versions.tf +++ b/modules/terraform-aci-monitoring-policy-user-defined/versions.tf @@ -5,7 +5,7 @@ terraform { required_providers { aci = { source = "CiscoDevNet/aci" - version = ">= 2.0.0" + version = ">= 2.15.0" } } } diff --git a/modules/terraform-aci-monitoring-policy/main.tf b/modules/terraform-aci-monitoring-policy/main.tf index f8fe16ed..35cc1414 100644 --- a/modules/terraform-aci-monitoring-policy/main.tf +++ b/modules/terraform-aci-monitoring-policy/main.tf @@ -8,11 +8,11 @@ resource "aci_rest_managed" "snmpSrc" { } resource "aci_rest_managed" "snmpRsDestGroup" { - for_each = { for s in var.snmp_trap_policies : s.name => s } + for_each = { for s in var.snmp_trap_policies : s.name => s if s.destination_group != null } dn = "${aci_rest_managed.snmpSrc[each.value.name].dn}/rsdestGroup" class_name = "snmpRsDestGroup" content = { - tDn = try("uni/fabric/snmpgroup-${each.value.destination_group}", null) + tDn = "uni/fabric/snmpgroup-${each.value.destination_group}" } } @@ -28,10 +28,10 @@ resource "aci_rest_managed" "syslogSrc" { } resource "aci_rest_managed" "syslogRsDestGroup" { - for_each = { for s in var.syslog_policies : s.name => s } + for_each = { for s in var.syslog_policies : s.name => s if s.destination_group != null } dn = "${aci_rest_managed.syslogSrc[each.value.name].dn}/rsdestGroup" class_name = "syslogRsDestGroup" content = { - tDn = try("uni/fabric/slgroup-${each.value.destination_group}", null) + tDn = "uni/fabric/slgroup-${each.value.destination_group}" } } From cbc5f51dfd2b2f4731a5af4787978790dbc1c69c Mon Sep 17 00:00:00 2001 From: jmiguelhp Date: Thu, 24 Jul 2025 12:53:32 -0600 Subject: [PATCH 5/7] pre-commit run --- .../terraform-aci-monitoring-policy-user-defined/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/terraform-aci-monitoring-policy-user-defined/README.md b/modules/terraform-aci-monitoring-policy-user-defined/README.md index a3c8faac..a03a1c3b 100644 --- a/modules/terraform-aci-monitoring-policy-user-defined/README.md +++ b/modules/terraform-aci-monitoring-policy-user-defined/README.md @@ -44,13 +44,13 @@ module "aci_monitoring_policy_user_defined" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.3.0 | -| [aci](#requirement\_aci) | >= 2.0.0 | +| [aci](#requirement\_aci) | >= 2.15.0 | ## Providers | Name | Version | |------|---------| -| [aci](#provider\_aci) | >= 2.0.0 | +| [aci](#provider\_aci) | >= 2.15.0 | ## Inputs From bda1c131dc66f9b48d7b812d6c4801adc4763ec7 Mon Sep 17 00:00:00 2001 From: jmiguelhp Date: Fri, 25 Jul 2025 13:02:15 -0600 Subject: [PATCH 6/7] SNMP/Syslog destination suffix added. --- aci_fabric_policies.tf | 8 ++++---- defaults/defaults.yaml | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/aci_fabric_policies.tf b/aci_fabric_policies.tf index d344ac08..1681f896 100644 --- a/aci_fabric_policies.tf +++ b/aci_fabric_policies.tf @@ -857,7 +857,7 @@ module "aci_monitoring_policy" { count = local.modules.aci_monitoring_policy == true && var.manage_fabric_policies ? 1 : 0 snmp_trap_policies = [for policy in try(local.fabric_policies.monitoring.snmp_traps, []) : { name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.name_suffix}" - destination_group = try(policy.destination_group, "") + destination_group = try("${policy.destination_group}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.destination_group_suffix}", "") }] syslog_policies = [for policy in try(local.fabric_policies.monitoring.syslogs, []) : { name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.syslogs.name_suffix}" @@ -866,7 +866,7 @@ module "aci_monitoring_policy" { faults = try(policy.faults, local.defaults.apic.fabric_policies.monitoring.syslogs.faults) session = try(policy.session, local.defaults.apic.fabric_policies.monitoring.syslogs.session) minimum_severity = try(policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.syslogs.minimum_severity) - destination_group = try(policy.destination_group, "") + destination_group = try("${policy.destination_group}${local.defaults.apic.fabric_policies.monitoring.syslogs.destination_group_suffix}", "") }] depends_on = [ @@ -882,7 +882,7 @@ locals { description = try(policy.description, "") snmp_trap_policies = [for snmp_policy in try(policy.snmp_traps, []) : { name = "${snmp_policy.name}${local.defaults.apic.fabric_policies.monitoring.policies.snmp_traps.name_suffix}" - destination_group = try(snmp_policy.destination_group, "") + destination_group = try("${snmp_policy.destination_group}${local.defaults.apic.fabric_policies.monitoring.policies.snmp_traps.destination_group_suffix}", "") }] syslog_policies = [for syslog_policy in try(policy.syslogs, []) : { name = "${syslog_policy.name}${local.defaults.apic.fabric_policies.monitoring.policies.syslogs.name_suffix}" @@ -891,7 +891,7 @@ locals { faults = try(syslog_policy.faults, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.faults) session = try(syslog_policy.session, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.session) minimum_severity = try(syslog_policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.policies.syslogs.minimum_severity) - destination_group = try(syslog_policy.destination_group, "") + destination_group = try("${syslog_policy.destination_group}${local.defaults.apic.fabric_policies.monitoring.policies.syslogs.destination_group_suffix}", "") }] fault_severity_policies = [for policy in try(policy.fault_severity_policies, []) : { class = policy.class diff --git a/defaults/defaults.yaml b/defaults/defaults.yaml index 47278045..26513ddf 100644 --- a/defaults/defaults.yaml +++ b/defaults/defaults.yaml @@ -344,6 +344,7 @@ defaults: monitoring: snmp_traps: name_suffix: "" + destination_group_suffix: "" destinations: port: 162 version: v2c @@ -364,6 +365,7 @@ defaults: local_severity: information console_admin_state: true console_severity: alerts + destination_group_suffix: "" destinations: port: 514 facility: local7 @@ -379,6 +381,7 @@ defaults: target_severity: "inherit" snmp_traps: name_suffix: "" + destination_group_suffix: "" syslogs: name_suffix: "" audit: true @@ -394,6 +397,7 @@ defaults: local_severity: information console_admin_state: true console_severity: alerts + destination_group_suffix: "" span: destination_groups: name_suffix: "" From f6b7d78efd5cd4a30ba22a2e4e5f945ef1fbd029 Mon Sep 17 00:00:00 2001 From: Jose Miguel Hernandez Date: Thu, 13 Nov 2025 21:00:37 -0600 Subject: [PATCH 7/7] Revert changes in current modules for backwards compatibility --- aci_fabric_policies.tf | 20 ++++------ .../terraform-aci-monitoring-policy/README.md | 22 +++++------ .../examples/complete/README.md | 18 ++++----- .../examples/complete/main.tf | 18 ++++----- .../terraform-aci-monitoring-policy/main.tf | 16 ++++---- .../variables.tf | 39 ++++++------------- 6 files changed, 50 insertions(+), 83 deletions(-) diff --git a/aci_fabric_policies.tf b/aci_fabric_policies.tf index dc09f1a5..3b4fbc99 100644 --- a/aci_fabric_policies.tf +++ b/aci_fabric_policies.tf @@ -984,19 +984,15 @@ module "aci_syslog_policy" { module "aci_monitoring_policy" { source = "./modules/terraform-aci-monitoring-policy" - count = local.modules.aci_monitoring_policy == true && var.manage_fabric_policies ? 1 : 0 - snmp_trap_policies = [for policy in try(local.fabric_policies.monitoring.snmp_traps, []) : { - name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.name_suffix}" - destination_group = try("${policy.destination_group}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.destination_group_suffix}", "") - }] + count = local.modules.aci_monitoring_policy == true && var.manage_fabric_policies ? 1 : 0 + snmp_trap_policies = [for policy in try(local.fabric_policies.monitoring.snmp_traps, []) : "${policy.name}${local.defaults.apic.fabric_policies.monitoring.snmp_traps.name_suffix}"] syslog_policies = [for policy in try(local.fabric_policies.monitoring.syslogs, []) : { - name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.syslogs.name_suffix}" - audit = try(policy.audit, local.defaults.apic.fabric_policies.monitoring.syslogs.audit) - events = try(policy.events, local.defaults.apic.fabric_policies.monitoring.syslogs.events) - faults = try(policy.faults, local.defaults.apic.fabric_policies.monitoring.syslogs.faults) - session = try(policy.session, local.defaults.apic.fabric_policies.monitoring.syslogs.session) - minimum_severity = try(policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.syslogs.minimum_severity) - destination_group = try("${policy.destination_group}${local.defaults.apic.fabric_policies.monitoring.syslogs.destination_group_suffix}", "") + name = "${policy.name}${local.defaults.apic.fabric_policies.monitoring.syslogs.name_suffix}" + audit = try(policy.audit, local.defaults.apic.fabric_policies.monitoring.syslogs.audit) + events = try(policy.events, local.defaults.apic.fabric_policies.monitoring.syslogs.events) + faults = try(policy.faults, local.defaults.apic.fabric_policies.monitoring.syslogs.faults) + session = try(policy.session, local.defaults.apic.fabric_policies.monitoring.syslogs.session) + minimum_severity = try(policy.minimum_severity, local.defaults.apic.fabric_policies.monitoring.syslogs.minimum_severity) }] depends_on = [ diff --git a/modules/terraform-aci-monitoring-policy/README.md b/modules/terraform-aci-monitoring-policy/README.md index ef646ca8..f7b3c0df 100644 --- a/modules/terraform-aci-monitoring-policy/README.md +++ b/modules/terraform-aci-monitoring-policy/README.md @@ -13,18 +13,14 @@ module "aci_monitoring_policy" { source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy" version = ">= 0.8.0" - snmp_trap_policies = [{ - name = "SNMP_1" - destination_group = "SNMP_DEST_GROUP1" - }] + snmp_trap_policies = ["SNMP1"] syslog_policies = [{ - name = "SYSLOG1" - audit = false - events = false - faults = false - session = true - minimum_severity = "alerts" - destination_group = "SYSLOG_DEST_GROUP1" + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" }] } ``` @@ -46,8 +42,8 @@ module "aci_monitoring_policy" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [snmp\_trap\_policies](#input\_snmp\_trap\_policies) | List of SNMP trap policies. | 
list(object({
    name              = string
    destination_group = optional(string, "")
  }))
| `[]` | no | -| [syslog\_policies](#input\_syslog\_policies) | List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`. | 
list(object({
    name              = string
    audit             = optional(bool, true)
    events            = optional(bool, true)
    faults            = optional(bool, true)
    session           = optional(bool, false)
    minimum_severity  = optional(string, "warnings")
    destination_group = optional(string, "")
  }))
| `[]` | no | +| [snmp\_trap\_policies](#input\_snmp\_trap\_policies) | List of SNMP trap policy names. | `list(string)` | `[]` | no | +| [syslog\_policies](#input\_syslog\_policies) | List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`. | 
list(object({
    name             = string
    audit            = optional(bool, true)
    events           = optional(bool, true)
    faults           = optional(bool, true)
    session          = optional(bool, false)
    minimum_severity = optional(string, "warnings")
  }))
| `[]` | no | ## Outputs diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/README.md b/modules/terraform-aci-monitoring-policy/examples/complete/README.md index 0ea55b34..85eef45b 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/README.md +++ b/modules/terraform-aci-monitoring-policy/examples/complete/README.md @@ -16,18 +16,14 @@ module "aci_monitoring_policy" { source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy" version = ">= 0.8.0" - snmp_trap_policies = [{ - name = "SNMP_1" - destination_group = "SNMP_DEST_GROUP1" - }] + snmp_trap_policies = ["SNMP1"] syslog_policies = [{ - name = "SYSLOG1" - audit = false - events = false - faults = false - session = true - minimum_severity = "alerts" - destination_group = "SYSLOG_DEST_GROUP1" + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" }] } ``` diff --git a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf index 75b006b9..bd2d3388 100644 --- a/modules/terraform-aci-monitoring-policy/examples/complete/main.tf +++ b/modules/terraform-aci-monitoring-policy/examples/complete/main.tf @@ -2,17 +2,13 @@ module "aci_monitoring_policy" { source = "netascode/nac-aci/aci//modules/terraform-aci-monitoring-policy" version = ">= 0.8.0" - snmp_trap_policies = [{ - name = "SNMP_1" - destination_group = "SNMP_DEST_GROUP1" - }] + snmp_trap_policies = ["SNMP1"] syslog_policies = [{ - name = "SYSLOG1" - audit = false - events = false - faults = false - session = true - minimum_severity = "alerts" - destination_group = "SYSLOG_DEST_GROUP1" + name = "SYSLOG1" + audit = false + events = false + faults = false + session = true + minimum_severity = "alerts" }] } diff --git a/modules/terraform-aci-monitoring-policy/main.tf b/modules/terraform-aci-monitoring-policy/main.tf index 35cc1414..76e75841 100644 --- a/modules/terraform-aci-monitoring-policy/main.tf +++ b/modules/terraform-aci-monitoring-policy/main.tf @@ -1,18 +1,18 @@ resource "aci_rest_managed" "snmpSrc" { - for_each = { for s in var.snmp_trap_policies : s.name => s } - dn = "uni/fabric/moncommon/snmpsrc-${each.value.name}" + for_each = toset(var.snmp_trap_policies) + dn = "uni/fabric/moncommon/snmpsrc-${each.value}" class_name = "snmpSrc" content = { - name = each.value.name + name = each.value } } resource "aci_rest_managed" "snmpRsDestGroup" { - for_each = { for s in var.snmp_trap_policies : s.name => s if s.destination_group != null } - dn = "${aci_rest_managed.snmpSrc[each.value.name].dn}/rsdestGroup" + for_each = toset(var.snmp_trap_policies) + dn = "${aci_rest_managed.snmpSrc[each.value].dn}/rsdestGroup" class_name = "snmpRsDestGroup" content = { - tDn = "uni/fabric/snmpgroup-${each.value.destination_group}" + tDn = "uni/fabric/snmpgroup-${each.value}" } } @@ -28,10 +28,10 @@ resource "aci_rest_managed" "syslogSrc" { } resource "aci_rest_managed" "syslogRsDestGroup" { - for_each = { for s in var.syslog_policies : s.name => s if s.destination_group != null } + for_each = { for s in var.syslog_policies : s.name => s } dn = "${aci_rest_managed.syslogSrc[each.value.name].dn}/rsdestGroup" class_name = "syslogRsDestGroup" content = { - tDn = "uni/fabric/slgroup-${each.value.destination_group}" + tDn = "uni/fabric/slgroup-${each.value.name}" } } diff --git a/modules/terraform-aci-monitoring-policy/variables.tf b/modules/terraform-aci-monitoring-policy/variables.tf index b2b05727..f05a6a2f 100644 --- a/modules/terraform-aci-monitoring-policy/variables.tf +++ b/modules/terraform-aci-monitoring-policy/variables.tf @@ -1,21 +1,11 @@ variable "snmp_trap_policies" { - description = "List of SNMP trap policies." - type = list(object({ - name = string - destination_group = optional(string, "") - })) - default = [] - - validation { - condition = alltrue([ - for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp.name)) - ]) - error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." - } + description = "List of SNMP trap policy names." + type = list(string) + default = [] validation { condition = alltrue([ - for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp.destination_group)) + for snmp in var.snmp_trap_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", snmp)) ]) error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." } @@ -24,13 +14,12 @@ variable "snmp_trap_policies" { variable "syslog_policies" { description = "List of syslog policies. Default value `audit`: true. Default value `events`: true. Default value `faults`: true. Default value `session`: false. Default value `minimum_severity`: `warnings`." type = list(object({ - name = string - audit = optional(bool, true) - events = optional(bool, true) - faults = optional(bool, true) - session = optional(bool, false) - minimum_severity = optional(string, "warnings") - destination_group = optional(string, "") + name = string + audit = optional(bool, true) + events = optional(bool, true) + faults = optional(bool, true) + session = optional(bool, false) + minimum_severity = optional(string, "warnings") })) default = [] @@ -47,11 +36,5 @@ variable "syslog_policies" { ]) error_message = "`minimum_severity`: Allowed values are `emergencies`, `alerts`, `critical`, `errors`, `warnings`, `notifications`, `information` or `debugging`." } - - validation { - condition = alltrue([ - for syslog in var.syslog_policies : can(regex("^[a-zA-Z0-9_.:-]{0,64}$", syslog.destination_group)) - ]) - error_message = "Allowed characters: `a`-`z`, `A`-`Z`, `0`-`9`, `_`, `.`, `:`, `-`. Maximum characters: 64." - } } +