add support for tenant templates

.gitignore

@@ -394,4 +394,10 @@ $RECYCLE.BIN/
 .terraform.lock.hcl
 *.tfstate
 *.tfstate.backup
-*.tfplan
+*.tfplan
+
+# DS_Store
+.DS_Store
+
+# Claude
+.claude

README.md

@@ -112,8 +112,10 @@ $ export TF_CLI_ARGS_apply="-parallelism=1"
 | <a name="input_manage_site_connectivity"></a> [manage\_site\_connectivity](#input\_manage\_site\_connectivity) | Flag to indicate if site connectivity be managed. | `bool` | `false` | no |
 | <a name="input_manage_sites"></a> [manage\_sites](#input\_manage\_sites) | Flag to indicate if sites should be managed. | `bool` | `false` | no |
 | <a name="input_manage_system"></a> [manage\_system](#input\_manage\_system) | Flag to indicate if system level configuration should be managed. | `bool` | `false` | no |
+| <a name="input_manage_tenant_templates"></a> [manage\_tenant\_templates](#input\_manage\_tenant\_templates) | Flag to indicate if tenant templates should be managed. | `bool` | `false` | no |
 | <a name="input_manage_tenants"></a> [manage\_tenants](#input\_manage\_tenants) | Flag to indicate if tenants be managed. | `bool` | `false` | no |
 | <a name="input_managed_schemas"></a> [managed\_schemas](#input\_managed\_schemas) | List of schema names to be managed. By default all schemas will be managed. | `list(string)` | `[]` | no |
+| <a name="input_managed_tenant_templates"></a> [managed\_tenant\_templates](#input\_managed\_tenant\_templates) | List of tenant template names to be managed. By default all tenant templates will be managed. | `list(string)` | `[]` | no |
 | <a name="input_managed_tenants"></a> [managed\_tenants](#input\_managed\_tenants) | List of tenant names to be managed. By default all tenants will be managed. | `list(string)` | `[]` | no |
 | <a name="input_model"></a> [model](#input\_model) | As an alternative to YAML files, a native Terraform data structure can be provided as well. | `map(any)` | `{}` | no |
 | <a name="input_write_default_values_file"></a> [write\_default\_values\_file](#input\_write\_default\_values\_file) | Write all default values to a YAML file. Value is a path pointing to the file to be created. | `string` | `""` | no |
@@ -178,6 +180,9 @@ $ export TF_CLI_ARGS_apply="-parallelism=1"
 | [mso_schema_template_deploy_ndo.template](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_deploy_ndo) | resource |
 | [mso_schema_template_deploy_ndo.template2](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_deploy_ndo) | resource |
 | [mso_schema_template_deploy_ndo.template3](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_deploy_ndo) | resource |
+| [mso_schema_template_deploy_ndo.tenant_template](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_deploy_ndo) | resource |
+| [mso_schema_template_deploy_ndo.tenant_template2](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_deploy_ndo) | resource |
+| [mso_schema_template_deploy_ndo.tenant_template3](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_deploy_ndo) | resource |
 | [mso_schema_template_external_epg.schema_template_external_epg](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_external_epg) | resource |
 | [mso_schema_template_external_epg_contract.schema_template_external_epg_contract](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_external_epg_contract) | resource |
 | [mso_schema_template_external_epg_selector.schema_template_external_epg_selector](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_external_epg_selector) | resource |
@@ -188,15 +193,24 @@ $ export TF_CLI_ARGS_apply="-parallelism=1"
 | [mso_schema_template_vrf.schema_template_vrf](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_vrf) | resource |
 | [mso_schema_template_vrf_contract.schema_template_vrf_contract](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/schema_template_vrf_contract) | resource |
 | [mso_site.site](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/site) | resource |
+| [mso_template.tenant_template](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/template) | resource |
 | [mso_tenant.tenant](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/tenant) | resource |
+| [mso_tenant_policies_dhcp_relay_policy.tenant_policies_dhcp_relay_policy](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/tenant_policies_dhcp_relay_policy) | resource |
+| [mso_tenant_policies_ipsla_monitoring_policy.tenant_policies_ipsla_monitoring_policy](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/tenant_policies_ipsla_monitoring_policy) | resource |
+| [mso_tenant_policies_route_map_policy_multicast.tenant_policies_route_map_policy_multicast](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/resources/tenant_policies_route_map_policy_multicast) | resource |
 | [terraform_data.validation](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
 | [mso_rest.ndo_version](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/rest) | data source |
 | [mso_rest.schemas](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/rest) | data source |
 | [mso_rest.system_config](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/rest) | data source |
+| [mso_rest.templates](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/rest) | data source |
+| [mso_schema_template_anp_epg.schema_template_anp_epg](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/schema_template_anp_epg) | data source |
+| [mso_schema_template_external_epg.schema_template_external_epg](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/schema_template_external_epg) | data source |
 | [mso_site.site](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/site) | data source |
 | [mso_site.template_site](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/site) | data source |
 | [mso_site.tenant_site](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/site) | data source |
+| [mso_site.tenant_templates_site](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/site) | data source |
 | [mso_tenant.template_tenant](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/tenant) | data source |
+| [mso_tenant.tenant_templates_tenant](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/tenant) | data source |
 | [mso_user.tenant_user](https://registry.terraform.io/providers/CiscoDevNet/mso/latest/docs/data-sources/user) | data source |
 
 ## Modules

defaults/defaults.yaml

@@ -180,3 +180,27 @@ defaults:
           logical_interface_name_suffix: ""
           redirect_policy_name_suffix: ""
           node_type: "firewall"
+    tenant_templates:
+      tenant_policies:
+        dhcp_relay_policies:
+          name_suffix: ""
+          providers:
+            use_server_vrf: false
+        ip_sla_policies:
+          name_suffix: ""
+          multiplier: 3
+          frequency: 60
+          sla_type: icmp
+          port: 0
+          http_version: HTTP10
+          http_uri: /
+          request_data_size: 28
+          timeout: 900
+          threshold: 900
+          type_of_service: 0
+          ipv6_traffic_class: 0
+        multicast_route_maps:
+          name_suffix: ""
+          entries:
+            rp_ip: 0.0.0.0
+            action: permit

main.tf

@@ -4,6 +4,7 @@ locals {
   tenants          = [for tenant in try(local.ndo.tenants, []) : tenant if var.manage_tenants && (length(var.managed_tenants) == 0 || contains(var.managed_tenants, tenant.name))]
   ndo_version_full = jsondecode(data.mso_rest.ndo_version.content).version
   ndo_version      = regex("^[0-9]+[.][0-9]+", local.ndo_version_full)
+  tenant_templates = [for template in try(local.ndo.tenant_templates.tenant_policies, []) : template if var.manage_tenant_templates && (length(var.managed_tenant_templates) == 0 || contains(var.managed_tenant_templates, template.name))]
 }
 
 data "mso_rest" "ndo_version" {

ndo_deploy_templates.tf

@@ -12,6 +12,7 @@ locals {
   ])
 }
 
+
 resource "mso_schema_template_deploy_ndo" "template" {
   for_each      = { for template in local.deploy_templates : template.key => template if var.deploy_templates && template.deploy_order == 1 }
   schema_id     = var.manage_schemas ? mso_schema.schema[each.value.schema_name].id : local.schema_ids[each.value.schema_name].id
@@ -80,3 +81,49 @@ resource "mso_schema_template_deploy_ndo" "template3" {
     mso_schema_template_deploy_ndo.template2,
   ]
 }
+
+locals {
+  unmanaged_templates = [for template in try(local.ndo.tenant_templates, []) : template if !var.manage_tenant_templates && var.deploy_templates]
+  deploy_tenant_templates = flatten([
+    for template in concat(local.tenant_templates, local.unmanaged_templates) : {
+      key           = template.name
+      template_name = template.name
+      deploy_order  = try(template.deploy_order, 1)
+    }
+  ])
+}
+resource "mso_schema_template_deploy_ndo" "tenant_template" {
+  for_each      = { for template in local.deploy_tenant_templates : template.key => template if var.deploy_templates && template.deploy_order == 1 }
+  template_id   = var.manage_tenant_templates ? mso_template.tenant_template[each.value.template_name].id : local.template_ids[each.value.template_name].id
+  template_type = "tenant"
+  template_name = each.value.template_name
+
+  depends_on = [
+    mso_template.tenant_template,
+    mso_tenant_policies_dhcp_relay_policy.tenant_policies_dhcp_relay_policy,
+    mso_tenant_policies_ipsla_monitoring_policy.tenant_policies_ipsla_monitoring_policy,
+    mso_tenant_policies_route_map_policy_multicast.tenant_policies_route_map_policy_multicast,
+  ]
+}
+
+resource "mso_schema_template_deploy_ndo" "tenant_template2" {
+  for_each      = { for template in local.deploy_tenant_templates : template.key => template if var.deploy_templates && template.deploy_order == 2 }
+  template_id   = var.manage_tenant_templates ? mso_template.tenant_template[each.value.template_name].id : local.template_ids[each.value.template_name].id
+  template_type = "tenant"
+  template_name = each.value.template_name
+
+  depends_on = [mso_schema_template_deploy_ndo.tenant_template]
+}
+
+resource "mso_schema_template_deploy_ndo" "tenant_template3" {
+  for_each      = { for template in local.deploy_tenant_templates : template.key => template if var.deploy_templates && template.deploy_order == 3 }
+  template_id   = var.manage_tenant_templates ? mso_template.tenant_template[each.value.template_name].id : local.template_ids[each.value.template_name].id
+  template_type = "tenant"
+  template_name = each.value.template_name
+
+  depends_on = [
+    mso_schema_template_deploy_ndo.tenant_template,
+    mso_schema_template_deploy_ndo.tenant_template2,
+  ]
+}
+