Ospf attributes & key chain support

README.md

@@ -123,8 +123,12 @@ module "nxos" {
 | [nxos_ipv4_interface_address.svi_ipv4_secondary_interface_address](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_interface_address) | resource |
 | [nxos_ipv4_prefix_list_rule.ipv4_prefix_list_rule](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_prefix_list_rule) | resource |
 | [nxos_ipv4_prefix_list_rule_entry.ipv4_prefix_list_rule_entry](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_prefix_list_rule_entry) | resource |
+| [nxos_ipv4_static_route.example](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_static_route) | resource |
 | [nxos_ipv4_vrf.ipv4_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_vrf) | resource |
 | [nxos_ipv4_vrf.ipv4_vrf_default](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ipv4_vrf) | resource |
+| [nxos_keychain.keychain](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/keychain) | resource |
+| [nxos_keychain_key.keychain_key](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/keychain_key) | resource |
+| [nxos_keychain_manager.keychain_manager](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/keychain_manager) | resource |
 | [nxos_loopback_interface.loopback_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/loopback_interface) | resource |
 | [nxos_loopback_interface_vrf.loopback_interface_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/loopback_interface_vrf) | resource |
 | [nxos_nve_interface.nve_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/nve_interface) | resource |
@@ -136,6 +140,7 @@ module "nxos" {
 | [nxos_ospf_authentication.ospf_authentication](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ospf_authentication) | resource |
 | [nxos_ospf_instance.ospf_instance](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ospf_instance) | resource |
 | [nxos_ospf_interface.ospf_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ospf_interface) | resource |
+| [nxos_ospf_max_metric.ospf_max_metric](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ospf_max_metric) | resource |
 | [nxos_ospf_vrf.ospf_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/ospf_vrf) | resource |
 | [nxos_physical_interface.physical_interface](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/physical_interface) | resource |
 | [nxos_physical_interface_vrf.physical_interface_vrf](https://registry.terraform.io/providers/CiscoDevNet/nxos/latest/docs/resources/physical_interface_vrf) | resource |

nxos_keychain.tf

@@ -0,0 +1,70 @@
+resource "nxos_keychain_manager" "keychain_manager" {
+  for_each    = { for device in local.devices : device.name => device if(try(length(local.device_config[device.name].keychains), 0) > 0) }
+  device      = each.key
+  admin_state = "enabled"
+}
+
+locals {
+  keychains = flatten([
+    for device in local.devices : [
+      for keychain in try(local.device_config[device.name].keychains, []) : {
+        key    = format("%s/%s", device.name, keychain.name)
+        device = device.name
+        name   = keychain.name
+      }
+    ]
+  ])
+}
+
+resource "nxos_keychain" "keychain" {
+  for_each = { for v in local.keychains : v.key => v }
+  device   = each.value.device
+  name     = each.value.name
+
+  depends_on = [nxos_keychain_manager.keychain_manager]
+}
+
+locals {
+  keys = flatten([
+    for device in local.devices : [
+      for keychain in try(local.device_config[device.name].keychains, []) : [
+        for key in try(keychain.keys, []) : {
+          key        = format("%s/%s/%s", device.name, keychain.name, key.id)
+          device     = device.name
+          key_id     = key.id
+          keychain   = format("%s/%s", device.name, keychain.name)
+          key_string = sensitive(key.key_string)
+        }
+      ]
+    ]
+  ])
+}
+
+resource "nxos_keychain_key" "keychain_key" {
+  for_each   = { for v in local.keys : v.key => v }
+  device     = each.value.device
+  key_id     = each.value.key_id
+  keychain   = nxos_keychain.keychain[each.value.keychain].name
+  key_string = each.value.key_string
+
+  lifecycle {
+    ignore_changes = [
+      key_string,
+    ]
+  }
+}
+
+resource "nxos_ipv4_static_route" "example" {
+  vrf_name = "IPN_VRF"
+  device   = "IPN101"
+  prefix   = "1.1.1.0/24"
+  next_hops = [{
+    interface_id = "unspecified"
+    address      = "1.2.3.4"
+    vrf_name     = "default"
+    description  = "My Description"
+    object       = 10
+    preference   = 123
+    tag          = 10
+  }]
+}

nxos_ospf.tf

@@ -35,15 +35,21 @@ locals {
     for device in local.devices : [
       for proc in try(local.device_config[device.name].routing.ospf_processes, []) : [
         for vrf in try(proc.vrfs, []) : {
-          key                     = format("%s/%s/%s", device.name, proc.name, vrf.vrf)
-          device                  = device.name
-          proc_key                = format("%s/%s", device.name, proc.name)
-          vrf                     = vrf.vrf
-          admin_state             = try(vrf.admin_state, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.admin_state, false) ? "enabled" : "disabled"
-          bandwidth_reference     = try(vrf.bandwidth_reference, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.bandwidth_reference, null)
-          banwidth_reference_unit = try(vrf.banwidth_reference_unit, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.banwidth_reference_unit, null)
-          distance                = try(vrf.distance, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.distance, null)
-          router_id               = try(vrf.router_id, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.router_id, null)
+          key                         = format("%s/%s/%s", device.name, proc.name, vrf.vrf)
+          device                      = device.name
+          proc_key                    = format("%s/%s", device.name, proc.name)
+          vrf                         = vrf.vrf
+          admin_state                 = try(vrf.admin_state, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.admin_state, false) ? "enabled" : "disabled"
+          bandwidth_reference         = try(vrf.bandwidth_reference, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.bandwidth_reference, null)
+          banwidth_reference_unit     = try(vrf.banwidth_reference_unit, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.banwidth_reference_unit, null)
+          distance                    = try(vrf.distance, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.distance, null)
+          log_adjacency_changes       = try(vrf.log_adjacency_changes, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.log_adjacency_changes, null)
+          router_id                   = try(vrf.router_id, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.router_id, null)
+          max_metric_include_stub     = try(vrf.max_metric_include_stub, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.max_metric_include_stub, null)
+          max_metric_control          = join(",", concat(try(vrf.max_metric_external_lsa, null) != null ? ["external-lsa"] : [], try(vrf.max_metric_startup_interval, null) != null ? ["startup"] : [], try(vrf.max_metric_include_stub, null) == true ? ["stub"] : [], try(vrf.max_metric_summary_lsa, null) != null ? ["summary-lsa"] : []))
+          max_metric_external_lsa     = try(vrf.max_metric_external_lsa, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.max_metric_external_lsa, null)
+          max_metric_summary_lsa      = try(vrf.max_metric_summary_lsa, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.max_metric_summary_lsa, null)
+          max_metric_startup_interval = try(vrf.max_metric_startup_interval, local.defaults.nxos.devices.configuration.routing.ospf_processes.vrfs.max_metric_startup_interval, null)
         }
       ]
     ]
@@ -59,9 +65,26 @@ resource "nxos_ospf_vrf" "ospf_vrf" {
   bandwidth_reference      = each.value.bandwidth_reference
   bandwidth_reference_unit = each.value.banwidth_reference_unit
   distance                 = each.value.distance
+  log_adjacency_changes    = each.value.log_adjacency_changes
   router_id                = each.value.router_id
 }
 
+
+resource "nxos_ospf_max_metric" "ospf_max_metric" {
+  for_each                    = { for v in local.routing_ospf_processes_vrfs : v.key => v if v.max_metric_control != "" }
+  device                      = each.value.device
+  instance_name               = nxos_ospf_instance.ospf_instance[each.value.proc_key].name
+  vrf_name                    = each.value.vrf
+  control          = each.value.max_metric_control
+  external_lsa     = each.value.max_metric_external_lsa
+  summary_lsa      = each.value.max_metric_summary_lsa
+  startup_interval = each.value.max_metric_startup_interval
+
+  depends_on = [
+    nxos_ospf_vrf.ospf_vrf
+  ]
+}
+
 locals {
   routing_ospf_processes_vrfs_areas = flatten([
     for device in local.devices : [