feat: improve PANOS provider reliability (GoogleCloudPlatform#1139)

bridgecrewio · Nov 22, 2021 · 6aba9e0 · 6aba9e0
1 parent 80131a3
commit 6aba9e0
Show file tree

Hide file tree

Showing 7 changed files with 241 additions and 138 deletions.
diff --git a/providers/panos/firewall_networking.go b/providers/panos/firewall_networking.go
@@ -608,54 +608,58 @@ func (g *FirewallNetworkingGenerator) PostConvertHook() error {
 	mapIPSECCryptoProfileNames := map[string]string{}
 
 	for _, r := range g.Resources {
-		if r.InstanceInfo.Type == "panos_aggregate_interface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-			mapInterfaceModes[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".mode}"
-		}
+		if _, ok := r.Item["name"]; ok {
+			if r.InstanceInfo.Type == "panos_aggregate_interface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+				mapInterfaceModes[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".mode}"
+			}
 
-		if r.InstanceInfo.Type == "panos_ethernet_interface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-			mapInterfaceModes[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".mode}"
-		}
+			if r.InstanceInfo.Type == "panos_ethernet_interface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+				mapInterfaceModes[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".mode}"
+			}
 
-		if r.InstanceInfo.Type == "panos_layer2_subinterface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_layer2_subinterface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_layer3_subinterface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_layer3_subinterface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_loopback_interface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_loopback_interface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_tunnel_interface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_tunnel_interface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_vlan_interface" {
-			mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_vlan_interface" {
+				mapInterfaceNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_ike_crypto_profile" {
-			mapIKECryptoProfileNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_ike_crypto_profile" {
+				mapIKECryptoProfileNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_ike_gateway" {
-			mapIKEGatewayNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_ike_gateway" {
+				mapIKEGatewayNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_ipsec_crypto_profile" {
-			mapIPSECCryptoProfileNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			if r.InstanceInfo.Type == "panos_ipsec_crypto_profile" {
+				mapIPSECCryptoProfileNames[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 		}
 	}
 
 	for _, r := range g.Resources {
 		if r.InstanceInfo.Type == "panos_bgp" ||
 			r.InstanceInfo.Type == "panos_redistribution_profile_ipv4" ||
 			r.InstanceInfo.Type == "panos_static_route_ipv4" {
-			r.Item["virtual_router"] = "${panos_virtual_router." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".name}"
+			if _, ok := r.Item["virtual_router"]; ok {
+				r.Item["virtual_router"] = "${panos_virtual_router." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".name}"
+			}
 		}
 
 		if r.InstanceInfo.Type == "panos_bgp_aggregate" ||
@@ -666,60 +670,80 @@ func (g *FirewallNetworkingGenerator) PostConvertHook() error {
 			r.InstanceInfo.Type == "panos_bgp_import_rule_group" ||
 			r.InstanceInfo.Type == "panos_bgp_peer_group" ||
 			r.InstanceInfo.Type == "panos_bgp_redist_rule" {
-			r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
+			if _, ok := r.Item["virtual_router"]; ok {
+				r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
+			}
 		}
 
 		if r.InstanceInfo.Type == "panos_bgp_aggregate_advertise_filter" ||
 			r.InstanceInfo.Type == "panos_bgp_aggregate_suppress_filter" {
-			r.Item["virtual_router"] = "${panos_bgp_aggregate." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
-			r.Item["bgp_aggregate"] = "${panos_bgp_aggregate." + normalizeResourceName(r.Item["bgp_aggregate"].(string)) + ".name}"
+			if _, ok := r.Item["virtual_router"]; ok {
+				r.Item["virtual_router"] = "${panos_bgp_aggregate." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
+			}
+			if _, ok := r.Item["bgp_aggregate"]; ok {
+				r.Item["bgp_aggregate"] = "${panos_bgp_aggregate." + normalizeResourceName(r.Item["bgp_aggregate"].(string)) + ".name}"
+			}
 		}
 
 		if r.InstanceInfo.Type == "panos_bgp_peer" {
-			r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
-			r.Item["peer_as"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".as_number}"
+			if _, ok := r.Item["virtual_router"]; ok {
+				r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
+				r.Item["peer_as"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".as_number}"
+			}
 		}
 
 		if r.InstanceInfo.Type == "panos_bgp_conditional_adv_advertise_filter" ||
 			r.InstanceInfo.Type == "panos_bgp_conditional_adv_non_exist_filter" {
-			r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
-			r.Item["bgp_conditional_adv"] = "${panos_bgp_conditional_adv." + normalizeResourceName(r.Item["panos_bgp_conditional_adv"].(string)) + ".name}"
+			if _, ok := r.Item["virtual_router"]; ok {
+				r.Item["virtual_router"] = "${panos_bgp." + normalizeResourceName(r.Item["virtual_router"].(string)) + ".virtual_router}"
+			}
+			if _, ok := r.Item["panos_bgp_conditional_adv"]; ok {
+				r.Item["bgp_conditional_adv"] = "${panos_bgp_conditional_adv." + normalizeResourceName(r.Item["panos_bgp_conditional_adv"].(string)) + ".name}"
+			}
 		}
 
 		if r.InstanceInfo.Type == "panos_gre_tunnel" {
-			r.Item["interface"] = mapInterfaceNames[r.Item["interface"].(string)]
-			r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)]
+			if mapExists(mapInterfaceNames, r.Item, "interface") {
+				r.Item["interface"] = mapInterfaceNames[r.Item["interface"].(string)]
+			}
+			if mapExists(mapInterfaceNames, r.Item, "tunnel_interface") {
+				r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)]
+			}
 		}
 
 		if r.InstanceInfo.Type == "panos_ike_gateway" {
-			if _, ok := r.Item["ikev1_crypto_profile"]; ok {
+			if mapExists(mapIKECryptoProfileNames, r.Item, "ikev1_crypto_profile") {
 				r.Item["ikev1_crypto_profile"] = mapIKECryptoProfileNames[r.Item["ikev1_crypto_profile"].(string)]
 			}
 		}
 
 		if r.InstanceInfo.Type == "panos_ipsec_tunnel" {
-			r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)]
-			r.Item["ak_ike_gateway"] = mapIKEGatewayNames[r.Item["ak_ike_gateway"].(string)]
-			if _, ok := r.Item["ak_ipsec_crypto_profile"]; ok {
+			if mapExists(mapInterfaceNames, r.Item, "tunnel_interface") {
+				r.Item["tunnel_interface"] = mapInterfaceNames[r.Item["tunnel_interface"].(string)]
+			}
+			if mapExists(mapIKEGatewayNames, r.Item, "ak_ike_gateway") {
+				r.Item["ak_ike_gateway"] = mapIKEGatewayNames[r.Item["ak_ike_gateway"].(string)]
+			}
+			if mapExists(mapIPSECCryptoProfileNames, r.Item, "ak_ipsec_crypto_profile") {
 				r.Item["ak_ipsec_crypto_profile"] = mapIPSECCryptoProfileNames[r.Item["ak_ipsec_crypto_profile"].(string)]
 			}
 		}
 
 		if r.InstanceInfo.Type == "panos_ipsec_tunnel_proxy_id_ipv4" {
-			if _, ok := mapInterfaceNames[r.Item["ipsec_tunnel"].(string)]; ok {
+			if mapExists(mapInterfaceNames, r.Item, "ipsec_tunnel") {
 				r.Item["ipsec_tunnel"] = mapInterfaceNames[r.Item["ipsec_tunnel"].(string)]
 			}
 		}
 
 		if r.InstanceInfo.Type == "panos_layer2_subinterface" {
-			if _, ok := mapInterfaceModes[r.Item["parent_interface"].(string)]; ok {
+			if mapExists(mapInterfaceModes, r.Item, "parent_interface") {
 				r.Item["parent_mode"] = mapInterfaceModes[r.Item["parent_interface"].(string)]
 			}
 		}
 
 		if r.InstanceInfo.Type == "panos_layer2_subinterface" ||
 			r.InstanceInfo.Type == "panos_layer3_subinterface" {
-			if _, ok := mapInterfaceNames[r.Item["parent_interface"].(string)]; ok {
+			if mapExists(mapInterfaceNames, r.Item, "parent_interface") {
 				r.Item["parent_interface"] = mapInterfaceNames[r.Item["parent_interface"].(string)]
 			}
 		}
@@ -767,17 +791,21 @@ func (g *FirewallNetworkingGenerator) PostConvertHook() error {
 			if _, ok := r.Item["interfaces"]; ok {
 				interfaces := make([]string, len(r.Item["interfaces"].([]interface{})))
 				for k, eth := range r.Item["interfaces"].([]interface{}) {
-					if name, ok := mapInterfaceNames[eth.(string)]; ok {
+					if name, ok2 := mapInterfaceNames[eth.(string)]; ok2 {
 						interfaces[k] = name
+						continue
 					}
+					interfaces[k] = eth.(string)
 				}
 
 				r.Item["interfaces"] = interfaces
 			}
 		}
 
 		if r.InstanceInfo.Type == "panos_vlan" {
-			r.Item["vlan_interface"] = mapInterfaceNames[r.Item["vlan_interface"].(string)]
+			if mapExists(mapInterfaceNames, r.Item, "vlan_interface") {
+				r.Item["vlan_interface"] = mapInterfaceNames[r.Item["vlan_interface"].(string)]
+			}
 		}
 	}
 

diff --git a/providers/panos/firewall_objects.go b/providers/panos/firewall_objects.go
@@ -259,16 +259,18 @@ func (g *FirewallObjectsGenerator) PostConvertHook() error {
 	mapServiceObjectIDs := map[string]string{}
 
 	for _, r := range g.Resources {
-		if r.InstanceInfo.Type == "panos_address_object" {
-			mapAddressObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+		if _, ok := r.Item["name"]; ok {
+			if r.InstanceInfo.Type == "panos_address_object" {
+				mapAddressObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_application_object" {
-			mapApplicationObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
-		}
+			if r.InstanceInfo.Type == "panos_application_object" {
+				mapApplicationObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 
-		if r.InstanceInfo.Type == "panos_service_object" {
-			mapServiceObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			if r.InstanceInfo.Type == "panos_service_object" {
+				mapServiceObjectIDs[r.Item["name"].(string)] = "${" + r.InstanceInfo.Type + "." + r.ResourceName + ".name}"
+			}
 		}
 	}
 
@@ -277,7 +279,11 @@ func (g *FirewallObjectsGenerator) PostConvertHook() error {
 			if _, ok := r.Item["static_addresses"]; ok {
 				staticAddresses := make([]string, len(r.Item["static_addresses"].([]interface{})))
 				for k, staticAddress := range r.Item["static_addresses"].([]interface{}) {
-					staticAddresses[k] = mapAddressObjectIDs[staticAddress.(string)]
+					if _, ok2 := mapAddressObjectIDs[staticAddress.(string)]; ok2 {
+						staticAddresses[k] = mapAddressObjectIDs[staticAddress.(string)]
+						continue
+					}
+					staticAddresses[k] = staticAddress.(string)
 				}
 
 				r.Item["static_addresses"] = staticAddresses
@@ -288,7 +294,7 @@ func (g *FirewallObjectsGenerator) PostConvertHook() error {
 			if _, ok := r.Item["applications"]; ok {
 				applications := make([]string, len(r.Item["applications"].([]interface{})))
 				for k, application := range r.Item["applications"].([]interface{}) {
-					if _, ok := mapApplicationObjectIDs[application.(string)]; ok {
+					if _, ok2 := mapApplicationObjectIDs[application.(string)]; ok2 {
 						applications[k] = mapApplicationObjectIDs[application.(string)]
 						continue
 					}
@@ -300,12 +306,18 @@ func (g *FirewallObjectsGenerator) PostConvertHook() error {
 		}
 
 		if r.InstanceInfo.Type == "panos_service_group" {
-			services := make([]string, len(r.Item["services"].([]interface{})))
-			for k, service := range r.Item["services"].([]interface{}) {
-				services[k] = mapServiceObjectIDs[service.(string)]
-			}
+			if _, ok := r.Item["services"]; ok {
+				services := make([]string, len(r.Item["services"].([]interface{})))
+				for k, service := range r.Item["services"].([]interface{}) {
+					if _, ok2 := mapServiceObjectIDs[service.(string)]; ok2 {
+						services[k] = mapServiceObjectIDs[service.(string)]
+						continue
+					}
+					services[k] = service.(string)
+				}
 
-			r.Item["services"] = services
+				r.Item["services"] = services
+			}
 		}
 	}
 

diff --git a/providers/panos/helpers.go b/providers/panos/helpers.go
@@ -159,3 +159,12 @@ func contains(s []string, e string) bool {
 	}
 	return false
 }
+
+func mapExists(mapString map[string]string, item map[string]interface{}, element string) bool {
+	if _, ok := item[element]; ok {
+		if _, ok2 := mapString[item[element].(string)]; ok2 {
+			return true
+		}
+	}
+	return false
+}