Merge pull request #568 from jeremmfr/main

Release v2.3.0

.github/workflows/linters.yml

@@ -19,7 +19,7 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          version: 'v1.54.2'
+          version: 'v1.55.2'
           args: -c .golangci.yml -v
 
   markdown-lint:
@@ -58,19 +58,30 @@ jobs:
         run: cd terrafmt && go install ./... && cd ${GITHUB_WORKSPACE}
       - name: Detect resource/data-source blocks without double quote on type and name (blocks not detected by terrafmt)
         run: |
-          ! egrep -i '((resource|data)\s+[-a-z0-9_"]+)\s+[-a-z0-9_"]+\s+\{' internal/*/*_test.go docs/*.md docs/*/*.md | egrep -i -v '((resource|data)\s+"[-a-z0-9_]+")\s+"[-a-z0-9_]+"\s+\{'
+          ! egrep -i '((resource|data)\s+[-a-z0-9_"]+)\s+[-a-z0-9_"]+\s+\{' internal/providersdk/*_test.go docs/*.md docs/*/*.md | egrep -i -v '((resource|data)\s+"[-a-z0-9_]+")\s+"[-a-z0-9_]+"\s+\{'
       - name: Terrafmt diff on docs markdown
         run: find docs | egrep "md$" | sort | while read f; do terrafmt diff $f; done >> /tmp/results.md
       - name: Terrafmt diff on _test.go
-        run: find internal | egrep "_test.go" | sort | while read f; do terrafmt diff $f; done >> /tmp/results.test.go
+        run: find internal/providersdk | egrep "_test.go" | sort | while read f; do terrafmt diff $f; done >> /tmp/results.test.go
       - name: Generate error if results not empty
         run: |
           if [[ -s /tmp/results.md || -s /tmp/results.test.go ]] ; then 
             cat /tmp/results.md
             cat /tmp/results.test.go
-            echo "terraform blocks in website/test-go files not being properly formatted"
+            echo "terraform blocks in docs/providersdk-test-go files not being properly formatted"
             exit 1
           fi
+  
+  terraform-fmt:
+    name: terraform-fmt
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
+      - name: Terraform format check testdata directory
+        run: terraform fmt -check -diff -recursive internal/providerfwk/testdata
 
   custom:
     name: custom
@@ -80,4 +91,4 @@ jobs:
         uses: actions/checkout@v4
       - name: diff SingleNestedBlock and BlockRemoveNull
         working-directory: ./internal/providerfwk
-        run: diff <( grep 'schema.SingleNestedBlock{' -c * ) <( grep 'BlockRemoveNull()' -c *)
+        run: diff <( grep -rc 'schema.SingleNestedBlock{' * ) <( grep -rc 'BlockRemoveNull()' *)

.github/workflows/releases.yml

@@ -41,7 +41,7 @@ jobs:
       - name: Set up Go 1.21
         uses: actions/setup-go@v4
         with:
-          go-version: '^1.21.1'
+          go-version: '^1.21.4'
           check-latest: true
         id: go
       - name: Show version

.golangci.yml

@@ -31,6 +31,7 @@ linters:
     - musttag
     - depguard
     - gosec
+    - inamedparam
 linters-settings:
   gci:
     custom-order: true
@@ -43,7 +44,7 @@ linters-settings:
     min-complexity: 180
   goconst:
     # Minimum occurrences of constant string count to trigger issue.
-    min-occurrences: 10
+    min-occurrences: 25
     # Ignore test files.
     ignore-tests: true
   gocyclo:
@@ -72,3 +73,9 @@ issues:
     - text: "github.com/hashicorp/terraform-plugin-framework/datasource"
       linters:
         - ireturn
+    - path: "internal/providersdk/"
+      linters:
+        - goconst
+    - text: "string `description \"` has "
+      linters:
+        - goconst

CHANGELOG.md

@@ -1,6 +1,36 @@
 <!-- markdownlint-disable-file MD013 MD041 -->
 # changelog
 
+## v2.3.0 (November 08, 2023)
+
+ENHANCEMENTS:
+
+* **resource/junos_bridge_domain**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * add `interface` argument (Fix [#548](https://github.com/jeremmfr/terraform-provider-junos/issues/548))
+* **resource/junos_evpn**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * add `duplicate_mac_detection` block argument (Fix [#535](https://github.com/jeremmfr/terraform-provider-junos/issues/535))
+* **resource/junos_system**:
+  * resource now use new [terraform-plugin-framework](https://github.com/hashicorp/terraform-plugin-framework)  
+  some of config errors are now sent during Plan instead of during Apply  
+  optional boolean attributes doesn't accept value *false*  
+  optional string attributes doesn't accept *empty* value  
+  the resource schema has been upgraded to have one-blocks in single mode instead of list
+  * `authentication_order`, `auxiliary_authentication_order`, `console_authentication_order` arguments have now a value validator: need to be `password`, `radius` or `tacplus`
+  * add `name_server_opts` argument (in conflict with `name_server` argument) to also configure DNS name server but with optional options (`routing_instance`) (Fix [#561](https://github.com/jeremmfr/terraform-provider-junos/issues/561))
+
+BUG FIXES:
+
+* **resource/junos_aggregate_route**, **resource/junos_generate_route**, **resource/junos_static_route**: fix missing no-empty value validator on `as_path_path` and `next_table` arguments
+
 ## v2.2.0 (September 13, 2023)
 
 ENHANCEMENTS:

docs/resources/bridge_domain.md

@@ -19,10 +19,13 @@ resource "junos_bridge_domain" "demo" {
 
 ## Argument Reference
 
+-> **Note:** At least one of arguments need to be set
+(in addition to `name` and `routing_instance`).
+
 The following arguments are supported:
 
 - **name** (Required, String, Forces new resource)  
-  The name of bridge domain.
+  Bridge domain name.
 - **routing_instance** (Optional, String, Forces new resource)  
   Routing instance.  
   Need to be `default` (for root level) or the name of routing instance.
@@ -35,6 +38,8 @@ The following arguments are supported:
   Domain-id for auto derived Route Target (1..15).
 - **domain_type_bridge** (Optional, Boolean)  
   Forwarding instance.
+- **interface** (Optional, Set of String)  
+  Interface for this bridge domain.
 - **isolated_vlan** (Optional, Number)  
   Isolated VLAN ID for private vlan bridge domain (1..4094).
 - **routing_interface** (Optional, String)  
@@ -47,7 +52,7 @@ The following arguments are supported:
 - **vlan_id_list** (Optional, Set of String)  
   Create bridge-domain for each of the vlan-id specified in the vlan-id-list.
 - **vxlan** (Optional, Block)  
-  Declare vxlan configuration.
+  Declare vxlan options.
   - **vni** (Required, Number)  
     VXLAN identifier (0..16777214).
   - **decapsulate_accept_inner_vlan** (Optional, Boolean)  
@@ -60,10 +65,10 @@ The following arguments are supported:
     CIDR for Multicast group registered for VXLAN segment.
   - **ovsdb_managed** (Optional, Boolean)  
     Bridge-domain is managed remotely via VXLAN OVSDB Controller.
-  - **vni_extend_evpn** (Optional, Boolean)  
-    Extend VNI to EVPN.
   - **unreachable_vtep_aging_timer** (Optional, Number)  
     Unreachable VXLAN tunnel endpoint removal timer (300..1800 seconds).
+  - **vni_extend_evpn** (Optional, Boolean)  
+    Extend VNI to EVPN.
 
 ## Attributes Reference
 

docs/resources/evpn.md

@@ -40,6 +40,15 @@ The following arguments are supported:
 - **default_gateway** (Optional, String)  
   Default gateway mode.  
   Need to be `advertise`, `do-not-advertise` or `no-gateway-community`.
+- **duplicate_mac_detection** (Optional, Block)  
+  Duplicate MAC detection settings.  
+  An attribute of block need to be set.
+  - **auto_recovery_time** (Optional, Number)  
+    Automatically unblock duplicate MACs after a time delay (1..360 minutes).
+  - **detection_threshold** (Optional, Number)  
+    Number of moves to trigger duplicate MAC detection (2..20).
+  - **detection_window** (Optional, Number)  
+    Time window for detection of duplicate MACs (5..600 seconds).
 - **multicast_mode** (Optional, String)  
   Multicast mode for EVPN.
 - **switch_or_ri_options** (Optional, Block, Forces new resource)  

docs/resources/system.md

@@ -41,7 +41,8 @@ The following arguments are supported:
   Declare `archival configuration` configuration.  
   See [below for nested schema](#archival_configuration-arguments).
 - **authentication_order** (Optional, List of String)  
-  Order in which authentication methods are invoked.
+  Order in which authentication methods are invoked.  
+  Element need to be `password`, `radius` or `tacplus`.
 - **auto_snapshot** (Optional, Boolean)  
   Enable auto-snapshot when boots from alternate slice.
 - **default_address_selection** (Optional, Boolean)  
@@ -83,7 +84,15 @@ The following arguments are supported:
 - **max_configurations_on_flash** (Optional, Number)  
   Number of configuration files stored on flash (0..49).
 - **name_server** (Optional, List of String)  
-  DNS name servers.
+  DNS name servers.  
+  Conflict with `name_server_opts`.
+- **name_server_opts** (Optional, Block List)  
+  DNS name servers with optional options.  
+  Conflict with `name_server`.
+  - **address** (Required, String)  
+    Address of the name server.
+  - **routing_instance** (Optional, String)  
+    Routing instance through which the name server is reachable.
 - **no_multicast_echo** (Optional, Boolean)  
   Disable responding to ICMP echo requests sent to multicast group addresses.
 - **no_ping_record_route** (Optional, Boolean)  
@@ -117,7 +126,8 @@ The following arguments are supported:
 - **ports** (Optional, Block)  
   Declare `ports` configuration.
   - **auxiliary_authentication_order** (Optional, List of String)  
-    Order in which authentication methods are invoked on auxiliary port.
+    Order in which authentication methods are invoked on auxiliary port.  
+    Element need to be `password`, `radius` or `tacplus`.
   - **auxiliary_disable** (Optional, Boolean)  
     Disable console on auxiliary port.
   - **auxiliary_insecure** (Optional, Boolean)  
@@ -127,7 +137,8 @@ The following arguments are supported:
   - **auxiliary_type** (Optional, String)  
     Terminal type on auxiliary port.
   - **console_authentication_order** (Optional, List of String)  
-    Order in which authentication methods are invoked on console port.
+    Order in which authentication methods are invoked on console port.  
+    Element need to be `password`, `radius` or `tacplus`.
   - **console_disable** (Optional, Boolean)  
     Disable console on console port.
   - **console_insecure** (Optional, Boolean)  
@@ -204,6 +215,9 @@ The following arguments are supported:
 - **gre_path_mtu_discovery** (Optional, Boolean)  
   Enable path MTU discovery for GRE tunnels.  
   Conflict with `no_gre_path_mtu_discovery`.
+- **no_gre_path_mtu_discovery** (Optional, Boolean)  
+  Don't enable path MTU discovery for GRE tunnels.  
+  Conflict with `gre_path_mtu_discovery`.
 - **icmpv4_rate_limit** (Optional, Block)  
   Declare `icmpv4-rate-limit` configuration.
   - **bucket_size** (Optional, Number)  
@@ -219,34 +233,25 @@ The following arguments are supported:
 - **ipip_path_mtu_discovery** (Optional, Boolean)  
   Enable path MTU discovery for IP-IP tunnels.  
   Conflict with `no_ipip_path_mtu_discovery`.
+- **no_ipip_path_mtu_discovery** (Optional, Boolean)  
+  Don't enable path MTU discovery for IP-IP tunnels.  
+  Conflict with `ipip_path_mtu_discovery`.
 - **ipv6_duplicate_addr_detection_transmits** (Optional, Number)  
   IPv6 Duplicate address detection transmits (0..20).
 - **ipv6_path_mtu_discovery** (Optional, Boolean)  
   Enable IPv6 Path MTU discovery.  
   Conflict with `no_ipv6_path_mtu_discovery`.
+- **no_ipv6_path_mtu_discovery** (Optional, Boolean)  
+  Don't enable IPv6 Path MTU discovery.  
+  Conflict with `ipv6_path_mtu_discovery`.
 - **ipv6_path_mtu_discovery_timeout** (Optional, Number)  
   IPv6 Path MTU Discovery timeout (5..71582788 minutes).
 - **ipv6_reject_zero_hop_limit** (Optional, Boolean)  
   Enable dropping IPv6 packets with zero hop-limit.  
   Conflict with `no_ipv6_reject_zero_hop_limit`.
-- **no_gre_path_mtu_discovery** (Optional, Boolean)  
-  Don't enable path MTU discovery for GRE tunnels.  
-  Conflict with `gre_path_mtu_discovery`.
-- **no_ipip_path_mtu_discovery** (Optional, Boolean)  
-  Don't enable path MTU discovery for IP-IP tunnels.  
-  Conflict with `ipip_path_mtu_discovery`.
-- **no_ipv6_path_mtu_discovery** (Optional, Boolean)  
-  Don't enable IPv6 Path MTU discovery.  
-  Conflict with `ipv6_path_mtu_discovery`.
 - **no_ipv6_reject_zero_hop_limit** (Optional, Boolean)  
   Don't enable dropping IPv6 packets with zero hop-limit.  
   Conflict with `ipv6_reject_zero_hop_limit`.
-- **no_path_mtu_discovery** (Optional, Boolean)  
-  Don't enable Path MTU discovery on TCP connections.  
-  Conflict with `path_mtu_discovery`.
-- **no_source_quench** (Optional, Boolean)  
-  Don't react to incoming ICMP Source Quench messages.  
-  Conflict with `source_quench`
 - **no_tcp_reset** (Optional, String)  
   Do not send RST TCP packet for packets sent to non-listening ports.  
   Need to be `drop-all-tcp` or `drop-tcp-with-syn-only`.
@@ -257,11 +262,17 @@ The following arguments are supported:
 - **path_mtu_discovery** (Optional, Boolean)  
   Enable Path MTU discovery on TCP connections.  
   Conflict with `no_path_mtu_discovery`.
+- **no_path_mtu_discovery** (Optional, Boolean)  
+  Don't enable Path MTU discovery on TCP connections.  
+  Conflict with `path_mtu_discovery`.
 - **source_port_upper_limit** (Optional, Number)  
   Specify upper limit of source port selection range (5000..65535).
 - **source_quench** (Optional, Boolean)  
   React to incoming ICMP Source Quench messages.  
   Conflict with `no_source_quench`.
+- **no_source_quench** (Optional, Boolean)  
+  Don't react to incoming ICMP Source Quench messages.  
+  Conflict with `source_quench`
 - **tcp_drop_synfin_set** (Optional, Boolean)  
   Drop TCP packets that have both SYN and FIN flags.
 - **tcp_mss** (Optional, Number)  
@@ -341,14 +352,15 @@ The following arguments are supported:
   Maximum number of trace files (2..1000).
 - **file_match** (Optional, String)  
   Regular expression for lines to be logged.
-- **file_no_world_readable** (Optional, Boolean)  
-  Don't allow any user to read the log file.
 - **file_size** (Optional, Number)  
   Maximum trace file size (10240..1073741824).
 - **file_world_readable** (Optional, Boolean)  
   Allow any user to read the log file.
+- **file_no_world_readable** (Optional, Boolean)  
+  Don't allow any user to read the log file.
 - **flag** (Optional, Set of String)  
-  Tracing parameters.
+  Tracing parameters.  
+  Element need to be `all`, `debug`, `incoming` or `outgoing`.
 - **no_remote_trace** (Optional, Boolean)  
   Disable remote tracing.
 - **on_demand** (Optional, Boolean)  
@@ -359,7 +371,8 @@ The following arguments are supported:
 ### ssh arguments for services
 
 - **authentication_order** (Optional, List of String)  
-  Order in which authentication methods are invoked.
+  Order in which authentication methods are invoked.  
+  Element need to be `password`, `radius` or `tacplus`.
 - **ciphers** (Optional, Set of String)  
   Specify the ciphers allowed for protocol version 2.
 - **client_alive_count_max** (Optional, Number)  
@@ -374,6 +387,8 @@ The following arguments are supported:
   Specify permissible SSH host-key algorithms.
 - **key_exchange** (Optional, Set of String)  
   Specify ssh key-exchange for Diffie-Hellman keys.
+- **log_key_changes** (Optional, Boolean)  
+  Log changes to authorized keys to syslog.
 - **macs** (Optional, Set of String)  
   Message Authentication Code algorithms allowed (SSHv2).
 - **max_pre_authentication_packets** (Optional, Number)  
@@ -388,15 +403,16 @@ The following arguments are supported:
   Port number to accept incoming connections (1..65535).
 - **protocol_version** (Optional, Set of String)  
   Specify ssh protocol versions supported.
+  Element need to be `v1` or `v2`.
 - **rate_limit** (Optional, Number)  
   Maximum number of connections per minute (1..250).
 - **root_login** (Optional, String)  
   Configure root access via ssh.  
   Need to be `allow`, `deny` or `deny-password`.
-- **no_tcp_forwarding** (Optional, Boolean)  
-  Do not allow forwarding TCP connections via SSH.
 - **tcp_forwarding** (Optional, Boolean)  
   Allow forwarding TCP connections via SSH.
+- **no_tcp_forwarding** (Optional, Boolean)  
+  Do not allow forwarding TCP connections via SSH.
 
 ---
 
@@ -411,19 +427,19 @@ The following arguments are supported:
 
 ### web_management_https arguments for services
 
+-> **Note:** One of `local_certificate`, `pki_local_certificate` or `system_generated_certificate`
+arguments is required.
+
 - **interface** (Optional, Set of String)  
   Specify the name of one or more interfaces.
 - **local_certificate** (Optional, String)  
-  Specify the name of the certificate.  
-  Need to set one of three: `local_certificate`, `pki_local_certificate` or `system_generated_certificate`.
+  Specify the name of the certificate.
 - **pki_local_certificate** (Optional, String)  
-  Specify the name of the certificate that is generated by the PKI and authenticated by a CA.  
-  Need to set one of three: `local_certificate`, `pki_local_certificate` or `system_generated_certificate`.
+  Specify the name of the certificate that is generated by the PKI and authenticated by a CA.
 - **port** (Optional, Number)  
   Port number to connect to HTTPS service (1..65535).
 - **system_generated_certificate** (Optional, Boolean)  
-  Will automatically generate a self-signed certificate.  
-  Need to set one of three: `local_certificate`, `pki_local_certificate` or `system_generated_certificate`.
+  Will automatically generate a self-signed certificate.
 
 ---