Add policy object unified tls ssl decryption resource and data source

CHANGELOG.md

@@ -30,6 +30,7 @@
 - Add `sdwan_policy_object_unified_tls_ssl_profile` resource and data source
 - Add `sdwan_policy_object_unified_intrusion_prevention` resource and data source
 - Add `sdwan_policy_object_unified_advanced_inspection_profile` resource and data source
+- Add `sdwan_policy_object_unified_tls_ssl_decryption` resource and data source
 
 ## 0.4.1
 

docs/data-sources/policy_object_unified_tls_ssl_decryption.md

@@ -0,0 +1,49 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_policy_object_unified_tls_ssl_decryption Data Source - terraform-provider-sdwan"
+subcategory: "Policy Objects"
+description: |-
+  This data source can read the Policy Object Unified TLS SSL Decryption Policy_object.
+---
+
+# sdwan_policy_object_unified_tls_ssl_decryption (Data Source)
+
+This data source can read the Policy Object Unified TLS SSL Decryption Policy_object.
+
+## Example Usage
+
+```terraform
+data "sdwan_policy_object_unified_tls_ssl_decryption" "example" {
+  id                 = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+  feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `feature_profile_id` (String) Feature Profile ID
+- `id` (String) The id of the Policy_object
+
+### Read-Only
+
+- `bundle_string` (String)
+- `certificate_lifetime` (String) If you have vManage as CA or vManage as intermediate CA, this value should be 1
+- `certificate_revocation_status` (String) If value is none unknown status not required, if value is ocsp then unknown status is required
+- `default_ca_certificate_bundle` (Boolean)
+- `description` (String) The description of the Policy_object
+- `ec_key_type` (String)
+- `enable_ssl` (Boolean) If false, no other fields should be provided, if true all fields should be provided
+- `expired_certificate` (String)
+- `failure_mode` (String)
+- `file_name` (String)
+- `minimal_tls_ver` (String)
+- `name` (String) The name of the Policy_object
+- `rsa_keypair_modules` (String)
+- `unknown_revocation_status` (String) Only required if certificateRevocationStatus is oscp, if value is none then field shouldn't be here
+- `unsupported_cipher_suites` (String)
+- `unsupported_protocol_versions` (String)
+- `untrusted_certificate` (String)
+- `version` (Number) The version of the Policy_object

docs/guides/changelog.md

@@ -39,6 +39,7 @@ description: |-
 - Add `sdwan_policy_object_unified_tls_ssl_profile` resource and data source
 - Add `sdwan_policy_object_unified_intrusion_prevention` resource and data source
 - Add `sdwan_policy_object_unified_advanced_inspection_profile` resource and data source
+- Add `sdwan_policy_object_unified_tls_ssl_decryption` resource and data source
 
 ## 0.4.1
 

docs/resources/policy_object_unified_tls_ssl_decryption.md

@@ -0,0 +1,78 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "sdwan_policy_object_unified_tls_ssl_decryption Resource - terraform-provider-sdwan"
+subcategory: "Policy Objects"
+description: |-
+  This resource can manage a Policy Object Unified TLS SSL Decryption Policy_object.
+  Minimum SD-WAN Manager version: 20.12.0
+---
+
+# sdwan_policy_object_unified_tls_ssl_decryption (Resource)
+
+This resource can manage a Policy Object Unified TLS SSL Decryption Policy_object.
+  - Minimum SD-WAN Manager version: `20.12.0`
+
+## Example Usage
+
+```terraform
+resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" {
+  name                          = "Example"
+  description                   = "My Example"
+  feature_profile_id            = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  enable_ssl                    = true
+  expired_certificate           = "drop"
+  untrusted_certificate         = "drop"
+  certificate_revocation_status = "ocsp"
+  unknown_revocation_status     = "decrypt"
+  unsupported_protocol_versions = "no-decrypt"
+  unsupported_cipher_suites     = "drop"
+  failure_mode                  = "close"
+  default_ca_certificate_bundle = true
+  rsa_keypair_modules           = "2048"
+  ec_key_type                   = "P384"
+  certificate_lifetime          = "1"
+  minimal_tls_ver               = "TLSv1.2"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `certificate_lifetime` (String) If you have vManage as CA or vManage as intermediate CA, this value should be 1
+- `certificate_revocation_status` (String) If value is none unknown status not required, if value is ocsp then unknown status is required
+  - Choices: `ocsp`, `none`
+- `ec_key_type` (String) - Choices: `P256`, `P384`, `P521`
+- `enable_ssl` (Boolean) If false, no other fields should be provided, if true all fields should be provided
+- `expired_certificate` (String) - Choices: `decrypt`, `drop`
+- `failure_mode` (String) - Choices: `close`, `open`
+- `feature_profile_id` (String) Feature Profile ID
+- `minimal_tls_ver` (String) - Choices: `TLSv1`, `TLSv1.1`, `TLSv1.2`
+- `name` (String) The name of the Policy_object
+- `rsa_keypair_modules` (String) - Choices: `1024`, `2048`, `4096`
+- `unknown_revocation_status` (String) Only required if certificateRevocationStatus is oscp, if value is none then field shouldn't be here
+  - Choices: `decrypt`, `drop`
+- `unsupported_cipher_suites` (String) - Choices: `no-decrypt`, `drop`
+- `unsupported_protocol_versions` (String) - Choices: `no-decrypt`, `drop`
+- `untrusted_certificate` (String) - Choices: `decrypt`, `drop`
+
+### Optional
+
+- `bundle_string` (String)
+- `default_ca_certificate_bundle` (Boolean)
+- `description` (String) The description of the Policy_object
+- `file_name` (String)
+
+### Read-Only
+
+- `id` (String) The id of the Policy_object
+- `version` (Number) The version of the Policy_object
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+terraform import sdwan_policy_object_unified_tls_ssl_decryption.example "f6b2c44c-693c-4763-b010-895aa3d236bd"
+```

examples/data-sources/sdwan_policy_object_unified_tls_ssl_decryption/data-source.tf

@@ -0,0 +1,4 @@
+data "sdwan_policy_object_unified_tls_ssl_decryption" "example" {
+  id                 = "f6b2c44c-693c-4763-b010-895aa3d236bd"
+  feature_profile_id = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+}

examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/import.sh

@@ -0,0 +1 @@
+terraform import sdwan_policy_object_unified_tls_ssl_decryption.example "f6b2c44c-693c-4763-b010-895aa3d236bd"

examples/resources/sdwan_policy_object_unified_tls_ssl_decryption/resource.tf

@@ -0,0 +1,18 @@
+resource "sdwan_policy_object_unified_tls_ssl_decryption" "example" {
+  name                          = "Example"
+  description                   = "My Example"
+  feature_profile_id            = "f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac"
+  enable_ssl                    = true
+  expired_certificate           = "drop"
+  untrusted_certificate         = "drop"
+  certificate_revocation_status = "ocsp"
+  unknown_revocation_status     = "decrypt"
+  unsupported_protocol_versions = "no-decrypt"
+  unsupported_cipher_suites     = "drop"
+  failure_mode                  = "close"
+  default_ca_certificate_bundle = true
+  rsa_keypair_modules           = "2048"
+  ec_key_type                   = "P384"
+  certificate_lifetime          = "1"
+  minimal_tls_ver               = "TLSv1.2"
+}

gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml

@@ -0,0 +1,64 @@
+---
+name: Policy Object Unified TLS SSL Decryption
+rest_endpoint: /v1/feature-profile/sdwan/policy-object/%v/unified/unified/ssl-decryption
+minimum_version: 20.12.0
+test_tags: [SDWAN_2012]
+skip_minimum_test: true
+parcel_type: policy_object
+attributes:
+  - tf_name: feature_profile_id
+    reference: true
+    type: String
+    mandatory: true
+    description: Feature Profile ID
+    example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
+    test_value: sdwan_policy_object_feature_profile.test.id
+  - model_name: sslEnable
+    tf_name: enable_ssl
+    example: true
+  - model_name: expiredCertificate
+    example: drop
+  - model_name: untrustedCertificate
+    example: drop
+  - model_name: certificateRevocationStatus
+    example: ocsp
+  - model_name: unknownStatus
+    tf_name: unknown_revocation_status
+    example: decrypt
+  - model_name: unsupportedProtocolVersions
+    example: no-decrypt
+  - model_name: unsupportedCipherSuites
+    example: drop
+  - model_name: failureMode
+    example: close
+  - model_name: default
+    tf_name: default_ca_certificate_bundle
+    data_path: [caCertBundle]
+    example: true
+  - model_name: fileName
+    data_path: [caCertBundle]
+    exclude_test: true
+    example: dummy.pem
+  - model_name: bundleString
+    data_path: [caCertBundle]
+    exclude_test: true
+    example: testString
+  - model_name: keyModulus
+    tf_name: rsa_keypair_modules
+    example: 2048
+  - model_name: eckeyType
+    tf_name: ec_key_type
+    example: P384
+  - model_name: certificateLifetime
+    example: 1
+  - model_name: minTlsVer
+    tf_name: minimal_tls_ver
+    example: TLSv1.2
+  - model_name: caTpLabel
+    value: PROXY-SIGNING-CA
+
+test_prerequisites: |
+  resource "sdwan_policy_object_feature_profile" "test" {
+    name = "POLICY_OBJECT_FP_1"
+    description = "My policy object feature profile 1"
+  }