updated provider updates

movinalot · Jan 24, 2025 · 70612be · 70612be
1 parent 6bde5a8
commit 70612be
Show file tree

Hide file tree

Showing 13 changed files with 207 additions and 106 deletions.
diff --git a/PowerShell/Update-RouteTable.ps1 b/PowerShell/Update-RouteTable.ps1
@@ -2,10 +2,10 @@
 <#
     .DESCRIPTION
         A runbook which receives a webhook from FortiGate Automation
-        Stitch to add/removed microsegmentation route in routetable.
+        Stitch to add/removed micro-segmentation route in routetable.
     .NOTES
         AUTHOR: [email protected]
-        LAST EDIT: March 16, 2023
+        LAST EDIT: January 25, 2025
 #>
 
 param (

diff --git a/terraform/azure/.terraform.lock.hcl b/terraform/azure/.terraform.lock.hcl
diff --git a/terraform/azure/azure_provider.tf b/terraform/azure/azure_provider.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~>3.0"
+      version = ">=4.0.0"
     }
   }
   required_version = ">= 1.0.0"

diff --git a/terraform/azure/azurerm_virtual_machine.tf b/terraform/azure/azurerm_virtual_machine.tf
@@ -51,11 +51,13 @@ resource "azurerm_virtual_machine" "virtual_machine" {
     admin_username = each.value.os_profile_admin_username
     admin_password = each.value.os_profile_admin_password
     custom_data = templatefile("${each.value.os_profile_custom_data}", {
-      hostname      = each.value.name
-      api_key       = each.value.os_profile_custom_data_api_key
-      license_type  = each.value.os_profile_custom_data_license_type
-      license_file  = each.value.os_profile_custom_data_license_file
-      license_token = each.value.os_profile_custom_data_license_token
+      hostname                     = each.value.name
+      api_key                      = each.value.os_profile_custom_data_api_key
+      license_type                 = each.value.os_profile_custom_data_license_type
+      license_file                 = each.value.os_profile_custom_data_license_file
+      license_token                = each.value.os_profile_custom_data_license_token
+      automation_stitch_action_uri = local.automation_stitch_action_uri
+      fortigate_access_token       = local.fortigate_access_token
     })
   }
 

diff --git a/terraform/azure/azurerm_virtual_network_interface.tf b/terraform/azure/azurerm_virtual_network_interface.tf
@@ -4,9 +4,9 @@ resource "azurerm_network_interface" "network_interface" {
   resource_group_name = each.value.resource_group_name
   location            = each.value.location
 
-  name                          = each.value.name
-  enable_ip_forwarding          = each.value.enable_ip_forwarding
-  enable_accelerated_networking = each.value.enable_accelerated_networking
+  name                           = each.value.name
+  ip_forwarding_enabled          = each.value.ip_forwarding_enabled
+  accelerated_networking_enabled = each.value.accelerated_networking_enabled
 
   dynamic "ip_configuration" {
 

diff --git a/terraform/azure/fgtvm.conf b/terraform/azure/fgtvm.conf
@@ -1,15 +1,17 @@
-Content-Type: multipart/mixed; boundary="==FGTCONF=="
+Content-Type: multipart/mixed; boundary="==VMCONF=="
 MIME-Version: 1.0
 
---==FGTCONF==
+--==VMCONF==
 Content-Type: text/plain; charset="us-ascii"
 MIME-Version: 1.0
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment; filename="config"
 
 config system global
     set hostname ${hostname}
+    set gui-auto-upgrade-setup-warning disable
     set admintimeout 30
+    set timezone "US/Eastern"
 end
 
 config system interface
@@ -34,8 +36,92 @@ config system api-user
     next
 end
 
+config system automation-trigger
+    edit "FortiGateStartUp"
+        set description "FortiGate StartUp"
+        set event-type event-log
+        set logid 0100032009
+    next
+end
+
+config system automation-trigger
+    edit "FortiFlex Entitlement - Trigger"
+        set trigger-type scheduled
+        set trigger-frequency once
+        set trigger-datetime 2024-07-30 14:15:00
+    next
+end
+
+config system automation-action
+    edit "Get WAN Info - Action"
+        set action-type cli-script
+        set script "diagnose sys waninfo"
+        set accprofile "super_admin"
+    next
+end
+
+config system automation-action
+    edit "FortiFlex Entitlement - Action"
+        set action-type webhook
+        set protocol https
+        set uri ${automation_stitch_action_uri}
+        set http-body "{\"flexop\":\"get_entitlement_token\", \"waninfo\":\"%%results%%\"}"
+        set port 443
+        set verify-host-cert disable
+    next
+end
+
+config system automation-stitch
+    edit "FortiFlex Entitlement - Stitch"
+        set trigger "FortiGateStartUp"
+        config actions
+            edit 1
+                set action "Get WAN Info - Action"
+                set required enable
+            next
+            edit 2
+                set action "FortiFlex Entitlement - Action"
+                set delay 60
+                set required enable
+            next
+        end
+    next
+end
+
+config system automation-trigger
+    edit "FortiGate Device Shutdown"
+        set event-type event-log
+        set logid 32200
+    next
+end
+
+config system automation-action
+    edit "Stop FortiFlex Entitlement"
+        set description "Stop FortiFlex Point Consumption on FortiGate Shutdown"
+        set action-type webhook
+        set protocol https
+        set uri ${automation_stitch_action_uri}
+        set http-body "{\"flexop\":\"entitlements_stop\", \"serial_number\":\"%%devid%%\"}"
+        set port 443
+        set verify-host-cert disable
+    next
+end
+
+config system automation-stitch
+    edit "Stop FortiFlex Entitlement"
+        set trigger "FortiGate Device Shutdown"
+        config actions
+            edit 1
+                set action "Stop FortiFlex Entitlement"
+                set required enable
+            next
+        end
+        set destination "Stop FortiFlex Entitlement"
+    next
+end
+
 %{ if license_type == "flex" }
---==FGTCONF==
+--==VMCONF==
 Content-Type: text/plain; charset="us-ascii"
 MIME-Version: 1.0
 Content-Transfer-Encoding: 7bit
@@ -45,7 +131,7 @@ LICENSE-TOKEN:${license_token}
 
 %{ endif }
 %{ if license_type == "byol" }
---==FGTCONF==
+--==VMCONF==
 Content-Type: text/plain; charset="us-ascii"
 MIME-Version: 1.0
 Content-Transfer-Encoding: 7bit
@@ -54,4 +140,4 @@ Content-Disposition: attachment; filename="license"
 ${file(license_file)}
 
 %{ endif }
---==FGTCONF==--
+--==VMCONF==--
diff --git a/terraform/azure/local_sensitive_file.tf b/terraform/azure/local_sensitive_file.tf
@@ -55,10 +55,12 @@ resource "local_sensitive_file" "tempalte_file" {
   for_each = local.virtual_machines
   filename = format("../fortios/fortios_%s.cfg", each.value.name)
   content = templatefile("${each.value.os_profile_custom_data}", {
-    hostname      = each.value.name
-    api_key       = each.value.os_profile_custom_data_api_key
-    license_type  = each.value.os_profile_custom_data_license_type
-    license_file  = each.value.os_profile_custom_data_license_file
-    license_token = each.value.os_profile_custom_data_license_token
+    hostname                     = each.value.name
+    api_key                      = each.value.os_profile_custom_data_api_key
+    license_type                 = each.value.os_profile_custom_data_license_type
+    license_file                 = each.value.os_profile_custom_data_license_file
+    license_token                = each.value.os_profile_custom_data_license_token
+    automation_stitch_action_uri = local.automation_stitch_action_uri
+    fortigate_access_token       = local.fortigate_access_token
   })
 }