chore(release): 1.64.0

CHANGELOG.md

@@ -1,3 +1,19 @@
+## [1.64.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.63.1...v1.64.0) (2024-09-27)
+
+### Features
+
+* **wireless:** Add new resource `routeros_interface_wireless_access_list` ([cd82592](https://github.com/terraform-routeros/terraform-provider-routeros/commit/cd825923390b489e41463b71e6ea253286f28c25))
+* **wireless:** Add new resource `routeros_interface_wireless_security_profiles` ([ef40fd2](https://github.com/terraform-routeros/terraform-provider-routeros/commit/ef40fd25f448c3ae1d92d2c2a60fcdde782f5df4))
+* **wireless:** Add new resource `routeros_interface_wireless` ([15c2650](https://github.com/terraform-routeros/terraform-provider-routeros/commit/15c265088c024a5b770fda1990ea3713c724d253))
+
+### Bug Fixes
+
+* **serialize:** Fix `PropTransformSet` ([8baebae](https://github.com/terraform-routeros/terraform-provider-routeros/commit/8baebae070e047a3dad3f86aa72cf502f053d781))
+* **serialize:** Fix the transformation of attribute names. ([9796820](https://github.com/terraform-routeros/terraform-provider-routeros/commit/9796820aa413ad6f45731b613a1cfa88fc124e0a))
+* **tool_sniffer:** Add resource state control ([eb53e45](https://github.com/terraform-routeros/terraform-provider-routeros/commit/eb53e456ffce679464bb9023df59056663b9c6e9))
+* **wireless_security_profile:** Add `Sensitive` flag to attributes ([909b4c7](https://github.com/terraform-routeros/terraform-provider-routeros/commit/909b4c792e169eec5c60619156be8bd10dfab7df))
+* **wireless:** Add missing field ([c112740](https://github.com/terraform-routeros/terraform-provider-routeros/commit/c112740a660362528f9d53037e97e59c7138441f))
+
 ## [1.63.1](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.63.0...v1.63.1) (2024-09-26)
 
 ### Features

docs/resources/capsman_manager_interface.md

@@ -24,7 +24,7 @@ resource "routeros_capsman_manager_interface" "test_manager_interface" {
 
 ### Read-Only
 
-- `default` (Boolean)
+- `default` (Boolean) It's the default item.
 - `dynamic` (Boolean) Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
 - `id` (String) The ID of this resource.
 

docs/resources/interface_lte_apn.md

@@ -37,7 +37,7 @@ resource "routeros_interface_lte_apn" "test" {
 
 ### Read-Only
 
-- `default` (Boolean)
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 ## Import

docs/resources/interface_wireless_access_list.md

@@ -0,0 +1,46 @@
+# routeros_interface_wireless_access_list (Resource)
+
+
+## Example Usage
+```terraform
+resource "routeros_interface_wireless_access_list" "test" {
+  signal_range = "-100..100"
+  time         = "3h3m-5h,mon,tue,wed,thu,fri"
+  mac_address  = "00:AA:BB:CC:DD:EE"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `allow_signal_out_of_range` (String) Option which permits client's signal to be out of the range always or for some time interval.
+- `ap_tx_limit` (Number) Limit rate of data transmission to this client. Value 0 means no limit. Value is in bits per second.
+- `authentication` (Boolean) No - Client association will always fail.yes - Use authentication procedure that is specified in the security-profile of the interface.
+- `client_tx_limit` (Number) Ask client to limit rate of data transmission. Value 0 means no limit.This is a proprietary extension that is supported by RouterOS clients.Value is in bits per second.
+- `comment` (String)
+- `disabled` (Boolean)
+- `forwarding` (Boolean) `No` - Client cannot send frames to other station that are connected to same access point.yes - Client can send frames to other stations on the same access point.
+- `interface` (String) Rules with interface=any are used for any wireless interface and the interface=all defines interface-list `all` name. To make rule that applies only to one wireless interface, specify that interface as a value of this property.
+- `mac_address` (String) Rule matches client with the specified MAC address. Value 00:00:00:00:00:00 matches always.
+- `management_protection_key` (String) Management protection shared secret.
+- `private_algo` (String) Only for `WEP` modes.
+- `private_key` (String) Only for `WEP` modes (HEX).
+- `private_pre_shared_key` (String) Used in `WPA PSK` mode.
+- `signal_range` (String) Rule matches if signal strength of the station is within the range.If signal strength of the station will go out of the range that is specified in the rule, access point will disconnect that station.
+- `time` (String) Rule will match only during specified time.Station will be disconnected after specified time ends. Both start and end time is expressed as time since midnight, 00:00. Rule will match only during specified days of the week. Ex: "3h3m-5h,mon,tue,wed,thu,fri"
+- `vlan_id` (Number) VLAN ID to use if doing VLAN tagging.
+- `vlan_mode` (String) VLAN tagging mode specifies if traffic coming from client should get tagged (and untagged when going to client).
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+Import is supported using the following syntax:
+```shell
+#The ID can be found via API or the terminal
+#The command for the terminal is -> :put [/interface/wireless/access-list get [print show-ids]]
+terraform import routeros_interface_wireless_access_list.test *3
+```

docs/resources/interface_wireless_security_profiles.md

@@ -0,0 +1,72 @@
+# routeros_interface_wireless_security_profiles (Resource)
+
+
+## Example Usage
+```terraform
+resource "routeros_interface_wireless_security_profiles" "test" {
+  name                 = "test-profile"
+  mode                 = "dynamic-keys"
+  authentication_types = ["wpa-psk", "wpa2-psk"]
+  wpa_pre_shared_key   = "wpa_psk_key"
+  wpa2_pre_shared_key  = "wpa2_psk_key"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `name` (String) Name of the security profile.
+
+### Optional
+
+- `authentication_types` (Set of String) Set of supported authentication types, multiple values can be selected. Access Point will advertise supported authentication types, and client will connect to Access Point only if it supports any of the advertised authentication types.
+- `comment` (String)
+- `disable_pmkid` (Boolean) Whether to include `PMKID` into the `EAPOL` frame sent out by the Access Point. Disabling PMKID can cause compatibility issues with devices that use the PMKID to connect to an Access Point. `yes` - removes PMKID from EAPOL frames (improves security, reduces compatibility). `no` - includes PMKID into EAPOL frames (reduces security, improves compatibility).This property only has effect on Access Points.
+- `eap_methods` (String) Allowed types of authentication methods, multiple values can be selected. This property only has effect on Access Points. `eap-tls` - Use built-in EAP TLS authentication. Both client and server certificates are supported. See description of tls-mode and tls-certificate properties. `eap-ttls-mschapv2` - Use EAP-TTLS with MS-CHAPv2 authentication. `passthrough` - Access Point will relay authentication process to the RADIUS server. `peap` - Use Protected EAP authentication.
+- `group_ciphers` (String) Access Point advertises one of these ciphers, multiple values can be selected. Access Point uses it to encrypt all broadcast and multicast frames. Client attempts connection only to Access Points that use one of the specified group ciphers. `tkip` - Temporal Key Integrity Protocol - encryption protocol, compatible with legacy WEP equipment, but enhanced to correct some of the WEP flaws. `aes-ccm` - more secure WPA encryption protocol, based on the reliable AES (Advanced Encryption Standard). Networks free of WEP legacy should use only this cipher.
+- `group_key_update` (String) Controls how often Access Point updates the group key. This key is used to encrypt all broadcast and multicast frames. property only has effect for Access Points.
+- `interim_update` (String) When RADIUS accounting is used, Access Point periodically sends accounting information updates to the RADIUS server. This property specifies default update interval that can be overridden by the RADIUS server using Acct-Interim-Interval attribute.
+- `management_protection` (String) Management frame protection. Used for: Deauthentication attack prevention, MAC address cloning issue. Possible values are: `disabled` - management protection is disabled (default), `allowed` - use management protection if supported by remote party (for AP - allow both, non-management protection and management protection clients, for client - connect both to APs with and without management protection), `required` - establish association only with remote devices that support management protection (for AP - accept only clients that support management protection, for client - connect only to APs that support management protection).
+- `management_protection_key` (String, Sensitive) Management protection shared secret. When interface is in AP mode, default management protection key (configured in security-profile) can be overridden by key specified in access-list or RADIUS attribute.
+- `mode` (String) Encryption mode for the security profile. `none` - Encryption is not used. Encrypted frames are not accepted. `static-keys-required` - WEP mode. Do not accept and do not send unencrypted frames. Station in static-keys-required mode will not connect to an Access Point in static-keys-optional mode. `static-keys-optional` - WEP mode. Support encryption and decryption, but allow also to receive and send unencrypted frames. Device will send unencrypted frames if encryption algorithm is specified as none. Station in static-keys-optional mode will not connect to an Access Point in `static-keys-required` mode. See also: static-sta-private-algo, static-transmit-key. `dynamic-keys` - WPA mode.
+- `mschapv2_password` (String) Password to use for authentication when `eap-ttls-mschapv2` or `peap` authentication method is being used. This property only has effect on Stations.
+- `mschapv2_username` (String) Username to use for authentication when `eap-ttls-mschapv2` or `peap` authentication method is being used. This property only has effect on Stations.
+- `radius_called_format` (String) mac | mac:ssid | ssid
+- `radius_eap_accounting` (Boolean)
+- `radius_mac_accounting` (Boolean)
+- `radius_mac_authentication` (Boolean) This property affects the way how Access Point processes clients that are not found in the Access List.no - allow or reject client authentication based on the value of default-authentication property of the Wireless interface.yes - Query RADIUS server using MAC address of client as user name. With this setting the value of default-authentication has no effect.
+- `radius_mac_caching` (String) If this value is set to time interval, the Access Point will cache RADIUS MAC authentication responses for specified time, and will not contact RADIUS server if matching cache entry already exists. Value disabled will disable cache, Access Point will always contact RADIUS server.
+- `radius_mac_format` (String) Controls how MAC address of the client is encoded by Access Point in the User-Name attribute of the MAC authentication and MAC accounting RADIUS requests.
+- `radius_mac_mode` (String) By default Access Point uses an empty password, when sending Access-Request during MAC authentication. When this property is set to `as-username-and-password`, Access Point will use the same value for User-Password attribute as for the User-Name attribute.
+- `static_algo_0` (String) Encryption algorithm to use with the corresponding key.
+- `static_algo_1` (String) Encryption algorithm to use with the corresponding key.
+- `static_algo_2` (String) Encryption algorithm to use with the corresponding key.
+- `static_algo_3` (String) Encryption algorithm to use with the corresponding key.
+- `static_key_0` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
+- `static_key_1` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
+- `static_key_2` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
+- `static_key_3` (String, Sensitive) Hexadecimal representation of the key. Length of key must be appropriate for selected algorithm. See the Statically configured WEP keys section.
+- `static_sta_private_algo` (String) Encryption algorithm to use with station private key. Value none disables use of the private key. This property is only used on Stations. Access Point has to get corresponding value either from private-algo property, or from Mikrotik-Wireless-Enc-Algo attribute. Station private key replaces key 0 for unicast frames. Station will not use private key to decrypt broadcast frames.
+- `static_sta_private_key` (String, Sensitive) Length of key must be appropriate for selected algorithm, see the Statically configured WEP keys section. This property is used only on Stations. Access Point uses corresponding key either from private-key property, or from Mikrotik-Wireless-Enc-Key attribute.
+- `static_transmit_key` (String) Access Point will use the specified key to encrypt frames for clients that do not use private key. Access Point will also use this key to encrypt broadcast and multicast frames. Client will use the specified key to encrypt frames if static-sta-private-algo is set to none. If corresponding static-algo-N property has value set to none, then frame will be sent unencrypted (when mode is set to static-keys-optional) or will not be sent at all (when mode is set to static-keys-required).
+- `supplicant_identity` (String, Sensitive) EAP identity that is sent by client at the beginning of EAP authentication. This value is used as a value for User-Name attribute in RADIUS messages sent by RADIUS EAP accounting and RADIUS EAP pass-through authentication.
+- `tls_certificate` (String) Access Point always needs a certificate when configured when tls-mode is set to verify-certificate, or is set to dont-verify-certificate. Client needs a certificate only if Access Point is configured with tls-mode set to verify-certificate. In this case client needs a valid certificate that is signed by a CA known to the Access Point. This property only has effect when tls-mode is not set to no-certificates and eap-methods contains eap-tls.
+- `tls_mode` (String) This property has effect only when eap-methods contains eap-tls. `verify-certificate` - Require remote device to have valid certificate. Check that it is signed by known certificate authority. No additional identity verification is done. Certificate may include information about time period during which it is valid. If router has incorrect time and date, it may reject valid certificate because router's clock is outside that period. See also the Certificates configuration. `dont-verify-certificate` - Do not check certificate of the remote device. Access Point will not require client to provide certificate. `no-certificates` - Do not use certificates. TLS session is established using 2048 bit anonymous Diffie-Hellman key exchange. `verify-certificate-with-crl` - Same as verify-certificate but also checks if the certificate is valid by checking the Certificate Revocation List.
+- `unicast_ciphers` (String) Access Point advertises that it supports specified ciphers, multiple values can be selected. Client attempts connection only to Access Points that supports at least one of the specified ciphers. One of the ciphers will be used to encrypt unicast frames that are sent between Access Point and Station.
+- `wpa2_pre_shared_key` (String, Sensitive) `WPA2` pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA2 mode. property only has effect when wpa2-psk is added to authentication-types.
+- `wpa_pre_shared_key` (String, Sensitive) `WPA` pre-shared key mode requires all devices in a BSS to have common secret key. Value of this key can be an arbitrary text. Commonly referred to as the network password for WPA mode. property only has effect when wpa-psk is added to authentication-types.
+
+### Read-Only
+
+- `default` (Boolean) It's the default item.
+- `id` (String) The ID of this resource.
+
+## Import
+Import is supported using the following syntax:
+```shell
+#The ID can be found via API or the terminal
+#The command for the terminal is -> :put [/interface/wireless/security-profiles get [print show-ids]]
+terraform import routeros_interface_wireless_security_profiles.test *3
+```

docs/resources/ip_hotspot_user.md

@@ -33,7 +33,7 @@ resource "routeros_ip_hotspot_user" "test" {
 
 ### Read-Only
 
-- `default` (Boolean) It's the default rule.
+- `default` (Boolean) It's the default item.
 - `dynamic` (Boolean) Configuration item created by software, not by management interface. It is not exported, and cannot be directly modified.
 - `id` (String) The ID of this resource.
 

docs/resources/ip_hotspot_user_profile.md

@@ -54,7 +54,7 @@ resource "routeros_ip_hotspot_user_profile" "test" {
 
 ### Read-Only
 
-- `default` (Boolean) It's the default rule.
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 ## Import

docs/resources/ipv6_neighbor_discovery.md

@@ -52,7 +52,7 @@ resource "routeros_ipv6_neighbor_discovery" "test" {
 
 ### Read-Only
 
-- `default` (Boolean) Neighbor discovery entry is the default configuration.
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 - `invalid` (Boolean)
 

docs/resources/ppp_profile.md

@@ -54,7 +54,7 @@ resource "routeros_ppp_profile" "test" {
 
 ### Read-Only
 
-- `default` (String) Default profile sign.
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 ## Import

docs/resources/routing_bgp_template.md

@@ -36,7 +36,7 @@
 
 ### Read-Only
 
-- `default` (Boolean)
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--input"></a>

docs/resources/snmp_community.md

@@ -41,7 +41,7 @@ resource "routeros_snmp_community" "mything" {
 
 ### Read-Only
 
-- `default` (Boolean) It's a default community.
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 ## Import

docs/resources/system_led.md

@@ -23,7 +23,7 @@ resource "routeros_system_led" "sfp1" {
 
 ### Read-Only
 
-- `default` (Boolean)
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 ## Import

docs/resources/system_logging.md

@@ -26,7 +26,7 @@ resource "routeros_system_logging" "log_snmp_disk" {
 
 ### Read-Only
 
-- `default` (String)
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 - `invalid` (Boolean)
 

docs/resources/system_logging_action.md

@@ -32,7 +32,7 @@
 
 ### Read-Only
 
-- `default` (Boolean) This is a default action.
+- `default` (Boolean) It's the default item.
 - `id` (String) The ID of this resource.
 
 

docs/resources/tool_sniffer.md

@@ -4,6 +4,8 @@
 ## Example Usage
 ```terraform
 resource "routeros_tool_sniffer" "test" {
+  enabled = true
+
   streaming_enabled = true
   streaming_server  = "192.168.88.5:37008"
   filter_stream     = true
@@ -19,6 +21,7 @@ resource "routeros_tool_sniffer" "test" {
 
 ### Optional
 
+- `enabled` (Boolean) Start packet capture.
 - `file_limit` (Number) File size limit. Sniffer will stop when a limit is reached.
 - `file_name` (String) Name of the file where sniffed packets will be saved.
 - `filter_cpu` (String) CPU core used as a filter.

docs/resources/user_manager_attribute.md

@@ -27,7 +27,7 @@ resource "routeros_user_manager_attribute" "mikrotik_wireless_comment" {
 
 ### Read-Only
 
-- `default` (Boolean)
+- `default` (Boolean) It's the default item.
 - `default_name` (String) The attribute's default name.
 - `id` (String) The ID of this resource.
 - `standard_name` (String)

docs/resources/user_manager_user_group.md

@@ -47,7 +47,7 @@ resource "routeros_user_manager_user_group" "test" {
 
 ### Read-Only
 
-- `default` (Boolean)
+- `default` (Boolean) It's the default item.
 - `default_name` (String) The default name of the group.
 - `id` (String) The ID of this resource.
 

package.json

@@ -1,6 +1,6 @@
 {
     "name": "terraform-provider-routeros",
-    "version": "1.63.1",
+    "version": "1.64.0",
     "repository": {
         "type": "git",
         "url": "https://github.com/terraform-routeros/terraform-provider-routeros"