Converter + networks settings + networks group policies

.gitignore

@@ -26,6 +26,7 @@ website/node_modules
 *.iml
 
 website/vendor
+terraform-provider-meraki
 
 # Test exclusions
 !command/test-fixtures/**/*.tfstate

.vscode/launch.json

@@ -11,6 +11,18 @@
             "mode": "auto",
             "program": "gen/generator.go",
             "cwd": "./"
+        },
+        {
+            "name": "Launch definition generator",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "gen/definition.go",
+            "cwd": "./",
+            "args": [
+                "/networks/{networkId}/groupPolicies/{groupPolicyId}",
+                "Network Group Policy"
+            ]
         }
     ]
 }

docs/data-sources/admin.md

@@ -33,6 +33,7 @@ data "meraki_admin" "example" {
 
 ### Read-Only
 
+- `authentication_method` (String) No longer used as of Cisco SecureX end-of-life. Can be one of `Email`. The default is Email authentication.
 - `email` (String) The email of the dashboard administrator. This attribute can not be updated.
 - `networks` (Attributes List) The list of networks that the dashboard administrator has privileges on (see [below for nested schema](#nestedatt--networks))
 - `org_access` (String) The privilege of the dashboard administrator on the organization. Can be one of `full`, `read-only`, `enterprise` or `none`

docs/data-sources/network_group_policy.md

@@ -0,0 +1,128 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "meraki_network_group_policy Data Source - terraform-provider-meraki"
+subcategory: "Networks"
+description: |-
+  This data source can read the Network Group Policy configuration.
+---
+
+# meraki_network_group_policy (Data Source)
+
+This data source can read the `Network Group Policy` configuration.
+
+## Example Usage
+
+```terraform
+data "meraki_network_group_policy" "example" {
+  id         = "12345678"
+  network_id = "L_123456"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `network_id` (String) Network ID
+
+### Optional
+
+- `id` (String) The id of the object
+- `name` (String) The name for your group policy. Required.
+
+### Read-Only
+
+- `bandwidth_limit_down` (Number) The maximum download limit (integer, in Kbps). null indicates no limit
+- `bandwidth_limit_up` (Number) The maximum upload limit (integer, in Kbps). null indicates no limit
+- `bandwidth_settings` (String) How bandwidth limits are enforced. Can be `network default`, `ignore` or `custom`.
+- `bonjour_forwarding_rules` (Attributes List) A list of the Bonjour forwarding rules for your group policy. If `settings` is set to `custom`, at least one rule must be specified. (see [below for nested schema](#nestedatt--bonjour_forwarding_rules))
+- `bonjour_forwarding_settings` (String) How Bonjour rules are applied. Can be `network default`, `ignore` or `custom`.
+- `content_filtering_allowed_url_patterns` (List of String) A list of URL patterns that are allowed
+- `content_filtering_allowed_url_patterns_settings` (String) How URL patterns are applied. Can be `network default`, `append` or `override`.
+- `content_filtering_blocked_url_categories` (List of String) A list of URL categories to block
+- `content_filtering_blocked_url_categories_settings` (String) How URL categories are applied. Can be `network default`, `append` or `override`.
+- `content_filtering_blocked_url_patterns` (List of String) A list of URL patterns that are blocked
+- `content_filtering_blocked_url_patterns_settings` (String) How URL patterns are applied. Can be `network default`, `append` or `override`.
+- `firewall_and_traffic_shaping_settings` (String) How firewall and traffic shaping rules are enforced. Can be `network default`, `ignore` or `custom`.
+- `l3_firewall_rules` (Attributes List) An ordered array of the L3 firewall rules (see [below for nested schema](#nestedatt--l3_firewall_rules))
+- `l7_firewall_rules` (Attributes List) An ordered array of L7 firewall rules (see [below for nested schema](#nestedatt--l7_firewall_rules))
+- `scheduling_enabled` (Boolean) Whether scheduling is enabled (true) or disabled (false). Defaults to false. If true, the schedule objects for each day of the week (monday - sunday) are parsed.
+- `scheduling_friday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_friday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_friday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `scheduling_monday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_monday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_monday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `scheduling_saturday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_saturday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_saturday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `scheduling_sunday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_sunday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_sunday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `scheduling_thursday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_thursday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_thursday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `scheduling_tuesday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_tuesday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_tuesday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `scheduling_wednesday_active` (Boolean) Whether the schedule is active (true) or inactive (false) during the time specified between `from` and `to`. Defaults to true.
+- `scheduling_wednesday_from` (String) The time, from `00:00` to `24:00`. Must be less than the time specified in `to`. Defaults to `00:00`. Only 30 minute increments are allowed.
+- `scheduling_wednesday_to` (String) The time, from `00:00` to `24:00`. Must be greater than the time specified in `from`. Defaults to `24:00`. Only 30 minute increments are allowed.
+- `splash_auth_settings` (String) Whether clients bound to your policy will bypass splash authorization or behave according to the network`s rules. Can be one of `network default` or `bypass`. Only available if your network has a wireless configuration.
+- `traffic_shaping_rules` (Attributes List) An array of traffic shaping rules. Rules are applied in the order that they are specified in. An empty list (or null) means no rules. Note that you are allowed a maximum of 8 rules. (see [below for nested schema](#nestedatt--traffic_shaping_rules))
+- `vlan_tagging_settings` (String) How VLAN tagging is applied. Can be `network default`, `ignore` or `custom`.
+- `vlan_tagging_vlan_id` (String) The ID of the vlan you want to tag. This only applies if `settings` is set to `custom`.
+
+<a id="nestedatt--bonjour_forwarding_rules"></a>
+### Nested Schema for `bonjour_forwarding_rules`
+
+Read-Only:
+
+- `description` (String) A description for your Bonjour forwarding rule. Optional.
+- `services` (List of String) A list of Bonjour services. At least one service must be specified. Available services are `All Services`, `AirPlay`, `AFP`, `BitTorrent`, `FTP`, `iChat`, `iTunes`, `Printers`, `Samba`, `Scanners` and `SSH`
+- `vlan_id` (String) The ID of the service VLAN. Required.
+
+
+<a id="nestedatt--l3_firewall_rules"></a>
+### Nested Schema for `l3_firewall_rules`
+
+Read-Only:
+
+- `comment` (String) Description of the rule (optional)
+- `dest_cidr` (String) Destination IP address (in IP or CIDR notation), a fully-qualified domain name (FQDN, if your network supports it) or `any`.
+- `dest_port` (String) Destination port (integer in the range 1-65535), a port range (e.g. 8080-9090), or `any`
+- `policy` (String) `allow` or `deny` traffic specified by this rule
+- `protocol` (String) The type of protocol (must be `tcp`, `udp`, `icmp`, `icmp6` or `any`)
+
+
+<a id="nestedatt--l7_firewall_rules"></a>
+### Nested Schema for `l7_firewall_rules`
+
+Read-Only:
+
+- `policy` (String) The policy applied to matching traffic. Must be `deny`.
+- `type` (String) Type of the L7 Rule. Must be `application`, `applicationCategory`, `host`, `port` or `ipRange`
+- `value` (String) The `value` of what you want to block. If `type` is `host`, `port` or `ipRange`, `value` must be a string matching either a hostname (e.g. somewhere.com), a port (e.g. 8080), or an IP range (e.g. 192.1.0.0/16). If `type` is `application` or `applicationCategory`, then `value` must be an object with an ID for the application.
+
+
+<a id="nestedatt--traffic_shaping_rules"></a>
+### Nested Schema for `traffic_shaping_rules`
+
+Read-Only:
+
+- `definitions` (Attributes List) A list of objects describing the definitions of your traffic shaping rule. At least one definition is required. (see [below for nested schema](#nestedatt--traffic_shaping_rules--definitions))
+- `dscp_tag_value` (Number) The DSCP tag applied by your rule. null means `Do not change DSCP tag`. For a list of possible tag values, use the trafficShaping/dscpTaggingOptions endpoint.
+- `pcp_tag_value` (Number) The PCP tag applied by your rule. Can be 0 (lowest priority) through 7 (highest priority). null means `Do not set PCP tag`.
+- `per_client_bandwidth_limits_bandwidth_limits_limit_down` (Number) The maximum download limit (integer, in Kbps).
+- `per_client_bandwidth_limits_bandwidth_limits_limit_up` (Number) The maximum upload limit (integer, in Kbps).
+- `per_client_bandwidth_limits_settings` (String) How bandwidth limits are applied by your rule. Can be one of `network default`, `ignore` or `custom`.
+- `priority` (String) A string, indicating the priority level for packets bound to your rule. Can be `low`, `normal` or `high`.
+
+<a id="nestedatt--traffic_shaping_rules--definitions"></a>
+### Nested Schema for `traffic_shaping_rules.definitions`
+
+Read-Only:
+
+- `type` (String) The type of definition. Can be one of `application`, `applicationCategory`, `host`, `port`, `ipRange` or `localNet`.
+- `value` (String) If 'type' is `host`, `port`, `ipRange` or `localNet`, then 'value' must be a string, matching either a hostname (e.g. 'somesite.com'), a port (e.g. 8080), or an IP range ('192.1.0.0', '192.1.0.0/16', or '10.1.0.0/16:80'). `localNet` also supports CIDR notation, excluding custom ports. If 'type' is `application` or `applicationCategory`, then 'value' must be an object with the structure { 'id': 'meraki:layer7/...' }, where 'id' is the application category or application ID (for a list of IDs for your network, use the trafficShaping/applicationCategories endpoint).

docs/data-sources/network_settings.md

@@ -0,0 +1,37 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "meraki_network_settings Data Source - terraform-provider-meraki"
+subcategory: "Networks"
+description: |-
+  This data source can read the Network Settings configuration.
+---
+
+# meraki_network_settings (Data Source)
+
+This data source can read the `Network Settings` configuration.
+
+## Example Usage
+
+```terraform
+data "meraki_network_settings" "example" {
+  id         = "L_123456"
+  network_id = "L_123456"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `network_id` (String) Network ID
+
+### Read-Only
+
+- `id` (String) The id of the object
+- `local_status_page_authentication_enabled` (Boolean) Enables / disables the authentication on Local Status page(s).
+- `local_status_page_authentication_password` (String) The password used for Local Status Page(s). Set this to null to clear the password.
+- `local_status_page_enabled` (Boolean) Enables / disables the local device status pages (my.meraki.com, ap.meraki.com, switch.meraki.com, wired.meraki.com). Optional (defaults to false)
+- `named_vlans_enabled` (Boolean) Enables / disables Named VLANs on the Network.
+- `remote_status_page_enabled` (Boolean) Enables / disables access to the device status page (http://[device`s LAN IP]). Optional. Can only be set if localStatusPageEnabled is set to true
+- `secure_port_enabled` (Boolean) Enables / disables SecureConnect on the network. Optional.

docs/resources/admin.md

@@ -14,10 +14,11 @@ This resource can manage the `Admin` configuration.
 
 ```terraform
 resource "meraki_admin" "example" {
-  organization_id = "123456"
-  email           = "[email protected]"
-  name            = "Miles Meraki"
-  org_access      = "none"
+  organization_id       = "123456"
+  authentication_method = "Email"
+  email                 = "[email protected]"
+  name                  = "Miles Meraki"
+  org_access            = "none"
   networks = [
     {
       access = "full"
@@ -41,11 +42,13 @@ resource "meraki_admin" "example" {
 - `email` (String) The email of the dashboard administrator. This attribute can not be updated.
 - `name` (String) The name of the dashboard administrator
 - `org_access` (String) The privilege of the dashboard administrator on the organization. Can be one of `full`, `read-only`, `enterprise` or `none`
-  - Choices: `full`, `read-only`, `enterprise`, `none`
+  - Choices: `enterprise`, `full`, `none`, `read-only`
 - `organization_id` (String) Organization ID
 
 ### Optional
 
+- `authentication_method` (String) No longer used as of Cisco SecureX end-of-life. Can be one of `Email`. The default is Email authentication.
+  - Choices: `Email`
 - `networks` (Attributes List) The list of networks that the dashboard administrator has privileges on (see [below for nested schema](#nestedatt--networks))
 - `tags` (Attributes List) The list of tags that the dashboard administrator has privileges on (see [below for nested schema](#nestedatt--tags))
 
@@ -69,7 +72,7 @@ Required:
 Required:
 
 - `access` (String) The privilege of the dashboard administrator on the tag. Can be one of `full`, `read-only`, `guest-ambassador` or `monitor-only`
-  - Choices: `full`, `read-only`, `guest-ambassador`, `monitor-only`
+  - Choices: `full`, `guest-ambassador`, `monitor-only`, `read-only`
 - `tag` (String) The name of the tag
 
 ## Import