feat: onboard fortinet firewall module (#37)

* feat: onboard fortinet firewall module

* resolve comments and pre-commit issues

.gitignore

@@ -50,3 +50,9 @@ override.tf.json
 util/keys
 
 *-kubeconfig
+
+# IDE Files
+.idea
+.vscode
+*.iml
+*.test

examples/fg-vm-cluster/main.tf

@@ -0,0 +1,80 @@
+provider "equinix" {
+  client_id     = var.equinix_client_id
+  client_secret = var.equinix_client_secret
+}
+
+module "fg_vm_cluster" {
+  source               = "../../modules/fortigate-firewall"
+  name                 = "terraform-test-fortigate-cluster"
+  project_id           = "0ee69e59-e641-4df7-8e95-bbb4d880c449"
+  software_package     = "VM04"
+  version_number       = "7.0.14"
+  platform             = "small"
+  metro_code           = var.metro_code_cluster
+  account_number       = "123456"
+  term_length          = 1
+  notifications        = ["[email protected]"]
+  acl_template_id      = equinix_network_acl_template.fortigate_cluster.id
+  additional_bandwidth = 50
+  ssh_key = {
+    username = "johndoe"
+    key_name = equinix_network_ssh_key.johndoe_cluster.name
+  }
+  cluster = {
+    enabled = true
+    name    = "test-fortigate-cluster"
+    node0 = {
+      vendor_configuration = {
+        hostname = "fg-vm-node0"
+      }
+      license_file_id = equinix_network_file.fg_vm_license_file_node0.uuid
+    }
+    node1 = {
+      vendor_configuration = {
+        hostname = "fg-vm-node1"
+      }
+      license_file_id = equinix_network_file.fg_vm_license_file_node1.uuid
+    }
+  }
+}
+
+data "equinix_network_device_type" "fg_vm_type" {
+  category = "FIREWALL"
+  vendor   = "Fortinet"
+}
+
+resource "equinix_network_ssh_key" "johndoe_cluster" {
+  name       = "johndoe-cluster"
+  public_key = var.ssh_rsa_public_key
+}
+
+resource "equinix_network_acl_template" "fortigate_cluster" {
+  name        = "tf-fortigate-cluster"
+  description = "Cluster fortigate ACL template"
+  inbound_rule {
+    subnet   = "172.16.25.0/24"
+    protocol = "TCP"
+    src_port = "any"
+    dst_port = "22"
+  }
+}
+
+resource "equinix_network_file" "fg_vm_license_file_node0" {
+  file_name        = "FG-VM-node0"
+  content          = file("${path.module}/../../files/fg-vm/FG-VM-node0.lic")
+  metro_code       = var.metro_code_cluster
+  device_type_code = data.equinix_network_device_type.fg_vm_type.code
+  process_type     = "LICENSE"
+  self_managed     = true
+  byol             = true
+}
+
+resource "equinix_network_file" "fg_vm_license_file_node1" {
+  file_name        = "FG-VM-node1"
+  content          = file("${path.module}/../../files/fg-vm/FG-VM-node1.lic")
+  metro_code       = var.metro_code_cluster
+  device_type_code = data.equinix_network_device_type.fg_vm_type.code
+  process_type     = "LICENSE"
+  self_managed     = true
+  byol             = true
+}

examples/fg-vm-cluster/outputs.tf

@@ -0,0 +1,4 @@
+output "device_details" {
+  description = "Virtual device details"
+  value       = module.fg_vm_cluster
+}

examples/fg-vm-cluster/variables.tf

@@ -0,0 +1,18 @@
+variable "equinix_client_id" {
+  type        = string
+  description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable."
+}
+
+variable "equinix_client_secret" {
+  type        = string
+  description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable."
+}
+
+variable "metro_code_cluster" {
+  description = "Device location metro code"
+  type        = string
+}
+variable "ssh_rsa_public_key" {
+  description = "SSH RSA public key"
+  type        = string
+}

examples/fg-vm-cluster/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+    equinix = {
+      source  = "equinix/equinix"
+      version = ">= 1.34"
+    }
+  }
+}

examples/fg-vm-ha/main.tf

@@ -0,0 +1,63 @@
+provider "equinix" {
+  client_id     = var.equinix_client_id
+  client_secret = var.equinix_client_secret
+}
+
+module "fg_vm_ha" {
+  source               = "../../modules/fortigate-firewall"
+  license_token        = "primary license token"
+  name                 = "terraform-test-fortigate-pri"
+  project_id           = "0ee69e59-e641-4df7-8e95-bbb4d880c449"
+  hostname             = "fortigate-pri"
+  software_package     = "VM02"
+  version_number       = "7.0.14"
+  platform             = "small"
+  metro_code           = var.metro_code_primary
+  account_number       = "123456"
+  term_length          = 1
+  notifications        = ["[email protected]"]
+  acl_template_id      = equinix_network_acl_template.fortigate_pri.id
+  additional_bandwidth = 50
+  ssh_key = {
+    username = "johndoe-primary"
+    key_name = equinix_network_ssh_key.johndoe.name
+  }
+  secondary = {
+    enabled              = true
+    license_token        = "secondary license token"
+    name                 = "terraform-test-fortigate-sec"
+    metro_code           = var.metro_code_secondary
+    hostname             = "fortigate-sec"
+    account_number       = "135887"
+    notifications        = ["[email protected]"]
+    acl_template_id      = equinix_network_acl_template.fortigate_sec.id
+    additional_bandwidth = 50
+  }
+}
+
+resource "equinix_network_ssh_key" "johndoe" {
+  name       = "johndoe-secondary"
+  public_key = var.ssh_rsa_public_key
+}
+
+resource "equinix_network_acl_template" "fortigate_pri" {
+  name        = "tf-fortigate-pri"
+  description = "Primary fortigate ACL template"
+  inbound_rule {
+    subnet   = "172.16.25.0/24"
+    protocol = "TCP"
+    src_port = "any"
+    dst_port = "22"
+  }
+}
+
+resource "equinix_network_acl_template" "fortigate_sec" {
+  name        = "tf-fortigate-sec"
+  description = "Secondary fortigate ACL template"
+  inbound_rule {
+    subnet   = "193.39.0.0/16"
+    protocol = "TCP"
+    src_port = "any"
+    dst_port = "22"
+  }
+}

examples/fg-vm-ha/outputs.tf

@@ -0,0 +1,4 @@
+output "device_details" {
+  description = "Virtual device details"
+  value       = module.fg_vm_ha
+}

examples/fg-vm-ha/variables.tf

@@ -0,0 +1,20 @@
+variable "equinix_client_id" {
+  type        = string
+  description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable."
+}
+variable "equinix_client_secret" {
+  type        = string
+  description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable."
+}
+variable "metro_code_primary" {
+  description = "Primary device location metro code"
+  type        = string
+}
+variable "metro_code_secondary" {
+  description = "Secondary device location metro code"
+  type        = string
+}
+variable "ssh_rsa_public_key" {
+  description = "SSH RSA public key"
+  type        = string
+}

examples/fg-vm-ha/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+    equinix = {
+      source  = "equinix/equinix"
+      version = ">= 1.34"
+    }
+  }
+}

examples/fg-vm-single/main.tf

@@ -0,0 +1,47 @@
+provider "equinix" {
+  client_id     = var.equinix_client_id
+  client_secret = var.equinix_client_secret
+}
+
+module "fg_vm_single" {
+  source               = "../../modules/fortigate-firewall"
+  license_file         = "/tmp/FGVM-pri.lic"
+  name                 = "terraform-test-fortigate-primary"
+  project_id           = "0ee69e59-e641-4df7-8e95-bbb4d880c449"
+  hostname             = "fortigate-pri"
+  software_package     = "VM02"
+  version_number       = "7.0.14"
+  platform             = "small"
+  metro_code           = data.equinix_network_account.test_account.metro_code
+  account_number       = data.equinix_network_account.test_account.number
+  term_length          = 1
+  notifications        = ["[email protected]"]
+  acl_template_id      = equinix_network_acl_template.fortigate_pri.id
+  additional_bandwidth = 50
+  ssh_key = {
+    username = "johndoe-primary"
+    key_name = equinix_network_ssh_key.johndoe.name
+  }
+}
+
+data "equinix_network_account" "test_account" {
+  name       = "test_account"
+  metro_code = var.metro_code_primary
+  project_id = "f1a596ed-d24a-497c-92a8-44e0923cee62"
+}
+
+resource "equinix_network_ssh_key" "johndoe" {
+  name       = "johndoe-pri"
+  public_key = var.ssh_rsa_public_key
+}
+
+resource "equinix_network_acl_template" "fortigate_pri" {
+  name        = "tf-fortigate-pri"
+  description = "Primary fortigate ACL template"
+  inbound_rule {
+    subnet   = "172.16.25.0/24"
+    protocol = "TCP"
+    src_port = "any"
+    dst_port = "22"
+  }
+}

examples/fg-vm-single/outputs.tf

@@ -0,0 +1,4 @@
+output "device_details" {
+  description = "Virtual device details"
+  value       = module.fg_vm_single
+}

examples/fg-vm-single/variables.tf

@@ -0,0 +1,16 @@
+variable "equinix_client_id" {
+  type        = string
+  description = "API Consumer Key available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable."
+}
+variable "equinix_client_secret" {
+  type        = string
+  description = "API Consumer secret available under 'My Apps' in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable."
+}
+variable "metro_code_primary" {
+  description = "Device location metro code"
+  type        = string
+}
+variable "ssh_rsa_public_key" {
+  description = "SSH RSA public key"
+  type        = string
+}

examples/fg-vm-single/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+    equinix = {
+      source  = "equinix/equinix"
+      version = ">= 1.34"
+    }
+  }
+}

files/fg-vm/FG-VM-node0.lic

@@ -0,0 +1,2 @@
+-----BEGIN FG VM LICENSE-----
+-----END FG VM LICENSE-----

files/fg-vm/FG-VM-node1.lic

@@ -0,0 +1,2 @@
+-----BEGIN FG VM LICENSE-----
+-----END FG VM LICENSE-----