Add resource and data source for MACsec Policy under Fabric Policy Template. (DCNE-393)

examples/fabric_policies_macsec_policy/main.tf

@@ -0,0 +1,43 @@
+terraform {
+  required_providers {
+    mso = {
+      source = "CiscoDevNet/mso"
+    }
+  }
+}
+
+provider "mso" {
+  username = "" # <MSO username>
+  password = "" # <MSO pwd>
+  url      = "" # <MSO URL>
+  insecure = true
+}
+
+# fabric policy template example
+
+resource "mso_template" "fabric_policy_template" {
+  template_name = "fabric_policy_template"
+  template_type = "fabric_policy"
+}
+
+# fabric policies macsec policy example
+
+resource "mso_fabric_policies_macsec_policy" "macsec_policy" {
+  template_id            = mso_template.fabric_policy_template.id
+  name                   = "macsec_policy"
+  description            = "Example description"
+  admin_state            = "enabled"
+  interface_type         = "access"
+  cipher_suite           = "256GcmAes"
+  window_size            = 128
+  security_policy        = "shouldSecure"
+  sak_expire_time        = 60
+  confidentiality_offset = "offset30"
+  key_server_priority    = 8
+  macsec_keys {
+    key_name             = "abc123"
+    psk                  = "AA111111111111111111111111111111111111111111111111111111111111aa"
+    start_time           = "now"
+    end_time             = "2027-09-23 00:00:00"
+  }
+}

mso/datasource_mso_fabric_policies_macsec_policy.go

@@ -0,0 +1,101 @@
+package mso
+
+import (
+	"log"
+
+	"github.com/ciscoecosystem/mso-go-client/client"
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+)
+
+func datasourceMacsecPolicy() *schema.Resource {
+	return &schema.Resource{
+		Read: dataSourceMacsecPolicyRead,
+
+		Schema: map[string]*schema.Schema{
+			"template_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"description": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"uuid": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"admin_state": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"interface_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"cipher_suite": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"window_size": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"security_policy": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"sak_expire_time": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"confidentiality_offset": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"key_server_priority": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"macsec_keys": {
+				Type:     schema.TypeSet,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"key_name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"psk": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"start_time": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"end_time": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func dataSourceMacsecPolicyRead(d *schema.ResourceData, m interface{}) error {
+	log.Printf("[DEBUG] MSO MACsec Policy Data Source - Beginning Read")
+	msoClient := m.(*client.Client)
+
+	templateId := d.Get("template_id").(string)
+	policyName := d.Get("name").(string)
+
+	setMacsecPolicyData(d, msoClient, templateId, policyName)
+	log.Printf("[DEBUG] MSO MACsec Policy Data Source - Read Complete : %v", d.Id())
+	return nil
+}

mso/datasource_mso_fabric_policies_macsec_policy_test.go

@@ -0,0 +1,50 @@
+package mso
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/resource"
+)
+
+func TestAccMSOMacsecPolicyDataSource(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				PreConfig: func() { fmt.Println("Test: MACsec Policy Data Source") },
+				Config:    testAccMSOMacsecPolicyDataSource(),
+				Check: resource.ComposeAggregateTestCheckFunc(
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "name", "tf_test_macsec_policy"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "description", "Terraform test MACsec Policy"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "admin_state", "enabled"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "interface_type", "access"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "cipher_suite", "256GcmAes"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "window_size", "128"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "security_policy", "shouldSecure"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "sak_expire_time", "60"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "confidentiality_offset", "offset30"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "key_server_priority", "8"),
+					resource.TestCheckResourceAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "macsec_keys.#", "1"),
+					customTestCheckResourceTypeSetAttr("data.mso_fabric_policies_macsec_policy.macsec_policy", "macsec_keys",
+						map[string]string{
+							"key_name":   "abc123",
+							"psk":        "AA111111111111111111111111111111111111111111111111111111111111aa",
+							"start_time": "2027-09-23 00:00:00",
+							"end_time":   "2030-09-23 00:00:00",
+						},
+					),
+				),
+			},
+		},
+	})
+}
+
+func testAccMSOMacsecPolicyDataSource() string {
+	return fmt.Sprintf(`%s
+	data "mso_fabric_policies_macsec_policy" "macsec_policy" {
+	    template_id        = mso_fabric_policies_macsec_policy.macsec_policy.template_id
+	    name               = "tf_test_macsec_policy"
+    }`, testAccMSOMacsecPolicyConfigCreate())
+}

mso/provider.go

@@ -131,6 +131,7 @@ func Provider() terraform.ResourceProvider {
 			"mso_fabric_policies_physical_domain":             resourceMSOPhysicalDomain(),
 			"mso_service_device_cluster":                      resourceMSOServiceDeviceCluster(),
 			"mso_fabric_policies_synce_interface_policy":      resourceMSOSyncEInterfacePolicy(),
+			"mso_fabric_policies_macsec_policy":               resourceMSOMacsecPolicy(),
 		},
 
 		DataSourcesMap: map[string]*schema.Resource{
@@ -195,6 +196,7 @@ func Provider() terraform.ResourceProvider {
 			"mso_fabric_policies_physical_domain":             datasourceMSOPhysicalDomain(),
 			"mso_service_device_cluster":                      datasourceMSOServiceDeviceCluster(),
 			"mso_fabric_policies_synce_interface_policy":      datasourceMSOSyncEInterfacePolicy(),
+			"mso_fabric_policies_macsec_policy":               datasourceMacsecPolicy(),
 		},
 
 		ConfigureFunc: configureClient,