paultyng / terraform-provider-unifi Goto Github PK

View Code? Open in Web Editor NEW

497.0 18.0 88.0 21.83 MB

Terraform provider for Unifi :satellite:

Home Page: https://registry.terraform.io/providers/paultyng/unifi/latest/docs

License: Mozilla Public License 2.0

Go 99.83% Makefile 0.08% Shell 0.10%

terraform ubiquiti unifi terraform-provider

terraform-provider-unifi's Introduction

Unifi Terraform Provider (terraform-provider-unifi)

Note You can't (for obvious reasons) configure your network while connected to something that may disconnect (like the WiFi). Use a hard-wired connection to your controller to use this provider.

Functionality first needs to be added to the go-unifi SDK.

Documentation

You can browse documentation on the Terraform provider registry.

Supported Unifi Controller Versions

As of version v0.34, this provider only supports version 6 of the Unifi controller software. If you need v5 support, you can pin an older version of the provider.

The docker, UDM, and UDM-Pro versions are slightly different (the API is proxied a little differently) but for the most part should all be supported. Individual patch versions of the controller are generally not tested for compatibility, just the latest stable versions.

Using the Provider

Terraform 1.0 and above

You can use the provider via the Terraform provider registry.

terraform-provider-unifi's People

Contributors

Stargazers

Watchers

Forkers

ziporah vapor-ware james-stephenson yungmichael solarmicrobe ahanselka justincampbell fr34k8 tomtucka chrishas35 jalfresi kurtmc samuelharmer lichnak guildencrantz t4cc0re cacack phillebaba amiga23 maowenbrad ua-solsen andyalm ljfranklin wolf-cosmose liorhasson alisonjenkins cgroschupp pezhore pmuir bullshit marcinwyszynski numb2007 ipv64 lmatfy mwiesenbauer yoyostile tommi2day sob cmistry-crest weegosh 238mail codingphant 0xpetersatoshi cars dnesting kdheeru12 soufi mical chapmanc adamdoran nkg fabioantunes jta cloud-devops-factory mavimo patricol aharter jippi lkubb parithon gdavison slok maienm woodjme virtualguy jorikseldeslachts ongezin tbowman01 iq-scm beezly ljluestc catrielmuller akerl dsymonds timwarne stevenhaddox gertjanstulp aacsharhg deltacore-pl profmoo fbsb sean-sype devopsfu sayedh robbycuenot halter kristiandrucker ubiquiti-community

terraform-provider-unifi's Issues

`wan_vlan` is not always an int

I wanted to import my current WAN network into the terraform state via

terraform import unifi_network.wan 5b69042b78118a0f722cb8b2

But I got this error:

Error: unable to decode body: GET s/default/rest/networkconf/5b69042b78118a0f722cb8b2 unable to unmarshal alias: json: cannot unmarshal string into Go struct field .wan_vlan of type int

Looking at the JSON from the API, it is clear why: (formatted for readability and some values removed)

{
  "meta":{
    "rc":"ok"
  },
  "data":[
    {
      "_id":"5b69042b78118a0f722cb8b2",
      "site_id":"5b69038878118a0f722cb893",
      "purpose":"wan",
      "name":"WAN",
      "wan_type":"dhcp",
      "wan_type_v6":"dhcpv6",
      "wan_egress_qos":"",
      "wan_dhcpv6_pd_size":58,
      "wan_smartq_enabled":false,
      "wan_vlan_enabled":false,
      "wan_dhcp_options":[ ],
      "wan_dns1":"1.1.1.1",
      "wan_dns2":"1.0.0.1",
      "wan_vlan":""
    }
  ]
}

wan_vlan is expected to be an int, but is a string.

I have yet to test my theory, but I bet it would be possible to unmarshal into a json.Token and only if wan_vlan_enabled is true, actually set wan_vlan (and use an int typecast).

I would assume, this is the same for wan_egress_qos.

I'll fork this provider and try to provide a fix for this.

Document importing of firewall rules

When trying to create a new firewall rule:

resource "unifi_firewall_rule" "guest_allow_established" {
  name = "TF Allow GUEST established traffic"
  action = "accept"
  ruleset = "GUEST_IN"
  rule_index = 2050
  protocol = "all"

  src_network_id = "GUEST_NET"
  dst_network_id = "LAN_NET"
  site = "default"

  state_established = true
  state_related = true
}

I get the following whilst trying to apply:

2021/01/30 13:04:11 [INFO] backend/local: apply calling Apply
2021/01/30 13:04:11 [INFO] terraform: building graph: GraphTypeApply
2021-01-30T13:04:11.980Z [INFO]  plugin: configuring client automatic mTLS
2021-01-30T13:04:12.022Z [INFO]  plugin.terraform-provider-unifi_v0.19.1: configuring server automatic mTLS: timestamp=2021-01-30T13:04:12.022Z
2021/01/30 13:04:12 [WARN] Provider "registry.terraform.io/paultyng/unifi" produced an invalid plan for unifi_firewall_rule.iot_guest_allow_established, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .src_network_type: planned value cty.StringVal("NETv4") does not match config value cty.NullVal(cty.String)
      - .dst_network_type: planned value cty.StringVal("NETv4") does not match config value cty.NullVal(cty.String)
unifi_firewall_rule.iot_guest_allow_established: Creating...

Error: error api.err.IdInvalid (400 ) for POST https://MY-CONTROLLER:MY-PORT/api/s/default/rest/firewallrule


2021-01-30T13:04:13.157Z [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing

Hopefully it's user error on my part but after upgrading my controller from 5.12.72 to latest 5 (5.14.23) I'm still seeing this issue, I'd rather not move to 6 yet.

Terraform version: 0.14.3
Controller version: 5.14.23
Device: USG-3P 4.4.51.5287926

Also I don't see any import for unifi_firewall_rule in the resource docs, is it not supported?

API URL for UDM Pro?

Hey @paultyng ,

I am currently trying to get started using this provider but have been unable to figure out what the API URL should be set to for the UDM Pro.

I have tried a few iterations of:

UNIFI_API=https://192.168.1.1/
UNIFI_API=https://192.168.1.1/network/default

But had no success receiving errors such as:

panic: client not initialized: (499 unknown) for POST https://192.168.1.1/api/auth/login

Could you give me a hint of what the API URL should be set to? This also might be good to add to the Terraform documentation and the go-sdk docs to save anyone else asking in the future.

Thanks,

Alan Jenkins

Split SDK out to its own repo

Error: error api.err.ApGroupMissing (400 ) for POST https://100.101.66.56:8443/api/s/default/rest/wlanconf

So the docs say ap_group_ids is optional, but in trying to configure a new controller (before any AP's have been connected)

(I'm using https://hub.docker.com/r/jacobalberty/unifi )

provider "unifi" {
  username = data.lastpass_secret.folly_wifi.username # optionally use UNIFI_USERNAME env var
  password = data.lastpass_secret.folly_wifi.password # optionally use UNIFI_PASSWORD env var
  api_url  = "https://${var.ip_address}:8443"  # optionally use UNIFI_API env var

  allow_insecure = true
}

data "unifi_user_group" "default" {
}

resource "unifi_wlan" "wifi" {
  name          = data.lastpass_secret.folly_wifi.username
  //vlan_id       = 10
  passphrase    = data.lastpass_secret.folly_wifi.password
  user_group_id = data.unifi_user_group.default.id
  security      = "wpapsk"
  ap_group_ids = []
}

While I'd like terraform to init the controller from nothing, I did go through the wizard it has to add a local admin, etc

Get this into terraform-providers

Add darwin_amd64 to releases?

I was able to successfully build and use the darwin_amd64 binary built using goreleaser and the config already in the repo. Can you add this platform to your release process?

Thanks!

api.err.InvalidNetworkId while creating user resource

creating a user resource from mac address results in a missing/wrong network_id
I am using UDMPRO 1.10.0 with controler 6.2.26 and unifi provider 0.29.0

resource "unifi_user" "flatcar" {
  mac  = lower(proxmox_vm_qemu.flatcar.network[0].macaddr)
  name = var.flatcar.name
  note = "flatcar Test"
  fixed_ip   = var.flatcar.ip
}

-----------------------------------------------------: timestamp=2021-08-30T13:20:09.117+0200
2021-08-30T13:20:09.119+0200 [INFO]  provider.terraform-provider-unifi_v0.29.0: 2021/08/30 13:20:09 [DEBUG] Unifi API Request Details:
---[ REQUEST ]---------------------------------------
PUT /proxy/network/api/s/default/rest/user/612cac275e1bf36442c4e0a2 HTTP/1.1
.....
{
 "_id": "612cac275e1bf36442c4e0a2",
 "site_id": "575f0cf9a8ec0c8dc0b255c9",
 "fixed_ip": "192.168.170.20",
 "mac": "f6:b0:ea:1f:13:41",
 "name": "flatcar-test",
 "network_id": "",
 "note": "flatcar Test",
 "use_fixedip": true,
 "usergroup_id": ""
}
-----------------------------------------------------: timestamp=2021-08-30T13:20:09.119+0200
2021-08-30T13:20:09.202+0200 [INFO]  provider.terraform-provider-unifi_v0.29.0: 2021/08/30 13:20:09 [DEBUG] Unifi API Response Details:
---[ RESPONSE ]--------------------------------------
.....
{
 "meta": {
  "rc": "error",
  "network_id": "",
  "msg": "api.err.InvalidNetworkId"
 },
 "data": []
}
-----------------------------------------------------: timestamp=2021-08-30T13:20:09.202+0200

│ Error: api.err.InvalidNetworkId (400 Bad Request) for PUT https://unifi/proxy/network/api/s/default/rest/user/612cac275e1bf36442c4e0a2
│
│   with unifi_user.flatcar,
│   on flatcar.tf line 48, in resource "unifi_user" "flatcar":
│   48: resource "unifi_user" "flatcar" {
│
╵

Maybe its better to rely on the network name instead of network_id or provide a network data source to get the proper id from name

Support 2FA

I enabled 2FA on my Ubiquiti account, assuming that it wouldn't affect local access but it does. The Terraform proviider fails without the 2FA token, and I don't think there's currently any way to provide this. /api/login fails with the following response:

HTTP/1.1 400 
Connection: close
Content-Length: 70
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
Content-Type: application/json;charset=UTF-8
Date: Sat, 27 Mar 2021 23:21:06 GMT
Vary: Origin
X-Frame-Options: DENY

{
 "meta": {
  "rc": "error",
  "msg": "api.err.Ubic2faTokenRequired"
 },
 "data": []
}

Add build steps to README

A lot of the other terraform providers such as some listed below have steps on how to build the provider. It would be nice for those to be listed who are interested in using the provider but aren't necessarily experts in Go.

https://github.com/hashicorp/terraform-provider-dns#building-the-provider
https://github.com/hashicorp/terraform-provider-tls#building-the-provider

Make unifi_wlan.security = wpaeap usable

Currently, when a unifi_wlan has security = "wpaeap", it fails to apply because there is no way to set radiusprofile_id. For this to be useful, we would need a RADIUS profile data source and a radius_profile_id on unifi_wlan.

I may submit a pull request if I have the free time. At the moment, that seems unlikely.

Error: api.err.Invalid (400 Bad Request) for PUT https://192.168.86.1/proxy/network/api/s/default/rest/device/5ddfb6fa7fa2bb02a577154a

When applying terraform, I get the following error, running controller 6.2.23 and your provider v 0.26.0

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # unifi_device.closest_udm_pro will be updated in-place
  ~ resource "unifi_device" "closest_udm_pro" {
        id       = "5ddfb6fa7fa2bb02a577154a"
      ~ name     = "UniFi UDM Pro" -> "Closet UDM Pro"
        # (3 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

unifi_device.closest_udm_pro: Modifying... [id=5ddfb6fa7fa2bb02a577154a]

Error: api.err.Invalid (400 Bad Request) for PUT https://192.168.86.1/proxy/network/api/s/default/rest/device/5ddfb6fa7fa2bb02a577154a

  on unifi.tf line 42, in resource "unifi_device" "closest_udm_pro":
  42: resource "unifi_device" "closest_udm_pro" {


russ@Russells-MBP infra %

L42 is the first line listed below:

resource "unifi_device" "closest_udm_pro" {
  mac  = "e0:63:xx:xx:xx:xx"
  name = "Closet UDM Pro"
  port_override {
    number          = 4
    port_profile_id = "5e3895fccde92e021fe5d635"
  }
  port_override {
    number          = 7
    port_profile_id = "5e3895fccde92e021fe5d635"
  }
  port_override {
    number          = 8
    port_profile_id = "5e3895fccde92e021fe5d635"
  }
}

Add support for port forwarding

Add a test using another external provider

Just to simulate some of the acceptance testing stuff.

Figure out how to "fake" USG adoption for automated testing

A number of features are not possible to configure without an adopted USG as far as I can tell:

RADIUS server settings
Static routes

I should investigate emulating USG adoption to enable some of these to be configured.

Setup releasing with a GitHub action

Setting `network_group` breaks WAN network

Terraform wanted to set network_group to "LAN" (the default value) on my WAN network, but doing so seemed to break things somehow. Before applying this change, this is what I saw in the UI:

After Terraform set network_group, the network appears to have been dissociated from the gateway device:

This is what the WAN network looked like from the API before and after setting network_group:

Before

{
  "_id": "60375d9addb88d01485711b7",
  "attr_hidden_id": "WAN",
  "attr_no_delete": true,
  "name": "WAN",
  "purpose": "wan",
  "site_id": "60375bd3ddb88d0148571192",
  "wan_ip": "192.168.1.1",
  "wan_networkgroup": "WAN",
  "wan_type": "dhcp"
}

After

{
  "_id": "60375d9addb88d01485711b7",
  "attr_no_delete": true,
  "attr_hidden_id": "WAN",
  "wan_networkgroup": "WAN",
  "site_id": "60375bd3ddb88d0148571192",
  "purpose": "wan",
  "name": "WAN",
  "wan_type": "dhcp",
  "wan_ip": "192.168.1.1",
  "auto_scale_enabled": false,
  "dhcpd_boot_enabled": false,
  "dhcpd_boot_server": "",
  "dhcpd_dns_1": "",
  "dhcpd_dns_2": "",
  "dhcpd_dns_3": "",
  "dhcpd_dns_4": "",
  "dhcpd_dns_enabled": false,
  "dhcpd_enabled": false,
  "dhcpd_gateway": "",
  "dhcpd_gateway_enabled": false,
  "dhcpd_ip_1": "",
  "dhcpd_ip_2": "",
  "dhcpd_ip_3": "",
  "dhcpd_mac_1": "",
  "dhcpd_mac_2": "",
  "dhcpd_mac_3": "",
  "dhcpd_ntp_1": "",
  "dhcpd_ntp_2": "",
  "dhcpd_ntp_enabled": false,
  "dhcpd_start": "",
  "dhcpd_stop": "",
  "dhcpd_time_offset_enabled": false,
  "dhcpd_unifi_controller": "",
  "dhcpdv6_dns_auto": false,
  "dhcpdv6_enabled": false,
  "dhcpd_wins_1": "",
  "dhcpd_wins_2": "",
  "dhcpd_wins_enabled": false,
  "dhcp_relay_enabled": false,
  "dhcpguard_enabled": false,
  "dpi_enabled": false,
  "dpigroup_id": "",
  "domain_name": "",
  "enabled": true,
  "exposed_to_site_vpn": false,
  "gateway_device": "",
  "igmp_fastleave": false,
  "igmp_querier": "",
  "igmp_snooping": false,
  "igmp_supression": false,
  "ipsec_dynamic_routing": false,
  "ipsec_pfs": false,
  "ipv6_pd_prefixid": "",
  "ipv6_ra_enabled": false,
  "is_nat": false,
  "lte_lan_enabled": false,
  "networkgroup": "LAN",
  "pptpc_require_mppe": false,
  "radiusprofile_id": "",
  "remote_site_id": "",
  "report_wan_event": false,
  "require_mschapv2": false,
  "upnp_lan_enabled": false,
  "usergroup_id": "",
  "vlan_enabled": false,
  "vpn_client_default_route": false,
  "vpn_client_pull_dns": false,
  "wan_dns1": "",
  "wan_dns2": "",
  "wan_dns3": "",
  "wan_dns4": "",
  "wan_gateway": "",
  "wan_gateway_v6": "",
  "wan_ipv6": "",
  "wan_smartq_enabled": false,
  "wan_vlan_enabled": false
}

I'm happy to submit a PR to fix this, although I'm not sure why no-one else is reporting any issues...,.

Is it possible to configure static routes?

Very cool project! I frequently spin up openvpn instances for each gitlab pipeline test. Would it be possible to somehow configure static routes with your provider api?

Contributing and Testing

Hi! I've been working on a small branch of changes to implement some of the WAN settings for my own Unifi homelab (USG + Cloud Key + WIFI AP + More) but I feel like I'm stumbling at the final hurdle - I've implemented the necessary changes, written tests, and the test suite passes - but I can't seem to test the plugin on my own setup at home! When I copy the resulting binary from the ~/.terraform/plugins directory into ~/Projects/homelab/.terraform/plugins/registry.terraform.io/paultyng/unifi/0.15.0-beta.1/darwin_amd64/terraform-provider-unifi_v0.15.0-beta.1 I get the following terraform error message:

Error: unable to determine API URL style: Get "": unsupported protocol scheme ""

regardless of the terraform action I take (plan, apply, import, etc), and even with clearing my terraform state and re-running terraform init (which just redownloads from the registry).

I feel like I've missed something fundamental - how can I test my local build of the plugin against my local homelab terrafrom files?

Indicate which controller versions the provider works with in the README.md

I'm planning on switching to the 6.x unifi controller. Would be nice to understand how this provider works with 5.x vs. 6.x and what issues I might see upgrading. Thanks for the nice tool!

GET /proxy/network/status requires authentication on Cloud Key Firmware 2.X (UniFi OS)

First, thank you (all) so much for all of your work on this project!

After fiddling with the configuration for ages; I realized that this provider wasn't even trying to login before running GET /proxy/network/status; an endpoint which requires authentication in at least this new configuration.

Based on the documentation here, I'm assuming that endpoint used to not require authentication.

Some logs:

[DEBUG] plugin.terraform-provider-unifi_v0.19.1: 2021/01/30 02:40:57 [DEBUG] Unifi API Request Details:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: ---[ REQUEST ]---------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: GET / HTTP/1.1
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Host: 192.168.1.7
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: User-Agent: Go-http-client/1.1
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Accept-Encoding: gzip
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: -----------------------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: 2021/01/30 02:40:57 [DEBUG] Unifi API Response Details:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: ---[ RESPONSE ]--------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: HTTP/1.1 200 OK
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Content-Length: 357
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Accept-Ranges: bytes
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Connection: keep-alive
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Content-Type: text/html; charset=utf-8
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Date: Sat, 30 Jan 2021 02:40:57 GMT
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Set-Cookie: TOKEN=[redacted]; path=/; secure; httponly
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Strict-Transport-Security: max-age=15552000; includeSubDomains
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Vary: Origin
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Content-Type-Options: nosniff
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Csrf-Token: [redacted]
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Dns-Prefetch-Control: off
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Download-Options: noopen
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Frame-Options: SAMEORIGIN
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Response-Time: 5ms
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Xss-Protection: 1; mode=block
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <!doctype html>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <html lang="en">
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <head>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <meta charset="utf-8">
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <meta name="viewport" content="width=device-width,initial-scale=1"><link href="/2.css" rel="stylesheet"></head>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <body>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <div id="root"></div>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: <script type="text/javascript" src="/vendor.0306759b.chunk.js"></script><script type="text/javascript" src="/main.d8e6c715.js"></script></body>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: </html>
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: -----------------------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: 2021/01/30 02:40:57 [DEBUG] Unifi API Request Details:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: ---[ REQUEST ]---------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: GET /proxy/network/status HTTP/1.1
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Host: 192.168.1.7
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: User-Agent: terraform-provider-unifi/0.1
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Content-Type: application/json; charset=utf-8
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Accept-Encoding: gzip
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: -----------------------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: 2021/01/30 02:40:57 [DEBUG] Unifi API Response Details:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: ---[ RESPONSE ]--------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: HTTP/1.1 401 Unauthorized
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Content-Length: 12
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Accept-Ranges: bytes
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Connection: keep-alive
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Content-Type: text/plain; charset=utf-8
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Date: Sat, 30 Jan 2021 02:40:57 GMT
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Set-Cookie: TOKEN=[redacted]; path=/; secure; httponly
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Strict-Transport-Security: max-age=15552000; includeSubDomains
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Vary: Origin
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Content-Type-Options: nosniff
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Csrf-Token: [redacted]
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Dns-Prefetch-Control: off
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Download-Options: noopen
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Frame-Options: SAMEORIGIN
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Response-Time: 7ms
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: X-Xss-Protection: 1; mode=block
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: Unauthorized
[DEBUG] plugin.terraform-provider-unifi_v0.19.1: -----------------------------------------------------
[DEBUG] plugin.terraform-provider-unifi_v0.19.1:

please add example to unifi_firewall_rule how to use more complex rules

In the GUI I can set:

Source type = Addres/PortGroup
IPv4 Address Group = Any
Port Group = Any

(same options for destination)
How do I do this with the the provider? Is it possible?

In the GUI I can set:

Source type = Network
Network = Name of Network (is this the src_network_id or dst_network_id?)

network_id instead of vlan_id - source for network_id

HI,
Apologies if this is answered already, but with vlan_id being depreciated, what should a valid network_id string look like under the unifi_wlan resource?
I've tried a case sensitive string matching the "name" being applied to the network, and variations there of, but haven't had any luck.
Tips very appreciated!

unifi_port_forward doesn't accept CIDR address

Unifi WebUI accepts CIDR & IP address notation for the source ip paramater

resource "unifi_port_forward" "forward_load_balancer" {
  dst_port = "443"
  fwd_ip = "192.168.1.71"
  fwd_port = "443"
  log = true
  enabled = true
  name = "Forward Load Balancer"
  port_forward_interface = "wan"
  protocol = "tcp_udp"
  src_ip = "173.245.48.0/20"
}

errors out with the following:

Error: expected src_ip to contain a valid IPv4 address, got: 173.245.48.0/20
  on port_forwarding.tf line 42, in resource "unifi_port_forward" "forward_load_balancer":

Add dynamic dns support

Use Github Actions services (and see if this works in act)

GitHub Actions Services don't seem to have access to state on disk so will probably need to burn an initial controller image manually.

WLAN Schedule

Hi,

in your sdk i am not able to get a clue how wlan scheduling is configureable :(
Do you get an idea about this?

Thanks, Martin

`src_firewall_group_ids` doesn't accept multiple firewall groups

src_firewall_group_ids is an array, but it seems to only work with <= 1 elements in the array. I verified this on v5 and v6 by tweaking and running the acceptance tests with the following config:

resource "unifi_firewall_group" "a" {
  name = "tf acc a"
  type = "address-group"

  members = ["192.168.1.1", "192.168.1.2"]
}

resource "unifi_firewall_group" "b" {
  name = "tf acc b"
  type = "address-group"

  members = ["192.168.1.1"]
}

resource "unifi_firewall_rule" "test" {
  name    = "tf acc"
  action  = "accept"
  ruleset = "LAN_IN"

  rule_index = 2010

  protocol = "all"

  src_firewall_group_ids = [unifi_firewall_group.a.id, unifi_firewall_group.b.id]

  dst_address = "192.168.1.1"
}

It fails with:

        Error: error api.err.FirewallGroupTypeExists (400 ) for POST https://localhost:8443/api/s/default/rest/firewallrule
        
          on terraform_plugin_test.tf line 16, in resource "unifi_firewall_rule" "test":
          16: resource "unifi_firewall_rule" "test" {

Add testing for wpaeap and RADIUS

This will most likely require adopting a placeholder USG or something (#15) in the docker controller.

This is a follow-on to #27 / #26

firewall_rule: expose enabled attribute

Doesn't look like the firewall_rule resources allows setting Enabled to true/false.

UNMS support?

Sorry for the question - I don't have any Ubiquiti gear (yet?) but I'm considering it and trying to understand UNMS vs. Unifi Controller. Would this provider at least in theory work with UNMS too, or with slight modification?

I'd be more than happy to contribute, just not keen to start from scratch with a different provider if it's completely different under the hood. (Since then I may as well go back to looking at Mikrotik, (or even my existing OpenWRT) as was my plan before being enticed by your work here 👍.)

Edit: Sorry, I realise too late this is more of a question for , I'd move it if I could but it seems you need to be owner/collab on the repo in order to, odd as that is.

unifi_wlan resource

I've been updating my unifi controller module to include the unifi_wlan resource. I've been trying to get the scheduling to work.

Well, it works but only for a specific day. I didn't find a way to do it for multiple days.

If I include this in my terraform config, it works:
~ schedule {
~ block_end = "2:45"
~ block_start = "2:00"
~ day_of_week = "sun"
}
So I changed the config from the web gui and set it accross multiple days and than did terraform plan again which revealed this:
~ schedule {
~ block_end = "2:45" -> "11:01"
~ block_start = "2:00" -> "12:00"
~ day_of_week = "mon-sun" -> "sun"
}

I noticed that you only support single days. Is it possible to change day_of_week to support this value > "mon-sun" or a similar combination?

Cannot set WPA3 types for security on wlan

% terraform apply       
╷
│ Error: expected security to be one of [wpapsk wpaeap open], got wpa3psk
│ 
│   with unifi_wlan.wifi_sec,
│   on unifi.tf line 140, in resource "unifi_wlan" "wifi_sec":
│  140:   security          = "wpa3psk"
│

https://github.com/paultyng/terraform-provider-unifi/blob/main/internal/provider/resource_wlan.go#L53 seems to be the source of the restriction.

However, in the UI I see:

Add switch port aggregation support

We have a US-24-POE switch that uses link aggregation for a couple of devices. It'd be very nice to be able to configure that setup as part of Terraform, however presently that doesn't appear to work.

I hit "apply" in a similar configuration to the screenshot below, this is the example request that was set to the UDM-P that I use as my controller:

URI: https://unifi.my.network/proxy/network/api/s/default/rest/device/5fa75def5318bd035aa209bd
METHOD: PUT
{
    "port_overrides": [
        {
            "port_idx": 11,
            "portconf_id": "5f3d11ec5318bd051a842c6e",
            "port_security_mac_address": [],
            "op_mode": "aggregate",
            "aggregate_num_ports": 2
        },
        {
            "port_idx": 9,
            "portconf_id": "5f3d11ec5318bd051a842c6e",
            "op_mode": "aggregate",
            "port_security_mac_address": [],
            "aggregate_num_ports": 2
        }
    ]
}

On my machine the portconf_id there is the default "All" configuration as seen here from my terraform state:

data "unifi_port_profile" "all" {
    id   = "5f3d11ec5318bd051a842c6e"
    name = "All"
    site = "default"
}

And the device in the request URI is the US-24-POE, also as seen from my terraform state:

# unifi_device.us_24_poe:
resource "unifi_device" "us_24_poe" {
    disabled = false
    id       = "5fa75def5318bd035aa209bd"
    mac      = "de:vi:ce:ma:cn:um"
    site     = "default"

    port_override {
        number          = 11
        port_profile_id = "5f3d11ec5318bd051a842c6e"
    }
    port_override {
        number          = 9
        port_profile_id = "5f3d11ec5318bd051a842c6e"
    }
}

This doesn't seem too difficult to add, alas I don't know golang very well so I'm not of much use here :)

Let me know if you need any additional details.

Screenshot of relevant configuration:

Add support importing firewall rules

`terraform import module.unifi-fw-rule-2017.unifi_firewall_rule.ufr 5fb394c330905f01c4df9c98  ✔  14s   09:35:20 
module.unifi-fw-rule-2017.unifi_firewall_rule.ufr: Importing from ID "5fb394c330905f01c4df9c98"...
module.unifi-fw-rule-2017.unifi_firewall_rule.ufr: Import prepared!
Prepared unifi_firewall_rule for import
module.unifi-fw-rule-2017.unifi_firewall_rule.ufr: Refreshing state... [id=5fb394c330905f01c4df9c98]

Error: unable to decode body: GET s/default/rest/firewallrule/5fb394c330905f01c4df9c98 json: cannot unmarshal string into Go struct field FirewallRule.data.rule_index of type int`

Terraform import of unifi_device returning error

When importing a unifi_device I am receiving the following error:

terraform import unifi_device.office_switch 'f4:92:bf:8b:7b:65'
unifi_device.office_switch: Importing from ID "f4:92:bf:8b:7b:65"...

Error: unable to decode body: GET s/default/stat/device unable to unmarshal alias: unable to unmarshal alias: json: cannot unmarshal number into Go struct field .ht of type string

Do you have any advice on how to debug the response as this was previously working so I am wondering if this is due to an update of the Unifi Dream Machine's Network Management module.

wrong handling of imported network resource

to temporary mitigate problems i described in #168 i tried to use an imported network resource to retrieving an accepted networkid for user resource. But here i ran into the next issues.
Importing network resource was fine

resource "unifi_network" "vlan" {
}

terraform import unifi_network.vlan name="Vlan170-PVE Netboot"
unifi_network.vlan: Import prepared!
  Prepared unifi_network for import
unifi_network.vlan: Refreshing state... [id=6118f3fa5e1bf36442b2bf88]

Import successful!

terraform state show unifi_network.vlan
# unifi_network.vlan:
resource "unifi_network" "vlan" {
    dhcp_dns            = [
        "192.168.101.100",
    ]
    dhcp_enabled        = true
    dhcp_lease          = 86400
    dhcp_start          = "192.168.170.30"
    dhcp_stop           = "192.168.170.254"
    dhcpd_boot_enabled  = true
    dhcpd_boot_filename = "sidero.kpxe"
    dhcpd_boot_server   = "192.168.101.100"
    domain_name         = "home.local"
    id                  = "6118f3fa5e1bf36442b2bf88"
    igmp_snooping       = false
    ipv6_interface_type = "none"
    ipv6_ra_enable      = false
    name                = "Vlan170-PVE Netboot"
    network_group       = "LAN"
    purpose             = "corporate"
    site                = "default"
    subnet              = "192.168.170.0/24"
    vlan_id             = 170
    wan_dns             = []
    wan_egress_qos      = 0
}

if i try to use it it complains about missing mandantory fields (which may be ok)

terraform plan
╷
│ Error: Missing required argument
│
│   on main.tf line 2, in resource "unifi_network" "vlan":
│    2: resource "unifi_network" "vlan" {
│
│ The argument "name" is required, but no definition was found.
╵
╷
│ Error: Missing required argument
│
│   on main.tf line 2, in resource "unifi_network" "vlan":
│    2: resource "unifi_network" "vlan" {
│
│ The argument "purpose" is required, but no definition was found.

if i add these mandantory fields into the resource terraform will update it with empty fields instead of doing nothing as expected

resource "unifi_network" "vlan" {
  name="Vlan170-PVE Netboot"
  purpose="corporate"
}
terraform plan
unifi_network.vlan: Refreshing state... [id=6118f3fa5e1bf36442b2bf88]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # unifi_network.vlan will be updated in-place
  ~ resource "unifi_network" "vlan" {
      ~ dhcp_dns            = [
          - "192.168.101.100",
        ]
      - dhcp_enabled        = true -> null
      - dhcp_start          = "192.168.170.30" -> null
      - dhcp_stop           = "192.168.170.254" -> null
      - dhcpd_boot_enabled  = true -> null
      - dhcpd_boot_filename = "sidero.kpxe" -> null
      - dhcpd_boot_server   = "192.168.101.100" -> null
      - domain_name         = "home.local" -> null
        id                  = "6118f3fa5e1bf36442b2bf88"
        name                = "Vlan170-PVE Netboot"
      - subnet              = "192.168.170.0/24" -> null
      - vlan_id             = 170 -> null
        # (9 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Add support for firewall rules and groups

I cannot provision DHCP-Relay on an Network-Interface for a UDM-PRO

Hello,

I have following Part imported from an UDM-PRO:

dhcp_dns = [
"8.8.8.8",
"8.8.4.4",
]
dhcp_enabled = false
dhcp_lease = 86400
dhcp_start = "192.168.160.6"
dhcp_stop = "192.168.160.254"
dhcpd_boot_enabled = false
domain_name = "zuhause.local"
igmp_snooping = false
ipv6_interface_type = "none"
ipv6_ra_enable = false
name = "USW"
network_group = "LAN"
purpose = "corporate"
site = "default"
subnet = "192.168.160.0/24"
vlan_id = 33
wan_dns = []
wan_egress_qos = 0
}

If I provision the terraform part, then the dhcp-relay is disabled

Can you fix this?

Thank Uwe Blais

removing passphrase from a unifi_wlan resource breaks apply (wpaeap)

When changing to wpaeap security, I removed the passphrase on the relevant unifi_wlan.

terraform plan creates this plan:

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.unifi.unifi_wlan.main will be updated in-place
  ~ resource "unifi_wlan" "main" {
        hide_ssid          = false
        id                 = "5ea20c9e6195ec1b2160bac3"
        is_guest           = false
        mac_filter_enabled = false
        mac_filter_list    = []
        mac_filter_policy  = "deny"
        multicast_enhance  = false
        name               = "[redacted]"
      - passphrase         = (sensitive value)
        radius_profile_id  = "5c4eeb2a9b4819153d536adb"
        security           = "wpaeap"
        user_group_id      = "5c4eeb2a9b4819153d536b25"
        vlan_id            = 3
        wlan_group_id      = "5c4eeb2a9b4819153d536b26"
    }

Plan: 0 to add, 1 to change, 0 to destroy.

------------------------------------------------------------------------

Executing that plan with terraform apply results in:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.unifi.unifi_wlan.main will be updated in-place
  ~ resource "unifi_wlan" "main" {
        hide_ssid          = false
        id                 = "5ea20c9e6195ec1b2160bac3"
        is_guest           = false
        mac_filter_enabled = false
        mac_filter_list    = []
        mac_filter_policy  = "deny"
        multicast_enhance  = false
        name               = "[redacted]"
      - passphrase         = (sensitive value)
        radius_profile_id  = "5c4eeb2a9b4819153d536adb"
        security           = "wpaeap"
        user_group_id      = "5c4eeb2a9b4819153d536b25"
        vlan_id            = 3
        wlan_group_id      = "5c4eeb2a9b4819153d536b26"
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.unifi.unifi_wlan.main: Modifying... [id=5ea20c9e6195ec1b2160bac3]

Error: not found

I worked around this by creating a random_password resource and setting passphrase to the result of the random_password. Then, I added a lifecycle block to the unifi_wlan and had it ignore changes in passphrase. Example below.

resource "unifi_wlan" "main" {
  name          = "[redacted]"
  wlan_group_id = data.unifi_wlan_group.default.id
  user_group_id = unifi_user_group.default.id

  vlan_id = unifi_network.wlan.vlan_id

  security          = "wpaeap"
  radius_profile_id = data.unifi_radius_profile.USG.id

  # TODO: Remove this lifecycle block when UniFi provider can handle missing passphrase
  lifecycle {
    ignore_changes = [
      passphrase
    ]
  }
}

Error: unable to decode body: GET s/default/get/setting/mgmt unable to unmarshal alias: json: cannot unmarshal object into Go struct field .x_ssh_keys of type string

does not work `unifi_setting_mgmt` resource.

about

I set up the unifi_setting_mgmt resource as per the reference document, but I got a json unmarshal error.
There appears to be a difference between the structure used by the provider and the data type the API was expecting.

expected

I had hoped to be able to manage the site.
https://${UDMP IP Addr}/network/site/default/settings/site
Or, they expected to be able to manage automatic system upgrades.
https://${UDMP IP Addr}/settings/updates

system environment

device

UniFi Dream Machine Pro

controler

Firmware
- 1.9.3
Netowrk App
- 6.2.25

terraform

$ terraform version 
Terraform v1.0.0
on darwin_amd64
+ provider registry.terraform.io/paultyng/unifi v0.27.0

issue

error

Error: unable to decode body: GET s/default/get/setting/mgmt unable to unmarshal alias: json: cannot unmarshal object into Go struct field .x_ssh_keys of type string

sample code

locals {
  site_id = toset([
    "sample",
  ])
}

resource "unifi_site" "default" {
  for_each = local.site_id

  description = each.key
}

resource "unifi_setting_mgmt" "default" {
  for_each = local.site_id

  site         = unifi_site.default[each.key].name
  auto_upgrade = true
}

execute command

validate

$ terraform validate                                                                      
Success! The configuration is valid.

plan

$ terraform plan -var-file secret.tfvars
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # unifi_setting_mgmt.default will be created
  + resource "unifi_setting_mgmt" "default" {
      + auto_upgrade = true
      + id           = (known after apply)
      + site         = "default"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

import

$ terraform import -var-file secret.tfvars 'unifi_setting_mgmt.default["sample"]' default
unifi_setting_mgmt.default["sample"]: Importing from ID "default"...
unifi_setting_mgmt.default["sample"]: Import prepared!
  Prepared unifi_setting_mgmt for import
unifi_setting_mgmt.default["sample"]: Refreshing state... [id=default]
Error: unable to decode body: GET s/default/get/setting/mgmt unable to unmarshal alias: json: cannot unmarshal object into Go struct field .x_ssh_keys of type string

apply

$ terraform apply -var-file secret.tfvars -auto-approve -no-color
unifi_setting_mgmt.default["sample"]: Importing from ID "default"...
unifi_setting_mgmt.default["sample"]: Import prepared!
  Prepared unifi_setting_mgmt for import
unifi_setting_mgmt.default["sample"]: Refreshing state... [id=default]
Error: unable to decode body: GET s/default/get/setting/mgmt unable to unmarshal alias: json: cannot unmarshal object into Go struct field .x_ssh_keys of type string

hypothesis

The unifi_site resource has been created/imported correctly.
The unifi_setting_mgmt resource cannot be created or imported, resulting in the above error.
The site id and other attributes set in the unifi_setting_mgmt resource may be of the wrong type.
The Go structure field .x_ssh_keys may be of the wrong type.

and more

If you go to dashboard>settings>site, you can set several items other than auto_upgrade, so it is necessary for the terraform provider to be able to set these values as well.
https://${UDMP IP Addr}/network/site/default/settings/site

reference docs

Allow importing with site name or ID

I'm confused as to how to actually import a site.

The id is a computed value that doesn't exist until the site is created or imported, but it appears that ID is necessary to import the site.

Where do I find the id for the site in order to do an import? Shouldn't it be the randomly generated "name" attribute from the Unifi Software?

UDMP - Running the default wlan example fails

I'm getting failures with the following code, mostly taken from the samples:

terraform {
  required_providers {
    unifi = {
      source = "paultyng/unifi"
      version = "0.13.1-beta.1"
    }
  }
}

provider "unifi" {
  username = "xxxxxx"
  password = "xxxxxx"
  api_url  = "https://192.168.86.1"
  allow_insecure = true
}

data "unifi_wlan_group" "default" {
}

data "unifi_user_group" "default" {
}

resource "unifi_wlan" "wifi" {
  name          = "myssid"
  vlan_id       = 10
  passphrase    = "12345678"
  wlan_group_id = data.unifi_wlan_group.default.id
  user_group_id = data.unifi_user_group.default.id
  security      = "wpapsk"
}

Here is the output of version + apply:

terraform % terraform version
Terraform v0.13.2
+ provider registry.terraform.io/paultyng/unifi v0.13.1-beta.1

terraform % terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.unifi_user_group.default: Refreshing state...
data.unifi_wlan_group.default: Refreshing state...

Error: unable to decode body: GET s/default/rest/wlangroup invalid character '<' looking for beginning of value

Error: unable to decode body: GET s/default/rest/usergroup invalid character '<' looking for beginning of value

FYI I'm running controller version 5.14.24 and Dream Machine Pro firmware 1.8.1-rc.3.

Thanks for writing this!

Add remote user VPN support

See https://help.ui.com/hc/en-us/articles/115005445768-UniFi-USG-UDM-Configuring-L2TP-Remote-Access-VPN

Sites are resources / data of a unifi provider, not a provider level config

I think there needs to be a shift to how the provider is configured. Instead of setting the site at the provider configuration portion it seems more apt to instead have resources that are attached to sites, have sites as data/resource options, and allow management of multiple objects between sites in one workspace.

Switch CheckDestroy usage to t.Cleanup

Devices

Hi,

i saw already the json definitions in your sdk. so is it just a matter of implementing the go code in the terraform provider, to get also devices configurable?
Even I am missing the accesspoint stuff - usg and usw seems to be available.

Thanks, Martin

Bump to Go 1.16 and release for darwin/arm64

No changes detected in port overrides when port number isn't changing.

I suspect this is because of the new port override hashing method.

I have for example:

  port_override {
    number          = 6
    name            = "office switch"
    port_profile_id = data.unifi_port_profile.builtin["office"].id
  }

If I change the port name or profile ID and run terraform plan, it says "No changes. Infrastructure is up-to-date."

I need to add another port_override or change some port_override's number for it to detect any changes,
and even then it will say it's deleting the whole port_override section and adding a new one,
instead of updating in-place.

add data source for user(clients)

it should be possible to get user details as data source with same fields as they has been created as resource

paultyng / terraform-provider-unifi Goto Github PK

terraform-provider-unifi's Introduction

Unifi Terraform Provider (terraform-provider-unifi)

Documentation

Supported Unifi Controller Versions

Using the Provider

Terraform 1.0 and above

terraform-provider-unifi's People

Contributors

Stargazers

Watchers

Forkers

terraform-provider-unifi's Issues

does not work unifi_setting_mgmt resource.

about

expected

system environment

device

controler

terraform

issue

error

sample code

execute command

validate

plan

import

apply

hypothesis

and more

reference docs

Recommend Projects

Recommend Topics

Recommend Org

does not work `unifi_setting_mgmt` resource.