feat(specs): Add specs, tests and examples for ospf and ospfv3 routing profiles (#712)

Author: kklimonda-cl

assets/terraform/examples/resources/panos_ospf_auth_routing_profile/import.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# An OSPF authentication routing profile can be imported by providing the following base64 encoded object as the ID
+
+# Import from an NGFW device
+# {
+#   location = {
+#     ngfw = {
+#       ngfw_device = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospf-simple-password"
+# }
+terraform import panos_ospf_auth_routing_profile.example $(echo '{"location":{"ngfw":{"ngfw_device":"localhost.localdomain"}},"name":"ospf-simple-password"}' | base64)
+
+# Import from a Panorama template
+# {
+#   location = {
+#     template = {
+#       name            = "ospf-routing-template"
+#       panorama_device = "localhost.localdomain"
+#       ngfw_device     = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospf-md5-auth"
+# }
+terraform import panos_ospf_auth_routing_profile.example $(echo '{"location":{"template":{"name":"ospf-routing-template","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}},"name":"ospf-md5-auth"}' | base64)
+
+# Import from a Panorama template stack
+# {
+#   location = {
+#     template_stack = {
+#       name            = "ospf-routing-stack"
+#       panorama_device = "localhost.localdomain"
+#       ngfw_device     = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospf-md5-auth"
+# }
+terraform import panos_ospf_auth_routing_profile.example $(echo '{"location":{"template_stack":{"name":"ospf-routing-stack","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}},"name":"ospf-md5-auth"}' | base64)

assets/terraform/examples/resources/panos_ospf_auth_routing_profile/md5-auth.tf

@@ -0,0 +1,30 @@
+# Create a template for the OSPF routing configuration
+resource "panos_template" "ospf_template" {
+  location = { panorama = {} }
+  name     = "ospf-routing-template"
+}
+
+# OSPF Authentication Profile with MD5 authentication using multiple keys
+# This allows for key rotation - the preferred key is used for sending packets
+# while all keys can validate incoming packets
+resource "panos_ospf_auth_routing_profile" "md5_auth" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name = "ospf-md5-auth"
+
+  md5 = [
+    {
+      name      = "key-1"
+      key       = "SecureKey123456"
+      preferred = true
+    },
+    {
+      name = "key-2"
+      key  = "BackupKey987654"
+    }
+  ]
+}

assets/terraform/examples/resources/panos_ospf_auth_routing_profile/password-auth.tf

@@ -0,0 +1,17 @@
+# Create a template for the OSPF routing configuration
+resource "panos_template" "ospf_password_template" {
+  location = { panorama = {} }
+  name     = "ospf-password-template"
+}
+
+# OSPF Authentication Profile with simple password authentication
+resource "panos_ospf_auth_routing_profile" "password_auth" {
+  location = {
+    template = {
+      name = panos_template.ospf_password_template.name
+    }
+  }
+
+  name     = "ospf-simple-password"
+  password = "Palo@123"
+}

assets/terraform/examples/resources/panos_ospf_auth_routing_profile/resource.tf

@@ -0,0 +1,17 @@
+# Create a template
+resource "panos_template" "ospf_simple_template" {
+  location = { panorama = {} }
+  name     = "ospf-simple-template"
+}
+
+# OSPF Authentication Profile using simple password
+resource "panos_ospf_auth_routing_profile" "simple_password" {
+  location = {
+    template = {
+      name = panos_template.ospf_simple_template.name
+    }
+  }
+
+  name     = "ospf-simple-auth"
+  password = "ospf-pass"
+}

assets/terraform/examples/resources/panos_ospf_interface_timer_routing_profile/import.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# Import an OSPF interface timer routing profile from a template
+location='{"template":{"name":"ospf-routing-template","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}}'
+encoded_location=$(echo -n "$location" | base64)
+terraform import "panos_ospf_interface_timer_routing_profile.custom_timers" "$encoded_location:custom-if-timer-profile"

assets/terraform/examples/resources/panos_ospf_interface_timer_routing_profile/resource.tf

@@ -0,0 +1,21 @@
+# Create a template
+resource "panos_template" "ospf_template" {
+  location = { panorama = {} }
+  name     = "ospf-routing-template"
+}
+
+# OSPF Interface Timer Profile with custom timer values
+resource "panos_ospf_interface_timer_routing_profile" "custom_timers" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name                = "custom-if-timer-profile"
+  hello_interval      = 30
+  dead_counts         = 4
+  retransmit_interval = 10
+  transit_delay       = 2
+  gr_delay            = 5
+}

assets/terraform/examples/resources/panos_ospf_redistribution_routing_profile/import.sh

@@ -0,0 +1,41 @@
+# An OSPF redistribution routing profile can be imported by providing the following base64 encoded object as the ID
+
+# Import from an NGFW device
+# {
+#   location = {
+#     ngfw = {
+#       ngfw_device = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospf-redistribute-connected"
+# }
+terraform import panos_ospf_redistribution_routing_profile.example $(echo '{"location":{"ngfw":{"ngfw_device":"localhost.localdomain"}},"name":"ospf-redistribute-connected"}' | base64)
+
+# Import from a Panorama template
+# {
+#   location = {
+#     template = {
+#       name            = "ospf-routing-template"
+#       panorama_device = "localhost.localdomain"
+#       ngfw_device     = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospf-redistribute-connected"
+# }
+terraform import panos_ospf_redistribution_routing_profile.example $(echo '{"location":{"template":{"name":"ospf-routing-template","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}},"name":"ospf-redistribute-connected"}' | base64)
+
+# Import from a Panorama template stack
+# {
+#   location = {
+#     template_stack = {
+#       name            = "ospf-routing-stack"
+#       panorama_device = "localhost.localdomain"
+#       ngfw_device     = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospf-redistribute-connected"
+# }
+terraform import panos_ospf_redistribution_routing_profile.example $(echo '{"location":{"template_stack":{"name":"ospf-routing-stack","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}},"name":"ospf-redistribute-connected"}' | base64)

assets/terraform/examples/resources/panos_ospf_redistribution_routing_profile/resource.tf

@@ -0,0 +1,111 @@
+# Create a template for OSPF redistribution profiles
+resource "panos_template" "ospf_template" {
+  location = { panorama = {} }
+  name     = "ospf-routing-template"
+}
+
+# Redistribute connected routes into OSPF with basic configuration
+resource "panos_ospf_redistribution_routing_profile" "connected" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name = "ospf-redistribute-connected"
+
+  connected = {
+    enable      = true
+    metric      = 10
+    metric_type = "type-1"
+  }
+}
+
+# Redistribute BGP routes into OSPF with type-2 metric
+resource "panos_ospf_redistribution_routing_profile" "bgp" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name = "ospf-redistribute-bgp"
+
+  bgp = {
+    enable      = true
+    metric      = 100
+    metric_type = "type-2"
+  }
+}
+
+# Redistribute static routes with route-map filtering
+resource "panos_ospf_redistribution_routing_profile" "static_with_map" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name = "ospf-redistribute-static-filtered"
+
+  static = {
+    enable    = true
+    route_map = "static-route-filter"
+    # Note: metric and metric_type are ignored when route_map is configured
+  }
+}
+
+# Redistribute multiple sources into OSPF with different configurations
+resource "panos_ospf_redistribution_routing_profile" "multiple" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name = "ospf-redistribute-multiple"
+
+  connected = {
+    enable      = true
+    metric      = 10
+    metric_type = "type-1"
+  }
+
+  static = {
+    enable      = true
+    metric      = 20
+    metric_type = "type-1"
+  }
+
+  bgp = {
+    enable      = true
+    metric      = 100
+    metric_type = "type-2"
+  }
+
+  rip = {
+    enable      = true
+    metric      = 50
+    metric_type = "type-2"
+    route_map   = "rip-filter-map"
+  }
+}
+
+# Default route redistribution with always option
+# The 'always' option generates a default route even if one doesn't exist
+resource "panos_ospf_redistribution_routing_profile" "default_route" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name = "ospf-redistribute-default"
+
+  default_route = {
+    enable      = true
+    always      = true
+    metric      = 1
+    metric_type = "type-1"
+  }
+}

assets/terraform/examples/resources/panos_ospf_spf_timer_routing_profile/resource.tf

@@ -0,0 +1,20 @@
+# Create a template
+resource "panos_template" "ospf_template" {
+  location = { panorama = {} }
+  name     = "ospf-routing-template"
+}
+
+# OSPF SPF Timer Profile with custom timing values
+resource "panos_ospf_spf_timer_routing_profile" "custom_timers" {
+  location = {
+    template = {
+      name = panos_template.ospf_template.name
+    }
+  }
+
+  name                  = "custom-spf-timer-profile"
+  spf_calculation_delay = 10
+  initial_hold_time     = 15
+  max_hold_time         = 30
+  lsa_interval          = 8
+}

assets/terraform/examples/resources/panos_ospfv3_auth_routing_profile/import.sh

@@ -0,0 +1,41 @@
+# An OSPFv3 auth routing profile can be imported by providing the following base64 encoded object as the ID
+
+# Import from an NGFW device
+# {
+#   location = {
+#     ngfw = {
+#       ngfw_device = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospfv3-ah-sha256-profile"
+# }
+terraform import panos_ospfv3_auth_routing_profile.example $(echo '{"location":{"ngfw":{"ngfw_device":"localhost.localdomain"}},"name":"ospfv3-ah-sha256-profile"}' | base64)
+
+# Import from a Panorama template
+# {
+#   location = {
+#     template = {
+#       name            = "my-template"
+#       panorama_device = "localhost.localdomain"
+#       ngfw_device     = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospfv3-esp-secure-profile"
+# }
+terraform import panos_ospfv3_auth_routing_profile.example $(echo '{"location":{"template":{"name":"my-template","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}},"name":"ospfv3-esp-secure-profile"}' | base64)
+
+# Import from a Panorama template stack
+# {
+#   location = {
+#     template_stack = {
+#       name            = "my-template-stack"
+#       panorama_device = "localhost.localdomain"
+#       ngfw_device     = "localhost.localdomain"
+#     }
+#   }
+#
+#   name = "ospfv3-esp-encrypt-only"
+# }
+terraform import panos_ospfv3_auth_routing_profile.example $(echo '{"location":{"template_stack":{"name":"my-template-stack","panorama_device":"localhost.localdomain","ngfw_device":"localhost.localdomain"}},"name":"ospfv3-esp-encrypt-only"}' | base64)