User setting

docs/resources/device_settings.md

@@ -0,0 +1,46 @@
+---
+layout: "metanetworks"
+page_title: "Meta Networks: metanetworks_device_settings"
+description: |-
+  Provides a device settings resource.
+---
+
+# Resource: metanetworks_device_settings
+
+Provides a device settings resource.
+
+## Example Usage
+
+```hcl
+resource "metanetworks_device_settings" "example" {
+  name                  = "Default_Org_Device_Setting"
+  description           = "Example Description"
+  apply_on_org          = true
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required). The name of the device settings.
+* `description` - (Optional). The description of the device settings.
+* `direct_sso`	- (Optional). Auto-select SSO at login
+* `dns_server_type` - (Optional). Values: `OVERLAY`,`UNDERLAY`.
+* `enabled` - (Optional) default=true.
+* `apply_on_org` - (Optional; Required if `sources` is omitted). Applies settings to entire organization.
+* `vpn_login_browser` - (Optional). Type of login for VPN. Values: `AGENT`, `EXTERNAL`, `USER_DEFINED`.
+* `protocol_selection_lifetime` - (Optional). Specifies time in *minutes* that the protocol selection is valix. Max `525600` (1 year).
+* `search_domains` - (Optional). (Optional). Specify domains? 
+* `sources` - (Optional; Required if `apply_on_org` is omitted). Applies setting to specified sources.
+* `session_lifetime` - (Optional). Time in *minutes* before requiring reauthentication.
+* `session_lifetime_grace` - (Optional). Time in *minutes* prior to session expiration to request reauthentication. Max: `60` (1 hour).
+* `split_tunnel` - (Optional). Setting to `true` will route all traffic (including internet bound) through Meta. Requires a Default Route mapped_subnet, metaport and egress resources.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The ID of the resource.
+* `created_at` - Creation timestamp.
+* `modified_at` - Modification timestamp.

docs/resources/user_settings.md

@@ -0,0 +1,46 @@
+---
+layout: "metanetworks"
+page_title: "Meta Networks: metanetworks_user_settings"
+description: |-
+  Provides a user authentication settings resource.
+---
+
+# Resource: metanetworks_user_settings
+
+Provides a user authentication settings resource.
+
+## Example Usage
+
+```hcl
+resource "metanetworks_user_settings" "example" {
+  name                  = "Default_Org_User_Settings"
+  description           = "Example Description"
+  apply_on_org          = true
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required). The name of the user settings.
+* `description` - (Optional). The description of the user settings.
+* `allowed_factors` - (Optional). List of allowed MFA factors when using Meta as idP. Values: `SMS`, `SOFTWARE_TOTP`, `VOICECALL`, `EMAIL`.
+* `enabled` - (Optional) default=true.
+* `apply_on_org` - (Optional; Required if `sources` is omitted). Applies setting to entire organization.
+* `mfa_required` - (Optional). Force Multi-Factor Authentication. Only applies when using Meta as idP.
+* `overlay_mfa_required` - (Optional). Specifies if MFA is required for overlay access.
+* `sso_mandatory` - (Optional). All applicable users *MUST* use SSO. Useful if using Third Party idP (but not required).
+* `sources` - (Optional; Required if `apply_on_org` is omitted). Applies setting to specified sources.
+* `prohibited_os` - (Optional). List of operating systems to block from applying settings. Values: `Android`,`iOS`,`Windows`,`macOS`,`Linux`,`ChromeOS`.
+* `max_devices_per_user` - (Optional). Maximum number of devices which any one user may enroll. Default `nul` (unlimited).
+* `overlay_mfa_refresh_period` - (Optional). Time in *min* that an overlay MFA token is active for.
+* `password_expiration` - (Optional). Password expiration in *days*
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The ID of the resource.
+* `created_at` - Creation timestamp.
+* `modified_at` - Modification timestamp.

metanetworks/device_settings.go

@@ -0,0 +1,75 @@
+package metanetworks
+
+import (
+	"errors"
+	"log"
+)
+
+const (
+	deviceSettingsEndpoint string = "/v1/settings/device"
+)
+
+type DeviceSettings struct {
+	Name                      string   `json:"name"`
+	Description               string   `json:"description,omitempty"`
+	DirectSSO                 string   `json:"direct_sso,omitempty"`
+	VPNLoginBrowser           string   `json:"vpn_login_browser,omitempty"`
+	DNSServerType             string   `json:"dns_server_type,omitempty"`
+	Enabled                   bool     `json:"enabled" type:"bool"`
+	ApplyOnOrg                bool     `json:"apply_on_org,omitempty"`
+	SplitTunnel               bool     `json:"split_tunnel,omitempty" type:"bool"`
+	ProtocolSelectionLifetime int      `json:"protocol_selection_lifetime,omitempty"`
+	SessionLifetime           int      `json:"session_lifetime,omitempty"`
+	SessionLifetimeGrace      int      `json:"session_lifetime_grace,omitempty"`
+	SearchDomains             []string `json:"search_domains,omitempty"`
+	ApplyToEntities           []string `json:"apply_to_entities,omitempty"`
+	CreatedAt                 string   `json:"created_at,omitempty" meta_api:"read_only"`
+	ID                        string   `json:"id,omitempty" meta_api:"read_only"`
+	ModifiedAt                string   `json:"modified_at,omitempty" meta_api:"read_only"`
+}
+
+func (c *Client) GetDeviceSettings(deviceSettingsID string) (*DeviceSettings, error) {
+	var deviceSettings DeviceSettings
+	err := c.Read(deviceSettingsEndpoint+"/"+deviceSettingsID, &deviceSettings)
+	if err != nil {
+		return nil, err
+	}
+
+	log.Printf("Returning Auth Setting from Get: %s", deviceSettings.ID)
+	return &deviceSettings, nil
+}
+
+func (c *Client) UpdateDeviceSettings(deviceSettingsID string, deviceSettings *DeviceSettings) (*DeviceSettings, error) {
+	resp, err := c.Update(deviceSettingsEndpoint+"/"+deviceSettingsID, *deviceSettings)
+	if err != nil {
+		return nil, err
+	}
+	updatedDeviceSettings, _ := resp.(*DeviceSettings)
+
+	log.Printf("Returning Auth Setting from Update: %s", updatedDeviceSettings.ID)
+	return updatedDeviceSettings, nil
+}
+
+func (c *Client) CreateDeviceSettings(deviceSettings *DeviceSettings) (*DeviceSettings, error) {
+	resp, err := c.Create(deviceSettingsEndpoint, *deviceSettings)
+	if err != nil {
+		return nil, err
+	}
+
+	createdDeviceSettings, ok := resp.(*DeviceSettings)
+	if !ok {
+		return nil, errors.New("Object returned from API was not a Auth Setting Pointer")
+	}
+
+	log.Printf("Returning Auth Setting from Create: %s", createdDeviceSettings.ID)
+	return createdDeviceSettings, nil
+}
+
+func (c *Client) DeleteDeviceSettings(deviceSettingsID string) error {
+	err := c.Delete(deviceSettingsEndpoint + "/" + deviceSettingsID)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

metanetworks/network_element.go

@@ -23,7 +23,7 @@ type NetworkElement struct {
 	ExpiresAt     string         `json:"expires_at,omitempty" meta_api:"read_only"`
 	ID            string         `json:"id,omitempty" meta_api:"read_only"`
 	MappedService string         `json:"mapped_service,omitempty"`
-	MappedSubnets []string       `json:"mapped_subnets,omitempty"`
+	MappedSubnets []string       `json:"mapped_subnets"`
 	ModifiedAt    string         `json:"modified_at,omitempty" meta_api:"read_only"`
 	Name          string         `json:"name"`
 	NetID         int64          `json:"net_id,omitempty" meta_api:"read_only"`

metanetworks/provider.go

@@ -55,6 +55,8 @@ func Provider() *schema.Provider {
 			"metanetworks_protocol_group":               resourceProtocolGroup(),
 			"metanetworks_routing_group_attachment":     resourceRoutingGroupAttachment(),
 			"metanetworks_routing_group":                resourceRoutingGroup(),
+			"metanetworks_user_settings":                resourceUserSettings(),
+			"metanetworks_device_settings":              resourceDeviceSettings(),
 			"metanetworks_posture_check":                resourcePostureCheck(),
 		},
 	}